Re: [License-discuss] FAQ entry on CLAs

2015-01-21 Thread John A. Lewis - Pointful
The possible need for re-licensing under a different open source license is
one the biggest reasons I am generally an advocate for CLAs (with an
appropriate community-based governance organization like the ASF). I find
the cautionary tale of the Mozilla Relicensing Effort [1] illuminating
-- it took 4.5 years to track down 445 contributors and get appropriate
permission so that Firefox/Thunderbird/etc could be directly included into
Linux distros. All of which could have been avoided with an Apache-style
CLA in place.

[1] http://www-archive.mozilla.org/MPL/relicensing-faq.html
[2] http://blog.gerv.net/2006/03/relicensing_complete/



On Tue, Jan 20, 2015 at 4:02 PM, David Woolley 
wrote:
>
>
> One of the uses of CLA's is to allow the software to be re-licensed under
> a different open source licence.  This can prove highly desirable, but
> almost impossible, if there are large numbers of contributions under the
> old licence.  It might be needed because it has become important to
> integrate the work with work under and otherwise incompatible open source
> licence.  In the past, I think it has been necessary to remove
> contributions from a minor contributor, to achieve this, because they were
> unable or unwilling to licence it under the new licence. (Something similar
> happened with OpenStreetmap's map database; some geographical features had
> to be removed because the project was unable to get permission to use it
> under a new, less restrictive, licence.)
>
>
>
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread jonathon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



On 20/01/15 14:14, Engel Nyst wrote:

> CLA stands for contributor *license* agreement. It's a non-exclusive
> license, plus some stuff. A non-exclusive licensee doesn't have standing
> for license enforcement. One needs to be copyright holder or exclusive
> licensee to pursue legal action. (in US)

a) If that CLA includes the appropriate legal terminology and phrasing,
the organization can pursue legal action, as the _agent_ of the
copyright holder;

b) If the CLA grants either full ownership of the copyright, or
co-copyright owner status to the organization, using the appropriate
legal terminology and phrasing, then the organization has the standing
to pursue legal remedies on its own.

>It creates a nebulous feeling that maybe CLAs "help" too. I don't think
they do.

How helpful CLAs are, depends upon the specific legal issue(s) that are
being addressed.

jonathon
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJUv0xUAAoJEE1PKy9+kxplAH4QAK0Qj4iwg62PugccKz5+NzuX
CLPHQjI2+yP1W1fOVJqr89MLp/vE0tcbH3MsL+2whuQVXKuy+NUwbikk70YmAI+F
UEqc84oQtSWccBDs/NHwCrzh9wyXq7mnllK8JNeRA4lRxGBaaFFt3yVd9Avz7tZM
xsYIWq02gYvEtfgytkQ+WVRZ1WQLCrjQXosj3wuMx0GXKTyt28cN4kTGvZJOy553
StTDpy7RmWJqblH91TqB/Cwel4Zo4TXYhAc/SI0yKAldb4mohFc6Ju0AdRMvT3jG
+Eig5mA5RsoGjZCsmf6CAi2/xEVsvW/hK7qKrcJlDP+z7Pi75jB29ty2otZlDhyR
6aFv/XGSS1XOrjimYICqj4gPhMWl845ehwgnIPHxz+XX5NJJmRwN2SZr5jVWCJyR
ZqrktwC6xjbdTYUVLtGFoLaUGg4+JQXPfBzy1BorpaJUjFEU7xi8enaZuh0IxrNP
7HLRM66CfMZdBpkH/sU+BIijvqFNDdrpJ+wLpZr1lJaeyuAL3HOv1Npcvi08ZZSd
aCikxKV3a90fLHViIKCgAhXCzX2ZzBGh7bMLP8uuiT5PVsYJ3j0F2zzOMsJlvZdj
9r3mIFrKwq3amJu+ywudXHTdSX1nG9AXcAGXzcw030VABbVEYDxqu6cJ+a71F4mJ
iV4qMu7RvRBQqkN5pxuC
=mtqh
-END PGP SIGNATURE-
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread John Cowan
David Woolley scripsit:

> It might be needed because it has become important to integrate the
> work with work under and otherwise incompatible open source licence.
> In the past, I think it has been necessary to remove contributions
> from a minor contributor, to achieve this, because they were unable or
> unwilling to licence it under the new licence.

Or so people believe, anyway, and tend to act as if true.  At least some
people think that a co-author can relicense ad libitum at least under
U.S. copyright law.

