[License-discuss] Boilerplate license text for permissive licenses?

Lawrence Rosen lrosen at rosenlaw.com
Tue Nov 27 04:57:57 UTC 2012


Hi Gerv,

Consider the hapless corporate attorney who is forced to review hundreds of
proprietary software licenses when authorizing the distribution or
sale/purchase of his company's software products. Each of those proprietary
licenses may contain restrictions on transfer; unique indemnity and warranty
provisions; attribution requirements or prohibitions; etc. 

I consider your task with these BSD/MIT open source variants to be simple in
comparison. FOSS is usually simpler than proprietary. 

But once you've done your variant-gathering, will you recommend that
everyone else do the same for their own open source software as Mozilla will
do for Firefox OS? That's a lot of work to recommend for others to do. That
would seem to be a waste of time considering the infinitesimally tiny risk
that one of those "variant" licensors would sue you for breach for taking
the easy way out -- such as:

     "This software includes contributions under one or more variants of the
       official BSD and MIT license versions published at
www.opensource.org. 
       Mozilla has chosen not to publish those individual variant licenses
along
       with this distribution, although we are disclosing its source code as
       those licenses require."
       
This would be, after all, an entirely reasonable minor breach of what is a
weak BSD or MIT license requirement, imposed by unknown contributors long
ago, to publish the actual license text somewhere prominently along with the
software. Those licensors can't sue you anyway unless they register their
copyrights, which is unlikely to have happened for such works. Damages in
such a lawsuit would be minimal at worst. For a company that can afford to
swat away any such nuisance lawsuits, taking this easy way out may be worth
the risk, unless your lawyer tells you that no risk is ever worth taking.

I'm quite sanguine about minimal license breaches in open source situations
where we can reasonably assume that we're serving the authors' will anyway.
Some of those old license requirements are no longer appropriate for modern
software delivery mechanisms.

Other opinions may vary.

/Larry

P.S. Egads! A lawyer advising breaches of the express (and unreasonable)
terms of very old FOSS licenses!!! Fortunately, this email is not legal
advice to you.  :-)

Lawrence Rosen
Rosenlaw & Einschlag, a technology law firm (www.rosenlaw.com)
3001 King Ranch Rd., Ukiah, CA 95482
Office: 707-485-1242


-----Original Message-----
From: Gervase Markham [mailto:gerv at mozilla.org] 
Sent: Monday, November 26, 2012 2:55 AM
To: license-discuss at opensource.org
Subject: [License-discuss] Boilerplate license text for permissive licenses?

Dear license-discuss,

Short version: can the OSI please consider providing generic, appropriately
wrapped, plain-text, copy-and-pasteable versions of the MIT, BSD (2 and 3
clause) and HPND licenses, linked from that license's main license page, to
cut down on license proliferation?

Long version: I am currently attempting to make sure Firefox OS complies
with the open source licenses of all the bits of code we are using. As you
can understand, an entire operating system is quite a lot of code.

I have written a script to analyse the codebase and extract all of the MIT,
BSD and HPND license blocks in it. Each of these licenses requires the
license text to be reproduced "in other materials provided with the
distribution", or some similar words. My script counts as "the same" the
ones where the differences are merely whitespace-based. We were advised that
if two license blocks differ by more than that, e.g. if they mention a
specific person or organization in the disclaimer, then they are "different"
and cannot be merged.

Here's a count of the number of different variants in my current draft
licensing file, by license type:

BSD2Clause: 30
BSD3Clause: 55
BSD4Clause: 12
MIT:        23
HPND:       42

In other words, we will have to reproduce at least 160 different but similar
license blocks in the documentation for Firefox OS.

Some of this is unavoidable; the MIT and BSD licenses have changed over
time, and some of this code is very old. Some of these differences may
indeed have some legal effect.

However, it seems that sometimes, people might be copying and pasting from
the OSI website, but then they have to fill in the blanks and/or replace
HTML-based formatting such as bullet points, and everyone does it slightly
differently. For example, for bullets, we have "*" vs "a)" 
vs "1." vs "-" vs " ". I have seen BSD 3-clause variants, otherwise
identical to the OSI version, with all of these bullet types.

The trouble is, without getting into very detailed heuristics, simple moves
like saying "OK, apostrophe, hyphen, period and digits don't count for
determining license sameness" start to run the risk of removing significant
differences. And the text says you have to reproduce "this license notice",
after all.

The MIT license on opensource.org is good, because it can simply be copied
and pasted as-is: http://opensource.org/licenses/MIT Accordingly, a lot of
uses of the MIT license in the codebase are that exact license.

However, the BSD3Clause version has a placeholder in clause 3 for
<ORGANIZATION>, which means that everyone who copies and pastes it will
create a new license variant when they replace that part.
http://opensource.org/licenses/BSD-3-Clause
Whether there are other variations or not, this is a very common way of
creating a whole new license.

The BSD2Clause version does not have that, obviously. It's noteworthy that
there are 2x as many 3-clause variants in the B2G codebase as there are
2-clause variants.

Although it's now deprecated, and so maybe not used much, the HPND is even
worse:
http://opensource.org/licenses/HPND
There are so many optional bits there that anyone attempting to use that
license based on the OSI copy is almost bound to produce something unique!

We can't prevent people from modifying license texts. But we can avoid
_requiring_ them to do so! Can the OSI help with this?

Gerv
_______________________________________________
License-discuss mailing list
License-discuss at opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss




More information about the License-discuss mailing list