Re: [License-discuss] FAQ entry on CLAs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/01/15 14:14, Engel Nyst wrote: > CLA stands for contributor *license* agreement. It's a non-exclusive > license, plus some stuff. A non-exclusive licensee doesn't have standing > for license enforcement. One needs to be copyright holder or exclusive > licensee to pursue legal action. (in US) a) If that CLA includes the appropriate legal terminology and phrasing, the organization can pursue legal action, as the _agent_ of the copyright holder; b) If the CLA grants either full ownership of the copyright, or co-copyright owner status to the organization, using the appropriate legal terminology and phrasing, then the organization has the standing to pursue legal remedies on its own. >It creates a nebulous feeling that maybe CLAs "help" too. I don't think they do. How helpful CLAs are, depends upon the specific legal issue(s) that are being addressed. jonathon -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUv0xUAAoJEE1PKy9+kxplAH4QAK0Qj4iwg62PugccKz5+NzuX CLPHQjI2+yP1W1fOVJqr89MLp/vE0tcbH3MsL+2whuQVXKuy+NUwbikk70YmAI+F UEqc84oQtSWccBDs/NHwCrzh9wyXq7mnllK8JNeRA4lRxGBaaFFt3yVd9Avz7tZM xsYIWq02gYvEtfgytkQ+WVRZ1WQLCrjQXosj3wuMx0GXKTyt28cN4kTGvZJOy553 StTDpy7RmWJqblH91TqB/Cwel4Zo4TXYhAc/SI0yKAldb4mohFc6Ju0AdRMvT3jG +Eig5mA5RsoGjZCsmf6CAi2/xEVsvW/hK7qKrcJlDP+z7Pi75jB29ty2otZlDhyR 6aFv/XGSS1XOrjimYICqj4gPhMWl845ehwgnIPHxz+XX5NJJmRwN2SZr5jVWCJyR ZqrktwC6xjbdTYUVLtGFoLaUGg4+JQXPfBzy1BorpaJUjFEU7xi8enaZuh0IxrNP 7HLRM66CfMZdBpkH/sU+BIijvqFNDdrpJ+wLpZr1lJaeyuAL3HOv1Npcvi08ZZSd aCikxKV3a90fLHViIKCgAhXCzX2ZzBGh7bMLP8uuiT5PVsYJ3j0F2zzOMsJlvZdj 9r3mIFrKwq3amJu+ywudXHTdSX1nG9AXcAGXzcw030VABbVEYDxqu6cJ+a71F4mJ iV4qMu7RvRBQqkN5pxuC =mtqh -END PGP SIGNATURE- ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
David Woolley scripsit: > It might be needed because it has become important to integrate the > work with work under and otherwise incompatible open source licence. > In the past, I think it has been necessary to remove contributions > from a minor contributor, to achieve this, because they were unable or > unwilling to licence it under the new licence. Or so people believe, anyway, and tend to act as if true. At least some people think that a co-author can relicense ad libitum at least under U.S. copyright law. -- John Cowan http://www.ccil.org/~cowanco...@ccil.org Micropayment advocates mistakenly believe that efficient allocation of resources is the purpose of markets. Efficiency is a byproduct of market systems, not their goal. The reasons markets work are not because users have embraced efficiency but because markets are the best place to allow users to maximize their preferences, and very often their preferences are not for conservation of cheap resources. --Clay Shirky ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/20/2015 03:24 PM, Ben Tilly wrote: > A project using http://opensource.org/licenses/BSD-3-Clause has > marketing comparing it to Foo's project Bar. But no prior written > permission from Foo was obtained for this. If Foo looks at the > project, notices a bug, and submits a patch under the same license, > the project can't apply that patch without violating the license. I'm not sure I understand correctly. Isn't that intended behavior of the license? (assuming there was claim of endorsement) If I reuse code under BSD license, then I have to comply with the license. (That Foo submitted a patch or I take it myself doesn't seem to make a difference either.) -- Oracle corollary to Hanlon's razor: Never attribute to stupidity what can be adequately explained by malice. (~ adapted from Adam Borowski) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 20/01/15 19:48, Engel Nyst wrote: Please do, though. It's worse to practically state that using an OSI approved license(s) doesn't seem to give the permissions necessary, within the bounds of the license, for anyone to combine one's project from different sources and distribute it. One of the uses of CLA's is to allow the software to be re-licensed under a different open source licence. This can prove highly desirable, but almost impossible, if there are large numbers of contributions under the old licence. It might be needed because it has become important to integrate the work with work under and otherwise incompatible open source licence. In the past, I think it has been necessary to remove contributions from a minor contributor, to achieve this, because they were unable or unwilling to licence it under the