-- 
John Cowan  http://www.ccil.org/~cowanco...@ccil.org
Micropayment advocates mistakenly believe that efficient allocation of
resources is the purpose of markets.  Efficiency is a byproduct of market
systems, not their goal.  The reasons markets work are not because users
have embraced efficiency but because markets are the best place to allow
users to maximize their preferences, and very often their preferences are
not for conservation of cheap resources.  --Clay Shirky
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread Engel Nyst
On 01/20/2015 03:24 PM, Ben Tilly wrote:
> A project using http://opensource.org/licenses/BSD-3-Clause has
> marketing comparing it to Foo's project Bar.  But no prior written
> permission from Foo was obtained for this.  If Foo looks at the
> project, notices a bug, and submits a patch under the same license,
> the project can't apply that patch without violating the license.

I'm not sure I understand correctly. Isn't that intended behavior of the
license? (assuming there was claim of endorsement)

If I reuse code under BSD license, then I have to comply with the license.

(That Foo submitted a patch or I take it myself doesn't seem to make a
difference either.)


-- 
Oracle corollary to Hanlon's razor:
Never attribute to stupidity what can be adequately explained by malice.
(~ adapted from Adam Borowski)
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread David Woolley

On 20/01/15 19:48, Engel Nyst wrote:

Please do, though. It's worse to practically state that using an OSI
approved license(s) doesn't seem to give the permissions necessary,
within the bounds of the license, for anyone to combine one's project
from different sources and distribute it.


One of the uses of CLA's is to allow the software to be re-licensed 
under a different open source licence.  This can prove highly desirable, 
but almost impossible, if there are large numbers of contributions under 
the old licence.  It might be needed because it has become important to 
integrate the work with work under and otherwise incompatible open 
source licence.  In the past, I think it has been necessary to remove 
contributions from a minor contributor, to achieve this, because they 
were unable or unwilling to licence it under the new licence. 
(Something similar happened with OpenStreetmap's map database; some 
geographical features had to be removed because the project was unable 
to get permission to use it under a new, less restrictive, licence.)


Another common reason is that the open source project is being sponsored 
by a commercial organisation, which wants rights use the software in a 
proprietary way as well.  They will not redistribute contributions which 
are not compatible with this.  That is the case with Asterisk.


In both cases, a third party can integrate their work without using a 
CLA, but they will have created a competing forked version, so their 
work is likely to much less well used than the official version.

___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread cowan
Ben Tilly scripsit:

> A project using http://opensource.org/licenses/BSD-3-Clause has
> marketing comparing it to Foo's project Bar.

I don't know that that counts as "promoting or endorsing" (that would
be using the expat XML parser and claiming that James Clark approves
of your coftware), but I see your point.


-- 
John Cowan  http://www.ccil.org/~cowanco...@ccil.org
You know, you haven't stopped talking since I came here. You must
have been vaccinated with a phonograph needle.
--Rufus T. Firefly


___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread Ben Tilly
On Tue, Jan 20, 2015 at 12:09 PM,   wrote:
> Allison Randal scripsit:
>
>> If you want specific examples, I'd say GPL and Apache both work fine
>> with inbound=outbound. GPL takes a position close to compelling
>> inbound=outbound. Apache 2.0 was specifically designed with
>> inbound=outbound in mind, you can see fingerprints of it all over the
>> text.
>
> I cannot imagine any open source license (other than un-templated ones with
> hard-coded licensors) that *cannot* work as an inbound license.  Does
> anyone have counterexamples?

Here is a simple example.

A project using http://opensource.org/licenses/BSD-3-Clause has
marketing comparing it to Foo's project Bar.  But no prior written
permission from Foo was obtained for this.  If Foo looks at the
project, notices a bug, and submits a patch under the same license,
the project can't apply that patch without violating the license.

>> I totally support campaigning for inbound=outbound and DCO,
>
> What does DCO mean in this context?
>
> --
> John Cowan  http://www.ccil.org/~cowanco...@ccil.org
> Mr. Henry James writes fiction as if it were a painful duty.  --Oscar Wilde
>
>
> ___
> License-discuss mailing list
> License-discuss@opensource.org
> http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread Allison Randal
On 01/20/2015 12:09 PM, co...@ccil.org wrote:
> 
> What does DCO mean in this context?

Developer Certificate of Origin, as used by the Linux Kernel. It's
essentially a way of being more explicit about an inbound=outbound
contribution policy, by having each developer "sign off" that they
acknowledge the policy with each commit. It's about half-way down the
page on:

https://www.kernel.org/doc/Documentation/SubmittingPatches

Allison
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread cowan
Allison Randal scripsit:

> If you want specific examples, I'd say GPL and Apache both work fine
> with inbound=outbound. GPL takes a position close to compelling
> inbound=outbound. Apache 2.0 was specifically designed with
> inbound=outbound in mind, you can see fingerprints of it all over the
> text.

