[License-discuss] SPDX License List v1.14 & OSI questions

Karl Fogel kfogel at red-bean.com
Mon Apr 30 17:25:11 UTC 2012


Jilayne Lovejoy <jilayne.lovejoy at openlogic.com> writes:
>SPDX License List v1.14 & OSI questions
>
>Hi Karl and the OSI license-discuss list,
>
>I'm picking up (finally) where we left off some months ago regarding
>ironing out some questions that came up around aligning the OSI
>licenses and the SPDX License List.  I've included the most recent
>spreadsheet of the license list (only, accompanying .txt files with
>the actual license text not included here for convenience, but can be
>found, if needed, at http://spdx.org/wiki/spdx-license-list)
>
>I have added an "outstanding issues" column with the following
>color-coding:
>
>* red text = issues or questions for OSI.  Some of these are
>  highlighted in gray indicating more urgency in terms of an answer is
>  needed.  Where there is just red text and no gray highlighting, this
>  denotes something that merely needs to be updated on the OSI website
>  (e.g. A missing SPDX Identifier, etc.) 

Jilayne, I'm about two months behind on taking care of this.  Thanks for
putting together such an easy-to-use spreadsheet, and my apologies for
the delay.

I'll respond inline here, so it's easy for others to see and chime in:

First, you asked this about Academic Free License versions AFL-1.1,
AFL-1.2, AFL-2.0, and AFL-2.1:

  > My understanding is that all the Academic Free Licenses were OSI
  > approved, but I can't find a good url to the actual license text of
  > the older versions (just this mirror). question for OSI:
  > 
  > 1) Was this specific license/version OSI approved?
  > 2) if yes, is there a better link to the license text?

I can find no record of approval of the Academic Free License prior to
3.0.  As of 2006-10-31, we were linking to "/licenses/afl-3.0.php", and
now of course we link to http://opensource.org/licenses/AFL-3.0.

This highlights the need for a clearer license obsolescense process at
OSI and the need to have findable records of approved-but-now-obsolete
licenses.  http://projects.opensource.org/redmine/issues/4 and
http://projects.opensource.org/redmine/issues/25 are about these,
respectively.  We have a rough idea how to do the former and it's just a
matter of implementing it; as for the latter, I don't know, and will
raise the issue at the OSI's upcoming face-to-face in May and in a
separate inquiry on this list.

You asked:

  > Was this [Apache 1.0] ever OSI-approved?

For the reasons given above, I can't tell, sorry.  I can find Apache
2.0, but not 1.0.  (In other words, one thing we need is a record of
licenses that were considered but not approved, so that these searches
wouldn't always depend on how one wants to interpret a negative result!)

Regarding Apache 1.1, you wrote:

  > OSI approved, but only can find license on the "superseded licenses"
  > category list

That's correct.  That license should be indexed only from the
"superseded licenses" list, although of course the license page's URL
itself should be permanent -- another thing we haven't done well, see
e.g. http://opensource.org/osi3.0/licenses/apache2.0.php gets a 404.

Regarding Apple Public Source License 1.0 (APSL-1.0) you ask:

  > Was this ever OSI approved?  Note at top of fedora url says: This
  > license is non-free. At one point, it could be found at
  > http://www.opensource.apple.com/apsl/1.0.txt, but that link now
  > redirects to APSL 2.0. A copy of the license text has been taken
  > from archive.org's October 01, 2007 revision.

Again, I can't tell.  I would hope not, though, given that the Fedora
page says the license is non-free.

Regarding APSL-1.1 you ask simply:

  > Was this ever OSI approved?

Again, I don't know.

Similarly, regarding APSL-1.2 you ask:

  > Was this ever OSI approved?

And again, I don't know.

The earliest OSI page for APSL (that I can find any reference to) is
http://opensource.org/osi3.0/licenses/apsl-2.0.php.  Though that
page itself is now gone, it was linked to from our license list of
2006-10-31, so we can assume it was approved.

Regarding the Artistic License 1.0, you have done some fine detective
work, and you asked:

  > OSI approved, but only can find license on the "superseded licenses"
  > category list.
  >
  > Also note that Perl link has 10 clause version of license, whereas
  > OSI link has 9 clause with note at top about additional clause.  for
  > searching/templating reasons, these should probably be listed as two
  > different licenses. Suggest naming as follows:
  > Artistic License 1.0 (Perl) // Artistic-Perl-1.0
  > Artistic License 1.0 // Artistic-1.0
  > 
  > thoughts?

