[License-discuss] Retroactively disapproving licenses

Nicholas Matthew Neft Weinstock nweinsto at qti.qualcomm.com
Thu Dec 15 19:00:45 UTC 2022 

Without commenting on WHETHER any licenses should be deprecated/disapproved/legacy, nor on WHICH licenses are appropriate candidates, I would like to suggest a consideration related to HOW to do so.

One of the parts of my job is reviewing commercial contracts.  Some of those contracts include references to Open Source.  For example, they might say something like "Supplier will provide a list of all 3rd party software included in the product that is under an Open Source License."  Or "Contractor may only use 3rd party code subject to an Open Source License, not Commercial or Freeware licenses."  In the majority of these contracts, the definition of an "Open Source License" references the list of OSI-Approved Licenses.  I think this is a good thing for OSI, as it enhances the organization's public image and influence.

I think it is understood that the list of OSI-Approved Licenses evolves.  It is reasonable that new licenses would be added from time to time, and if a license owner retires or supersedes their own license then it is practical to remove them at the owner's direction.  But if the people responsible for those commercial agreements hear even a SUGGESTION that some existing licenses might be removed by OSI (regardless of justification given) despite still being supported by the license owner, I could see them start to question the stability and reliability of the OSI-Approved Licenses list.  "I'm using BSD-licensed code, and they just took BSD off the list of OSI-Approved Licenses.  What does that mean?  Do I need to remove BSD-licensed code because it's no longer acceptable?  Am I free to use BSD-licensed code without identifying it?"  They might look for an alternative, such as the SPDX license list.

My suggestion is to think of the official list as a historical statement.  This is a list of licenses that OSI has ever approved.  Then within that list, maybe there could be a designation for licenses that the OSI board no longer supports.

Regards,
Nicholas Weinstock
Patent Counsel
Qualcomm Technologies, Inc.

From: License-discuss <license-discuss-bounces at lists.opensource.org> On Behalf Of Chris DiBona
Sent: Wednesday, December 14, 2022 1:34 PM
To: mccoy at lexpan.law; license-discuss at lists.opensource.org
Subject: Re: [License-discuss] Retroactively disapproving licenses

WARNING: This email originated from outside of Qualcomm. Please be wary of any links or attachments, and do not enable macros.
Without betraying my feelings on recently approved licenses. I've always thought the osi could move licenses into a deprecated or 'legacy' state , so that programs under those licenses until date x could be considered open source, but after that... I mean, there's already a break down of superseded, etc on the Osi site.... 

But maybe that's too nuanced a view of things :-) Goodness knows the number of projects adding on nonsense extra clauses continue to proliferate, mostly in the JavaScript community....but I digress.

Chris

On Wed, Dec 14, 2022, 9:08 PM McCoy Smith <mccoy at lexpan.law> wrote:


> -----Original Message-----
> From: License-discuss <mailto:license-discuss-bounces at lists.opensource.org> On
> Behalf Of Pamela Chestek
> Sent: Wednesday, December 14, 2022 11:47 AM
> To: mailto:license-discuss at lists.opensource.org
> Subject: Re: [License-discuss] Retroactively disapproving licenses
> 
> To do some foreshadowing, the Working Group that was formed to make
> recommendations for improving the license review process will soon be
> publishing its recommendation. This was originally within their remit, but the
> group agreed that it was complex enough (and frankly I think we were all a
> little tired at this point) that it should be a separate undertaking. Personally, I
> think the OSI has to tread carefully to avoid unintended consequences and
> therefore needs to have a lot more information before deciding whether and
> how to delist a license, such as:
> 
> How many projects are using the licenses How significant they are How many
> downstream users there are, and whether they have relied on the status as
> "open source" in some way, e.g., suddenly a component will have to be
> removed because it no longer has an "open source" license Whether anyone
> is doing marketing around the term "open source" for a license considered
> for delisting
> 
> I'm sure with more thought there is other information that would be
> relevant.
> 
> So McCoy, are you volunteering to head up a working group to work on this
> question? 😁
> 
Hey, not like I haven't volunteered for OSI in a related area before:
https://opensource.org/proliferation-report#:~:text=The%20purpose%20of%20this%20document%20is%20to%20report,lessen%20or%20remove%20issues%20caused%20by%20license%20proliferation.%22
😉


_______________________________________________
The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Official statements by the Open Source Initiative will be sent from an http://opensource.org email address.

License-discuss mailing list
mailto:License-discuss at lists.opensource.org
http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org

More information about the License-discuss mailing list