From a compliance perspective Facebook/React project presents a common nightmare situation. For example some files explicit state (e.g., React.js):
* Copyright 2013-2015, Facebook, Inc. All rights reserved. * * This source code is licensed under the BSD-style license found in the * LICENSE file in the root directory of this source tree. An additional grant * of patent rights can be found in the PATENTS file in the same directory. While other files have no copyright/license notice (e.g., Gruntfile.js, vendor/jasmine/diff.js, jasmine.js, src/test/all.js, ...) . Does that mean the Patent license is only available to some files but not others. The project's license hygiene is questionable. >> Better to roll the BSD-3-Clause and additional patent grant into one >> "Facebook BSD >> License", akin to the Apple MIT variant (AML)? This would be preferred if such a list identifier existed. Until that days comes, one could roll both licenses up into a single license reference (e.g., LicenseRef-Facebook-BSD-Patent). The WITH operator semantically implies that a given license applies except under certain special circumstances. Therefore I am not sure an exception makes sense here. AND typically implies two sets of license terms apply. Not sure yet if it makes sense to make FB-Patents-2.0 a full-fledged license (a decision for the legal team). Alternatively one could use BSD-3-Clause AND LicenseRef-FB-Patent. For now I think LicenseRef-Facebook-BSD-Patent is an adequate representation. - Mark -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kyle E. Mitchell Sent: Monday, June 15, 2015 12:01 PM To: Sam Ellis Cc: [email protected]; [email protected] Subject: Re: [Bug 1292] New: What is the correct license expression for a project with an additional patent license? Many thanks for your generous reply, and for sending so quickly. Forgive me if I'm behind on general discussions about the purpose and function of SPDX expressions. I understood their purpose rather more as a coding system for what terms purportedly apply than a way to state a fully formed legal conclusion. I suppose I tended toward this view especially given that American lawyers are known to differ on what various standard licenses actually do. The license plus additional patent grant situation exacerbates these problems, I think, in a few ways: 1. There likely won't be any record of acceptance of either the BSD-3-Clause terms or the patent grant terms. Defendants will claim to have accepted whatever licenses grant protection they need once hauled into court. 2. The existence of the additional patent grant might very well affect an American court's view of what (if any) patent license is implied by BSD-3-Clause. General principles of contract interpretation will read both licenses, as contemporaneous agreements on the same subject matter, together. 3. The patent license and BSD license are separate files in the source code repository, and I think it clear that clause 1 of the BSD license does _not_ require redistribution with a copy of the additional patent license. 4. On the other hand, the additional grant is entitled "Additional Grant...", and the read-me file and other documentation repeatedly mention the application of both licenses. One upshot is that a program designed to check SPDX metadata against a white list of licenses may very well want to assess the "BSD-3-Clause" in (BSD-3-Clause) differently than in (BSD-3-Clause AND/OR/WITH FB-Patents-2.0). If the answer here is to allow variants with each of AND, OR, and WITH, does that mean that the additional patent grant should hypothetically seek both a license identifier and a license exception identifier? Better to roll the BSD-3-Clause and additional patent grant into one "Facebook BSD License", akin to the Apple MIT variant (AML)? Many thanks, K On Mon, Jun 15, 2015 at 12:38:02PM +0100, Sam Ellis wrote: > > Subject: [Bug 1292] New: What is the correct license expression for > > a project with an additional patent license? > > https://bugs.linuxfoundation.org/show_bug.cgi?id=1292 > > I will take the opportunity to offer an opinion to the forums on this > question that is raised above: > > I think first and foremost this is a question around interpretation of > the licenses. Only when you have that interpretation can you decide > how to represent that using SPDX syntax. I see two possible > interpretations: > > One interpretation is that that using the software you must agree to > both the BSD-3-Clause and the patent grant and have no choice in the > matter. > > Another interpretation is that you must agree to the use of the > BSD-3-Clause license, but you have a choice as to whether or not to > accept the patent grant. If you accept the patent grant then it is the > same outcome as above. If you choose to not take the patent grant then > you run the risk that the software does use some Facebook patents and > you are now infringing them. > > In terms of SPDX representation, I would suggest the former case comes > out as one of these two: > > (BSD-3-Clause AND FB-Patents-2.0) > (BSD-3-Clause WITH FB-Patents-2.0) > > And for the second interpretation I would suggest one of these two: > > (BSD-3-Clause OR (BSD-3-Clause AND FB-Patents-2.0)) (BSD-3-Clause OR > (BSD-3-Clause WITH FB-Patents-2.0)) > > As to whether to use the AND or WITH variants, I again think this > comes down to the interpretation of the patent grant. Does the patent > grant stand alone as a fully formed license (in which case choose AND) > or does it depend on some other license (in which case choose WITH)? > > In summary I think SPDX license expressions can adequately represent > all of these cases. The question that SPDX can’t answer is which legal > interpretation to choose. > > -- IMPORTANT NOTICE: The contents of this email and any attachments > are confidential and may also be privileged. If you are not the > intended recipient, please notify the sender immediately and do not > disclose the contents to any other person, use it for any purpose, or > store or copy the information in any medium. Thank you. > > ARM Limited, Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, > ARM Registered in England & Wales, Company No: 2557590 Holdings plc, > ARM Registered office 110 Fulbourn Road, Cambridge CB1 9NJ, Registered > ARM in England & Wales, Company No: 2548782 > -- Kyle Mitchell, attorney San Francisco, California +1 (415) 864 - 9913 _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech _______________________________________________ Spdx-tech mailing list [email protected] https://lists.spdx.org/mailman/listinfo/spdx-tech
