Date
1 - 6 of 6
FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
Bradley M. Kuhn <bkuhn@...>
Michel,
I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).
However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.
In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.
So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....
RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the
issue!
https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar
2008.
Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.
Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to
start.
Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.
Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
--
-- bkuhn
I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).
However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.
In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.
So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....
RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
what is your suggestion for me to try to standardize these FOSS... as others have suggested, FOSS Bazaar might be a good place.
clauses. What organization? I have tried SPDX, I have been advised to
go to FSFE legal network.
I have join the FSFE legal network and I tried to get a reactionIt sounds like in addition to my objections to ftf-legal, that there
without success except "that's interesting"
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the
issue!
Any suggestion of organization that would have a look?There was once a forum called "open-bar", which is at:
https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar
2008.
Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.
Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to
start.
Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.
Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
--
-- bkuhn
Kevin P. Fleming <kpfleming@...>
On 06/15/2012 12:49 PM, Bradley M. Kuhn wrote:
--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming@... | SIP: kpfleming@... | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org
Long term, as a community, it'd be good to solve this general issue: theFor what it's worth, you are not alone in wanting to find a solution to this problem :-) The lack of knowledge sharing in the Free Software legal community is disappointing, although the SPDX effort is one step to help with part of that problem.
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
--
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming@... | SIP: kpfleming@... | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org
RUFFIN MICHEL
First I Would like enlighten that when I speak on the SPDX or FSFE mailing list I speak for the Alcatel-Lucent company; I check before with our FOSS executive committee that I can say things (in most of the cases 8-). But I am not a lawyer and I know this might be tricky discussions in term of company and what you have said. So What I say is not officially the Company stamped decision in term of legal (except if stamped) but it is the rough direction of the company, However it reflects the company policy. Barry Freedman is the official guy to accept or not what I am saying. I guess it is important to notice this.
So Barry and myself are more or less co-directing the Alcatel-lucent internal Executive committee since 2007. He is the lawyer, I am the technical guy with a bit of paralegal training (we have 8 or 10 other members in this committee).
So today our points are the following
1) SPDX standard. After discussing with Marc-Etienne who is trying to align our FOSS DB on the SPDX standard we will have to add SHA-1 checksums to our DB. Since we have not that we will look to partners to provide us the data. But in any case we will not have them for all/old entries, so the SPDX standard needs to cope with this kind of situation.
1 bis) what modification we need to do to SDPX standard when we are not able to provide it and to be able to export information.
1 ter) we have issue with the licensing issues of data when coming from SPDX standard: data are public domain with some restriction, but it is not clear
2)Alcatel-Lucent FOSS clauses in suppliers contracts. What group I should contact for standardization of these clauses?
3) Alcatel-lucent is willing to "open source" its FOSS DB Who is interested and how to make this things works
4) Alcatel-Lucent has a lot of tutorials on open source; It is a tremendous work to maintain them, they have been registered on webinar, we are now thinking to update everything and to translate them in foreign languages such as Chinese. Perhaps we can share this effort
Should we create a FOSS governance task force? If SPDX is not the good place, If SFSE legal network is not the good place, tell me where!
Alcatel-lucent is committed to respect the open source licences philosophies (not only the legal part of it) but we need help because this is far to be clear.
That's my Friday evening email, Please think about this, we need to put our forces together.
Michel
Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
toggle quoted message
Show quoted text
So Barry and myself are more or less co-directing the Alcatel-lucent internal Executive committee since 2007. He is the lawyer, I am the technical guy with a bit of paralegal training (we have 8 or 10 other members in this committee).
So today our points are the following
1) SPDX standard. After discussing with Marc-Etienne who is trying to align our FOSS DB on the SPDX standard we will have to add SHA-1 checksums to our DB. Since we have not that we will look to partners to provide us the data. But in any case we will not have them for all/old entries, so the SPDX standard needs to cope with this kind of situation.
1 bis) what modification we need to do to SDPX standard when we are not able to provide it and to be able to export information.