I cannot imagine any open source license (other than un-templated ones with
hard-coded licensors) that *cannot* work as an inbound license.  Does
anyone have counterexamples?

> I totally support campaigning for inbound=outbound and DCO,

What does DCO mean in this context?

-- 
John Cowan  http://www.ccil.org/~cowanco...@ccil.org
Mr. Henry James writes fiction as if it were a painful duty.  --Oscar Wilde


___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread Engel Nyst
On 01/20/2015 12:50 PM, Allison Randal wrote:
> I wrote up an example of an open source license that has different
> legal effects when used inbound and outbound, but I've deleted it to
>  avoid taking this thread down a rabbit hole.

Please do, though. It's worse to practically state that using an OSI
approved license(s) doesn't seem to give the permissions necessary,
within the bounds of the license, for anyone to combine one's project
from different sources and distribute it.

> The key point is that inbound=outbound is a contribution policy, a
> specific use of an open source license within a particular context.
> OSI reviews the text of licenses, it doesn't review contribution
> policies.

The issue here is simply that inbound=outbound must hold, because it's
not a "random" contribution policy. OSD compliance is why it holds.

-- 
"Public works must serve a community. Open source licensing ensures the
Tools are accessible to the world. We have not found any authority for
the proposition that the world is a community within the meaning of
501(c)(3)."
  (~US IRS)
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread Allison Randal
On 01/20/2015 10:46 AM, Engel Nyst wrote:
> 
> That doesn't make any sense. How is the open source license not good?
> How doesn't it give permissions set out in OSD? And WHY was it approved
> if it doesn't comply?

You're missing the point. The open source license is good, does give the
permissions set out in the OSD, and does comply with the requirements of
the OSD. But meeting one set of requirements for OSD doesn't guarantee
it meets some other related set of requirements for inbound=outbound. A
license isn't "bad" or "anti-open source" if it doesn't happen to work
in an inbound=outbound contribution policy.

If you want specific examples, I'd say GPL and Apache both work fine
with inbound=outbound. GPL takes a position close to compelling
inbound=outbound. Apache 2.0 was specifically designed with
inbound=outbound in mind, you can see fingerprints of it all over the text.

You're confusing "no comment" for "opposition". OSI makes no comment on
whether particular open source licenses are appropriate for use in an
inbound=outbound contribution policy. That doesn't mean it's opposed to
inbound=outbound.


To take this in a more productive direction, you may be interested in
some research I started last year, in which early results indicate that
inbound=outbound is the most common contribution policy currently used
for open source projects, and that DCO is regarded as substantially
preferable to CLA or CAA. I still need to write up the study in more
detail, but a couple of graphs I've produced so far are useful
illustrations.

Contribution policies developers have contributed under in the past:
https://github.com/allisonrandal/contrib-policy-survey/blob/master/graphs/signed.png

Contribution policies developers are willing to contribute under in the
future:
https://github.com/allisonrandal/contrib-policy-survey/blob/master/graphs/future.png


I totally support campaigning for inbound=outbound and DCO, but the OSI
FAQ pages aren't the right place to do it.

Allison
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread Engel Nyst
On 01/18/2015 02:57 PM, Radcliffe, Mark wrote:
> As Allison noted, most OSI approved licenses can be used for inbound
> use, but we do not take a position on that issue in approving
> licenses. [..] Thus, the approval of a license by OSI as meeting the
> criteria of the OSD does not reflect a review of the use of the
> license as "inbound" but only "outbound".

This is deeply concerning. Is OSI's position out of the sudden that it
has approved some licenses which haven't been checked for compliance
with #5, #6 and #7 for any person or entity receiving code?

OSD contains exceptions, entities which the license might prohibit from
incorporating or distributing code under that allegedly open license?

That's plain illogical. It's like, when a developer licenses their work
under an open license, the license "wasn't reviewed" for conformance
with OSD, thus it might not grant the permissions to anyone receiving
the software. But when you're a mere *LICENSEE* [with CLA] of that
developer, then suddenly your purported license "was reviewed" for OSD
conformance.
(or if you're accumulating copyright, then your license somehow becomes
"reviewed")

That doesn't make any sense. How is the open source license not good?
How doesn't it give permissions set out in OSD? And WHY was it approved
if it doesn't comply?

I don't see in OSD #3 that the license "may prohibit modifications and
derivative works or distributing them under the same license, if you're
for example Random J. Developer, writing and licensing your patch, and
not a copyright accumulator of a kind or another".

