Clarification regarding "FSF legal network" (was Re: Import and export function of SPDX)


Jilayne Lovejoy <jilayne.lovejoy@...>
 

Responses inline below and to this email, since Bradley hit upon several
salient issues :)

On 6/14/12 8:39 AM, "Bradley M. Kuhn" <bkuhn@...> wrote:

RUFFIN, MICHEL (MICHEL) wrote today:
I know that the discussion on this subject should be in FTFE mailing
list.
Actually, I caution against being too quick to move discussion to
ftf-legal mailing list, even if a topic seems off-topic for similar,
public lists.
Would agree to the extent that, considering that what Michel is proposing
doesn't (yet) seem to have a directly on-point mailing list, discussing it
across multiple platforms (and multiple times, in order to finally get a
response ;) seems about right!

ftf-legal is an invite-only mailing list, and thus it's probably not a
good choice for discussion of topics where the Free Software community can
help, since most of the Free Software community can't access ftf-legal.
The list organizers said publicly at LinuxCon Europe 2011 that the
criteria for subscription to ftf-legal are secret, so no one outside of
existing list members actually know what they need to do to qualify for
participation. After my three-year-long Kafkaesque experience of
attempting to subscribe to ftf-legal, I eventually just gave up.
I feel like I need to at least suggest an alternative view for
balance-sakes, especially since, as a member, I have greatly benefited
from the discussions on that list-serve. The network is made up of mostly
lawyers and from all different kinds of organizations and, due to the
Chatham House Rule, provides a space for open conversation among members
without fear of being quoted/attributed outside the network. Given the
reluctance most lawyers have in terms of making public statements, etc,
this is a pretty valuable forum, as it provides a chance to discuss things
that just may not be ready to take public or that a lawyer cannot risk
having attributed or implied to the company he or she works for.

In so far as what Michel is suggesting here re: the license clauses, I can
imagine quite a few companies being quite resistant/hesitant about sharing
this information initially. This is where some discussion that is limited
in its exposure can be helpful to begin to break down that barrier.

Just like scanning, multiple methods of attacking the problem leads to the
best results?? (bad analogy, but seemed fitting ;)


Thus, I'd hate for (even tangentially) relevant discussions to SPDX to
fall into the black hole of private discussion on ftf-legal. As most
subscribers to *this* list know, I've been occasionally critical of SPDX
for various reasons, but I have *no* criticisms about the inclusiveness
and openness of SPDX's process, which are top-notch. Indeed, Martin
invited me to the SPDX list when he chartered it as "FOSS Bazaar Package
Facts". I've lurked on the list since its inception, and I've always been
welcomed to participate (sometimes even by pleading private phone calls
begging me to get more involved in SPDX :).
Lurking is completely fine for whomever. More involvement means more
opportunity to shape the process, so it's up to each participant to
determine their level of participation (just reiterating something said at
the SPDX Forum, for benefit of all).


In April 2012 at the Linux Foundation Collaboration Summit legal track
that I chaired, I explained the reasons that I don't regularly participate
in SPDX. For those who weren't present for that event, the two primary
reasons why I don't actively participate in SPDX are:

(a) SPDX currently has no plans nor mechanism to address the key and
most common FLOSS license compliance problem -- namely, inadequate
and/or missing "scripts to control compilation and installation of the
executable" for GPL'd and/or LGPL'd software. Given my limited time and
wide range of duties, I need to focus any time spent on new
compliance-assistance projects on solutions that will solve that primary
compliance problem before focusing on the (valuable but minor) ones that
SPDX seeks to address. (And many of you know, I've given my endorsement
to the Yocto project, as I think it's a good tool to help address the
key issue of FLOSS compliance. I also encouraged the Yocto project to
work more directly with SPDX, which I understand is now happening.)
I'm not sure it's the role of SPDX to address this problem (at least
directly - the goal/mission in terms of license compliance has been more
of facilitation, than doing the job of compliance itself). In any case -
we all have limited resources/time/energy, but I do think that the various
efforts (yours, SPDX, Yocto, and so forth...) come together at the common
goal of making the use, proliferation, health, compliance with licenses...
of open source software easier for all!