Excellent idea, except maybe we should put the "(Perl)" before the
version number, since "Perl" describes a flavor of the license and that
flavor could conceivably happen to other versions, though we hope not.
That would also match the proposed SPDX short name.  Thus

  Artistic License (Perl) 1.0 // Artistic-Perl-1.0
  Artistic License 1.0        // Artistic-1.0

Would that work for you?  

For now I've renamed http://opensource.org/licenses/artistic-license-1.0
to opensource.org/licenses/Artistic-1.0, edited it to link correctly to
the superseding version (Artistic-2.0), and to link to a new page
opensource.org/licenses/Artistic-Perl-1.0.

Now, independently of the above, there is a serious bug in the Perl
clause, and while I understand why it was OSI-approved, I think the OSI
approved its *intended* meaning rather than its textual meaning.  

This should really be a separate thread, but I want to at least write it
down here now, so there's a record of it somewhere:

The OSI page above says:

  | Some versions of the artistic license contain the following clause:
  | 
  |   8. Aggregation of this Package with a commercial distribution is
  |   always permitted provided that the use of this Package is
  |   embedded; that is, when no overt attempt is made to make this
  |   Package's interfaces visible to the end user of the commercial
  |   distribution. Such use shall not be construed as a distribution of
  |   this Package.
  | 
  | With or without this clause, the license is approved by OSI for
  | certifying software as OSI Certified Open Source.

That's great, except s/commercial/proprietary/ :-(.  What the text
obviously means is "proprietary", and furthermore, if it were to be
interpreted literally as "commercial", then it would (to my mind) be
clearly not open source.

I'm not sure what to do about this now.  I just wanted to mention it.
Any review of old licenses, such as you have done, is bound to turn up
issues like this.  Thank goodness it's an issue with Artistic-Perl-1.0
and not with, say, GPL-2.0 :-).

Regarding old BSD 4-clause (or "original" BSD) you ask:

   > Was this OSI approved?

Again, I don't know.

Regarding the "CNRI Python GPL Compatible License Agreement"
(CNRI-Python-GPL-Compatible), you ask:

   > not on OSI site, but was OSI approved??  Please clarify will need
   > link from OSI site once (if) updated

Again, I don't know.

Note that with the Python licenses, the situation is very complex,
because we're currently evaluating submissions from them.  While that
shouldn't technically affect past licensing decisions, in practice at
may at least affect the names by which we call some of those past
licenses.  See http://projects.opensource.org/redmine/issues/3.  Ball is
in their court right now.

At this point, looking at where I am in the spreadsheet (the scrollbar
thumb is still disturbingly high) and the importance of getting some
kind of response to you and the group, I'm not spending a lot of time
searching for the answers -- I'm just answering.  Obviously, some of
these issues will have to be addressed in followup steps, and one of the
things I intend to bring up at the OSI face-to-face meeting is the size
and relative priorities of the licensing work backlog.  It's beyond what
one or two volunteers can address, IMHO.  If anyone here knows better
answers to some of these questions, or has suggestions for process
improvement, please say something.

Regarding the CNRI Python License (CNRI-Python), you ask:

   > short identifier missing on license list and license page (thus,
   > url probably also needs to be updated there and here?)

I've fixed the two immediate problems there, thanks!  It probably does
need to be updated elsewhere, but I didn't see those spots in a quick
search, so am leaving that issue for now.

Regarding "Common Public Attribution License 1.0" (CPAL-1.0), you write:

   > OSI approved, but only can find license on the "superseded
   > licenses" category list

Hmm, I see it on http://opensource.org/licenses/alphabetical -- are you
sure?

Regarding "Eiffel Forum License v1.0" (EFL-1.0), you write:

   > OSI approved, but only can find license on the "superseded
   > licenses" category list

That's expected for a superseded license (as per Apache 1.1 above).

Regarding "European Union Public License 1.1" (EUPL-1.1) you wrote:

  > UPDATED url for license
  > OSI needs to update link as well on their website

Turns out we did so, between when you sent the spreadsheet and now :-).
But thanks for noticing this.

Regarding "Fair License" (FAIR), you wrote:

  > OSI site missing short identifier on license list page

Fixed now, thanks.

Regarding GPL-1.0, you ask:

   > was this ever OSI approved?

Good question.  I'm not sure, but I doubt it, as by the time OSI was
formed, GPL 2.0 had been published for years already.  Thus 1.0 might
never have been considered.