1 ter) we have issue with the licensing issues of data when coming from SPDX standard: data are public domain with some restriction, but it is not clear
2)Alcatel-Lucent FOSS clauses in suppliers contracts. What group I should contact for standardization of these clauses?
3) Alcatel-lucent is willing to "open source" its FOSS DB Who is interested and how to make this things works
4) Alcatel-Lucent has a lot of tutorials on open source; It is a tremendous work to maintain them, they have been registered on webinar, we are now thinking to update everything and to translate them in foreign languages such as Chinese. Perhaps we can share this effort
Should we create a FOSS governance task force? If SPDX is not the good place, If SFSE legal network is not the good place, tell me where!
Alcatel-lucent is committed to respect the open source licences philosophies (not only the legal part of it) but we need help because this is far to be clear.
That's my Friday evening email, Please think about this, we need to put our forces together.
Michel
Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
-----Message d'origine-----
De : Bradley M. Kuhn [mailto:bkuhn@...]
Envoyé : vendredi 15 juin 2012 19:49
À : RUFFIN, MICHEL (MICHEL)
Cc : spdx@...
Objet : FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
Michel,
I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).
However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.
In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.
So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....
RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the
issue!
https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar
2008.
Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.
Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to
start.
Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.
Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
--
-- bkuhn
De : Bradley M. Kuhn [mailto:bkuhn@...]
Envoyé : vendredi 15 juin 2012 19:49
À : RUFFIN, MICHEL (MICHEL)
Cc : spdx@...
Objet : FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
Michel,
I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).
However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.
In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.
So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....
RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
what is your suggestion for me to try to standardize these FOSS... as others have suggested, FOSS Bazaar might be a good place.
clauses. What organization? I have tried SPDX, I have been advised to
go to FSFE legal network.
I have join the FSFE legal network and I tried to get a reactionIt sounds like in addition to my objections to ftf-legal, that there
without success except "that's interesting"
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the
issue!
Any suggestion of organization that would have a look?There was once a forum called "open-bar", which is at:
https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar
2008.
Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.
Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to
start.
Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.
Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
--
-- bkuhn
RUFFIN MICHEL
Thank you very much for your quick answer and suggestions.
My goal is not only to standardize the legal text of our FOSS clauses. It is also to
1) raise awareness about being able to provide the list of FOSS in a proprietary product or in a big FOSS distribution (Linux, Open BSD, Eclipse, Swing, ...)
2) Big companies are reluctant to provide you a FOSS list. They are more or less in compliance but some of them provide you a URL on their web site on which you find the list of their products and for each of them a several megabyte ASCII File with the list of all licenses of FOSS on their products. That's not usable at all. If one of their customer want to resale their product in one of its products it has to read everything and identify every action to comply "Ha yes this is apache1.1 so I have to put some acknowledgement in my documentation!".
3) Liability clause/money damage. Big companies are not always accepting it. I have been told by some of their lawyers: how can we guarantee that we are not doing mistakes this is a too complex world. If you take a Linux distribution with 6000 package and you look at packages, you can find hundreds of various licenses in one package. Small companies accept more easily these conditions, but they have not too much money. How do you value the fact that you have to stop to distribute your product or the potential issue to have to disclose your source code while it was not planned and it is not your fault.
4) .... a lot of other issues
I would challenge the SPDX members to take a Linux standard distribution and to provide me the SPDX file at file level (not at package level). Yes open source is great but it is also really a Bazard 8-) and with maven and cloud computing it will become worse.
So the effort is tremendous and cannot be done by one company, it should be shared. And it is time to start.
So I will study the short terms options you propose. But for the long term, I would to start to create a new mailing list of people who are intereted in discussing FOSS governance standardization issues (to start: FOSS clause in contracts, having a common Database under a king of Wikipedia contribution system describing FOSS IP, having public tutorial on FOSS issues, and perhaps things like lobbying to reduce the number of FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to create the mailing list?
Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
toggle quoted message
Show quoted text
My goal is not only to standardize the legal text of our FOSS clauses. It is also to
1) raise awareness about being able to provide the list of FOSS in a proprietary product or in a big FOSS distribution (Linux, Open BSD, Eclipse, Swing, ...)
