Re: [License-discuss] FAQ entry on CLAs
The possible need for re-licensing under a different open source license is one the biggest reasons I am generally an advocate for CLAs (with an appropriate community-based governance organization like the ASF). I find the cautionary tale of the Mozilla Relicensing Effort [1] illuminating -- it took 4.5 years to track down 445 contributors and get appropriate permission so that Firefox/Thunderbird/etc could be directly included into Linux distros. All of which could have been avoided with an Apache-style CLA in place. [1] http://www-archive.mozilla.org/MPL/relicensing-faq.html [2] http://blog.gerv.net/2006/03/relicensing_complete/ On Tue, Jan 20, 2015 at 4:02 PM, David Woolley wrote: > > > One of the uses of CLA's is to allow the software to be re-licensed under > a different open source licence. This can prove highly desirable, but > almost impossible, if there are large numbers of contributions under the > old licence. It might be needed because it has become important to > integrate the work with work under and otherwise incompatible open source > licence. In the past, I think it has been necessary to remove > contributions from a minor contributor, to achieve this, because they were > unable or unwilling to licence it under the new licence. (Something similar > happened with OpenStreetmap's map database; some geographical features had > to be removed because the project was unable to get permission to use it > under a new, less restrictive, licence.) > > > ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/01/15 14:14, Engel Nyst wrote: > CLA stands for contributor *license* agreement. It's a non-exclusive > license, plus some stuff. A non-exclusive licensee doesn't have standing > for license enforcement. One needs to be copyright holder or exclusive > licensee to pursue legal action. (in US) a) If that CLA includes the appropriate legal terminology and phrasing, the organization can pursue legal action, as the _agent_ of the copyright holder; b) If the CLA grants either full ownership of the copyright, or co-copyright owner status to the organization, using the appropriate legal terminology and phrasing, then the organization has the standing to pursue legal remedies on its own. >It creates a nebulous feeling that maybe CLAs "help" too. I don't think they do. How helpful CLAs are, depends upon the specific legal issue(s) that are being addressed. jonathon -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUv0xUAAoJEE1PKy9+kxplAH4QAK0Qj4iwg62PugccKz5+NzuX CLPHQjI2+yP1W1fOVJqr89MLp/vE0tcbH3MsL+2whuQVXKuy+NUwbikk70YmAI+F UEqc84oQtSWccBDs/NHwCrzh9wyXq7mnllK8JNeRA4lRxGBaaFFt3yVd9Avz7tZM xsYIWq02gYvEtfgytkQ+WVRZ1WQLCrjQXosj3wuMx0GXKTyt28cN4kTGvZJOy553 StTDpy7RmWJqblH91TqB/Cwel4Zo4TXYhAc/SI0yKAldb4mohFc6Ju0AdRMvT3jG +Eig5mA5RsoGjZCsmf6CAi2/xEVsvW/hK7qKrcJlDP+z7Pi75jB29ty2otZlDhyR 6aFv/XGSS1XOrjimYICqj4gPhMWl845ehwgnIPHxz+XX5NJJmRwN2SZr5jVWCJyR ZqrktwC6xjbdTYUVLtGFoLaUGg4+JQXPfBzy1BorpaJUjFEU7xi8enaZuh0IxrNP 7HLRM66CfMZdBpkH/sU+BIijvqFNDdrpJ+wLpZr1lJaeyuAL3HOv1Npcvi08ZZSd aCikxKV3a90fLHViIKCgAhXCzX2ZzBGh7bMLP8uuiT5PVsYJ3j0F2zzOMsJlvZdj 9r3mIFrKwq3amJu+ywudXHTdSX1nG9AXcAGXzcw030VABbVEYDxqu6cJ+a71F4mJ iV4qMu7RvRBQqkN5pxuC =mtqh -END PGP SIGNATURE- ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
David Woolley scripsit: > It might be needed because it has become important to integrate the > work with work under and otherwise incompatible open source licence. > In the past, I think it has been necessary to remove contributions > from a minor contributor, to achieve this, because they were unable or > unwilling to licence it under the new licence. Or so people believe, anyway, and tend to act as if true. At least some people think that a co-author can relicense ad libitum at least under U.S. copyright law. -- John Cowan http://www.ccil.org/~cowanco...@ccil.org Micropayment advocates mistakenly believe that efficient allocation of resources is the purpose of markets. Efficiency is a byproduct of market systems, not their goal. The reasons markets work are not because users have embraced efficiency but because markets are the best place to allow users to maximize their preferences, and very often their preferences are not for conservation of cheap resources. --Clay Shirky ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/20/2015 03:24 PM, Ben Tilly wrote: > A project using http://opensource.org/licenses/BSD-3-Clause has > marketing comparing it to Foo's project Bar. But no prior written > permission from Foo was obtained for this. If Foo looks at the > project, notices a bug, and submits a patch under the same license, > the project can't apply that patch without violating the license. I'm not sure I understand correctly. Isn't that intended behavior of the license? (assuming there was claim of endorsement) If I reuse code under BSD license, then I have to comply with the license. (That Foo submitted a patch or I take it myself doesn't seem to make a difference either.) -- Oracle