[License-discuss] Evolving the License Review process for OSI

Mon Jun 10 17:59:49 UTC 2019

Quoting Christopher Sean Morrison via License-discuss (license-discuss at lists.opensource.org):

> I didn’t say he did.  He commented on a potential lack of public
> hosting as grounds for “absolutely not even [coming] close to checking
> whether a license is in use”.  I commented on the general notion of
> public availability and discoverability as being sufficient.  

Actually, what Thorsten Glaser said was:

  The problem is not the tooling to check for licences.

  The reason I postulate one can absolutely not even come
  anywhere close to checking whether a licence is in use
  is that people don’t necessarily use public hosting
  services, nor even all that well-known ones…  I mean,
  who searches for things at edugit.org (ok maybe some)
  or evolvis.org… or even things like the MirBSD CVS repo
  or whatever private (but in theory publicly accessible)
  git self-hosting I do?

(MirBSD or MirOS was through about 2016 Thorsten's initiative; thus his
reference to self-hosting his code repo for it.)

  I think you cannot even get anything resembling a
  representative number even with quite some effort.

The point seems well-taken:  Often-suggested licence census tools
tend to check only major public repos, and that couldn't establish that
an OSI Approved licence isn't used, only that it wasn't grepped for 
in major public repos, because that is just _not_ a proxy for 'public
availability and discoverability' (your term), hence not sufficient.

> To me, it would be an absurd argument to suggest not even trying to
> determine if a license is in use (anywhere) because it might only be
> used in some obscure really hard to find place on the dark web or in
> an isolated pocket of the Internet in China.

Often-suggested licence census tools wouldn't even find the Post Office
MUA source code in http://linuxmafia.com/pub/linux/apps/postoffice/ ,
and that's (for my sins) a site with fairly high search prominence in
Silicon Valley.  (Nothing against the Chinese, mind you, and Hong Kong 
is, after all, my home town, so please don't diss a country that can
invent things as magical as Five Spice Powder and the wok.)

(Of course, the specific Post Office codebase is GNU LGPL, but I think
you understand the general principle.)

> I look at the list of OSI licenses, and frankly would be surprised if
> any of them do not have a trivially discoverable use.

Well, if you're right, then that would sidestep Thorsten's point.  But:

> What I would expect is all but a handful are really trivial, and then
> a more productive conversation (and more rigorous discovery) could be
> made with those few.

Again, implicitly this dismisses codebases not currently present in major
public repos for whatever reason, or, further to Thorsten's point, with
licence grants only in the Cyrillic or Greek or Devangari alphabets, etc.