new licence. (Something similar happened with OpenStreetmap's map database; some geographical features had to be removed because the project was unable to get permission to use it under a new, less restrictive, licence.) Another common reason is that the open source project is being sponsored by a commercial organisation, which wants rights use the software in a proprietary way as well. They will not redistribute contributions which are not compatible with this. That is the case with Asterisk. In both cases, a third party can integrate their work without using a CLA, but they will have created a competing forked version, so their work is likely to much less well used than the official version. ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
Ben Tilly scripsit: > A project using http://opensource.org/licenses/BSD-3-Clause has > marketing comparing it to Foo's project Bar. I don't know that that counts as "promoting or endorsing" (that would be using the expat XML parser and claiming that James Clark approves of your coftware), but I see your point. -- John Cowan http://www.ccil.org/~cowanco...@ccil.org You know, you haven't stopped talking since I came here. You must have been vaccinated with a phonograph needle. --Rufus T. Firefly ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On Tue, Jan 20, 2015 at 12:09 PM, wrote: > Allison Randal scripsit: > >> If you want specific examples, I'd say GPL and Apache both work fine >> with inbound=outbound. GPL takes a position close to compelling >> inbound=outbound. Apache 2.0 was specifically designed with >> inbound=outbound in mind, you can see fingerprints of it all over the >> text. > > I cannot imagine any open source license (other than un-templated ones with > hard-coded licensors) that *cannot* work as an inbound license. Does > anyone have counterexamples? Here is a simple example. A project using http://opensource.org/licenses/BSD-3-Clause has marketing comparing it to Foo's project Bar. But no prior written permission from Foo was obtained for this. If Foo looks at the project, notices a bug, and submits a patch under the same license, the project can't apply that patch without violating the license. >> I totally support campaigning for inbound=outbound and DCO, > > What does DCO mean in this context? > > -- > John Cowan http://www.ccil.org/~cowanco...@ccil.org > Mr. Henry James writes fiction as if it were a painful duty. --Oscar Wilde > > > ___ > License-discuss mailing list > License-discuss@opensource.org > http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/20/2015 12:09 PM, co...@ccil.org wrote: > > What does DCO mean in this context? Developer Certificate of Origin, as used by the Linux Kernel. It's essentially a way of being more explicit about an inbound=outbound contribution policy, by having each developer "sign off" that they acknowledge the policy with each commit. It's about half-way down the page on: https://www.kernel.org/doc/Documentation/SubmittingPatches Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
Allison Randal scripsit: > If you want specific examples, I'd say GPL and Apache both work fine > with inbound=outbound. GPL takes a position close to compelling > inbound=outbound. Apache 2.0 was specifically designed with > inbound=outbound in mind, you can see fingerprints of it all over the > text. I cannot imagine any open source license (other than un-templated ones with hard-coded licensors) that *cannot* work as an inbound license. Does anyone have counterexamples? > I totally support campaigning for inbound=outbound and DCO, What does DCO mean in this context? -- John Cowan http://www.ccil.org/~cowanco...@ccil.org Mr. Henry James writes fiction as if it were a painful duty. --Oscar Wilde ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/20/2015 12:50 PM, Allison Randal wrote: > I wrote up an example of an open source license that has different > legal effects when used inbound and outbound, but I've deleted it to > avoid taking this thread down a rabbit hole. Please do, though. It's worse to practically state that using an OSI approved license(s) doesn't seem to give the permissions necessary, within the bounds of the license, for anyone to combine one's project from different sources and distribute it. > The key point is that inbound=outbound is a contribution policy, a > specific use of an open source license within a particular context. > OSI reviews the text of licenses, it doesn't review contribution > policies. The issue here is simply that inbound=outbound