2) Big companies are reluctant to provide you a FOSS list. They are more or less in compliance but some of them provide you a URL on their web site on which you find the list of their products and for each of them a several megabyte ASCII File with the list of all licenses of FOSS on their products. That's not usable at all. If one of their customer want to resale their product in one of its products it has to read everything and identify every action to comply "Ha yes this is apache1.1 so I have to put some acknowledgement in my documentation!".
3) Liability clause/money damage. Big companies are not always accepting it. I have been told by some of their lawyers: how can we guarantee that we are not doing mistakes this is a too complex world. If you take a Linux distribution with 6000 package and you look at packages, you can find hundreds of various licenses in one package. Small companies accept more easily these conditions, but they have not too much money. How do you value the fact that you have to stop to distribute your product or the potential issue to have to disclose your source code while it was not planned and it is not your fault.
4) .... a lot of other issues
I would challenge the SPDX members to take a Linux standard distribution and to provide me the SPDX file at file level (not at package level). Yes open source is great but it is also really a Bazard 8-) and with maven and cloud computing it will become worse.
So the effort is tremendous and cannot be done by one company, it should be shared. And it is time to start.
So I will study the short terms options you propose. But for the long term, I would to start to create a new mailing list of people who are intereted in discussing FOSS governance standardization issues (to start: FOSS clause in contracts, having a common Database under a king of Wikipedia contribution system describing FOSS IP, having public tutorial on FOSS issues, and perhaps things like lobbying to reduce the number of FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to create the mailing list?
Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
-----Message d'origine-----
De : Bradley M. Kuhn [mailto:bkuhn@...]
Envoyé : vendredi 15 juin 2012 19:49
À : RUFFIN, MICHEL (MICHEL)
Cc : spdx@...
Objet : FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
Michel,
I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).
However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.
In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.
So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....
RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the
issue!
https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar
2008.
Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.
Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to
start.
Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.
Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
--
-- bkuhn
De : Bradley M. Kuhn [mailto:bkuhn@...]
Envoyé : vendredi 15 juin 2012 19:49
À : RUFFIN, MICHEL (MICHEL)
Cc : spdx@...
Objet : FOSS clauses for contracts & fora for discussing it (was Re: Clarification regarding "FSF legal network")
Michel,
I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).
However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.
In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.
So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....
RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
what is your suggestion for me to try to standardize these FOSS... as others have suggested, FOSS Bazaar might be a good place.
clauses. What organization? I have tried SPDX, I have been advised to
go to FSFE legal network.
I have join the FSFE legal network and I tried to get a reactionIt sounds like in addition to my objections to ftf-legal, that there
without success except "that's interesting"
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the
issue!
Any suggestion of organization that would have a look?There was once a forum called "open-bar", which is at:
https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar
2008.
Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.
Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to
start.
Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.
Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
--
-- bkuhn
Philip Odence
Michel,
Your idea about standard FOSS clauses might fit into the charter of the
Linux Foundation Open Compliance Program.
http://www.linuxfoundation.org/programs/legal/compliance (To head off the
question, the program is for open source compliance in general, not
limited to Linux.)
I am cc'ing Ibrahim who coordinates that for the LF with hopes that he
will weigh in. (I believe, he's out of the office this week, so he may not
respond immediately.)
Phil
On 6/18/12 9:30 AM, "RUFFIN, MICHEL (MICHEL)"
<michel.ruffin@...> wrote:
Your idea about standard FOSS clauses might fit into the charter of the
Linux Foundation Open Compliance Program.
http://www.linuxfoundation.org/programs/legal/compliance (To head off the
question, the program is for open source compliance in general, not
limited to Linux.)
I am cc'ing Ibrahim who coordinates that for the LF with hopes that he
will weigh in. (I believe, he's out of the office this week, so he may not
respond immediately.)
Phil
On 6/18/12 9:30 AM, "RUFFIN, MICHEL (MICHEL)"
<michel.ruffin@...> wrote:
Thank you very much for your quick answer and suggestions.
My goal is not only to standardize the legal text of our FOSS clauses. It
is also to
1) raise awareness about being able to provide the list of FOSS in a
proprietary product or in a big FOSS distribution (Linux, Open BSD,
Eclipse, Swing, ...)
2) Big companies are reluctant to provide you a FOSS list. They are more
or less in compliance but some of them provide you a URL on their web
site on which you find the list of their products and for each of them a
several megabyte ASCII File with the list of all licenses of FOSS on
their products. That's not usable at all. If one of their customer want
to resale their product in one of its products it has to read everything
and identify every action to comply "Ha yes this is apache1.1 so I have
to put some acknowledgement in my documentation!".
3) Liability clause/money damage. Big companies are not always accepting
it. I have been told by some of their lawyers: how can we guarantee that
we are not doing mistakes this is a too complex world. If you take a
Linux distribution with 6000 package and you look at packages, you can
find hundreds of various licenses in one package. Small companies accept
more easily these conditions, but they have not too much money. How do
you value the fact that you have to stop to distribute your product or
the potential issue to have to disclose your source code while it was not
planned and it is not your fault.
4) .... a lot of other issues
I would challenge the SPDX members to take a Linux standard distribution
and to provide me the SPDX file at file level (not at package level). Yes
open source is great but it is also really a Bazard 8-) and with maven
and cloud computing it will become worse.
So the effort is tremendous and cannot be done by one company, it should
be shared. And it is time to start.
So I will study the short terms options you propose. But for the long
term, I would to start to create a new mailing list of people who are
intereted in discussing FOSS governance standardization issues (to start:
FOSS clause in contracts, having a common Database under a king of
Wikipedia contribution system describing FOSS IP, having public tutorial
on FOSS issues, and perhaps things like lobbying to reduce the number of
FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to
create the mailing list?
Michel.Ruffin@..., PhD
Software Coordination Manager, Bell Labs, Corporate CTO Dpt
Distinguished Member of Technical Staff
Tel +33 (0) 6 75 25 21 94
Alcatel-Lucent International, Centre de Villarceaux
Route De Villejust, 91620 Nozay, France
-----Message d'origine-----
De : Bradley M. Kuhn [mailto:bkuhn@...]
Envoyé : vendredi 15 juin 2012 19:49
À : RUFFIN, MICHEL (MICHEL)
Cc : spdx@...
Objet : FOSS clauses for contracts & fora for discussing it (was Re:
Clarification regarding "FSF legal network")
Michel,
I went back and read your previous posts from February on this topic,
(as I mentioned earlier in this thread, I don't follow SPDX closely. I
mostly joined this thread (Kibo-like) when the term "FSF" came up).
However, having gotten fully caught up on your posts, I think your idea
is a useful one. In my work doing GPL compliance, I have often had
situations where a downstream company has violated and they never
actually had clear clauses in their contract with upstream about what
would happen if a FLOSS license was violated. This has caused mass
confusion and made it more difficult to get the company into compliance.
In a few cases, there *were* clearly developed clauses like the ones you
mention, and it did indeed facilitate more easy work getting to compliance
on the product.
So, I'm thus supportive of your effort to
promulgate these standardized clauses regarding use of FLOSS in
upstream/downstream contracts. Meanwhile, I wish I had a better
suggestion for you of where to talk about the idea....
RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):what is your suggestion for me to try to standardize these FOSS... as others have suggested, FOSS Bazaar might be a good place.
clauses. What organization? I have tried SPDX, I have been advised to
go to FSFE legal network.I have join the FSFE legal network and I tried to get a reactionIt sounds like in addition to my objections to ftf-legal, that there
without success except "that's interesting"
were other issues: your description seems to indicate ftf-legal wasn't
that interested in this giving useful feedback and collaboration on the
issue!Any suggestion of organization that would have a look?There was once a forum called "open-bar", which is at:
https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
The mailing lists disappeared a while back. The last email from I have
in my archives for <discuss-general@...> was Tuesday 18 Mar
2008.
Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
we had some very brief discussions about creating a forum for discussion
that was open and available to all about these issues (like open bar
was). However, it's unclear if, as a community, we're at a "build it
and they would come" moment, so none of us from the FOSDEM 2012 track
have put effort in.
Thus, at the moment, I think FOSS Bazaar is probably the best place to
host this sort of discussion venue, so I think if you want an immediate
discussion about your specific topic, that's probably the place to
start.
Also, as a medium-term suggestion, I strongly recommend you propose a
talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
(sadly, North America CFP just closed), or (c) at the 2013 Linux
Collaboration Summit Legal Track (which Richard Fontana & I will
co-chair) about the topic. Speaking about the topic at conferences is a
great way to get interest and feedback.
Long term, as a community, it'd be good to solve this general issue: the
fora that exist for Legal, Licensing and Policy issues in Free Software
are scattered across many different places, and some of the primary ones
are closed clubs. I've been witnessing the problem for years and I
don't have a good solution to propose to solve it.
--
-- bkuhn
_______________________________________________
Spdx mailing list
Spdx@...
https://lists.spdx.org/mailman/listinfo/spdx
Ibrahim Haddad <ibrahim@...>
Hi Everyone,
toggle quoted message
Show quoted text
I just got back from europe. Please give me a couple days to catch up on my email and I will reply early next week.
Ibrahim
On Wed, Jun 20, 2012 at 8:55 AM, Philip Odence <podence@...> wrote:
Michel,
Your idea about standard FOSS clauses might fit into the charter of the
Linux Foundation Open Compliance Program.
http://www.linuxfoundation.org/programs/legal/compliance (To head off the
question, the program is for open source compliance in general, not
limited to Linux.)
I am cc'ing Ibrahim who coordinates that for the LF with hopes that he
will weigh in. (I believe, he's out of the office this week, so he may not
respond immediately.)
Phil
On 6/18/12 9:30 AM, "RUFFIN, MICHEL (MICHEL)"
<michel.ruffin@...> wrote:
>Thank you very much for your quick answer and suggestions.
>
>My goal is not only to standardize the legal text of our FOSS clauses. It
>is also to
>1) raise awareness about being able to provide the list of FOSS in a
>proprietary product or in a big FOSS distribution (Linux, Open BSD,
>Eclipse, Swing, ...)
>2) Big companies are reluctant to provide you a FOSS list. They are more
>or less in compliance but some of them provide you a URL on their web
>site on which you find the list of their products and for each of them a
>several megabyte ASCII File with the list of all licenses of FOSS on
>their products. That's not usable at all. If one of their customer want
>to resale their product in one of its products it has to read everything
>and identify every action to comply "Ha yes this is apache1.1 so I have
>to put some acknowledgement in my documentation!".
>3) Liability clause/money damage. Big companies are not always accepting
>it. I have been told by some of their lawyers: how can we guarantee that
>we are not doing mistakes this is a too complex world. If you take a
>Linux distribution with 6000 package and you look at packages, you can
>find hundreds of various licenses in one package. Small companies accept
>more easily these conditions, but they have not too much money. How do
>you value the fact that you have to stop to distribute your product or
>the potential issue to have to disclose your source code while it was not
>planned and it is not your fault.
>4) .... a lot of other issues
>
>I would challenge the SPDX members to take a Linux standard distribution
>and to provide me the SPDX file at file level (not at package level). Yes
>open source is great but it is also really a Bazard 8-) and with maven
>and cloud computing it will become worse.
>
>So the effort is tremendous and cannot be done by one company, it should
>be shared. And it is time to start.
>
>So I will study the short terms options you propose. But for the long
>term, I would to start to create a new mailing list of people who are
>intereted in discussing FOSS governance standardization issues (to start:
>FOSS clause in contracts, having a common Database under a king of
>Wikipedia contribution system describing FOSS IP, having public tutorial
>on FOSS issues, and perhaps things like lobbying to reduce the number of
>FOSS licenses, ...); Martin, can we use the FOSS Bazaar infrastructure to
>create the mailing list?