(b) I strongly object to the fact that most of the software being written
by SPDX committee participants utilizing the SPDX format is proprietary
software. I find this not only offensive but also ironic (i.e.,
developing and marketing *proprietary* software to help people better
utilize *Free* Software).
But all the tools coming out of the SPDX working groups are open source!
http://spdx.org/wiki/sandbox-tools (I think there are more than this, but
I'm not the one to appropriately answer that question).
To be fair, of course the companies who have commercial scanning tools are
going to include the ability to generate SPDX files as a feature - because
their customers are asking for it. So, there's both - that can't be all
bad ;)

Jilayne


RUFFIN MICHEL
 

So Bradley, what is your suggestion for me to try to standardize these FOSS clauses. What organization? I have tried SPDX, I have been advised to go to FSFE legal network. I have join the FSFE legal network and I tried to get a reaction without success except "that's interesting". Any suggestion of organization that would have a look?

It took us a lot of manpower to define FOSs clause which are widely accepted and tremendous effort to negotiate them with various suppliers before reaching this state. And if not standardize we can expect again more efforts

That's important because we are trying to standardize as much as we can of our FOSS governance process (for instance having an "open source" database describing iPR issues so the effort done by each company today will be shared and copyright owners can have their own word for correcting information interpretation. I think this will be the benefit of everybody: copyright owners, open source communities, proprietary software vendors, FOSS distributor companies.

Michel

Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

-----Message d'origine-----
De : spdx-bounces@... [mailto:spdx-bounces@...] De la part de Bradley M. Kuhn
Envoyé : jeudi 14 juin 2012 16:39
À : spdx@...
Cc : spdx-tech@...
Objet : Re: Clarification regarding "FSF legal network" (was Re: Import and export function of SPDX)

RUFFIN, MICHEL (MICHEL) wrote today:
I know that the discussion on this subject should be in FTFE mailing
list.
Actually, I caution against being too quick to move discussion to
ftf-legal mailing list, even if a topic seems off-topic for similar,
public lists.

ftf-legal is an invite-only mailing list, and thus it's probably not a
good choice for discussion of topics where the Free Software community can
help, since most of the Free Software community can't access ftf-legal.
The list organizers said publicly at LinuxCon Europe 2011 that the
criteria for subscription to ftf-legal are secret, so no one outside of
existing list members actually know what they need to do to qualify for
participation. After my three-year-long Kafkaesque experience of
attempting to subscribe to ftf-legal, I eventually just gave up.

Thus, I'd hate for (even tangentially) relevant discussions to SPDX to
fall into the black hole of private discussion on ftf-legal. As most
subscribers to *this* list know, I've been occasionally critical of SPDX
for various reasons, but I have *no* criticisms about the inclusiveness
and openness of SPDX's process, which are top-notch. Indeed, Martin
invited me to the SPDX list when he chartered it as "FOSS Bazaar Package
Facts". I've lurked on the list since its inception, and I've always been
welcomed to participate (sometimes even by pleading private phone calls
begging me to get more involved in SPDX :).

In April 2012 at the Linux Foundation Collaboration Summit legal track
that I chaired, I explained the reasons that I don't regularly participate
in SPDX. For those who weren't present for that event, the two primary
reasons why I don't actively participate in SPDX are:

(a) SPDX currently has no plans nor mechanism to address the key and
most common FLOSS license compliance problem -- namely, inadequate
and/or missing "scripts to control compilation and installation of the
executable" for GPL'd and/or LGPL'd software. Given my limited time and
wide range of duties, I need to focus any time spent on new
compliance-assistance projects on solutions that will solve that primary
compliance problem before focusing on the (valuable but minor) ones that
SPDX seeks to address. (And many of you know, I've given my endorsement
to the Yocto project, as I think it's a good tool to help address the
key issue of FLOSS compliance. I also encouraged the Yocto project to
work more directly with SPDX, which I understand is now happening.)