I don't know how is this under doubt. If, by licensing their code under
an OSI-approved license, developers aren't giving permissions "to any
entity", then software developed without CLAs is under doubt. I guess
the next thing is to see how long will OSI continue to use open source
software developed without CLAs. Because, while OSI might think it has
received open source software, if the project you got it from has an
OSI-approved license from copyright holders, it wouldn't matter: the
license itself *may not have given permission* to distribute in the
first place.

It might have been, who knows, one of those 'some' unspecified
OSI-approved licenses that you suggest wouldn't work inbound=outbound.

> Different communities have different approaches

Wanting more licenses is not, and cannot be, about *uncertainty* whether
a license meets the OSD.

Different entities have different reasons for wanting *additional*
stuff. They might WANT to give another license to some or all, now or in
the future, open source or proprietary. Therefore they *choose* to ask
for another license. Or they might have policies for committers to
repositories they host, therefore they might have an agreement for that.
Or they might OFFER to enforce the license in a court of law for more or
all copyrightable material in a work.

Or they might want another license, and instead of being upfront about
it, they attempt to place open source licensing under fear, uncertainty
and doubt.

But that Open Source Definition page out there sets the criteria
according to which the license must conform, for any copyright holders
to grant permissions to any entity receiving code under that license.

Since when is OSI going back on that, and claims now that "some"
entities might not receive these permissions for "some" OSI-approved
licenses?

> the Apache Software Foundation uses specific CLAs for its projects

Does ASF use CLAs /because/ AL2.0 is uncertain, it hasn't been checked
whether it gives them the rights to reuse, modify, distribute the code
they'd receive under it, under the conditions of AL2.0?

> FSF has long used an assignment approach

Indeed, for some projects, and for some not. FSF's practice has (like
ASF's) confused people, and both were (ab)used to further confusion.

Regardless, does it follow from here that GPL might not be safe to use
inbound, it might not give the permissions to copy, modify and further
distribute derivative works of the code when an entity is receiving it
under GPL?

This is a non-sequitur, and shocking that OSI thinks it's okay to
popularize it.

(random signature...)

-- 
  "Excuse me, Professor Lessig, may I ask you to sign this CLA, so we can
*legally* have your permission to remix and distribute your CC-licensed
works?"
  ~ Permission culture, take two.
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread Allison Randal
On 01/18/2015 11:14 AM, Engel Nyst wrote:
> The relevant aspect here, seems to me, is that OSI's criteria for open
> source licenses *include* whether the *license used inbound* is giving
> rights to anyone receiving the software, as set out in the OSD.
> 
> Anyone includes the "project", a legal entity behind the project, the
> interest groups around a project, just like it includes individual
> users, recipients of the software from the original developer or
> project, etc.
> 
> OSI criteria do this by OSD #5, #6 and #7.

It is true that for the rights required by the OSD, those rights are
granted to anyone who receives the software. OSD #3 is an even greater
protector of inbound=outbound, since it requires that any open source
license permit modification with redistribution under the same license.

But, these facts don't guarantee that all open source licenses are
appropriate for use as inbound=outbound, they only demonstrate that the
licenses have *some* characteristics that fit with inbound=outbound.

I wrote up an example of an open source license that has different legal
effects when used inbound and outbound, but I've deleted it to avoid
taking this thread down a rabbit hole.

The key point is that inbound=outbound is a contribution policy, a
specific use of an open source license within a particular context. OSI
reviews the text of licenses, it doesn't review contribution policies.

Allison
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-20 Thread Engel Nyst
On 01/19/2015 08:04 PM, jonathon wrote:
> Some organizations use the CLA so that when license violations are
> found, if the violator refuses to correct the problem, pursuing
> legal remedies is much easier.

CLA stands for contributor *license* agreement. It's a non-exclusive
license, plus some stuff. A non-exclusive licensee doesn't have standing
for license enforcement. One needs to be copyright holder or exclusive
licensee to pursue legal action. (in US)

This is one of the reasons why lumping CLAs and CAAs together tends to
confuse. It creates a nebulous feeling that maybe CLAs "help" too. I
don't think they do.


-- 
~ "We like to think of our forums as a Free-Speech Zone. And freedom
works best at the point of a bayonet." (Amazon, Inc.)
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-19 Thread jonathon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 16/01/15 13:48, Engel Nyst wrote:

> It says "many" open source projects use these agreements. I have to
> dispute the implied suggestion that there are more than not.

For some licenses, if you want to contribute back any changes you made
to the source code, CLAs are so common that one might think that they
are mandatory.

For other licenses, it is as if CLAs are a foreign concept that nobody
has ever heard of, much less used.