corollary to Hanlon's razor: Never attribute to stupidity what can be adequately explained by malice. (~ adapted from Adam Borowski) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 20/01/15 19:48, Engel Nyst wrote: Please do, though. It's worse to practically state that using an OSI approved license(s) doesn't seem to give the permissions necessary, within the bounds of the license, for anyone to combine one's project from different sources and distribute it. One of the uses of CLA's is to allow the software to be re-licensed under a different open source licence. This can prove highly desirable, but almost impossible, if there are large numbers of contributions under the old licence. It might be needed because it has become important to integrate the work with work under and otherwise incompatible open source licence. In the past, I think it has been necessary to remove contributions from a minor contributor, to achieve this, because they were unable or unwilling to licence it under the new licence. (Something similar happened with OpenStreetmap's map database; some geographical features had to be removed because the project was unable to get permission to use it under a new, less restrictive, licence.) Another common reason is that the open source project is being sponsored by a commercial organisation, which wants rights use the software in a proprietary way as well. They will not redistribute contributions which are not compatible with this. That is the case with Asterisk. In both cases, a third party can integrate their work without using a CLA, but they will have created a competing forked version, so their work is likely to much less well used than the official version. ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
Ben Tilly scripsit: > A project using http://opensource.org/licenses/BSD-3-Clause has > marketing comparing it to Foo's project Bar. I don't know that that counts as "promoting or endorsing" (that would be using the expat XML parser and claiming that James Clark approves of your coftware), but I see your point. -- John Cowan http://www.ccil.org/~cowanco...@ccil.org You know, you haven't stopped talking since I came here. You must have been vaccinated with a phonograph needle. --Rufus T. Firefly ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On Tue, Jan 20, 2015 at 12:09 PM, wrote: > Allison Randal scripsit: > >> If you want specific examples, I'd say GPL and Apache both work fine >> with inbound=outbound. GPL takes a position close to compelling >> inbound=outbound. Apache 2.0 was specifically designed with >> inbound=outbound in mind, you can see fingerprints of it all over the >> text. > > I cannot imagine any open source license (other than un-templated ones with > hard-coded licensors) that *cannot* work as an inbound license. Does > anyone have counterexamples? Here is a simple example. A project using http://opensource.org/licenses/BSD-3-Clause has marketing comparing it to Foo's project Bar. But no prior written permission from Foo was obtained for this. If Foo looks at the project, notices a bug, and submits a patch under the same license, the project can't apply that patch without violating the license. >> I totally support campaigning for inbound=outbound and DCO, > > What does DCO mean in this context? > > -- > John Cowan http://www.ccil.org/~cowanco...@ccil.org > Mr. Henry James writes fiction as if it were a painful duty. --Oscar Wilde > > > ___ > License-discuss mailing list > License-discuss@opensource.org > http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/20/2015 12:09 PM, co...@ccil.org wrote: > > What does DCO mean in this context? Developer Certificate of Origin, as used by the Linux Kernel. It's essentially a way of being more explicit about an inbound=outbound contribution policy, by having each developer "sign off" that they acknowledge the policy with each commit. It's about half-way down the page on: https://www.kernel.org/doc/Documentation/SubmittingPatches Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
Allison Randal scripsit: > If you want specific examples, I'd say GPL and Apache both work fine > with inbound=outbound. GPL takes a position close to compelling > inbound=outbound. Apache 2.0 was specifically designed with > inbound=outbound in mind, you can see fingerprints of it all over the > text. I cannot imagine any open source license (other than un-templated ones with hard-coded licensors) that *cannot* work as an inbound license. Does anyone have counterexamples? > I totally support campaigning for inbound=outbound and DCO, What does DCO mean in this context? -- John Cowan http://www.ccil.org/~cowanco...