(b) I strongly object to the fact that most of the software being written
by SPDX committee participants utilizing the SPDX format is proprietary
software. I find this not only offensive but also ironic (i.e.,
developing and marketing *proprietary* software to help people better
utilize *Free* Software).

I should have posted these concerns sooner to this mailing list, but I
hadn't thought to do so since I'd already explained the concerns privately
to so many of you before.

-- bkuhn
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Bradley M. Kuhn <bkuhn@...>
 

RUFFIN, MICHEL (MICHEL) wrote today:
I know that the discussion on this subject should be in FTFE mailing
list.
Actually, I caution against being too quick to move discussion to
ftf-legal mailing list, even if a topic seems off-topic for similar,
public lists.

ftf-legal is an invite-only mailing list, and thus it's probably not a
good choice for discussion of topics where the Free Software community can
help, since most of the Free Software community can't access ftf-legal.
The list organizers said publicly at LinuxCon Europe 2011 that the
criteria for subscription to ftf-legal are secret, so no one outside of
existing list members actually know what they need to do to qualify for
participation. After my three-year-long Kafkaesque experience of
attempting to subscribe to ftf-legal, I eventually just gave up.

Thus, I'd hate for (even tangentially) relevant discussions to SPDX to
fall into the black hole of private discussion on ftf-legal. As most
subscribers to *this* list know, I've been occasionally critical of SPDX
for various reasons, but I have *no* criticisms about the inclusiveness
and openness of SPDX's process, which are top-notch. Indeed, Martin
invited me to the SPDX list when he chartered it as "FOSS Bazaar Package
Facts". I've lurked on the list since its inception, and I've always been
welcomed to participate (sometimes even by pleading private phone calls
begging me to get more involved in SPDX :).

In April 2012 at the Linux Foundation Collaboration Summit legal track
that I chaired, I explained the reasons that I don't regularly participate
in SPDX. For those who weren't present for that event, the two primary
reasons why I don't actively participate in SPDX are:

(a) SPDX currently has no plans nor mechanism to address the key and
most common FLOSS license compliance problem -- namely, inadequate
and/or missing "scripts to control compilation and installation of the
executable" for GPL'd and/or LGPL'd software. Given my limited time and
wide range of duties, I need to focus any time spent on new
compliance-assistance projects on solutions that will solve that primary
compliance problem before focusing on the (valuable but minor) ones that
SPDX seeks to address. (And many of you know, I've given my endorsement
to the Yocto project, as I think it's a good tool to help address the
key issue of FLOSS compliance. I also encouraged the Yocto project to
work more directly with SPDX, which I understand is now happening.)

(b) I strongly object to the fact that most of the software being written
by SPDX committee participants utilizing the SPDX format is proprietary
software. I find this not only offensive but also ironic (i.e.,
developing and marketing *proprietary* software to help people better
utilize *Free* Software).

I should have posted these concerns sooner to this mailing list, but I
hadn't thought to do so since I'd already explained the concerns privately
to so many of you before.

-- bkuhn


RUFFIN MICHEL
 

You are right it is FTFE legal network.
If I provided our FOSS clause to SPDX it was illustrate the use case, I know that the discussion on this subject should be in FTFE mailing list.

By the way with the discussion in SPDX, I am now convinced that we need to add these two fields to our database. However to cope with legacy the import/export function might provide a solution when these field are blank

michel
Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France

-----Message d'origine-----
De : spdx-bounces@... [mailto:spdx-bounces@...] De la part de Bradley M. Kuhn
Envoyé : mercredi 13 juin 2012 22:07
À : Jilayne Lovejoy
Cc : spdx-tech@...; spdx@...
Objet : Clarification regarding "FSF legal network" (was Re: Import and export function of SPDX)

Jilayne Lovejoy wrote:

In regards to your posting...to... the FSF legal network
Just for clarification: the FSF doesn't have a legal network, to my
knowledge.