> But an open source license does this: by licensing their modification under 
> the license of the project, 
developers tell the project that it has the right to distribute those
modifications under the project's existing open source license.

YOu have to look at the reasons why the organization is requesting the CLA:
* With some licenses, the point of the CLA appears to ensure that the
alleged open source program remains a tightly controlled proprietary
software that is distributed commercially;
* With some licenses, the point of the CLA appears to be able to enforce
copyright, when there are license violations;

> Does this mean that the entity behind the project /wants/ to license under 
> other licenses than the open source license of the project,
or does it suggest that the project /needs/ CLAs to do its incorporation
and distribution of code under the open source license it has?

Some organizations use the CLA so that the open source code can be
relicensed as closed source.
Some organizations use the CLA so that when license violations are
found, if the violator refuses to correct the problem, pursuing legal
remedies is much easier.

>The ambiguity has the effect of implying the second and obscuring the
first.
That ambiguity is why OSI should not even mention CLAs.

jonathon
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJUval3AAoJEE1PKy9+kxplw9sQAKLM/gpdBhsPj7/EoweEoQEC
Mcv5se3zNg/KRqctjWFW0uYsXKagal5iK2r1KsbFTaoUXh++8lS8a1uKJ9rwHvsP
SNjBk2WpabX26YoXvpaglvrgyCPC10znWvYMVgbcFke+AwAyoTBisAo+Kh4SRAte
9/lHwHaI+tFOy24n5qxLC6H+p5d+SJxUkpOOKN7KAubtYyuJ0Aqnp+Pn9EeN9+Dj
vq4ljvmhjMfRVAzZU+/F+iwtQo0VM40fuKiCiZZylaQtbGgGQZaisG5Oe6E5bMfr
Rk1yLMiGHQTLiPnOi0FAaw5aU/4p1pYsISfbkg1VCxb1zjRiX1mZN0f2MxtCBz0X
Nfskc+7Ny0ztKV0r8IUqQeu/b5kZrCWDtG1hPaSMyMX7Bv9BK6wJfPIpRGWsbeaZ
8P0D7GMxizEH/fjv/pWbaJs2gu15j+4/MUKMOW+XsZ847yVTYGTU6smPBV2hBBAN
3xHCRdOCmxD+MerjY9Sr12/T9k2P2S8wqfQYdKoPfh4KRuwvcZwWFPKX3waDuzeP
HzAQhWGbGHFzbQOKE02EnOm5t7lFK9DjpbrnXcU8OVbny/FwrkLD2WEmr49YAbNr
lhNxRZQ5GMLw3h0VZa2OtcbEX+KtO0APjrDBphDMNHo0L4CcDyRoRB2egYAhVj+e
wX5gBw83R3VEZ0NhNJcZ
=cRdD
-END PGP SIGNATURE-
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-18 Thread Radcliffe, Mark
I am the counsel to OSI.  As Allison noted, most OSI approved licenses can be 
used for inbound use, but we do not take a position on that issue in approving 
licenses.  Different communities have different approaches, the Apache Software 
Foundation uses specific CLAs for its projects (and some projects using the 
Apache Software License use the ASL as the CLA) and FSF has long used an 
assignment approach.  Thus, the approval of a license by OSI as meeting the 
criteria of the OSD does not reflect a review of the use of the license as 
"inbound" but only "outbound".

-Original Message-
From: license-discuss-boun...@opensource.org 
[mailto:license-discuss-boun...@opensource.org] On Behalf Of Engel Nyst
Sent: Sunday, January 18, 2015 11:14 AM
To: license-discuss
Subject: Re: [License-discuss] FAQ entry on CLAs

On 01/17/2015 01:57 PM, Allison Randal wrote:
> OSI's criteria for open source licenses doesn't include any review of 
> whether the *license used inbound* would be respectful of developers'
> rights and desires for the use of their code, encourage healthy 
> collaboration in the community of developers, allow for ongoing 
> maintenance of an established codebase by an ever-changing group of 
> developers, empower groups who want to do active GPL enforcement, etc, 
> etc.
[my emphasis]

I see your point. I agree these issues are not part of a review for OSD 
compliance.

The relevant aspect here, seems to me, is that OSI's criteria for open source 
licenses *include* whether the *license used inbound* is giving rights to 
anyone receiving the software, as set out in the OSD.

Anyone includes the "project", a legal entity behind the project, the interest 
groups around a project, just like it includes individual users, recipients of 
the software from the original developer or project, etc.

OSI criteria do this by OSD #5, #6 and #7.

