Eric, I'd like rubygems.org to check that there *is* a license, and either that it's a license listed on http://www.opensource.org/licenses (the whitelist) or that it's marked as a custom otherwise-free/open license.
My suggestion is that rubygems.org enforce a license whitelist *but also permit an escape hatch* (i.e., permit marking a gem as using a custom but otherwise free/open license). So rubygems.org wouldn't be *policing* per-se. It would be making an effort to get good license metadata and to have gem authors provide it. The requirement from rubygems.org can be phased in over time, with the warning to gem authors in the rubygems library coming first and coming well in advance of any enforcement by the rubygems.org server. Gem authors will have been seeing this warning for perhaps a year when building/pushing new gems or new versions of gems that are missing licenses, and will be well-prepared for rubygems.org to begin enforcing a whitelist (while also permitting the escape hatch above). Organizations' attorneys are often concerned with protecting their organizations or clients from the mere possibility of litigation or any type of legal action, regardless of how unlikely ligation or other action might be. Additionally, in our litigious New America, *successful* suits in this area may be rare, but unscrupulous folk may be likely to to try a lawsuit - not to try to win - but to make the defendant cry uncle and beg to settle quickly. To try to prevent against such scenarios, organizations' attorneys may want the developers to be vigilant against using anything against its license. The point isn't that it happens. The point is to prevent it from happening as far as possible. To go to a finer point, someone might upload his software to an open-source code-sharing site, with the intention that his software be copyleft, but forgetting to include a specific license. Someone else might download and use the software in his commercial project in a way inconsistent with a copyleft license. The hypothetical tooling to check all the licenses is equally useful for answering the question "can I be sued?" as it is for answering the more-fundamental questions "am I being honest?" and "am I treating my fellow developers with respect (by not using their software against their will)?" Cheers, Jay Feldblum On Thu, Oct 13, 2011 at 11:15 PM, Eric Hodel <drbr...@segment7.net> wrote: > On Oct 13, 2011, at 2:45 PM, Jay Feldblum wrote: > > Instead, some innocent programmer might download and use a gem from > rubygems.org *illegally*, and *punishably under the law*. > > It's not the job of RubyGems to police what people do beyond making sure > the versions of gems they install are mutually compatible. > > I've heard people claim that using certain combinations of GPL and certain > other-licensed software is illegal. Restricting this through RubyGems is > not going to prevent people from using such combinations as they'll work > around it. > > Yes, I understand that mandatory licenses in the spec will make it easier > for users of gems that want to audit licenses of gems they installed to do > so, but getting authors setting the license in the spec is your first > problem. Sudden, mandatory licensing is likely to go over with them about > as well as the deprecation warnings on RubyGems 1.8.0 without a careful > campaign of education on why it is useful to pave the way. > > PS: Can you show a case where a software author has uploaded unlicensed (or > non-free-licensed) software to a website where open-source software is > shared (like rubygems.org, sf.net, rubyforge.org, code.google.com or > similar) then sued users who downloaded it? I haven't heard of such a thing > in over ten years of open source contribution and use so I'm highly > unconvinced. > > I think a successful suit is about as likely as an arrest for taking > cookies from an unsupervised plate in the middle of a public park that's > sitting next to a box with a "free" sign. Sure, the cookie plate doesn't > say "free", but why did you put it next to the free box in the first place? > _______________________________________________ > RubyGems-Developers mailing list > http://rubyforge.org/projects/rubygems > RubyGems-Developers@rubyforge.org > http://rubyforge.org/mailman/listinfo/rubygems-developers > _______________________________________________ RubyGems-Developers mailing list http://rubyforge.org/projects/rubygems RubyGems-Developers@rubyforge.org http://rubyforge.org/mailman/listinfo/rubygems-developers
