OpenLDAP license

[Ryan S. Dancey]

From: "David Johnson" <david at usermode.org>

> Since this license appears on the very same site where I can download the
> source code, it counts.

It seems axiomatic to me that any license seeking to comply with the OSD
must have explicit instructions detailing the responsibility of each party
to the license (meaning anyone who distributes the software) to make the
source available when they redistribute the code.

The proposed license could remedy this by adding a sentence to Section 2
stating that the source code must accompany any binary distribution, or
instructions must be provided to each recipient of a binary-only
distribution on how to request the source code or locate it on the internet.

The fact that numerous OSI approved licenses do not address this issue seems
to me to be a fundamental failing on the part of the OSI certification
process and indicates that a top-down review of the process and the
standards of certification should be undertaken.

The OSD specifically calls for a "well publicized means of obtaining the
source code", and I believe that in order to qualify as an OSI certified
license, the license should explicitly state a mechanism for obtaining the
source code.  Anything else is external to the license and thus beyond the
control of the law, and thus beyond the intent of the OSD.

Therefore, my opinion is that the OSI certified licenses which do not comply
with that need should be de-certified until such time as they do.

Either that, or the OSD should be modified by deleting Item #2 in its
entirety.  It seems to me to be a binary choice:  Either #2 is enforced in
the certification process, or it is removed from the definition.  Having it
in the OSD, but not requiring OSI certified licenses to implement it's terms
seems hypocritical.

Note that the OSD does not concern itself with matters "understood" by
others, or "common knowledge".  It specifically concerns itself with "The
distribution terms of open-source software".  Thus, each and every item on
the OSD list should be encapsulated by the licenses which seek to implement
it, and should be a requirement for OSI certification.

To me, this is the single most important aspect of the whole OSI effort.  If
we are not to champion free and easily accessible source code as a primary
mandate of the organization, then we should shut the organization down and
go back to explaining the difference between free speech and free beer along
with every copy of the software we distribute.  Without source, there is no
Open Source.

>> And if "due credit" means "money", it violates #1 as well.

> It's pretty clear that "due credit" in this context refers to attribution.

I couldn't tell if you were kidding or not about this item.  Clearly, "due
credit" is an unacceptably vague term to use in an Open Source software
license, which will be subjected (if tested) to the most critical of
dissections should the issue ever be litigated.  "Due credit" is a vague
term that is essentially undefined - meaning that someone downstream could
claim that it means whatever the heck they want it to mean.  Including "you
must pay me $100 dollars per copy for redistributing my code."

If the drafter of the license means "All redistributions of the code must
include a public acknowledgement that the work is based on materials derived
from code created by the OpenLDAP Foundation" then that is what the license
should say.  Otherwise, the term is at best irrelevant, and at worst a
potential OSD #1 conflict.

Part of the point of submitting licenses to this list is to get feedback
about them and help to improve them based on the shared community experience
in dealing with the concept of Open Source and Free Software.  I'm frankly
surprised at the seemingly hostile tone of the responses I received to my
feedback.

Ryan