> A single legal document is perfectly adequate to cover both 
> contribution and receiving, and I expect any license OSI has approved 
> would be fine used inbound=outbound. But when OSI approves a license 
> it is only making a statement that the license meets the outbound 
> criteria of the OSD.

 From the above, it follows that when OSI approves a license, it is making a 
statement that the license meets the criteria of the OSD, *whether used inbound 
or outbound*.

(Therefore, I don't guess it would be fine used inbound=outbound. It is fine. 
It *has* to be. Solely from the perspective of the rights set out in OSD, that 
is.)


--
~ "We like to think of our forums as a Free-Speech Zone. And freedom works best 
at the point of a bayonet." (Amazon, Inc.) 
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Please consider the environment before printing this email.

The information contained in this email may be confidential and/or legally 
privileged. It has been sent for the sole use of the intended recipient(s). If 
the reader of this message is not an intended recipient, you are hereby 
notified that any unauthorized review, use, disclosure, dissemination, 
distribution, or copying of this communication, or any of its contents, is 
strictly prohibited. If you have received this communication in error, please 
reply to the sender and destroy all copies of the message. To contact us 
directly, send to postmas...@dlapiper.com. Thank you.

___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-18 Thread Engel Nyst
On 01/17/2015 01:57 PM, Allison Randal wrote:
> OSI's criteria for open source licenses doesn't include any review of
> whether the *license used inbound* would be respectful of developers'
> rights and desires for the use of their code, encourage healthy
> collaboration in the community of developers, allow for ongoing
> maintenance of an established codebase by an ever-changing group of
> developers, empower groups who want to do active GPL enforcement,
> etc, etc.
[my emphasis]

I see your point. I agree these issues are not part of a review for OSD
compliance.

The relevant aspect here, seems to me, is that OSI's criteria for open
source licenses *include* whether the *license used inbound* is giving
rights to anyone receiving the software, as set out in the OSD.

Anyone includes the "project", a legal entity behind the project, the
interest groups around a project, just like it includes individual
users, recipients of the software from the original developer or
project, etc.

OSI criteria do this by OSD #5, #6 and #7.

> A single legal document is perfectly adequate to cover both
> contribution and receiving, and I expect any license OSI has approved
> would be fine used inbound=outbound. But when OSI approves a license
> it is only making a statement that the license meets the outbound
> criteria of the OSD.

 From the above, it follows that when OSI approves a license, it is
making a statement that the license meets the criteria of the OSD,
*whether used inbound or outbound*.

(Therefore, I don't guess it would be fine used inbound=outbound. It is
fine. It *has* to be. Solely from the perspective of the rights set out
in OSD, that is.)


-- 
~ "We like to think of our forums as a Free-Speech Zone. And freedom
works best at the point of a bayonet." (Amazon, Inc.)
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-18 Thread Allison Randal
On 01/17/2015 10:21 AM, Engel Nyst wrote:
> 
> Reviewing doesn't seem to have anything to do with it indeed, but other
> than that I'm not sure I understand the difference you feel important
> here. An open source license is "inbound" or "outbound" depending only
> on the position /of the speaker/. There is no absolute direction, it's
> relative to the speaker.
> 
> Am I looking at some code I wrote, or am I looking at code someone else
> wrote. Why is that relevant?
> 
> There is probably no way to make a statement like this without taking a
> position, and the above does that. It's saying that "inbound agreements"
> are something else than open licenses, fulfill an unspecified need that
> open licenses don't. That open licenses are meant to be "outbound" (to
> whom?). That alone contributes to confusion about open source licensing.
> 
> One cannot say that open licenses are meant to be "outbound" without
> implying that when you receive them (so inbound from your perspective)
> you may need something else. It's synonym with: they weren't meant to be
> "received", they were only meant to be "sent" (?). They, well, might
> also work when you're at the "receiving" end, but weren't written for it.
> 
>> It also doesn't review the use of open source licenses as
>> inbound=outbound.
> 
> I honestly don't see how OSI can do otherwise than make a clear
> statement that the OSD guarantees all rights one needs to *receive* to
> be able to further copy, distribute, modify, include or make derivative
> works of, under the conditions of the respective open source license.
> 
> Endorsing the distinction between inbound and outbound as if it was
> objectively meaningful, and placing open licenses on the outbound side
> is, in the best case, like saying: "OSI reviews licenses to guarantee
> developers that they give the necessary rights to anyone, but it doesn't
> review if, as far as the license is concerned, you receive these
> rights". That doesn't make any sense to me.