@ccil.org Mr. Henry James writes fiction as if it were a painful duty. --Oscar Wilde ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/20/2015 12:50 PM, Allison Randal wrote: > I wrote up an example of an open source license that has different > legal effects when used inbound and outbound, but I've deleted it to > avoid taking this thread down a rabbit hole. Please do, though. It's worse to practically state that using an OSI approved license(s) doesn't seem to give the permissions necessary, within the bounds of the license, for anyone to combine one's project from different sources and distribute it. > The key point is that inbound=outbound is a contribution policy, a > specific use of an open source license within a particular context. > OSI reviews the text of licenses, it doesn't review contribution > policies. The issue here is simply that inbound=outbound must hold, because it's not a "random" contribution policy. OSD compliance is why it holds. -- "Public works must serve a community. Open source licensing ensures the Tools are accessible to the world. We have not found any authority for the proposition that the world is a community within the meaning of 501(c)(3)." (~US IRS) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/20/2015 10:46 AM, Engel Nyst wrote: > > That doesn't make any sense. How is the open source license not good? > How doesn't it give permissions set out in OSD? And WHY was it approved > if it doesn't comply? You're missing the point. The open source license is good, does give the permissions set out in the OSD, and does comply with the requirements of the OSD. But meeting one set of requirements for OSD doesn't guarantee it meets some other related set of requirements for inbound=outbound. A license isn't "bad" or "anti-open source" if it doesn't happen to work in an inbound=outbound contribution policy. If you want specific examples, I'd say GPL and Apache both work fine with inbound=outbound. GPL takes a position close to compelling inbound=outbound. Apache 2.0 was specifically designed with inbound=outbound in mind, you can see fingerprints of it all over the text. You're confusing "no comment" for "opposition". OSI makes no comment on whether particular open source licenses are appropriate for use in an inbound=outbound contribution policy. That doesn't mean it's opposed to inbound=outbound. To take this in a more productive direction, you may be interested in some research I started last year, in which early results indicate that inbound=outbound is the most common contribution policy currently used for open source projects, and that DCO is regarded as substantially preferable to CLA or CAA. I still need to write up the study in more detail, but a couple of graphs I've produced so far are useful illustrations. Contribution policies developers have contributed under in the past: https://github.com/allisonrandal/contrib-policy-survey/blob/master/graphs/signed.png Contribution policies developers are willing to contribute under in the future: https://github.com/allisonrandal/contrib-policy-survey/blob/master/graphs/future.png I totally support campaigning for inbound=outbound and DCO, but the OSI FAQ pages aren't the right place to do it. Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/18/2015 02:57 PM, Radcliffe, Mark wrote: > As Allison noted, most OSI approved licenses can be used for inbound > use, but we do not take a position on that issue in approving > licenses. [..] Thus, the approval of a license by OSI as meeting the > criteria of the OSD does not reflect a review of the use of the > license as "inbound" but only "outbound". This is deeply concerning. Is OSI's position out of the sudden that it has approved some licenses which haven't been checked for compliance with #5, #6 and #7 for any person or entity receiving code? OSD contains exceptions, entities which the license might prohibit from incorporating or distributing code under that allegedly open license? That's plain illogical. It's like, when a developer licenses their work under an open license, the license "wasn't reviewed" for conformance with OSD, thus it might not grant the permissions to anyone receiving the software. But when you're a mere *LICENSEE* [with CLA] of that developer, then suddenly your purported license "was reviewed" for OSD conformance. (or if you're accumulating copyright, then your license somehow becomes "reviewed") That doesn't make any sense. How is the open source license not good? How doesn't it give permissions set out in OSD? And WHY was it approved if it doesn't comply? I don't see in OSD #3 that the license "may prohibit modifications and derivative works or distributing them under the same license, if you're for example Random J. Developer, writing and licensing your patch, and not a copyright accumulator of a kind or another". I don't know how is this under doubt. If, by licensing their code under an OSI-approved license, developers aren't giving permissions "to any entity", then software developed without CLAs is under doubt. I guess the next thing is to see how long will OSI continue to use open source software developed without CLAs. Because, while OSI might think it has received open source software, if the project you got it from has an OSI-approved license from copyright holders, it wouldn't matter: the license itself *may