On 4/23/20 3:31 AM, Ulrich Mueller wrote: >>>>>> On Thu, 23 Apr 2020, Kent Fredric wrote: > >> I've just discovered dev-perl/Ace has some fun questionable licensing >> which includes a lovely indemnity clause, which had previously gone >> unnoticed, and it stipulates additional requests for research >> publications, which is not something mentioned in any license currently >> in tree other than Tinker > >> Following is the entire body of the license I plan to put in >> licenses/AcePerl-Indemnity ( name chosen to specifically alert people >> tempted to accept this license that Indemnification is an important >> part they should actually read ) > >> Current advice also says that due to the terms of this license, we have >> to RESTRICT="mirror" this as well, unless the Trustees want to sign off >> on potentially indemnifying CSHL > >> Also following up with CPAN because as its *currently* mirrored on >> CPAN, and has been mirrored there for at *least* 12 years, its >> potentially in a legal situation as well. > >> ( But that's the fault of the uploader if true, because you can't >> upload anything to CPAN without mirroring being something you didn't >> expect ) > >> Once this license is added, the plan is to rework Ace-*.ebuild to be under > >> LICENSE="|| ( Artistic GPL-1+ ) AcePerl-Indemnity" > >> Upstream: https://metacpan.org/source/LDS/AcePerl-1.92/DISCLAIMER.txt > > The important words are: > "This library is free software; you can redistribute it and/or modify it > under the same terms as Perl itself." > which makes it simply LICENSE="|| ( Artistic GPL-1+ )", and of course, > no mirror restriction is needed. > > The rest is simply an additional warranty disclaimer. I wouldn't even > see it as part of the license, because it is about usage of the > software, not about its distribution.
The language then goes on to add additional terms, so it isn't only under the terms of the perl license. There are two things that worry me here. The first is the indemnification clause. Indemnification in the US is like an insurance policy. If it were to go to court over something covered, those who agreed to provide indemnification must pay the legal expenses of those were taken to court. People have lost in courts for things as small as commas. I am not a lawyer, but I think this needs additional attention. The second is the attribution clause. While it seems silly, this has two possible interpretations: 1. A disclaimer. 2. A solid requirement for people of a certain field of endeavor imposed by the license and enforced by either legal or extralegal means. In the case of the former, it is fine, but in the case of the latter, this is enough to render the license non-free on two grounds: 1. Clause 5 of the OSD that prohibits discrimination against persons or groups: https://opensource.org/osd-annotated 2. The dissident test that we borrow from Debian regarding "excess" distribution: https://wiki.gentoo.org/wiki/License_groups#When_is_a_license_a_free_software_license.3F If this were worded as a reminder, this would not be a problem, but it seems like it could be considered a non-optional request by virtue of copyright being restrictive unless explicit permission is granted. If the language had been along the lines of a recommendation or a reminder of the requirement that credit be provided as required by the academic community for academic integrity, then it would have been fine. For example, something like this would have worked: > It is recommended that if publications result from research using this SOFTWARE, CSHL be acknowledged and/or credit be given to CSHL scientists, as is scientifically appropriate. However, this is what was written: > If publications result from research using this SOFTWARE, we ask that CSHL be acknowledged and/or credit be given to CSHL scientists, as scientifically appropriate. Requests aren't always optional, so this might be construable as the license imposing a requirement. It is a minor point compared to the indemnity clause, but I think it merits additional scrutiny. > > As always: IANAL, TINLA. > > Ulrich >
signature.asc
Description: OpenPGP digital signature
