new license to review
Seth David Schoen
schoen at loyalty.org
Fri May 7 08:41:11 UTC 1999
Russell Nelson writes:
> Yes, sigh, someone has Yet Another Open Source License (YAOSL) to
> LICENSE AGREEMENT
> Foobar WebServer
> THIS LICENSE ALLOWS ONLY THE LIMITED USE OF FOOBAR SOFTWARE,
> INC. PROPRIETARY CODE. PLEASE CAREFULLY READ THIS AGREEMENT AS IT
> PERTAINS TO THE SCOPE OF USE YOU ARE ALLOWED UNDER THIS LICENSE. BY
> AGREEING TO THIS LICENSE, YOU CERTIFY THAT YOU WILL USE THE SOFTWARE
> ONLY IN THE MANNER PERMITTED HEREIN.
The tone of this paragraph is a little harsh, but my only concrete
concern is the phrase "PROPRIETARY CODE". Does it make sense that Open
Source code be called "proprietary", and isn't this traditionally
considered a contradiction?
More specifically, if members of this list felt that this was a
"proprietary software license", wouldn't that be considered an argument
_against_ the certification of this license?
> ``Documentation'' means any documentation Foobar includes with the
> Original Code.
> ``Foobar'' means Foobar Software, Inc.
> ``License'' means this document.
> ``Modifications'' means any addition to or deletion from the substance
> or structure of either the Original Code or any previous
Recursive definitions? I didn't know lawyers understood them. :-)
> ``Original Code'' means the Source Code to Foobar's proprietary
> computer software entitled Foobar WebServer.
> "Response Header" means the first portion of the response message
> output by the Foobar WebServer, containing but not limited to, header
> fields for date, content-type, server identification and cache
> "Server Identification Field" means the field in the Response Header
> which contains the text "Server: Foobar"
Some concerns about these below.
> ``You'' means an individual or a legal entity exercising rights under,
> and complying with all of the terms of, this License or a future
> version of this License.
Since provisions are supposed to be severable, "You" should probably
still refer to "you" even when "you" are violating the license, in order
to make the parts about what "you" are doing wrong meaningful.
> Limited Source Code Grant. Foobar hereby grants You a world-wide,
> royalty-free, non-exclusive license, subject to third party
> intellectual property claims, to use, reproduce, modify, copy and
> distribute the Original Code.
"subject to third party intellectual property claims" is helpful. This
is reasonably close to the "quit-claim" idea which was proposed on
slashdot as an alternative to patent termination clauses. It would be
particularly helpful to have a general suggestion of how to do
something like that, preferably endorsed by a lawyer or two.
Is the default legal standard that such a grant of license is perpetual
or revocable (other than for cause)?
> Binary Code. Foobar hereby grants You a world-wide, royalty-free,
> non-exclusive license to copy and distribute the binary code versions
> of the Original Code together with Your Modifications.
That's not clear:
distribute (the binary code versions of the Original Code) together with
distribute the binary code versions of (the Original Code together with
> License Back to Foobar. You hereby grant in both source code and
> binary code to Foobar a world-wide, royalty-free, non-exclusive
> license to copy, modify, display, use and sublicense any Modifications
> You make that are distributed or planned for distribution. Within 30
That means that Foobar can take them proprietary, right? This wouldn't
be very different from BSD, so I'm just checking, but it might appear
problematic if there's one entity who can take changes proprietary, while
other entities cannot. There's no clear requirement here that Foobar
license Your changes to any third parties; I think that's analogous to the
> days of either such event, You agree to ship to Foobar a file
> containing the Modifications (in a media to be determined by the
"media" is plural, unless collective, but it's used as singular here.
The correct singular form is "medium".
> parties), including any programmers' notes and other programmers'
> materials. Additionally, You will provide to Foobar a complete
> description of the product, the product code or model number, the date
> on which the product is initially shipped, and a contact name, phone
> number and e-mail address for future correspondence. Foobar will
> keep confidential all data specifically marked as such.
That's not entirely logical if a user is some entity other than a company
which ships products. Aside from concerns about vagueness, this could
be questioned under OSD 6 ("No Discrimination Against Fields of Endeavour")
by hindering the use of the code outside of value-added commercial
> Restrictions on Use. You may sublicense Modifications to third
> parties such as subcontractors or OEM's provided that You enter into
> license agreements with such third parties that are substantially
> similar in scope and application to this Agreement.
"substantially similar in scope and application" is vague and doesn't
even indicate whether Foobar retains specific rights, or whether they're
passed on to the sublicensor.
This paragraph also appears to violate OSD 7, except for the literalism
that OSD 7 doesn't explicitly cover "Modifications" to a piece of
> Term. This Agreement and license are effective from the time You
> accept the terms of this Agreement until this Agreement is
> terminated. You may terminate this Agreement at any time by
> uninstalling or destroying all copies of the Original Code including
> any and all binary versions and removing any Modifications to the
> Original Code existing in any products. This Agreement will terminate
> immediately and without further notice if You fail to comply with any
> provision of this Agreement. All restrictions on use, and all other
> provisions that may reasonably be interpreted to survive termination
> of this Agreement, will survive termination of this Agreement for any
> reason. Upon termination, You agree to uninstall or destroy all copies
> of the Original Code, Modifications, and Documentation.
Does this mean that public archive sites may not redistribute copies of
the Original Code? Somewhat questionable on grounds of OSD 1 and 7.
> Trademarks and Brand.
> License and Use. Foobar hereby grants to You a limited world-wide,
> royalty-free, non-exclusive license to use the Foobar trade names,
> trademarks, logos, service marks and product designations listed in
> Exhibit A (collectively, the ``Foobar Marks'') in connection with the
> activities by You under this Agreement. Additionally, Foobar grants
> You a license under the terms above to such Foobar trademarks as
> shall be identified at a URL (the ``URL'') provided by Foobar. The
> use by You of Foobar Marks shall be in accordance with Foobar's
> trademark policies regarding trademark usage as established at the web
> site designated by the URL, or as otherwise communicated to You by
> Foobar at its sole discretion. You understand and agree that any use
> of Foobar Marks in connection with this Agreement shall not create
> any right, title or interest in or to such Foobar Marks and that all
> such use and goodwill associated with Foobar Marks will inure to the
> benefit of Foobar.
> Promotion by You of Foobar WebServer Mark. In consideration for the
> licenses granted by Foobar to You herein, You agree to promote the
> Original Code by prominently and visibly displaying a graphic of the
> Foobar WebServer mark on the initial web page of Your product that is
> displayed each time a user connects to it. In addition, You may
> further promote the Original Code by displaying the Foobar WebServer
> mark in marketing and promotional materials such as the home page of
> your web site or web pages promoting the product. In further
> consideration of this license, Foobar may use your company name in
> conjunction with its own marketing efforts.
Some generic objections: what if you don't have a "product", what if you
don't have a web page, what if you don't display graphics on your web
page at all, etc.? In other words, what if this request isn't particularly
meaningful for some licensee? This goes a bit beyond the BSD advertising
clause by requiring the use of a graphic (and, what's more, not just in
advertising and promotional materials).
What if you have no company name?
How does Foobar intend to "use your company name"? It's one thing if they
want to say "Acme Klein Bottles uses Foobar WebServer", and another if they
want to say "Acme Klein Bottles endorses Foobar WebServer" or "Acme Klein
Bottles becomes a Foobar partner".
This paragraph would also appear to mean that anyone who ever downloads a
copy of this code consents to have his or her name listed by Foobar as a
"user" (at best), and perhaps even more than that. A blanket right to use
all users' names for promotional purposes raises some privacy and truthful
> Placement of Copyright Notice by You. You agree to include copies of
> the following notice (the ``Notice'') regarding proprietary rights in
> all copies of the products that You distribute, as follows: 1)
> embedded in the object code; and 2) on the title pages of all
> documentation. Furthermore, You agree to use commercially reasonable
> efforts to cause any licensees of Your products to embed the Notice in
> object code and on the title pages or relevant documentation.