not have given permission* to distribute in the first place. It might have been, who knows, one of those 'some' unspecified OSI-approved licenses that you suggest wouldn't work inbound=outbound. > Different communities have different approaches Wanting more licenses is not, and cannot be, about *uncertainty* whether a license meets the OSD. Different entities have different reasons for wanting *additional* stuff. They might WANT to give another license to some or all, now or in the future, open source or proprietary. Therefore they *choose* to ask for another license. Or they might have policies for committers to repositories they host, therefore they might have an agreement for that. Or they might OFFER to enforce the license in a court of law for more or all copyrightable material in a work. Or they might want another license, and instead of being upfront about it, they attempt to place open source licensing under fear, uncertainty and doubt. But that Open Source Definition page out there sets the criteria according to which the license must conform, for any copyright holders to grant permissions to any entity receiving code under that license. Since when is OSI going back on that, and claims now that "some" entities might not receive these permissions for "some" OSI-approved licenses? > the Apache Software Foundation uses specific CLAs for its projects Does ASF use CLAs /because/ AL2.0 is uncertain, it hasn't been checked whether it gives them the rights to reuse, modify, distribute the code they'd receive under it, under the conditions of AL2.0? > FSF has long used an assignment approach Indeed, for some projects, and for some not. FSF's practice has (like ASF's) confused people, and both were (ab)used to further confusion. Regardless, does it follow from here that GPL might not be safe to use inbound, it might not give the permissions to copy, modify and further distribute derivative works of the code when an entity is receiving it under GPL? This is a non-sequitur, and shocking that OSI thinks it's okay to popularize it. (random signature...) -- "Excuse me, Professor Lessig, may I ask you to sign this CLA, so we can *legally* have your permission to remix and distribute your CC-licensed works?" ~ Permission culture, take two. ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/18/2015 11:14 AM, Engel Nyst wrote: > The relevant aspect here, seems to me, is that OSI's criteria for open > source licenses *include* whether the *license used inbound* is giving > rights to anyone receiving the software, as set out in the OSD. > > Anyone includes the "project", a legal entity behind the project, the > interest groups around a project, just like it includes individual > users, recipients of the software from the original developer or > project, etc. > > OSI criteria do this by OSD #5, #6 and #7. It is true that for the rights required by the OSD, those rights are granted to anyone who receives the software. OSD #3 is an even greater protector of inbound=outbound, since it requires that any open source license permit modification with redistribution under the same license. But, these facts don't guarantee that all open source licenses are appropriate for use as inbound=outbound, they only demonstrate that the licenses have *some* characteristics that fit with inbound=outbound. I wrote up an example of an open source license that has different legal effects when used inbound and outbound, but I've deleted it to avoid taking this thread down a rabbit hole. The key point is that inbound=outbound is a contribution policy, a specific use of an open source license within a particular context. OSI reviews the text of licenses, it doesn't review contribution policies. Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/19/2015 08:04 PM, jonathon wrote: > Some organizations use the CLA so that when license violations are > found, if the violator refuses to correct the problem, pursuing > legal remedies is much easier. CLA stands for contributor *license* agreement. It's a non-exclusive license, plus some stuff. A non-exclusive licensee doesn't have standing for license enforcement. One needs to be copyright holder or exclusive licensee to pursue legal action. (in US) This is one of the reasons why lumping CLAs and CAAs together tends to confuse. It creates a nebulous feeling that maybe CLAs "help" too. I don't think they do. -- ~ "We like to think of our forums as a Free-Speech Zone. And freedom works best at the point of a bayonet." (Amazon, Inc.) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 16/01/15 13:48, Engel Nyst wrote: > It says "many" open source projects use these agreements. I have to > dispute the implied suggestion that there are more than not. For some licenses, if you want to contribute back any changes you made to the source code, CLAs are so common that one might think that they are mandatory. For other licenses, it is as if CLAs are a foreign concept that nobody has ever heard of, much less used. > But an open source license does this: by licensing their modification under > the license of the project, developers tell the project that it has the right to distribute those modifications under the project's existing open source license. YOu have to look at the reasons why the organization is requesting the CLA: * With some licenses, the point of the CLA appears to ensure that the alleged open source program remains a tightly controlled proprietary software that is distributed commercially; * With some licenses, the point of the CLA appears to be able to enforce copyright, when there are license violations; > Does this mean that the entity behind the project /wants/ to license under > other licenses than the open source license of the project, or does it suggest that the project /needs/ CLAs to do its incorporation and distribution of code under the open source license it has? Some organizations use the CLA so that the open source code can be relicensed as closed source. Some organizations use the CLA so that when license violations are found, if the violator refuses to correct the problem, pursuing legal remedies is much easier. >The ambiguity has the effect of implying the second and obscuring the first. That ambiguity is why OSI should not even mention CLAs. jonathon -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJUval3AAoJEE1PKy9+kxplw9sQAKLM/gpdBhsPj7/EoweEoQEC Mcv5se3zNg/KRqctjWFW0uYsXKagal5iK2r1KsbFTaoUXh++8lS8a1uKJ9rwHvsP SNjBk2WpabX26YoXvpaglvrgyCPC10znWvYMVgbcFke+AwAyoTBisAo+Kh4SRAte 9/lHwHaI+tFOy24n5qxLC6H+p5d+SJxUkpOOKN7KAubtYyuJ0Aqnp+Pn9EeN9+Dj vq4ljvmhjMfRVAzZU+/F+iwtQo0VM40fuKiCiZZylaQtbGgGQZaisG5Oe6E5bMfr Rk1yLMiGHQTLiPnOi0FAaw5aU/4p1pYsISfbkg1VCxb1zjRiX1mZN0f2MxtCBz0X Nfskc+7Ny0ztKV0r8IUqQeu/b5kZrCWDtG1hPaSMyMX7Bv9BK6wJfPIpRGWsbeaZ 8P0D7GMxizEH/fjv/pWbaJs2gu15j+4/MUKMOW+XsZ847yVTYGTU6smPBV2hBBAN 3xHCRdOCmxD+MerjY9Sr12/T9k2P2S8wqfQYdKoPfh4KRuwvcZwWFPKX3waDuzeP HzAQhWGbGHFzbQOKE02EnOm5t7lFK9DjpbrnXcU8OVbny/FwrkLD2WEmr49YAbNr lhNxRZQ5GMLw3h0VZa2OtcbEX+KtO0APjrDBphDMNHo0L4CcDyRoRB2egYAhVj+e wX5gBw83R3VEZ0NhNJcZ =cRdD -END PGP SIGNATURE- ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
I am the counsel to OSI. As Allison noted, most OSI approved licenses can be used for inbound use, but we do not take a position on that issue in approving licenses. Different communities have different approaches, the Apache Software Foundation uses specific CLAs for its projects (and some projects using the Apache Software License use the ASL as the CLA) and FSF has long used an assignment approach. Thus, the approval of a license by OSI as meeting the criteria of the OSD does not reflect a review of the use of the license as "inbound" but only "outbound". -Original Message- From: license-discuss-boun...@opensource.org [mailto:license-discuss-boun...@opensource.org] On Behalf Of Engel Nyst Sent: Sunday, January 18, 2015 11:14 AM To: license-discuss Subject: Re: [License-discuss] FAQ entry on CLAs On 01/17/2015 01:57 PM, Allison Randal wrote: > OSI's criteria for open source licenses doesn't include any review of > whether the *license used inbound* would be respectful of developers' > rights and desires for the use of their code, encourage healthy > collaboration in the community of developers, allow for ongoing > maintenance of an established codebase by an ever-changing group of > developers, empower groups who want to do active GPL enforcement, etc, > etc. [my emphasis] I see your point. I agree these issues are not part of a review for OSD compliance. The relevant aspect here, seems to me, is that OSI's criteria for open source licenses *include* whether the *license used inbound* is giving rights to anyone receiving the software, as set out in the OSD. Anyone includes the "project", a legal entity behind the project, the interest groups around a project, just like it includes individual users, recipients of the software from the original developer or project, etc. OSI criteria do this by OSD #5, #6 and #7. > A single legal document is perfectly adequate to cover both > contribution and receiving, and I expect any license OSI has approved > would be fine used inbound=outbound. But when OSI approves a license > it is only making a statement that the license meets the outbound > criteria of the OSD. From the above, it follows that when OSI approves a license, it is making a statement that the license meets the criteria of the OSD, *whether used inbound or outbound*. (Therefore, I don't guess it would be fine used inbound=outbound. It is fine. It *has* to be. Solely from the perspective of the rights set out in OSD, that is.) -- ~ "We like to think of our forums as a Free-Speech Zone. And freedom works best at the point of a bayonet." (Amazon, Inc.) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss Please consider the environment before printing this email. The information contained in this email may be confidential and/or legally privileged. It has been sent for the sole use of the intended recipient(s). If the reader of this message is not an intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please reply to the sender and destroy all copies of the message. To contact us directly, send to postmas...