I believe you are likely referring to the highly secretive entity called
FTFE-legal, which appears to have some (albeit unclear) affiliation with a
different organization called FSF Europe. While I am indeed unclear on what
FTFE-legal's relationship to FSF Europe is, I am quite sure FTFE-legal has no
affiliation with FSF whatsoever.

Nevertheless, please do feel free to correct me if I have any of those facts
wrong. That's my understanding, having discussed this issue extensively with
FSF leadership.

-- bkuhn
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx


Bradley M. Kuhn <bkuhn@...>
 

On 06/13/2012 10:06 PM, Bradley M. Kuhn wrote:
I am quite sure FTFE-legal [sic: should be FTF-legal]
has no affiliation with FSF whatsoever.
Armijn Hemel replied:
There is no such thing as "FTFE-legal".
I'm sorry; you're right; I inadvertently added an "E". I was thinking of
FTF-legal, which does exist: https://mail.fsfeurope.org/mailman/listinfo/ftf-legal

Indeed, I should have remembered there's no 'E', as I've submitted many
(declined) subscription requests there!

Jilayne Lovejoy also replied:
That was a function of sloppy and quick typing on my part
and should have really referred to it as the European
Legal Network (facilitated by FSFE)
No problem! As you see, I did something similar (above) myself!
It's problematic that there are a lot of very similar names here for
very different things. :)

Anyway, to my knowledge, neither the European Legal Network, nor ftf-legal
are affiliated with, nor endorsed by, the FSF.

I just want to clarify that because some of the publications made under
that group's auspices contradict some of FSF's positions on the GPL.

[ Full disclosure: in addition to my various other roles in Free Software,
I serve as a volunteer on the Board of Directors of the FSF:
http://www.fsf.org/about/board . ]

-- bkuhn


Jilayne Lovejoy <jilayne.lovejoy@...>
 

You are indeed correct, Bradley. That was a function of sloppy and quick
typing on my part and should have really referred to it as the European
Legal Network (facilitated by FSFE) to be perfectly accurate. See
http://wiki.fsfe.org/EuropeanLegalNetwork for more information for anyone
I have thusly confused.

Cheers,
Jilayne

On 6/13/12 2:06 PM, "Bradley M. Kuhn" <bkuhn@...> wrote:

Jilayne Lovejoy wrote:

In regards to your posting...to... the FSF legal network
Just for clarification: the FSF doesn't have a legal network, to my
knowledge.

I believe you are likely referring to the highly secretive entity called
FTFE-legal, which appears to have some (albeit unclear) affiliation with a
different organization called FSF Europe. While I am indeed unclear on
what
FTFE-legal's relationship to FSF Europe is, I am quite sure FTFE-legal
has no
affiliation with FSF whatsoever.

Nevertheless, please do feel free to correct me if I have any of those
facts
wrong. That's my understanding, having discussed this issue extensively
with
FSF leadership.

-- bkuhn


Armijn Hemel <armijn@...>
 

On 06/13/2012 10:06 PM, Bradley M. Kuhn wrote:
While I am indeed unclear on what
FTFE-legal's relationship to FSF Europe is, I am quite sure FTFE-legal has no
affiliation with FSF whatsoever.
There is no such thing as "FTFE-legal". You might be referring to the European Legal Network. Information about it can be found here:

http://fsfe.org/projects/ftf/network.en.html

armijn

--
------------------------------------------------------------------------
armijn@... || http://www.gpl-violations.org/
------------------------------------------------------------------------


Bradley M. Kuhn <bkuhn@...>
 

Jilayne Lovejoy wrote:

In regards to your posting...to... the FSF legal network
Just for clarification: the FSF doesn't have a legal network, to my
knowledge.

I believe you are likely referring to the highly secretive entity called
FTFE-legal, which appears to have some (albeit unclear) affiliation with a
different organization called FSF Europe. While I am indeed unclear on what
FTFE-legal's relationship to FSF Europe is, I am quite sure FTFE-legal has no
affiliation with FSF whatsoever.

Nevertheless, please do feel free to correct me if I have any of those facts
wrong. That's my understanding, having discussed this issue extensively with
FSF leadership.

-- bkuhn