Clarification regarding "FSF legal network"
Bradley M. Kuhn <bkuhn@...>
Jilayne Lovejoy wrote at 20:01 (EDT) on Thursday:
Would agree to the extent that, considering that what Michel isI agree that trying everywhere makes sense for what Michel is trying to
do, since, as others have pointed out, there's no clear venue for the
discussion at the moment.
On 6/14/12 8:39 AM, "Bradley M. Kuhn" <bkuhn@...> wrote:ftf-legal is an invite-only mailing list, and thus it's probably not a
I feel like I need to at least suggest an alternative view forI think you're responding to a point I didn't raise. I didn't
claim ftf-legal isn't useful -- indeed, I've applied and been denied
membership in ftf-legal many times myself. I wouldn't have done so if I
didn't think there were likely useful discussions going on there.
due to the Chatham House Rule,I don't object to ftf-legal's use of CHR per se, but I'm still confused
about how the CHR applies to a meeting that never ends, since CHR is
designed for timeboxed meetings. Does ftf-legal has some tutorial on
their odd application of CHR?
Anyway, the issue I was raising was not about the traffic on ftf-legal
itself, but the meta-issue of how the list membership is constructed. It is a
self-selected group that arbitrarily refuses applicants based on secret
criteria. Your response didn't seem to address that problem.
The network is made up of mostly lawyersI have confirmation there are many, many non-lawyers on the list. I
don't know the percentage numbers, obviously, since the data I have is
(a) SPDX currently has no plans nor mechanism to address the key and
I'm not sure it's the role of SPDX to address this problemIndeed, I'm sure you're right on that point. However, that also means
that SPDX is focused on addressing minor problems and ignoring the
largest and most common FLOSS license compliance problem in the world in
favor of minor ones. That's the center of my criticism (a) above.
(b) I strongly object to the fact that most of the software being
But all the tools coming out of the SPDX working groups are openThese don't appear to me, based on the URL given above, to be flourishing
Free Software projects. The git log seems a bit sparse, and there's not a
lot of "there there". It seems three contributors are occasionally committing
stuff. I'm glad they're doing this work, but it doesn't seem they're getting
lots of support and contributions from most of the companies benefiting
from SPDX, are they?
Is your argument here that these tools are the more advanced, usable and
feature-ful than the proprietary tools available that utilize SPDX? What
it looks to me upon first analysis is that the Free Software tools are limping
along without adequate funding, while the proprietary solutions flourish.
Am I wrong about that?
BTW, I know developers who'd be ready to help work on Free Software
SPDX tools, but funding is a serious problem. If folks have thoughts about
that, please do contact me off list.
To be fair, of course the companies who have commercial scanning toolsI'm completely amazed to learn that customers *want* proprietary
software. I've never seen someone say: "Please, don't give me the
source code or the right to modify it for the software you're selling
me." Do your customers actually say: "I really hope you'll take my
software freedom away when you sell me your products!"?
I don't sell proprietary software licenses for a living like many people
on this list do, so I admit I have no first-hand experience in this
area. But I'm nevertheless surprised that customers are *asking* to
have software that doesn't give them software freedom. I'd bet it's
more like they're helplessly begging their vendor to add features
because they're locked-in in the usual proprietary way that the software
freedom movement fights against.
Anyway, what I think is happening in the SPDX project is that SPDX is
primarily used as a marketing tool to sell proprietary software
"compliance" solutions that won't solve the primary compliance problems
of our day. Indeed, most of the SPDX process is being driven by
companies that produce proprietary software, of the type I described in
Even if I were to get involved to attempt to fight this proprietary
marketing push from within SPDX, these well-funded organizations bent on
building more proprietary software and taking away software freedom from
their users would overpower any advocacy or work that I did in SPDX
against that idea. This is why I stopped participating in SPDX -- I realized
there was nothing I could do to make SPDX good for software freedom.