The distinction I'm making is between the act of contributing and the
act of receiving. OSI's criteria for open source licenses doesn't
include any review of whether the license used inbound would be
respectful of developers' rights and desires for the use of their code,
encourage healthy collaboration in the community of developers, allow
for ongoing maintenance of an established codebase by an ever-changing
group of developers, empower groups who want to do active GPL
enforcement, etc, etc. There are an array of attributes of healthy open
source projects related to intellectual property that the Open Source
Definition just doesn't cover. It focuses on protecting the rights of
users (recipients of the code).

A single legal document is perfectly adequate to cover both contribution
and receiving, and I expect any license OSI has approved would be fine
used inbound=outbound. But when OSI approves a license it is only making
a statement that the license meets the outbound criteria of the OSD.

Allison
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-17 Thread John Cowan
Lawrence Rosen scripsit:

> > Open source licenses grant things to whomever has the source code;
> 
> Do you mean "grant things to whomever accepts the terms and conditions of
> the license"?

Well, for some licenses.  The BSD licenses don't appear to require
any sort of acceptance:  they just say "We grant you the rights to do
X provided A and B are the case and C is not the case."  That doesn't
sound in contract as far as I can see: it's got the flavor of a bare
license to trespass on land.

[.sig below chosen at random!]

-- 
John Cowan  http://www.ccil.org/~cowanco...@ccil.org
It is revolting to have no better reason for a rule of law than that so it was
laid down in the time of Henry IV. It is still more revolting if the grounds
upon which it was laid down have vanished long since, and the rule simply
persists from blind imitation of the past. --Oliver Wendell Holmes Jr.
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-17 Thread Engel Nyst
On 01/17/2015 03:00 PM, John Cowan wrote:
> Engel Nyst scripsit:
>
>> There is probably no way to make a statement like this without
>> taking a position, and the above does that. It's saying that
>> "inbound agreements" are something else than open licenses,
>> fulfill an unspecified need that open licenses don't. That open
>> licenses are meant to be "outbound" (to whom?). That alone
>> contributes to confusion about open source licensing.
>
> While I agree with what you are saying (there is no reason why any
> open source license can't be used as a contributor agreement, and
> some projects actually work that way), there is a fundamental
> difference between the FSF's CLA and the GPL, namely that the CLA is
> not a *public* license. Open source licenses grant things to
> whomever has the source code; a CLA normally grants things (anything
> up to full copyright ownership) only to the party they are addressed
> to.
>
> We could say that implicit requirement 0 of the OSD is that the
> object of discussion is a public software license.

I would set CAAs a bit aside for the discussion, because they're not
licenses at all. CLAs are licenses.

I agree with this remark. But doesn't it mean, in other words, that a
CLA is a *proprietary* license? It doesn't grant rights to anyone
getting the software, it excludes everyone except a named entity.


-- 
~ "We like to think of our forums as a Free-Speech Zone. And freedom
works best at the point of a bayonet." (Amazon, Inc.)
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-17 Thread Lawrence Rosen
John Cowan wrote:
> Open source licenses grant things to whomever has the source code;

Do you mean "grant things to whomever accepts the terms and conditions of
the license"?

/Larry


-Original Message-
From: John Cowan [mailto:co...@mercury.ccil.org] 
Sent: Saturday, January 17, 2015 12:00 PM
To: license-discuss@opensource.org
Subject: Re: [License-discuss] FAQ entry on CLAs

Engel Nyst scripsit:

> There is probably no way to make a statement like this without taking 
> a position, and the above does that. It's saying that "inbound agreements"
> are something else than open licenses, fulfill an unspecified need 
> that open licenses don't. That open licenses are meant to be 
> "outbound" (to whom?). That alone contributes to confusion about open
source licensing.

While I agree with what you are saying (there is no reason why any open
source license can't be used as a contributor agreement, and some projects
actually work that way), there is a fundamental difference between the FSF's
CLA and the GPL, namely that the CLA is not a *public* license.
Open source licenses grant things to whomever has the source code; a CLA
normally grants things (anything up to full copyright ownership) only to the
party they are addressed to.

We could say that implicit requirement 0 of the OSD is that the object of
discussion is a public software license.

-- 
John Cowan  http://www.ccil.org/~cowanco...@ccil.org
You're a brave man! Go and break through the lines, and remember while
you're out there risking life and limb through shot and shell,
we'll be in here thinking what a sucker you are!--Rufus T. Firefly
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-17 Thread John Cowan
Engel Nyst scripsit:

> There is probably no way to make a statement like this without taking a
> position, and the above does that. It's saying that "inbound agreements"
> are something else than open licenses, fulfill an unspecified need that
> open licenses don't. That open licenses are meant to be "outbound" (to
> whom?). That alone contributes to confusion about open source licensing.