Why not just require sublicensees to _be bound_ by this license?
> The Notice is as follows: Copyright (c) 19xx Foobar Software, Inc. All
> Rights Reserved. Unless Foobar otherwise instructs, the year 19xx is
> to be replaced with the year during which the release of the Original
> Code containing the notice is issued by Foobar. If this year is not
> supplied with Documentation, Foobar will supply it upon request.
This license isn't Y2KOK. :-)
> No modifications to Server Identification Field. You agree not
> toremove or modify the Server Identification Field contained in the
> ResponseHeader as defined in Section 1.6 and 1.7.
A somewhat generic concern about this: does that mean that you can't
modify this web server to the point that it's no longer a web server,
or no longer speaks version of HTTP that contain such a field? Does
this mean that you can't take portions of the code of the web server
out to use as part of other programs?
OSD 3 is a little vague on this:
3. Derived Works
The license must allow modifications and derived works, and must allow
them to be distributed under the same terms as the license of the
original software. (rationale)
Can Open Source licenses discourage code excerpting, cross-fertilization,
and other forms of re-use, assuming that all license terms are complied
with? If this package has a useful subroutine that you want to use in
some other free program, and you're content to put that program under
this license, do you still have to make that program identify itself as
Foobar WebServer? Even if it doesn't answer HTTP requests?
Compare also OSD 8, which implies that a program can be separated from
its original distribution (but which is silent on whether a _portion_
of a program can be separated from its original distribution).
> Warranty Disclaimers THE ORIGINAL CODE, THE DOCUMENTATION AND THE
> MEDIA UPON WHICH THE ORIGINAL CODE IS RECORDED (IF ANY) ARE PROVIDED
> "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS, STATUTORY OR
> IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
> MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The entire risk
> as to the quality and performance of the Original Code (including any
> Modifications You make) and the Documentation is with You. Should the
> Original Code or the Documentation prove defective, You (and not
> Foobar or its distributors, licensors or dealers) assume the entire
> cost of all necessary servicing or repair. Foobar does not warrant
> that the functions contained in the Original Code will meet your
> requirements or operate in the combination that You may select for
> use, that the operation of the Original Code will be uninterrupted or
> error free, or that defects in the Original Code will be corrected. No
> oral or written statement by Foobar or by a representative of Foobar
> shall create a warranty or increase the scope of this warranty.
It's a little troubling that the original distributor wants to disclaim
the existence of any remedy for defective _media_. How is anyone going
to get a copy of the code if you can't trust the distributor's media? :-)
> FOOBAR DOES NOT WARRANT THE ORIGINAL CODE AGAINST INFRINGEMENT OR THE
> LIKE WITH RESPECT TO ANY COPYRIGHT, PATENT, TRADE SECRET, TRADEMARK OR
> OTHER PROPRIETARY RIGHT OF ANY THIRD PARTY AND DOES NOT WARRANT THAT
> THE ORIGINAL CODE DOES NOT INCLUDE ANY VIRUS, SOFTWARE ROUTINE OR
> OTHER SOFTWARE DESIGNED TO PERMIT UNAUTHORIZED ACCESS, TO DISABLE,
> ERASE OR OTHERWISE HARM SOFTWARE, HARDWARE OR DATA, OR TO PERFORM ANY
> OTHER SUCH ACTIONS.
This is also useful. I wonder if the "VIRUS" part will scare off any
potential users (or their lawyers): "the author says that this code
might contain a virus!" could be a slightly scary meme. But checking
up on that is part of what source code is for. :-)
> Any warranties that by law survive the foregoing disclaimers shall
> terminate ninety (90) days from the date You received the Original
Probably useful in some jurisdictions (which do not allow the limitation
or exclusion of implied warranties).
> Limitation of Liability YOUR SOLE REMEDIES AND FOOBAR'S ENTIRE
> LIABILITY ARE SET FORTH ABOVE. IN NO EVENT WILL FOOBAR OR ITS
> DISTRIBUTORS OR DEALERS BE LIABLE FOR DIRECT, INDIRECT, INCIDENTAL OR
> CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OF THE ORIGINAL CODE, THE
> INABILITY TO USE THE ORIGINAL CODE, OR ANY DEFECT IN THE ORIGINAL
> CODE, INCLUDING ANY LOST PROFITS, EVEN IF THEY HAVE BEEN ADVISED OF
> THE POSSIBILITY OF SUCH DAMAGE.
> You agree that Foobar and its distributors and dealers will not be
> liable for defense or indemnity with respect to any claim against You
> by any third party arising from your possession or use of the Original
> Code or the Documentation.
> In no event will Foobar's total liability to You for all damages,
> losses, and causes of action (whether in contract, tort, including
> negligence, or otherwise) exceed the amount You paid for this product.
How about "the amount you paid Foobar for this product"? Has Foobar
gotten the point that Open Source software may be resold by third
parties? Do they really want me to buy a copy of Foobar WebServer for
$17,000 from a friend, and then to sue Foobar for some tort and demand
damages of $17,000?
> SOME STATES DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY
> LASTS, AND SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF
> INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATIONS OR
> EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC
> LEGAL RIGHTS AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM STATE
> TO STATE.
Being more non-US friendly would probably include "or jurisdictions"
and "from state to state or jurisdiction to jurisdiction".
> The Original Code (i) was developed at private expense, and no part of
> it was developed with governmental funds; (ii) is a trade secret of
> Foobar (or its licensor(s)) for all purposes of the Freedom of
> Information Act; (iii) is "restricted computer software" subject to
> limited utilization as provided in the contract between the vendor and
> the governmental entity; and (iv) in all respects is proprietary data
> belonging solely to Foobar (or its licensor(s)).
How about another "for all purposes of..." in part (iv)?
> Governing Law and Interpretation. This Agreement shall be interpreted
> under and governed by the laws of the State of Washington, without
> regard to its rules governing the conflict of laws. If any provision
> of this Agreement is held illegal or unenforceable by a court or
> tribunal of competent jurisdiction, the remaining provisions of this
> Agreement shall remain in effect and the invalid provision deemed
> modified to the least degree necessary to remedy such invalidity.
Venue for lawsuits, while they're at it? (Not that we need to encourage
that sort of thing.)
> Entire Agreement. This Agreement is the complete agreement between
> Foobar and You and supersedes all prior agreements, oral or written,
> with respect to the subject matter hereof.
What, no United Nations Convention disclaimer?
> BY CLICKING ON THE ``Register'' BUTTON ON THE REGISTRATION FORM, YOU
> ACCEPT AND AGREE TO BE BOUND BY ALL OF THE TERMS AND CONDITIONS SET
> FORTH IN THIS AGREEMENT. IF YOU DO NOT WISH TO ACCEPT THIS LICENSE OR
> YOU DO NOT QUALIFY FOR A LICENSE BASED ON THE TERMS SET FORTH ABOVE,
> YOU MUST NOT CLICK THE ``Registration'' BUTTON.
OSD 7, "Distribution of License". We need some discussion of the
combination of _licensing practice_ and _distribution practice_, as
earlier mentioned on this list.
If people always have to sign a separate NDA to get a copy of a program,
for example, and that NDA prohibits them from exercising their rights
under the license, the combination of the license and procedure shouldn't
be Open Source. It would be possible to combine the GNU GPL with an NDA
which effectively nullified it, for example, since the GPL doesn't claim
to supersede other agreements.
I'd argue further, for instance, that anyone exercising GPL 8 is violating
OSD 5 by discriminating against persons or groups. But that doesn't mean
that anyone using the GPL is _automatically_ violating the OSD -- it
depends on whether or not they decide to insert a clause of the sort
mentioned by paragraph 8 of the GPL.
So it really is important to consider the combination of a written license
and a distribution practice or non-license distribution conditions.
Seth David Schoen <schoen at loyalty.org>
They said look at the light we're giving you, / And the darkness
that we're saving you from. -- Dar Williams, "The Great Unknown"
http://ishmael.geecs.org/~sigma/ (personal) http://www.loyalty.org/ (CAF)
More information about the License-discuss