must hold, because it's not a "random" contribution policy. OSD compliance is why it holds. -- "Public works must serve a community. Open source licensing ensures the Tools are accessible to the world. We have not found any authority for the proposition that the world is a community within the meaning of 501(c)(3)." (~US IRS) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/20/2015 10:46 AM, Engel Nyst wrote: > > That doesn't make any sense. How is the open source license not good? > How doesn't it give permissions set out in OSD? And WHY was it approved > if it doesn't comply? You're missing the point. The open source license is good, does give the permissions set out in the OSD, and does comply with the requirements of the OSD. But meeting one set of requirements for OSD doesn't guarantee it meets some other related set of requirements for inbound=outbound. A license isn't "bad" or "anti-open source" if it doesn't happen to work in an inbound=outbound contribution policy. If you want specific examples, I'd say GPL and Apache both work fine with inbound=outbound. GPL takes a position close to compelling inbound=outbound. Apache 2.0 was specifically designed with inbound=outbound in mind, you can see fingerprints of it all over the text. You're confusing "no comment" for "opposition". OSI makes no comment on whether particular open source licenses are appropriate for use in an inbound=outbound contribution policy. That doesn't mean it's opposed to inbound=outbound. To take this in a more productive direction, you may be interested in some research I started last year, in which early results indicate that inbound=outbound is the most common contribution policy currently used for open source projects, and that DCO is regarded as substantially preferable to CLA or CAA. I still need to write up the study in more detail, but a couple of graphs I've produced so far are useful illustrations. Contribution policies developers have contributed under in the past: https://github.com/allisonrandal/contrib-policy-survey/blob/master/graphs/signed.png Contribution policies developers are willing to contribute under in the future: https://github.com/allisonrandal/contrib-policy-survey/blob/master/graphs/future.png I totally support campaigning for inbound=outbound and DCO, but the OSI FAQ pages aren't the right place to do it. Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/18/2015 02:57 PM, Radcliffe, Mark wrote: > As Allison noted, most OSI approved licenses can be used for inbound > use, but we do not take a position on that issue in approving > licenses. [..] Thus, the approval of a license by OSI as meeting the > criteria of the OSD does not reflect a review of the use of the > license as "inbound" but only "outbound". This is deeply concerning. Is OSI's position out of the sudden that it has approved some licenses which haven't been checked for compliance with #5, #6 and #7 for any person or entity receiving code? OSD contains exceptions, entities which the license might prohibit from incorporating or distributing code under that allegedly open license? That's plain illogical. It's like, when a developer licenses their work under an open license, the license "wasn't reviewed" for conformance with OSD, thus it might not grant the permissions to anyone receiving the software. But when you're a mere *LICENSEE* [with CLA] of that developer, then suddenly your purported license "was reviewed" for OSD conformance. (or if you're accumulating copyright, then your license somehow becomes "reviewed") That doesn't make any sense. How is the open source license not good? How doesn't it give permissions set out in OSD? And WHY was it approved if it doesn't comply? I don't see in OSD #3 that the license "may prohibit modifications and derivative works or distributing them under the same license, if you're for example Random J. Developer, writing and licensing your patch, and not a copyright accumulator of a kind or another". I don't know how is this under doubt. If, by licensing their code under an OSI-approved license, developers aren't giving permissions "to any entity", then software developed without CLAs is under doubt. I guess the next thing is to see how long will OSI continue to use open source software developed without CLAs. Because, while OSI might think it has received open source software, if the project you got it from has an OSI-approved license from copyright holders, it wouldn't matter: the license itself *may not have given permission* to distribute