@dlapiper.com. Thank you. ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/17/2015 01:57 PM, Allison Randal wrote: > OSI's criteria for open source licenses doesn't include any review of > whether the *license used inbound* would be respectful of developers' > rights and desires for the use of their code, encourage healthy > collaboration in the community of developers, allow for ongoing > maintenance of an established codebase by an ever-changing group of > developers, empower groups who want to do active GPL enforcement, > etc, etc. [my emphasis] I see your point. I agree these issues are not part of a review for OSD compliance. The relevant aspect here, seems to me, is that OSI's criteria for open source licenses *include* whether the *license used inbound* is giving rights to anyone receiving the software, as set out in the OSD. Anyone includes the "project", a legal entity behind the project, the interest groups around a project, just like it includes individual users, recipients of the software from the original developer or project, etc. OSI criteria do this by OSD #5, #6 and #7. > A single legal document is perfectly adequate to cover both > contribution and receiving, and I expect any license OSI has approved > would be fine used inbound=outbound. But when OSI approves a license > it is only making a statement that the license meets the outbound > criteria of the OSD. From the above, it follows that when OSI approves a license, it is making a statement that the license meets the criteria of the OSD, *whether used inbound or outbound*. (Therefore, I don't guess it would be fine used inbound=outbound. It is fine. It *has* to be. Solely from the perspective of the rights set out in OSD, that is.) -- ~ "We like to think of our forums as a Free-Speech Zone. And freedom works best at the point of a bayonet." (Amazon, Inc.) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/17/2015 10:21 AM, Engel Nyst wrote: > > Reviewing doesn't seem to have anything to do with it indeed, but other > than that I'm not sure I understand the difference you feel important > here. An open source license is "inbound" or "outbound" depending only > on the position /of the speaker/. There is no absolute direction, it's > relative to the speaker. > > Am I looking at some code I wrote, or am I looking at code someone else > wrote. Why is that relevant? > > There is probably no way to make a statement like this without taking a > position, and the above does that. It's saying that "inbound agreements" > are something else than open licenses, fulfill an unspecified need that > open licenses don't. That open licenses are meant to be "outbound" (to > whom?). That alone contributes to confusion about open source licensing. > > One cannot say that open licenses are meant to be "outbound" without > implying that when you receive them (so inbound from your perspective) > you may need something else. It's synonym with: they weren't meant to be > "received", they were only meant to be "sent" (?). They, well, might > also work when you're at the "receiving" end, but weren't written for it. > >> It also doesn't review the use of open source licenses as >> inbound=outbound. > > I honestly don't see how OSI can do otherwise than make a clear > statement that the OSD guarantees all rights one needs to *receive* to > be able to further copy, distribute, modify, include or make derivative > works of, under the conditions of the respective open source license. > > Endorsing the distinction between inbound and outbound as if it was > objectively meaningful, and placing open licenses on the outbound side > is, in the best case, like saying: "OSI reviews licenses to guarantee > developers that they give the necessary rights to anyone, but it doesn't > review if, as far as the license is concerned, you receive these > rights". That doesn't make any sense to me. The distinction I'm making is between the act of contributing and the act of receiving. OSI's criteria for open source licenses doesn't include any review of whether the license used inbound would be respectful of developers' rights and desires for the use of their code, encourage healthy collaboration in the community of developers, allow for ongoing maintenance of an established codebase by an ever-changing group of developers, empower groups who want to do active GPL enforcement, etc, etc. There are an array of attributes of healthy open source projects related to intellectual property that the Open Source Definition just doesn't cover. It focuses on protecting the rights of users (recipients of the code). A single legal document is perfectly adequate to cover both contribution and receiving, and I expect any license OSI has approved would be fine used inbound=outbound. But when OSI approves a license it is only making a statement that the license meets the outbound criteria of the OSD. Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
Lawrence Rosen scripsit: > > Open source licenses grant things to whomever has the source code; > > Do you mean "grant things to whomever accepts the terms and conditions of > the license"? Well, for some licenses. The BSD licenses don't appear to require any sort of acceptance: they just say "We grant you the rights to do X provided A and B are the case and C is not the case." That doesn't sound in contract as far as I can see: it's got the flavor of a bare license to trespass on land. [.sig below chosen at random!] -- John Cowan http://www.ccil.org/~cowanco...@ccil.org It is revolting to have no better reason for a rule of law than that so it was laid down in the time of Henry IV. It is still more revolting if the grounds upon which it was laid down have vanished long since, and the rule simply persists from blind imitation of the past. --Oliver Wendell Holmes Jr. ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/17/2015 03:00 PM, John Cowan wrote: > Engel Nyst scripsit: > >> There is probably no way to make a statement like this without >> taking a position, and the above does that. It's saying that >> "inbound agreements" are something else than open licenses, >> fulfill an unspecified need that open licenses don't. That open >> licenses are meant to be "outbound" (to whom?). That alone >> contributes to confusion about open source licensing. > > While I agree with what you are saying (there is no reason why any > open source license can't be used as a contributor agreement, and > some projects actually work that way), there is a fundamental > difference between the FSF's CLA and the GPL, namely that the CLA is > not a *public* license. Open source licenses grant things to > whomever has the source code; a CLA normally grants things (anything > up to full copyright ownership) only to the party they are addressed > to. > > We could say that implicit requirement 0 of the OSD is that the > object of discussion is a public software license. I would set CAAs a bit aside for the discussion, because they're not licenses at all. CLAs are licenses. I agree with this remark. But doesn't it mean, in other words, that a CLA is a *proprietary* license? It doesn't grant rights to anyone getting the software, it excludes everyone except a named entity. -- ~ "We like to think of our forums as a Free-Speech Zone. And freedom works best at the point of a bayonet." (Amazon, Inc.) ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
John Cowan wrote: > Open source licenses grant things to whomever has the source code; Do you mean "grant things to whomever accepts the terms and conditions of the license"? /Larry -Original Message- From: John Cowan [mailto:co...@mercury.ccil.org] Sent: Saturday, January 17, 2015 12:00 PM To: license-discuss@opensource.org Subject: Re: [License-discuss] FAQ entry on CLAs Engel Nyst scripsit: > There is probably no way to make a statement like this without taking > a position, and the above does that. It's saying that "inbound agreements" > are something else than open licenses, fulfill an unspecified need > that open licenses don't. That open licenses are meant to be > "outbound" (to whom?). That alone contributes to confusion about open source licensing. While I agree with what you are saying (there is no reason why any open source license can't be used as a contributor agreement, and some projects actually work that way), there is a fundamental difference between the FSF's CLA and the GPL, namely that the CLA is not a *public* license. Open source licenses grant things to whomever has the source code; a CLA normally grants things (anything up to full copyright ownership) only to the party they are addressed to. We could say that implicit requirement 0 of the OSD is that the object of discussion is a public software license. -- John Cowan http://www.ccil.org/~cowanco...@ccil.org You're a brave man! Go and break through the lines, and remember while you're out there risking life and limb through shot and shell, we'll be in here thinking what a sucker you are!--Rufus T. Firefly ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
Engel Nyst scripsit: > There is probably no way to make a statement like this without taking a > position, and the above does that. It's saying that "inbound agreements" > are something else than open licenses, fulfill an unspecified need that > open licenses don't. That open licenses are meant to be "outbound" (to > whom?). That alone contributes to confusion about open source licensing. While I agree with what you are saying (there is no reason why any open source license can't be used as a contributor agreement, and some projects actually work that way), there is a fundamental difference between the FSF's CLA and the GPL, namely that the CLA is not a *public* license. Open source licenses grant things to whomever has the source code; a CLA normally grants things (anything up to full copyright ownership) only to the party they are addressed to. We could say that implicit requirement 0 of the OSD is that the object of discussion is a public software license. -- John Cowan http://www.ccil.org/~cowanco...@ccil.org You're a brave man! Go and break through the lines, and remember while you're out there risking life and limb through shot and shell, we'll be in here thinking what a sucker you are!--Rufus T. Firefly ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/16/2015 08:02 PM, Allison Randal wrote: > The text is out-of-date, and wrong in some places. > > OSI is in the process of a refresh on the whole site, updating or > removing a lot of old cruft, and this will get swept as part of it. That's good to hear, thank you. >> If OSI wants to discuss or inform the larger community about CLAs, >> this doesn't seem accurate language for doing so. > > I'm not convinced that OSI needs to explain contributor agreements. > We do periodically get asked to review contributor agreements, so > it's important to have some kind of statement making it clear that > OSI reviews *outbound* open source licenses, and not *inbound* > agreements. It also doesn't review the use of open source licenses > as inbound=outbound. Reviewing doesn't seem to have anything to do with it indeed, but other than that I'm not sure I understand the difference you feel important here. An open source license is "inbound" or "outbound" depending only on the position /of the speaker/. There is no absolute direction, it's relative to the speaker. Am I looking at some code I wrote, or am I looking at code someone else wrote. Why is that relevant? There is probably no way to make a statement like this without taking a position, and the above does that. It's saying that "inbound agreements" are something else than open licenses, fulfill an unspecified need that open licenses don't. That open licenses are meant to be "outbound" (to whom?). That alone contributes to confusion about open source licensing. One cannot say that open licenses are meant to be "outbound" without implying that when you receive them (so inbound from your perspective) you may need something else. It's synonym with: they weren't meant to be "received", they were only meant to be "sent" (?). They, well, might also work when you're at the "receiving" end, but weren't written for it. > It also doesn't review the use of open source licenses as > inbound=outbound. I honestly don't see how OSI can do otherwise than make a clear statement that the OSD guarantees all rights one needs to *receive* to be able to further copy, distribute, modify, include or make derivative works of, under the conditions of the respective open source license. Endorsing the distinction between inbound and outbound as if it was objectively meaningful, and placing open licenses on the outbound side is, in the best case, like saying: "OSI reviews licenses to guarantee developers that they give the necessary rights to anyone, but it doesn't review if, as far as the license is concerned, you receive these rights". That doesn't make any sense to me. -- "Excuse me, Professor Lessig, may I ask you to sign this CLA, so we can *legally* have your permission to remix and distribute your CC-licensed works?" ~ Permission culture, take two. ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/16/2015 05:48 AM, Engel Nyst wrote: > > I'd like to open a discussion about fixing this text. The text is out-of-date, and wrong in some places. OSI is in the process of a refresh on the whole site, updating or removing a lot of old cruft, and this will get swept as part of it. > If OSI wants to discuss or inform the larger community about CLAs, this > doesn't seem accurate language for doing so. I'm not convinced that OSI needs to explain contributor agreements. We do periodically get asked to review contributor agreements, so it's important to have some kind of statement making it clear that OSI reviews *outbound* open source licenses, and not *inbound* agreements. It also doesn't review the use of open source licenses as inbound=outbound. Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] FAQ entry on CLAs
On 01/16/2015 05:48 AM, Engel Nyst wrote: > > I'd like to open a discussion about fixing this text. The text is out-of-date, and wrong in some places. OSI is in the process of a refresh on the whole site, updating or removing a lot of old cruft, and this will get swept as part of it. > If OSI wants to discuss or inform the larger community about CLAs, this > doesn't seem accurate language for doing so. I'm not convinced the OSI needs to explain contributor agreements. But, we do periodically get asked to review contributor agreements, so it's important to have some kind of statement making it clear that the OSI reviews *outbound* open source licenses, and not *inbound* agreements of any kind. Allison ___ License-discuss mailing list License-discuss@opensource.org http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss