Hello spdx-legal mailing list, Looking for thoughts from the community on a recent license submission / ID request. Apologies for the length of the following.
If you’d like to weigh in, the best place to do so would probably be in the GitHub issue thread [1], but feel free to reply to the list if preferred. Best, Steve = = = = = During the last legal team meeting, we discussed recently-submitted license requests for the two versions of the Functional Source License v1.1 [1]. This is a source-available, non-open source license, created by Sentry. [2] Briefly, to my understanding FSL is meant to be a more opinionated version of BUSL-1.1 [3], in particular by restricting many of the “variables” from BUSL so that there is only a single choice: whether the “Future License,” triggered after 2 years, is MIT or Apache-2.0. The submitters have proposed FSL-1.1-MIT as the ID for the former option and FSL-1.1-Apache-2.0 for the latter. As described in the issue thread [4], in my view these two licenses likely satisfy the SPDX License Inclusion Principles. [5] In particular, though they are clearly not open source licenses, they satisfy (in my view) the remaining “other factors” from the inclusion principles. Given that, I’m in favor of adding them to the License List. (If you disagree, please feel free to weigh in, in the issue thread at [1]. This email isn’t primarily about whether or not to add them.) The harder question for me is which identifier to use, particularly for the Apache-2.0 “Future License” version. Again, there’s more details in the issue thread [6], but my main concern is that we’ve previously only included the “Apache” term in IDs for licenses that are actually issued by the Apache Software Foundation. ASF’s FAQ [7] makes it clear that they don’t want the term “Apache” used to refer to licenses that aren’t actually ASF-issued licenses. Because of that, I’m hesitant here to include “Apache-2.0” in the suffix for that FSL-1.1 variant. But at the same time, it might be accurate to do so -- insofar as it’s a “real” Apache-2.0 license that it’ll convert to as its “Future License.” I don’t have a definite preferred solution here, so I’m interested in others’ views. Would it be appropriate or not to include “Apache-2.0” as part of the suffix? If not, what would be a better alternative that still clearly communicates the intent of the license? (For completeness, I should say I’m not as troubled about the “-MIT” suffix. Maybe I should be, but we’ve already got a ton of licenses on the list today with “MIT” as part of their name or ID. And maybe the MIT license isn’t really “the MIT license” anyway. [8] Out of scope here as well, just noting I’m not as concerned about reusing a reference to MIT since that’s been done repeatedly already.) [1] https://github.com/spdx/license-list-XML/issues/2458 for MIT as “Future License”; https://github.com/spdx/license-list-XML/issues/2459 for Apache-2.0 [2] https://fsl.software/ [3] https://spdx.org/licenses/BUSL-1.1.html [4] https://github.com/spdx/license-list-XML/issues/2458#issuecomment-2094863560 [5] https://github.com/spdx/license-list-XML/blob/main/DOCS/license-inclusion-principles.md [6] https://github.com/spdx/license-list-XML/issues/2458#issuecomment-2094874528 [7] https://www.apache.org/foundation/license-faq.html#mod-license [8] https://opensource.com/article/19/4/history-mit-license, and maybe https://www.gnu.org/licenses/license-list.html#Expat too if you’d like -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#3553): https://lists.spdx.org/g/Spdx-legal/message/3553 Mute This Topic: https://lists.spdx.org/mt/106000683/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-legal/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