in the first place. It might have been, who knows, one of those 'some' unspecified OSI-approved licenses that you suggest wouldn't work inbound=outbound. > Different communities have different approaches Wanting more licenses is not, and cannot be, about *uncertainty* whether a license meets the OSD. Different entities have different reasons for wanting *additional* stuff. They might WANT to give another license to some or all, now or in the future, open source or proprietary. Therefore they *choose* to ask for another license. Or they might have policies for committers to repositories they host, therefore they might have an agreement for that. Or they might OFFER to enforce the license in a court of law for more or all copyrightable material in a work. Or they might want another license, and instead of being upfront about it, they attempt to place open source licensing under fear, uncertainty and doubt. But that Open Source Definition page out there sets the criteria according to which the license must conform, for any copyright holders to grant permissions to any entity receiving code under that license. Since when is OSI going back on that, and claims now that "some" entities might not receive these permissions for "some" OSI-approved licenses? > the Apache Software Foundation uses specific CLAs for its projects Does ASF use CLAs /because/ AL2.0 is uncertain, it hasn't been checked whether it gives them the rights to reuse, modify, distribute the code they'd receive under it, under the conditions of AL2.0? > FSF has long used an assignment approach Indeed, for some projects, and for some not. FSF's practice has (like ASF's) confused people, and both were (ab)used to further confusion. Regardless, does it follow from here that GPL might not be safe to use inbound, it might not give the permissions to copy, modify and further distribute derivative works of the code when an entity is receiving it under GPL? This is a non-sequitur, and shocking that OSI thinks it's okay to popularize it. (random signature...) -- "Excuse me, Professor Lessig, may I ask you to sign this CLA, so we can *legally* have your permission to remix and distribute your CC-licensed works?" ~ Permission culture, take two. ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/18/2015 11:14 AM, Engel Nyst wrote: > The relevant aspect here, seems to me, is that OSI's criteria for open > source licenses *include* whether the *license used inbound* is giving > rights to anyone receiving the software, as set out in the OSD. > > Anyone includes the "project", a legal entity behind the project, the > interest groups around a project, just like it includes individual > users, recipients of the software from the original developer or > project, etc. > > OSI criteria do this by OSD #5, #6 and #7. It is true that for the rights required by the OSD, those rights are granted to anyone who receives the software. OSD #3 is an even greater protector of inbound=outbound, since it requires that any open source license permit modification with redistribution under the same license. But, these facts don't guarantee that all open source licenses are appropriate for use as inbound=outbound, they only demonstrate that the licenses have *some* characteristics that fit with inbound=outbound. I wrote up an example of an open source license that has different legal effects when used inbound and outbound, but I've deleted it to avoid taking this thread down a rabbit hole. The key point is that inbound=outbound is a contribution policy, a specific use of an open source license within a particular context. OSI reviews the text of licenses, it doesn't review contribution policies. Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/19/2015 08:04 PM, jonathon wrote: > Some organizations use the CLA so that when license violations are > found, if the violator refuses to correct the problem, pursuing > legal remedies is much easier. CLA stands for contributor *license* agreement. It's a non-exclusive license, plus some stuff. A non-exclusive licensee doesn't have standing for license enforcement. One needs to be copyright holder or exclusive licensee to pursue legal action. (in US) This is one of the reasons why lumping CLAs and CAAs together tends to confuse. It creates a nebulous feeling that maybe CLAs "help" too. I don't think they do. -- ~ "We like to think of our forums as a Free-Speech Zone. And freedom works best at the point of a bayonet." (Amazon, Inc.) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss