Sounds good: Re: Request opinion on proposed license

[Kevin Halle]

> Kevin Halle wrote:
<snip>
> > I would like to elicit the opinions of
> > you, the members of this list, on whether it is 
> > likely to pass the Open Source Initiative 
> > requirements.

--- John Cowan <jcowan at reutershealth.com> wrote:
> What's so great about this plan is that it does not 
> require any new license at all.  You can just use a 
> standard reciprocal license like the GPL or the OSL, 
> and get everything you want by doing a few other
> things as well.
> 

This sounds like it could possibly be great news..  I'm not sure
I fully understand yet..  can you help me out a bit, to get the
hang of this?  You would be doing a great thing..

Here's my understanding, do I have it close?:
-- The copyright holder can make multiple licenses
-- The GPL (or OSL) is one of those licenses, which is entered
into with the general public
-- anyone who acquires the source code _via_ the GPL is bound by
the GPL, and so must make their changes available accordingly
-- anyone who acquires the source code via a different license, 
say "L2", is only bound by L2's terms.  They did not acquire the
source via the GPL, therefore the GPL does not apply to them.
-- only the copyright holder can make a "root" release with a
particular license.

is that it?

If so, that means that the copyright must be protected in all
the source files released under GPL and otherwise, yes?  

Okay, now the hard part..  how do I implement this?  I really
have no idea..

Here're my motivation and goals:
-- I have developed a platform for parallel software..  it
includes a "virtual OS", as well as a virtual machine, a
language, and functional specs for the development environment.
-- I am lining heavy hitters in the field to back it
-- Hopefull, it becomes a pervasive platform that a majority of
developers use (eventually)

Here are my concerns that I hope this copyright arrangement will
alleviate:
1-- A platform, for wide acceptance, must be standard.  If many
slight variations on that platform exist, its value is lost, and
therefore its acceptance self-limits.  
--> this is, in many ways, the case with Linux distributions.. a
binary often runs only on specific releases of, say, Red Hat.. 
rarely does a single binary run on all Linux distributions
--> Solving this issue requires a certification mark, such as
Java has, which in turn requires very clearly written and
thorough specifications, as well as a conformance test-suite.  I
believe that this is difficult to achieve via volunteerism,
hence the funded entity.  
--> This also requires a single-goto-point that all agree is the
specification authority (as Linus is for the Linux Kernel).  I
will likely move on to other things, hence the need for a 3rd
party to be assigned, from the start, this role.   

2-- Companies such as Microsoft will see this platform as a
threat and will very likely purposely introduce variations that
only work with their stuff, such as happened with Java.
--> Combating this, again, requires a certification mark.  It
also requires an organisation with the resources to go to court.
 It's not clear whether the Open Source approach alone is a
sufficient safeguard against this kind of attack.

3-- the higher the quality of documentation and QA, the more
rapidly acceptance will spread, and the wider that acceptance
will spread.  
--> I may be mistaken in my personal beliefs, but my experiences
with Linux have led me to the conclusion that an income source
which pays for the least-glamorous and least-interesting
portions of development will boot-strap the code base more
quickly.  Hence, the for-fee license model, which pays for QA
and documentation, and amortizes the costs over multiple
licensees.  

4-- The single-goto-point authority which grants the conformance
mark will have to put considerable effort into the process of
developing each version of the specifications.
--> The specs have to not have ambiguities, and be efficiently
implementable, and take many diverse user-bases' desires into
account, etc
--> This level of effort may not be supportable on a purely
volunteer basis, especially with companies historically placing
people onto standards bodies with self-interested goals. 
Causing FUD by putting disruptive people into the standards
process may happen as well.  
--> A supported group, dedicated to the Open Source cause and
the acceptance of the code, is more likely to develop complete
and clear specs which fairly balance differing factions'
desires.

5-- profit motive is not all bad.  When money is to be made, the
level of effort and pace often increase.  Monopolistic control
is the bad thing which uses profit motive to its purposes.  
--> If companies can have a (slight) proprietary advantage in
improvements they make to the code, then more attention is
likely to be given to the code, and its acceptance is likely to
spread more quickly.
--> Being allowed to make proprietary improvements will both
increase motivation to adopt the platform (profit motive), and
drive the funding of the documentation, QA, and specification
activities.
--> The improved software still must pass the conformance tests
in order to receive the conformance mark, but it doesn't have to
open-source the improvements.  It is likely that the licenses
will simply call for a delayed release of the improvements'
source, like a year to two years.  The licenses will probably
also spell out what, functionally, are acceptable modifications
(to avoid MS-Java).

So, given all of that, the aim is to have a body, henceforth
called CodeSteward, which negotiates licenses, contracts or
performs QA, contracts or performs documentation, performs the
specification writing, writes a conformance test-suite,
administers the conformance testing,  defends the
conformance-mark, and essentially manages the open-source
development of the platform (via SourceForge, etc).


