New OSI-approved licenses

Rob Landley rob at landley.net
Thu Dec 17 23:57:40 UTC 2015


On 12/17/2015 12:46 PM, Wheeler, David A wrote:
> Jilayne:
>> That sounds like a reasonable result, all things considered.
> 
> I agree.  In fact, I think listing both "0BSD" and "FPL-1.0.0" is a great solution,

I'm sorry, I've edited out numerous emotional asides this entire thread
because I wanted to keep it professional. Apparently that meant I wasn't
clear:

I took it as a personal insult that somebody claims to have "invented"
the exact thing I've had public for over 2 years. Maybe it was an honest
mistake and they were simply lazy about checking whether it already existed.

I found OSI _profoundly_ clueless not to have noticed either, especially
giving the timing and their claimed relationship with SPDX and that
noticing was basically their _job_. They had a duty to do basic research
they didn't do. But hey, it's a new board attempting to relaunch a
defunct organization, not hugely surprising.

When OSI finally noticed and went "I see you published your approval of
this license over a month before we even got our submission, but we
didn't bother to check and now you should change to match us", that was
their choice. I did not expect better of OSI and honestly don't care
about them. (OSI was important in 1998, so was netscape.)

SPDX linking to OSI to validate their mistake is where I have start caring.

> especially if the SPDX website includes notices with each similar to
the text at
> https://opensource.org/licenses/FPL-1.0.0:
>> Note: There is a license that is identical to the Free Public License 1.0.0
>> called the Zero Clause BSD License. Apart from the name, the only difference is
>> that the Zero Clause BSD License has generally been used with a copyright notice,
>> while the Free Public License is used without a copyright notice.

And 0BSD was 2 and 1/2 years old, in android for a year, and already
approved by SPDX a month and change before OSI's copycat was even
proposed, but OSI didn't do its homework and then in line with its goal
of "reducing license proliferation" it asked everybody else to double
down on its mistake.

> I think this is a fine result:
> - People who know the name of either license can now look it up

If SPDX doesn't link to it, nobody will know OSI's name for it. SPDX
exists because OSI wasn't good enough.

OSI was founded by Bruce Perens and a guy currently blogging about SJW
honeypots contaminating Linux Torvalds' precious bodily fluids with
female cooties:
http://nymag.com/following/2015/11/this-the-perfect-insane-anti-feminist-rumor.html

Those two were followed by Russ Nelson:
http://www.theage.com.au/news/Breaking/Racism-row-forces-open-source-head-out/2005/03/09/1110316060643.html

OSI went on to flub a filing deadline for the open source trademark and
went "I meant to do that" despite its website saying it was "Dedicated
to managing and promoting the Open Source trademark for the good of the
community": http://www.zdnet.com/article/does-open-source-need-a-trademark/

About that time they switched their goal from approving new licenses
that could be called "open source" (trademark or no) to warning people
that there were too many licenses:
https://en.wikipedia.org/wiki/License_proliferation#OSI.27s_stance

In 2012 OSI couldn't even come to a decision about CC0:
http://opensource.org/faq#cc-zero

Do you believe this organization to be widely influental in 2015? I
haven't encountered recent evidence of this.

That is why I do not care what OSI does, it is not considered a
functional organization by anyone I regularly interact with. I care what
SPDX does.

> - Both sides who strongly prefer their name get their name

I've already contacted unlicense.org and asked its maintainer to link to
my page in his "other licenses" list (he said he would, it's just a busy
week). I can make toybox --license link to my license web page (I
believe AOSP resyncs with my tree on thursdays so that would probably go
in next week) and ask the Android guys to add the phrase "Zero Clause
BSD" to the top of the toybox license text in android's about->legal stuff.

I'm not worried about getting the right name out. I'd just rather not
have to go there. I would like to continue to ignore OSI's existence. I
do not believe OSI will be happy if SPDX takes away that option.

You may have noticed I respond to anger with research. If you wonder why
there was no link for Bruce above, it's because I have too many. He and
I have history: https://busybox.net/~landley/forensics.txt

If I have to add a similar section to the end of my license.html page
explaining the timeline and why I _didn't_ submit the license to OSI,
wikipedia loves adding "controversy" sections. (That last link is linked
from their busybox page, for example.)

And heck, there would even be potential advantages. Using OSI as a
humorous interlude could actually help my rise and fall of copyleft talk
in the "Attribution vs Ownership" section between Todd Goldman's
plagiarism and the Armstrong vs Sarnoff "having patents doesn't help"
battle over AM/FM radio, explaining how timeline timeline timeline and
then suddenly out of the blue OSI used a completely different name
because "this guy" (attached picture) said to, and then they did George
W. "The Decider" Bush's never admit a mistake thing and wanted everybody
else to adjust, and if you care in the absence of IP claims all you can
really do is document your prior claim and go for public shaming, but on
the internet that generally works, and either way you still have your
code... I could probably get some laughs out of that, done up properly.
Hmmm, I could also emphasize the OSI license as another attempt to
fragment copyleft into incompatible camps that basically got laughed
down by the community before the FSF had the clout to really do damage;
I mostly talk about Sun's CDDL in that bit, but OSI's cluelessness could
also be a running theme in the talk. I could also use them as a "resting
on your laurels" example in the historical part, paralleling the FSF.
And point out that public domain licensing means you don't have to get
organizations like OSI on you either... (That talk was one of my four
proposals for the O'Reilley conference in Austin in may, and I haven't
given it at ELC yet, so I keep updating it with new information. I
haven't yet gotten a good video of the talk yet to link from my website,
keep trying until I have one I'm happy with...)

Sorry if I was dancing around all this, I've been trying very hard not
to be rude. (You see the kind of stuff I've been editing out? Ordinarily
I'd go back and delete half this message at this point. Maybe 2/3.)

Apparently I wasn't getting my point across: OSI saying anything it
likes doesn't matter to me, SPDX amplifying what OSI says and treating
it like it's real matters to me. If I have to convince more people than
just SPDX that OSI is wrong and not to listen to them, I'm reasonably
certain I _can_. It just wasn't my first choice of approach to the problem.

> - For those who care, we now have documentation about the subtly different way they're typically used.

Define "typically used". Can you name a package currently using this
license under OSI's name?

> --- David A. Wheeler

Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: osi-christianbundy
Type: image/png
Size: 394442 bytes
Desc: not available
URL: <http://lists.spdx.org/pipermail/spdx-legal/attachments/20151217/ef023572/attachment-0001.png>


More information about the Spdx-legal mailing list