[License-discuss] Evolving the License Review process for OSI

Henrik Ingo henrik.ingo at avoinelama.fi
Sun May 26 16:48:44 UTC 2019

Thanks Pam

Your personal response seems easier for me to reply to than the
initial email. But as a general comment on the board decision I had
been worried that as OSI becomes more active in education, advocacy
and even lobbying for open source, there will be (and already are)
Board members with very little interest in reviewing licenses, or even
reading these emails. The right action indeed is to appoint a
committee of people specifically dedicated to that activity. As I
stated in another thread, my humble volunteer contributions here
strongly depends on someone else, and in particular a lawyer-someone,
committed to reading every incoming license, because I certainly can't
commit to that. So I see the committee as a natural evolution of the
valuable work Richard has been doing here, and (I'm relieved to see!)
you have now picked up. Historically my biggest concern was that
licenses could pass because nobody really read them.

I should say I similarly value the hours of his time that Bruce, the
organizations founder, devotes to reviewing license proposals. I often
focus my own questions elsewhere exactly because I agree with his
conclusions and trust that I cannot possibly do a better job than he
already did. (Where I didn't agree with him, I have said my opinion.)

In this category, big applause also to Lukas Atkinson's monthly
mailing list summaries!!!!

As was mentioned, the timing of this announcement correlates with
recent ad hominem attacks on Richard and Bruce, but I choose to
believe the causality is rather explained by the newly elected board
having started its term.

On Sun, May 26, 2019 at 3:33 PM Pamela Chestek <pamela at chesteklegal.com> wrote:

> Speaking in my personal capacity here and quoting only a bit of your
> email for context, but I take your point in the whole email.
> What I believe you are linking two things happening that are actually
> unrelated. Putting the content of the recent open source license
> submissions aside, the OSI has been criticized recently on two vectors,
> that the mailing list fails to function as originally intended and the
> unpredictability of license approval. On the functioning of the mailing
> list, as Simon pointed out the Board was in agreement that this was a
> problem and approved the email that was sent.

In my observation this list tends to be rather disciplined and on
topic as internet discussions go. If anything, the main annoyance are
the participants who's only contribution seems to be to divert
discussion from the submitted license back to their favorite license
that was rejected years ago.

Possibly during the MongoDB review (which I couldn't participate in
due to being an employee) there were participants who aren't regularly
active on this list who - I can see someone possibly arguing - made
remarks that were ad hominem and not appropriate. It seems to me also
in that case the list self regulated well and those participants
eventually withdrew from the discussion. I don't (and can't) really
have a strong opinion about that review, my point is really that I
can't think of *any other* instance in recent years where this should
be a concern.

As I mentioned in the beginning, I think your initial communication
mentioning the code of conduct that already exists, can be considered
a fairly regular action by a newly elected board. But explaining now
that the board believes there is an actual issue that needs fixing,
seems to raise more questions rather than providing any answer.

> There are probably differences of opinion within the Board (at least I
> perceive Simon and I to have differences of opinion) on whether the
> second point is actually something that needs to be fixed. The voices
> who are complaining about the second issue that immediately come to my
> mind are lawyers, and I agree with them.

With respect, they are lawyers whose proposals have been rejected and
their criticism - quite frankly - comes across either as sad bickering
or as intentional lobbying to change OSI policy to something more
favorable to them. It seems like a reason to be concerned when you say
that any OSI board decision is motivated by these people's criticism.

> I suspect we are used to
> working in a world where we have statutes and regulations and
> precedential case law, so we are unhappy when the answer is only
> "because we say so." I also think that the OSI will be significantly
> harmed, perhaps existentially, if it is perceived as acting on whims
> rather than demonstrating leadership through rational explanation and
> justification.

You mention specifically Kyle Mitchell. In his case the review
consists of hundreds of emails, and his views have also been
relitigated in hundreds of tweets on twitter. Claiming that OSI's
position (or the community's, as the board didn't speak on the issue)
has not been explained to him, or that it can be captured in a  is
simple "because we say so", is simply not true and cannot be taken
seriously. The same can be said about other recurring complaints, like

I agree that even lawyers who are known in the OSS community sometimes
appear surprised by community reaction to their proposals. In my
observation, it could help if they factored in at least the following:

1. This is not a court where you present your case as input and
receive a verdict as output. All of the rejected licenses could have
passed review, if the submitter was willing to revise the license
based on feedback. The reason they have been rejected is that the
submitter refused to do so. Understanding this principle should ease
the concern about predictability: Even if you failed to do your
homework and accidentally proposed to - for example - legalize
copyrightability of APIs, it doesn't mean that you lost your case and
the door is shut. The door is always open for a revised submission.