***** So, the big question ******: 
my next step will be transferring the current work to
SourceForge, what should I do so that the copyright rights are
preserved, and that they are transferred to the CodeSteward, and
that all who join the project assign copyrights to the work they
contribute to the CodeSteward?

-- In particular, how to avoid something like the current SCO
court battle?

-- What Boilerplate wording is needed to ensure that the
contributors own the copyright and patent rights to all the work
they are contributing, and that they assign those rights to the
CodeSteward.  
--> IE, don't want any work contributed which places the code in
violation of some patent somewhere (if contributor knows it
does)
--> Don't want somebody contributing code that their employer,
or University, will later claim belongs to them and claim that
the contributor had no right to reassign the copyright.

-- What steps have to be done to not inadvertently lose any
rights by not putting the right language in, etc?.. for example,
does every single source file released have to have a copyright
notice?  Does that notice have to name the CodeSteward?  Or, is
it sufficient to name the contributor, who then assigns to the
CodeSteward?  Any pitfalls to be aware of?  Examples of the
right wording?

-- Do the contributors have to sign actual paper documents in
order to assign copyright to the CodeSteward?  Can the
boilerplate above (about not violating patents and contributor
really owning the rights they sign over) be done on-line when a
contributor joins the SourceForge team?  Will that be legally
binding?  Can digital signatures be used?  If by paper, what if
the contributor is in a different country?  Do the contributor's
signatures have to be notarized?

-- How to form the CodeSteward?  Must it be a corporation?  Must
it exist at the time code is placed onto SourceForge?  Can it
just be a name, for now, and be given more complete legal status
later?  What things can/have to be done to make the CodeSteward
a legal entity?  Bank account?  Retail business licence?  Stated
place of business?  Fictitious Business Name notice?  What's the
minimum, for now, so don't lose any rights?

Any insights on any of these issues will be greatly greatly
appreciated.  Open Source is a beautiful thing.. thank you all
for being a part of OSI, you're doing a good thing,

Sincerely,

Kevin Halle




--- John Cowan <jcowan at reutershealth.com> wrote:

> Kevin Halle scripsit:
> 
> >    Thank you all for considering my message.  I am
> considering
> > submitting a request for approval of a new license.  Before
> > formally submitting it, I would like to elicit the opinions
> of
> > you, the members of this list, on whether it is likely to
> pass
> > the Open Source Initiative requirements.
> 
> What's so great about this plan is that it does not require
> any new license
> at all.  You can just use a standard reciprocal license like
> the GPL or
> the OSL, and get everything you want by doing a few other
> things as well.
> 
> >    Thus, I propose a new license which modifies the GPL.  It
> > carries the same language, with the one exception that a
> > third-party organisation is named which has the power to
> > negotiate with commercial entities.   
> 
> In order to achieve this, you as the initial developer must
> simply
> transfer the copyright, lock stock and barrel, to the
> third-party
> organization (henceforth 3PO).  The 3PO, being the copyright
> owner,
> is not bound by the GPL, and is free to make whatever
> arrangement
> it wants for proprietary licenses.
> 
> For suspenders-and-belt-class assurance, require all future
> contributors
> to sign over their copyrights to the 3PO as well.  This is
> probably not
> necessary, at least under U.S. law, because such contributors
> have
> nothing to gain by suing, but it does make sure all your ducks
> are in a row.
> 
> >    For non-commercial entities, such as researchers and
> > individual developers, the license reverts to the standard
> GPL,
> 
> The 3PO just licenses it to them under the GPL (but do
> consider the
> OSL; it has certain advantages, like an explicit grant of
> patent rights).
> 
> > with the one exception that any derivatives may only use the
> > name of the original work upon condition that they pass the
> > conformance test suite.
> 
> This requires no exception to the GPL.  You simply create
> another
> non-profit organization which administers the name of the work
> as a
> certification mark: nobody can use it unless they pass the
> conformance
> tests.  The GPL neither requires nor forbids restrictions on
> the
> name of a program, because names are outside copyright law and
> the
> subject of trademark law.
> 
> > If they fail the conformance suite or
> > are not tested with it, they must include a notice stating
> that
> > the work is derived from the original but has failed the
> > conformance suite.
> 
> This does exceed the bounds of the GPL, but surely not being
> allowed
> to use the original name is strong enough?
> 
> >    The third-party entity charged with negotiating with
> > commercial entities must be a non-profit organisation
> committed
> > solely to carrying out the responsibilities of managing work
> > assigned to it under the new license.
> 
> Then just make it so.  That in no way has to be written into
> the license.
> 
> > Will a license such as this be certifiable as Open Source?  
> 
> Save yourself considerable time and aggro by not drafting a
> new license,
> please.  You really don't need one.
> 
> IANAL, TINLA.
> 
> -- 
> "You're a brave man! Go and break through the           John
> Cowan
> lines, and remember while you're out there             
> jcowan at reutershealth.com
> risking life and limb through shot and shell,          
> www.ccil.org/~cowan
> we'll be in here thinking what a sucker you are!"      
> www.reutershealth.com
>         --Rufus T. Firefly
>