Regarding GPL-2.0 (and sometimes GPL-3.0) "with Autoconf exception", and
"with Bison exception", and "with classpath exception", and "with font
exception", and "with GCC exception", you ask:

  > if the underlying license is OSI approved, then is the exception
  > also approved?

In my opinion, yes, and there's no need for a separate license approval
process.  If a license is approved, then that license + an exception
should be considered approved when the exception clearly adds no
restrictions or requirements for the licensee, as is the case here.

In a sense such exceptions can simply be considered additional estoppel
(danger, danger, I'm using the word "estoppel" but I'm not a lawyer) on
the part of the licensor, similar to having made a public promise not to
assert patents or something like that.  The mere accumulation of such
statements, which would affect only the behavior of the licensor, not
the licensee, never narrows the underlying license.

Regarding GNU Library General Public License v2 only (LGPL-2.0) you ask:

   > Was this ever OSI approved?

I don't know.  I suspect the answer to that one would not be so hard to
find, but I want to plough to the end of this spreadsheet right now and
get these responses posted.  I did a cursory search on the OSI site and
didn't find any evidence of approval.  Anyone here know about LGPL-2.0?

Regarding "Lucent Public License Version 1.0 (Plan9)" (LPL-1.0), you say:

   > OSI approved, but only can find license on the "superseded
   > licenses" category list

That's expected, as we're on LPL 1.02 now.

Regarding LPL-1.02, you pointed out:

   > OSI site missing short identifier on license list page

Fixed now!  Thank you.

Regarding MirOS, you pointed out:

   > OSI site missing short identifier on license list page

Likewise fixed now.  Thanks again :-).

Regarding Mozilla-1.0, you write:

   > OSI approved, but only can find license on the "superseded
   > licenses" category list

Yes, that's expected now that Mozilla-1.1 has been approved.

Regarding Multics, you said:

   > OSI site missing short identifier on license list page

Fixed.

Regarding "Non-Profit Open Software License 3.0" (NPOSL-3.0), you said:

   > OSI site missing short identifier on license list page

Fixed.

Regarding Nokia Open Source License (Nokia), you said:

   > OSI site missing short identifier on license list page and on
   > license page

Fixed, and thanks for noticing both sides of that problem.

Regarding "Open Software License 1.0" (OSL-1.0), you wrote:

   > OSI approved, but only can find license on the "superseded
   > licenses" category list

As expected, due to approval of (latest) OSL-3.0.

Regarding OSL-2.0 and OSL-2.1, you asked:

   > is this OSI approved?  (versions 1.0 and 3.0 are, but this one not
   > listed anywhere on site)

I don't know.  Anyone?  Bueller?

Regarding "Simple Public License 2.0" (SimPL-2.0), you wrote:

   > OSI site has wrong short identifier on license list page and on
   > license text page (and has it in two place on license text page??)
   > will need updated url

Whew!  Thanks.  All fixed now.  New URL is:

   http://opensource.org/licenses/SimPL-2.0

Regarding "Sun Public License v1.0" (SPL-1.0), you wrote:

   > OSI site has wrong short identifier on license list page and on
   > license text page. Will need updated url

Fixed all.  (I think some of these might be due to SPDX identifiers
changing after the last time we did a sync?  Not sure.)  New URL is:

   http://opensource.org/licenses/SPL-1.0

Regarding "W3C Software and Notice License" (W3C), you wrote:

   > OSI site missing short identifier on license list page

Fixed.  Most of the missing identifiers on the license list page were
because I'd first thought we wouldn't explicitly give the identifier
when it's already part of the license name and "obvious".  But I think
your suggestion of consistency is better anyway.

>* green text = issues for the SPDX Legal work group (OSI can ignore)

Okay; didn't address any of these.

>Please let me know how we can best proceed to get these issues
>resolved, i.e. Would it be easiest for someone from the OSI to respond
>to the questions in a new column in the spreadsheet and send it back
>or would setting up another call with Karl (and/or anyone else from
>the OSI) be easier?

Well, I was hoping this email would do it.  I realize the email leaves
some questions unanswered, but I think they're ones the OSI has to
figure out internally (e.g., get a handle on records of all past license
approvals).  At least by having this mail we have all the issues laid
out in an archiveable way, and others can follow up if they know things.
I will make sure to link to it from the relevant tickets in Redmine too.

Thank you again for the extremely thorough set of questions and bug
reports!

Best,
-Karl



More information about the License-discuss mailing list