>
>Michel.Ruffin@..., PhD
>Software Coordination Manager, Bell Labs, Corporate CTO Dpt
>Distinguished Member of Technical Staff
>Tel +33 (0) 6 75 25 21 94
>Alcatel-Lucent International, Centre de Villarceaux
>Route De Villejust, 91620 Nozay, France
>
>
>-----Message d'origine-----
>De : Bradley M. Kuhn [mailto:bkuhn@...]
>Envoyé : vendredi 15 juin 2012 19:49
>À : RUFFIN, MICHEL (MICHEL)
>Cc : spdx@...
>Objet : FOSS clauses for contracts & fora for discussing it (was Re:
>Clarification regarding "FSF legal network")
>
>Michel,
>
>I went back and read your previous posts from February on this topic,
>(as I mentioned earlier in this thread, I don't follow SPDX closely. I
>mostly joined this thread (Kibo-like) when the term "FSF" came up).
>
>However, having gotten fully caught up on your posts, I think your idea
>is a useful one. In my work doing GPL compliance, I have often had
>situations where a downstream company has violated and they never
>actually had clear clauses in their contract with upstream about what
>would happen if a FLOSS license was violated. This has caused mass
>confusion and made it more difficult to get the company into compliance.
>
>In a few cases, there *were* clearly developed clauses like the ones you
>mention, and it did indeed facilitate more easy work getting to compliance
>on the product.
>
>So, I'm thus supportive of your effort to
>promulgate these standardized clauses regarding use of FLOSS in
>upstream/downstream contracts. Meanwhile, I wish I had a better
>suggestion for you of where to talk about the idea....
>
>RUFFIN, MICHEL (MICHEL) wrote at 08:14 (EDT):
>>what is your suggestion for me to try to standardize these FOSS
>>clauses. What organization? I have tried SPDX, I have been advised to
>>go to FSFE legal network.
>
>... as others have suggested, FOSS Bazaar might be a good place.
>
>> I have join the FSFE legal network and I tried to get a reaction
>>without success except "that's interesting"
>
>It sounds like in addition to my objections to ftf-legal, that there
>were other issues: your description seems to indicate ftf-legal wasn't
>that interested in this giving useful feedback and collaboration on the
>issue!
>
>> Any suggestion of organization that would have a look?
>
>There was once a forum called "open-bar", which is at:
>https://www.open-bar.org/discussion.html but it's mostly defunct AFAICT.
>The mailing lists disappeared a while back. The last email from I have
>in my archives for <discuss-general@...> was Tuesday 18 Mar
>2008.
>
>Meanwhile, as part of the FOSDEM 2012 Legal and Policy track I
>coordinated along with Tom Marble, Richard Fontana, and Karen Sandler,
>we had some very brief discussions about creating a forum for discussion
>that was open and available to all about these issues (like open bar
>was). However, it's unclear if, as a community, we're at a "build it
>and they would come" moment, so none of us from the FOSDEM 2012 track
>have put effort in.
>
>Thus, at the moment, I think FOSS Bazaar is probably the best place to
>host this sort of discussion venue, so I think if you want an immediate
>discussion about your specific topic, that's probably the place to
>start.
>
>Also, as a medium-term suggestion, I strongly recommend you propose a
>talk for (a) the FOSDEM 2013 Legal & Policy track, or (b) LinuxCon
>(sadly, North America CFP just closed), or (c) at the 2013 Linux
>Collaboration Summit Legal Track (which Richard Fontana & I will
>co-chair) about the topic. Speaking about the topic at conferences is a
>great way to get interest and feedback.
>
>Long term, as a community, it'd be good to solve this general issue: the
>fora that exist for Legal, Licensing and Policy issues in Free Software
>are scattered across many different places, and some of the primary ones
>are closed clubs. I've been witnessing the problem for years and I
>don't have a good solution to propose to solve it.
>--
> -- bkuhn
>_______________________________________________
>Spdx mailing list
>Spdx@...
>https://lists.spdx.org/mailman/listinfo/spdx
Ibrahim Haddad, Ph.D.
The Linux Foundation
Cell: +1 (408) 893-1122