Ibrahim Haddad <ibrahim@...>
toggle quoted messageShow quoted text
I just got back from europe. Please give me a couple days to catch up on my email and I will reply early next week.
On Wed, Jun 20, 2012 at 8:55 AM, Philip Odence <podence@...>
Your idea about standard FOSS clauses might fit into the charter of the
Linux Foundation Open Compliance Program.
http://www.linuxfoundation.org/programs/legal/compliance (To head off the
question, the program is for open source compliance in general, not
limited to Linux.)
I am cc'ing Ibrahim who coordinates that for the LF with hopes that he
will weigh in. (I believe, he's out of the office this week, so he may not
On 6/18/12 9:30 AM, "RUFFIN, MICHEL (MICHEL)"
>Thank you very much for your quick answer and suggestions.
>My goal is not only to standardize the legal text of our FOSS clauses. It
>is also to
>1) raise awareness about being able to provide the list of FOSS in a
>proprietary product or in a big FOSS distribution (Linux, Open BSD,
>Eclipse, Swing, ...)
>2) Big companies are reluctant to provide you a FOSS list. They are more
>or less in compliance but some of them provide you a URL on their web
>site on which you find the list of their products and for each of them a
>several megabyte ASCII File with the list of all licenses of FOSS on
>their products. That's not usable at all. If one of their customer want
>to resale their product in one of its products it has to read everything
>and identify every action to comply "Ha yes this is apache1.1 so I have
>to put some acknowledgement in my documentation!".
>3) Liability clause/money damage. Big companies are not always accepting
>it. I have been told by some of their lawyers: how can we guarantee that
>we are not doing mistakes this is a too complex world. If you take a
>Linux distribution with 6000 package and you look at packages, you can
>find hundreds of various licenses in one package. Small companies accept
>more easily these conditions, but they have not too much money. How do
>you value the fact that you have to stop to distribute your product or
>the potential issue to have to disclose your source code while it was not
>planned and it is not your fault.
>4) .... a lot of other issues
>I would challenge the SPDX members to take a Linux standard distribution
>and to provide me the SPDX file at file level (not at package level). Yes
>open source is great but it is also really a Bazard 8-) and with maven
>and cloud computing it will become worse.
>So the effort is tremendous and cannot be done by one company, it should
>be shared. And it is time to start.
>So I will study the short terms options you propose. But for the long
>term, I would to start to create a new mailing list of people who are
>intereted in discussing FOSS governance standardization issues (to start:
>FOSS clause in contracts, having a common Database under a king of
>Wikipedia contribution system describing FOSS IP, having public tutorial
>on FOSS issues, and perhaps things like lobbying to reduce the number of
>FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to
>create the mailing list?
>Software Coordination Manager, Bell Labs, Corporate CTO Dpt
>Distinguished Member of Technical Staff
>Tel +33 (0) 6 75 25 21 94
>Alcatel-Lucent International, Centre de Villarceaux
>Route De Villejust, 91620 Nozay, France
>De : Bradley M. Kuhn [mailto:bkuhn@...]
>Envoyé : vendredi 15 juin 2012 19:49
>À : RUFFIN, MICHEL (MICHEL)
>Cc : spdx@...
>Objet : FOSS clauses for contracts & fora for discussing it (was Re:
>Clarification regarding "FSF legal network")
>I went back and read your previous posts from February on this topic,
>(as I mentioned earlier in this thread, I don't follow SPDX closely. I
>mostly joined this thread (Kibo-like) when the term "FSF" came up).
>However, having gotten fully caught up on your posts, I think your idea
>is a useful one. In my work doing GPL compliance, I have often had
>situations where a downstream company has violated and they never
>actually had clear clauses in their contract with upstream about what
>would happen if a FLOSS license was violated. This has caused mass
>confusion and made it more difficult to get the company into compliance.
>In a few cases, there *were* clearly developed clauses like the ones you
>mention, and it did indeed facilitate more easy work getting to compliance
>on the product.
>So, I'm thus supportive of your effort to
>promulgate these standardized clauses regarding use of FLOSS in
>upstream/downstream contracts. Meanwhile, I wish I had a better
>suggestion for you of where to talk about the idea....
>RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
>>what is your suggestion for me to try to standardize these FOSS
>>clauses. What organization? I have tried SPDX, I have been advised to
>>go to FSFE legal network.
>... as others have suggested, FOSS Bazaar might be a good place.
>> I have join the FSFE legal network and I tried to get a reaction
>>without success except "that's interesting"
>It sounds like in addition to my objections to ftf-legal, that there
>were other issues: your description seems to indicate ftf-legal wasn't
>that interested in this giving useful feedback and collaboration on the
>> Any suggestion of organization that would have a look?
>There was once a forum called "open-bar", which is at:
>https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
>The mailing lists disappeared a while back. The last email from I have
>in my archives for <discuss-general@...> was Tuesday 18 Mar
>Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
>coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
>we had some very brief discussions about creating a forum for discussion
>that was open and available to all about these issues (like open bar
>was). However, it's unclear if, as a community, we're at a "build it
>and they would come" moment, so none of us from the FOSDEM 2012 track
>have put effort in.
>Thus, at the moment, I think FOSS Bazaar is probably the best place to
>host this sort of discussion venue, so I think if you want an immediate
>discussion about your specific topic, that's probably the place to
>Also, as a medium-term suggestion, I strongly recommend you propose a
>talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
>(sadly, North America CFP just closed), or (c) at the 2013 Linux
>Collaboration Summit Legal Track (which Richard Fontana & I will
>co-chair) about the topic. Speaking about the topic at conferences is a
>great way to get interest and feedback.
>Long term, as a community, it'd be good to solve this general issue: the
>fora that exist for Legal, Licensing and Policy issues in Free Software
>are scattered across many different places, and some of the primary ones
>are closed clubs. I've been witnessing the problem for years and I
>don't have a good solution to propose to solve it.
> -- bkuhn
>Spdx mailing list
Ibrahim Haddad, Ph.D.
The Linux Foundation
Cell: +1 (408) 893-1122