2a. The OSI process is as much about policy as it is about technically
applying the OSD rules correctly. I've often seen lawyers justify
submissions by arguing they don't violate the OSD, or that their
client's needs are served by the new license. But they fail to even
attempt to explain how the new license is necessary or beneficial for
the open source community as a whole. Or, recognizing that the OSI is
an inherently business friendly organization, even just justifying how
a new license benefits commercial open source beyond their specific

2b. Licenses cannot adversely affect policy objectives of the FOSS
community. (NASA, CAL, etc...) But just "doing no harm" also isn't
sufficient, see 2a.

3. Combining 1 and 2, the process isn't unlike a code review process.
Indeed, the list of OSI approved licenses is really community
property. Like our code! The licenses aren't approved because your
single client needed it, but because the license and licensed code can
be useful to others too.

When the FSF has created and advocated for the four freedoms, the
freedoms themselves were short and simple, but have been backed by
articles, blogs and conference talks. This also happened around the
founding of the OSI, though notably I can't remember much debate about
the OSD. It's almost as if consensus around the OSD was so strong, and
its rules so obvious, that such discussion wasn't needed?

So maybe what the OSI is lacking is an investment in blogs or other
educational material that would help lawyers understand what to expect
and what they need to navigate? Admittedly, many of them seem to
struggle with passing the process. (And many issues, like software
patents, or even the issue of US Gov works being public domain,
shouldn't come as a surprise to a lawyer who did their homework.) This
could informally serve a similar purpose as case law does in law.  As
for the actual process and rules, I'm concerned to hear that you think
they need to evolve. It seems to me the process is now working better,
and more predictably, than ever. It is worth noting that the specific
examples you and Richard point out have been approved a long time ago.
Maybe the flaws in the process back then were fixed and are not the
problems we need to fix today?

(The above is about fixes beyond the appointment of a committee, which
I'm optimistic about and seems like a wise extension of Richard's

While it is a good idea to help lawyers write and propose better new
open source licenses, I think it is equally important to point out who
are not complaining about the OSI process being broken and
unpredictable: open source developers and projects. Their only concern
seems to be whether OSI will cave to this criticism and approve
licenses that the community doesn't agree with. This should be the
boards primary concern, while listening to the criticism from lawyers
is a valid secondary concern.

> But I hope to ease your concern that I am a rigid rule follower and can
> be gamed that way. First, even if I could be gamed or I have nefarious
> intent, the License Review Committee is four people and the Board is
> eleven people. I surely can't act unilaterally. Second, I'm not a rigid
> rule follower, although I am someone who believes that decisions should
> be consistent and backed up with rationale more compelling than "because
> we say so." For example, I direct your attention to (brought to my
> attention by Kyle Mitchell) the OSI-approved  Reciprocal Public
> License.[^1] This license says "Regarding deployment, under the RPL your
> changes, bug fixes, extensions, etc. must be made available to the open
> source community at large when you Deploy in any form -- either
> internally or to an outside party. Once you start running the software
> you have to start sharing the software." How do you reconcile that with
> the current position, and a supposed basis for refusing a license, that
> there must be freedom to run software? "Because we say so" works, but I
> think people would be justified in their unhappiness if there is no
> explanation (which might be "oops, that one slipped through!")

With the exception that the OSI process doesn't produce board level
statements, surely this is the obvious conclusion and has been
communicated to Kyle many times?

> So, stay tuned on how the rigor of the decision-making process plays out
> in the future.
> I understand that people on this list may be skeptical of my commitment
> to software freedom and/or open source software, and for you time will
> tell. That's fine with me. I do hope, though, that there is room for
> healthy disagreement about what exactly "software freedom" means. We
> have a recent challenge to the scope of the concept, which is whether it
> extends to data portability (and if you want to talk about that, lets
> start a new thread). I do hope that simply having a different opinion on
> the meaning of software freedom at the fringes doesn't mean that one has
> become captive to anti-freedom forces.

The data portability aspect of CAL is an exception to many other
proposed "extensions" in that it is clearly motivated by protecting
user interests. Whether it can be implemented in practice in an OSD
compliant way remains to be seen, but at least the idea deserves to be
discussed and can't be rejected "on its face", which is more than can
be said about many other of the previously rejected proposals.

henrik.ingo at avoinelama.fi
+358-40-5697354        skype: henrik.ingo            irc: hingo

My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7

More information about the License-discuss mailing list