While I agree with what you are saying (there is no reason why any open
source license can't be used as a contributor agreement, and some projects
actually work that way), there is a fundamental difference between the
FSF's CLA and the GPL, namely that the CLA is not a *public* license.
Open source licenses grant things to whomever has the source code;
a CLA normally grants things (anything up to full copyright ownership)
only to the party they are addressed to.

We could say that implicit requirement 0 of the OSD is that the object
of discussion is a public software license.

-- 
John Cowan  http://www.ccil.org/~cowanco...@ccil.org
You're a brave man! Go and break through the lines, and remember while
you're out there risking life and limb through shot and shell,
we'll be in here thinking what a sucker you are!--Rufus T. Firefly
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-17 Thread Engel Nyst
On 01/16/2015 08:02 PM, Allison Randal wrote:
> The text is out-of-date, and wrong in some places.
>
> OSI is in the process of a refresh on the whole site, updating or
> removing a lot of old cruft, and this will get swept as part of it.

That's good to hear, thank you.

>> If OSI wants to discuss or inform the larger community about CLAs,
>> this doesn't seem accurate language for doing so.
>
> I'm not convinced that OSI needs to explain contributor agreements.
> We do periodically get asked to review contributor agreements, so
> it's important to have some kind of statement making it clear that
> OSI reviews *outbound* open source licenses, and not *inbound*
> agreements. It also doesn't review the use of open source licenses
> as inbound=outbound.

Reviewing doesn't seem to have anything to do with it indeed, but other
than that I'm not sure I understand the difference you feel important
here. An open source license is "inbound" or "outbound" depending only
on the position /of the speaker/. There is no absolute direction, it's
relative to the speaker.

Am I looking at some code I wrote, or am I looking at code someone else
wrote. Why is that relevant?

There is probably no way to make a statement like this without taking a
position, and the above does that. It's saying that "inbound agreements"
are something else than open licenses, fulfill an unspecified need that
open licenses don't. That open licenses are meant to be "outbound" (to
whom?). That alone contributes to confusion about open source licensing.

One cannot say that open licenses are meant to be "outbound" without
implying that when you receive them (so inbound from your perspective)
you may need something else. It's synonym with: they weren't meant to be
"received", they were only meant to be "sent" (?). They, well, might
also work when you're at the "receiving" end, but weren't written for it.

> It also doesn't review the use of open source licenses as
> inbound=outbound.

I honestly don't see how OSI can do otherwise than make a clear
statement that the OSD guarantees all rights one needs to *receive* to
be able to further copy, distribute, modify, include or make derivative
works of, under the conditions of the respective open source license.

Endorsing the distinction between inbound and outbound as if it was
objectively meaningful, and placing open licenses on the outbound side
is, in the best case, like saying: "OSI reviews licenses to guarantee
developers that they give the necessary rights to anyone, but it doesn't
review if, as far as the license is concerned, you receive these
rights". That doesn't make any sense to me.


-- 
  "Excuse me, Professor Lessig, may I ask you to sign this CLA, so we can
*legally* have your permission to remix and distribute your CC-licensed
works?"
  ~ Permission culture, take two.
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-17 Thread Allison Randal
On 01/16/2015 05:48 AM, Engel Nyst wrote:
> 
> I'd like to open a discussion about fixing this text.

The text is out-of-date, and wrong in some places.

OSI is in the process of a refresh on the whole site, updating or
removing a lot of old cruft, and this will get swept as part of it.

> If OSI wants to discuss or inform the larger community about CLAs, this
> doesn't seem accurate language for doing so.

I'm not convinced that OSI needs to explain contributor agreements. We
do periodically get asked to review contributor agreements, so it's
important to have some kind of statement making it clear that OSI
reviews *outbound* open source licenses, and not *inbound* agreements.
It also doesn't review the use of open source licenses as inbound=outbound.

Allison
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss


Re: [License-discuss] FAQ entry on CLAs

2015-01-17 Thread Allison Randal
On 01/16/2015 05:48 AM, Engel Nyst wrote:
> 
> I'd like to open a discussion about fixing this text.

The text is out-of-date, and wrong in some places.

OSI is in the process of a refresh on the whole site, updating or
removing a lot of old cruft, and this will get swept as part of it.

> If OSI wants to discuss or inform the larger community about CLAs, this
> doesn't seem accurate language for doing so.

I'm not convinced the OSI needs to explain contributor agreements. But,
we do periodically get asked to review contributor agreements, so it's
important to have some kind of statement making it clear that the OSI
reviews *outbound* open source licenses, and not *inbound* agreements of
any kind.

Allison
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss