From andreas.nettstraeter at openlogisticsfoundation.org Thu Oct 6 14:16:15 2022 From: andreas.nettstraeter at openlogisticsfoundation.org (=?iso-8859-1?Q?Andreas_Nettstr=E4ter?=) Date: Thu, 6 Oct 2022 14:16:15 +0000 Subject: [License-discuss] For Discussion: Open Logistics License v1.1 In-Reply-To: <041801d8cc42$5be2aec0$13a80c40$@lexpan.law> References: <8c4ca64c-ef41-3019-3ba9-0a35b46fec0a@gmail.com> <041801d8cc42$5be2aec0$13a80c40$@lexpan.law> Message-ID: Dear McCoy, Please excuse my late reply and thanks for your comments. Regarding the termination clause, I'm not sure that I fully understand your point in the correct way. We thought that we are in line with the similar paragraph in the Apache license (?3): The right to use the patent should be limited to the part of the works that existed at the time of filing a contribution. Otherwise, further contributions from third parties could lead to a situation where a contributor would have to grant rights to use patents which have not been necessary at the time of the contribution. Is it your impression that our version is not in line with the Apache variant? Or do you think that this exception is not useful at all? Regarding "Derivative Work", it is indeed NOT our intent to excludes a grant to create works that are separable. In our definition of "Derivative Work" we tried to follow as close as possible the Apache paragraph. It would be great if you could point to the critical paragraph or wording where you see the contradiction or conflict arising. Looking forward to hearing from you. Regards Andreas Von: License-discuss Im Auftrag von McCoy Smith Gesendet: Montag, 19. September 2022 18:11 An: license-discuss at lists.opensource.org Betreff: Re: [License-discuss] For Discussion: Open Logistics License v1.1 I still find the patent language confusing. To wit: The grant says that "no patent licenses are granted for use of the Subject Matter of the License or the Contributions which become necessary for its lawful use due to the fact that third party modifications are made to the Subject Matter of the License or the respective Contributions after the Contributions have been submitted by the Contributors" This is a relatively standard (in FOSS license) patent grant limitation that makes clear that no patent grant is made for changes after the Contributor submits their contribution. But the termination clause says termination may happen when there is a patent infringement allegation by the Contributor "alleging that the Subject Matter of the License or a Contribution incorporated or contained therein constitutes ... a contributory factor to patent infringement" Those two clauses seem mutually contradictory: if you're not granting a patent license to subsequent modifications (which would necessarily include claims that the licensed content is a "contributory factor" to infringement), then your license should not terminate if you assert against those modifications. Otherwise, you are either, expressly or by implication, granting a license to those subsequent modifications. Note also the termination for contributor factor infringement would potentially cover hardware+software combinations. I'm not sure if that is the intent here, but that might be potentially considered non-reciprocal. Also, I find the use of Derivative Work as a defined term here potentially confusing as it excludes "works that remain separable from, or merely link (or bind by name) to the interfaces of, the Subject Matter of the License and Derivative Works thereof" but then the defined term is used to outline the scope of the copyright grant. As a result, there is a reading of this license that excludes a grant to create works that are separable from or bind by name to the interfaces of the licensed code. I think the opposite is intended (i.e., doing so is unrestricted) but that's not entirely clear from this draft. From: License-discuss > On Behalf Of Andreas Nettstr?ter Sent: Tuesday, August 30, 2022 12:13 AM To: license-discuss at lists.opensource.org Subject: [License-discuss] For Discussion: Open Logistics License v1.1 Dear all, As proposed, I forward this thread about the Open Logistics License from license review to license discuss. We updated to version 1.1 (see attachment) and addressed all mentioned points from the last discussions. Especially, the critical points within "?3 Grant of a patent license" are removed now. In addition, we have carried out a spell check and aligned much of the wording. There are only two points left, which are specific for German/European law: Regarding "? 7 Limited warranty": It is an attempt to limit the warranty, whether it is enforceable in this way cannot be conclusively said. But the worst that can happen is that the provision is invalid. The second sentence is just a general statement that new components, patents, etc. can be added at any time. Regarding "? 8 Limitation of liability": We changed the wording to make it clearer, but in general intent cannot be fully excluded under German/European law, the rest results from the limited liability. I'm looking forward to your comments and we are still hoping for a successful license review afterwards. Regards Andreas Von: License-review > Im Auftrag von Pamela Chestek Gesendet: Dienstag, 5. Juli 2022 00:32 An: license-review at lists.opensource.org Betreff: Re: [License-review] For Approval: Open Logistics License (In my personal capacity) Hi Andreas, Is English the language of the agreement? I want to make sure we're reviewing the actual agreement itself, not your translation of it. If the license is in German, we will need to have the German version and a certified translation for review. Here are my concerns about this license: Definition for "Subject Matter of the License" This is confusingly defined. It states that it means "the copyrighted works of the software components ..." and continues "as well as the other components protected under copyright, design and/or patent law which are made available under this license ... as well as the application and user documentation." First, with respect to the first use of the word "copyrighted," that suggests the license is going to be limited to just the copyrightable content, not, for example, any patentable content. The Apache license's parallel provision, which is the definition for the "Work," is somewhat similarly flawed because it uses the term of art "authorship," which one can read as limiting the license to only copyright content. That's something we cannot change in the Apache license, but I would suggest removing the "copyrighted" limitation from this license to make sure it isn't construed as limited to only content that is copyrightable. The same definition then refers to "as well as the other components protected under copyright, design and/or patent law which are made available under this license in accordance with a copyright notice inserted into or attached to the work ...." This clause seems unnecessary. If a third-party included component states that it is under the Open Logistics License, then there is no need to also mention it in the license for the larger work. It will only cause problems in license interpretation. This phrase also likely goes beyond what may be the original scope of the license for the "other component." The text says the Open Logistics License applies to "the other components protected under copyright, design and/or patent law ... as well as the application and user documentation." This says that the Open Logistics License will apply to the "application and user documentation" of third party components, which would appear to be regardless of what the licenses actually are for the application and documentation as assigned by the owner of the third party component. This is a copyleft - I assume it wasn't intended, but that's what it says. If the intent was that the Open Logistics License applies to "application and user documentation" for the originally licensed code, not for the "other components," the sentence needs to be restructured. At the moment it states fairly clearly (under US English grammar rules) that the "application and user documentation" is referring to the "other components," not the larger work being licensed. Also, if the intention is that the Open Logistics License applies, not only to the code, but to the "application and user documentation," this isn't necessarily a problem but I question whether it is a wise choice to require that text works, like documentation, be under the same license as the software code. It also seems to be a bit of a trap for the unwary; I expect that most people believe that the software code and its documentation can be separately licensed and won't realize that the code license is also dictating the documentation license. Finally, what is the "application" and how does it differ from the work being licensed? Definition for "Source Code" It is defined as "in the programming language." I'm not sure why this was changed from the common and well-understood concept of that source code is the preferred form for making modifications. I am just wary of new definitions when there is a well-understood and perfectly serviceable definition. It is an opportunity to create ambiguity about the meaning and intent for the term. What problem were you trying to solve with this new definition? Definition of "Object Code" What does the word "interim" do? Shouldn't the final manifestation of the code that will run on the computer also be considered "object code"? ?2 Granting of usage rights Why is the grant so detailed? Why is it not simply a grant of all the rights of the copyright owner, similar to what you have done for the patent grant? What grant have you made that isn't also a grant of one of the exclusive rights of the copyright owner? My concern about such a detailed grant, rather than one that simply reiterates all the exclusive rights of the copyright owner, is that there will be unintentional loopholes. I see from your website that you intend to ensure that the rights as described in the Supplementary Terms of Contract for the Procurement of IT Services are clearly granted, but perhaps it would be better to grant all copyright rights (e.g., reproduce, distribute, exhibit, make available, etc.) and then add "including, but not limited to," the rights you have enumerated. ?3 Grant of a patent license The grant of the copyright license is "for the terms of the copyrights" but the term of the patent grant is not stated. I don't think it's necessary to state a term since the grant is perpetual, but having two clauses that say something different invites challengers to find some distinction between the two. It would also be easier to understand the license if the terms of the patent license grant (non-exclusive, perpetual, etc.) was parallel to the grant in the copyright license. It would then be clear that the scope of both grants is meant to be the same. "Under no circumstances will anything in this Section 3 be construed as granting, by implication, estoppel or otherwise, a license to any patent for which the respective Contributors have not granted patent rights when they submitted their respective Contributions." What is this sentence designed to do? The grant clause defines the grant (patents that read on the contribution or the whole work at the time of contribution). It's not necessary to say that there is no grant of what is not granted. As to the patent license termination, it does not appear to be limited to proceedings for infringement only of patents that were licensed, but any patent infringement lawsuit at all brought by a licensee. (This might also be McCoy's point.) Also, as I read it, not only is the patent license terminated, but the entire license is terminated: "all patent licenses which have been granted to You under this License for the Subject Matter of the License as well as this License in itself [that is, the Open Logistics License as a whole] shall be deemed terminated ..." Was that the intent? I know that termination provisions vary and I'm not sure what the current view is on the appropriateness of terminating the copyright license too, but there are OSI-approved licenses that terminate the copyright grant too. I don't understand this sentence: "the Contributors are entitled to decide in their own discretion to abandon respectively maintain any patent designated by patent number upon delivery of the Subject Matter of the License." It is the words "to abandon respectively maintain any patent ... upon delivery of the Subject Matter of the License" that are very unclear. What does "abandon respectively maintain any patent" mean? It is saying both abandon and maintain without any conjunction. You state "We have been asked by some partners of the current project for which the license has been drafted to include the possibility that they submit a list of patents they are not willing to contribute to the work. This is reflected in the license text. However, it is part of our workflow for the inclusion of contributions into the project that no contributions would be accepted where a patent that would be part of such list of patents excluded from the contribution could be applicable." If above sentence is where you are stating that a patentee may withhold a patent license to its contribution, it will block the license from being approved. A license that allows someone to withhold patents from licensing is inconsistent with the OSD and cannot be approved. It doesn't matter that your project doesn't accept patent-encumbered software, in order for a license to be approved by the OSI it must be acceptable for all users in all circumstances. If instead this sentence is meant to advise that a patentee can "release their patents in order to make them available to the public" as you mention below, which I understand to mean abandoning patent rights, I don't think it's necessary to say that expressly in the license. No one using the software will insist that a patentee maintain a patent. ?7 Limited warranty "This License is granted free of charge and thus constitutes a gift. Accordingly, any warranty is excluded." Is that the undeniable conclusion under German law or is this statement enforceable as a matter of contract? That wouldn't necessarily be the case under US law. In the US a license grant isn't necessarily a gift and one can't transform it into a gift by just saying so. Does the statement "The Subject Matter of the License is not completed and may therefore contain ... additional patents of Contributors" a reference to patents that are carved out of the grant (not acceptable, as mentioned above)? If not, what is the meaning? ?8 Limitation of liability Reiterating Eric's point that "Except in cases of intent and gross negligence or causing personal injury" is unclear. Is it two things, causing personal injury intentionally or causing personal injury through gross negligence, or three things, an intentional tort not related to personal injury, gross negligence not related to personal injury, and personal injury no matter how caused, even if only by simple negligence? Can the language be clarified? Regarding intentional infringement, as well as that the software is "accurate, devoid of mistakes, complete and/or usable for any purpose," are these claims that cannot be excluded by contract under German law? As to others' comments about the applicable law provision, there are other approved licenses that have choice-of-law provisions, so I don't see that as a stopper. What I see as the stopper is the ability to NOT grant a patent license for a patent that reads on a contribution. That is a full stop for OSI approval. It also is not a well-drafted English-language license, as I've described above. We have learned from experience that these licenses can have lives that are longer than ours and a drafting error or ambiguity will last forever. For that reason I believe it is important that new open source licenses be written as cleanly as possible. This one, though, has a number of flaws that I believe make it unacceptable as a new open source license. Pam Pamela S. Chestek Chestek Legal PO Box 2492 Raleigh, NC 27602 919-800-8033 pamela at chesteklegal.com www.chesteklegal.com On 5/30/2022 5:49 AM, Andreas Nettstr?ter wrote: Dear all, Finally, I managed to collect all input. Therefore, I'm happy to address your concerns regarding our license. I hope the clarifications help to understand our approach a bit more. If there is need for more details, please reply and I'll try to answer faster than in the first round. Regards Andreas 1. Eric's concern with regard to the limitation of liability in the license With regard to the comment on the limitation of liability, Eric fears that contributors will be inappropriately liable under the license. In general, we do not see any reasonable claims against contributors since contributors do not enter contracts with users but only allow to use the IP they created with their contribution (they grant rights of use). At least we are not aware of any claims against contributors to open source software. Furthermore, the limitation of liability clause itself does not create any liability but limits the liability in case it arises at all. Therefore, it should be beneficial to all contributors. Since the license is drafted to comply at least with German laws, a further limitation of liability would not be possible once liability arose at all. E.g., the comprehensive limitation of liability in the Apache 2.0 license would be void, if it had to be interpreted under German (or other European laws). Since liability for personal injury cannot be excluded under German laws on general terms and conditions, adjustments to the close would not benefit contributors. 2. Comments No. 1 and No. 2 by McCoy Smith McCoy's assumption is 100% correct, there is no comprehensive European contract law any more than there is in the USA. The adjustments made in the license compared to the "original" Apache 2.0 license are made in accordance with German law. We decided to use a choice of law clause in order to be sure that the license is enforceable. As mentioned above, in the case German laws applied wrt the Apache 2.0 license, some of the provisions would be void and therefore not enforceable. However, it is our understanding that there have been few court cases wrt to open source licenses and even fewer decisions that relied on the enforceability of clauses that could/would be void under appliable laws. 3. Comment No. 3 by McCoy Smith: According to German law, one can only deviate from or limit liability to a very limited extent by means of general terms and conditions. Assuming that open source software is handed over as a gift, we fortunately no longer have comprehensive liability for simple negligence, but "only" the liability specified in the licence (under German laws). However, it is not possible to further deviate from this liability in favour of the potentially liable party. 4. Comment No. 4 by McCoy Smith: We see three issues here. a. There seems to be a misunderstanding wrt the last paragraph of the patent clause. Of course, any patentee can unilaterally "revoke" his/her patent with the consequence that it ceases to exist and therefore a right to use it is no longer required. However, this is not a revocation of a patent once granted in the sense that the recipient would then no longer be allowed to use it. What we have seen in the past is that companies and public institutions have released their patents in order to make them available to the public, therefore, we wanted to include this statement in the license. b. The right to use the patent should be limited to the part of the works that existed at the time of filing a contribution. Otherwise, further contributions from third parties could lead to a situation where a contributor would have to grant rights to use patents which have not been necessary at the time of the contribution. We think this is in line with the patent clause in the Apache 2.0 license. c. The last issue might be the most important for you. We have been asked by some partners of the current project for which the license has been drafted to include the possibility that they submit a list of patents they are not willing to contribute to the work. This is reflected in the license text. However, it is part of our workflow for the inclusion of contributions into the project that no contributions would be accepted where a patent that would be part of such list of patents excluded from the contribution could be applicable. Von: License-review Im Auftrag von Andreas Nettstr?ter Gesendet: Montag, 16. Mai 2022 18:36 An: License submissions for OSI review Betreff: Re: [License-review] For Approval: Open Logistics License Dear all, I'm still waiting for the final input from all partners. Corona/Covid are still causing longer delays here. Sorry for that. I hope that I can provide feedback until next week the latest. Regards Andreas ________________________________ From: License-review > on behalf of Andreas Nettstr?ter > Sent: Sunday, April 17, 2022 5:15:36 PM To: License submissions for OSI review > Subject: Re: [License-review] For Approval: Open Logistics License Dear all, Thanks for the useful feedback. I'll talk to the lawyers and give you more information on the decisions and reasons for the changes. Also regarding the connection between German and European law. Because of Easter holidays this could take some days. Regards Andreas ________________________________ From: License-review > on behalf of Eric Schultz > Sent: Saturday, April 16, 2022 9:12:50 PM To: License submissions for OSI review > Subject: Re: [License-review] For Approval: Open Logistics License Andreas, Thanks for submitting this! I'm no lawyer but I'm a little uncomfortable with the wording for the disclaimer of liability around which words the "and" and "or" apply to. For example does it mean: 1. (intent and gross negligence) OR (causing personal injury), or 2. (intent) and (gross negligence or causing personal injury) While we should definitely avoid any harm to our users, 1 seems like it's creating a pretty high risk to developers. After all, in some cases it's nearly impossible to avoid all possible injuries to all persons everywhere. Depending on the design of the software, it may be dangerous to some subset of users while perfectly safe to other users. One thought I have is that, in cases of potential liability, I am under the impression that certain punishments apply if someone intends to cause the injury or exhibited gross negligence. So does it make sense to have an "and" there? My thinking is it would make more sense to rewrite the clause to mean: (intent OR gross negligence) AND (causing personal injury). After all, if you exhibit intent and gross negligence but don't cause any injury, as I understand it, there would be no civil liability because there would be no injured party. Then again, I'm not a lawyer and I'm based in the US so I'm applying my very limited knowledge to that. Eric On Thu, Apr 14, 2022 at 6:37 AM Andreas Nettstr?ter > wrote: Dear License Review Team, I would like to propose the Open Logistics License for an approval. You can find the plain text copy of the license in the attachment and the requested additional information in the following. Rationale: This new license is intended to represent the rights and obligations of an established license, such as Apache v2, while respecting the differences between US and European law. The changes were mainly done in the paragraphs regarding warranty and liability. Distinguish: The Open Logistics License is based on Apache v2, but has been modified to comply more with European law. Legal review: The entire process of discussing and drafting the license was accompanied by BHO Legal, a German law firm specialized in IT law. Adjustments were made to specifically adapt the rules on the patent license, warranty, and liability to European law. The adjustments are intended to strengthen the acceptance of the license by European companies and minimize (perhaps only perceived) risks. The license was subsequently reviewed and approved by several in-house lawyers of larger European companies. Further details and justifications for the individual changes can be provided on request. Proliferation category: The decision on one specific category is quite hard. The license is compatible with Apache2, but was adapted to some specific European rules. The license will be used by a larger group of companies in the frame of open source development for logistics and supply chain management, but is, of course, not limited to this purpose. Therefore, the license can be seen as a special purpose license. I'm happy to deliver more information, if needed. Regards from Germany Andreas -- Andreas Nettstr?ter Open Logistics Foundation _______________________________________________ The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address. License-review mailing list License-review at lists.opensource.org http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org -- Eric Schultz, Developer and FOSS Advocate wwahammy.com eric at wwahammy.com @wwahammy Pronouns: He/his/him _______________________________________________ The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address. License-review mailing list License-review at lists.opensource.org http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From bryanmasterson1974 at gmail.com Wed Oct 12 12:02:49 2022 From: bryanmasterson1974 at gmail.com (Bryan Masterson) Date: Wed, 12 Oct 2022 14:02:49 +0200 Subject: [License-discuss] Clarity on Licensing for SaaS Message-ID: I have struggled to find clarity on how licensing applies to Software as a Service (SaaS), perhaps this list can help! I understand that if there is say a jQuery function on github, for example to make a nice file upload widget, that is effectively the "distribution", and if I make a copy and modify it, and publish on github, I have to keep the original licence in there, and that is then my distribution. But what if one is not "distributing" in the well understood way? As a hypothetical example, I want to sell SaaS that allows users to upload a pdf, which will replace complex words with simpler words. I have a clever bit of code, in python, using a MySQL DB, that used machine learning or something, to enable this to work in context and it's taken 100 dev years of effort to get there, so I am going commercial with it. So I have a site, running on my server, in my data centre on Debian, using apache, MySQL, Python, nodeJS On the site, I use that jQuery upload widget I modified from someone else's licenced code. I have installed say CPAN::PDF-to-Text, and a nodeJS package text2PDF - both of which have licence on them. Users come to my site, which includes jQuery and the widget - both are in the browser source, and therefore have their licence data displayed, but the modules, and the OS, and the DB software are never actually distributed.... So how do open source licences apply in this case? Do I have to publish a list on my website of things I am using? That could create security risks. Or do they only apply if I sell the software to someone else to host on their site? I have a mixture of my IP that I don't want to reveal publicly, with open source software that makes it all work. I haven't really found anything that clearly explains how the licencing works in this case, only when "distributing software", which to me means sharing/selling the software to someone... If there's something out that that does clearly explain this, then apologies for missing it! Hope you can help. Bryan. -------------- next part -------------- An HTML attachment was scrubbed... URL: From kevin+osi at km6g.us Fri Oct 21 15:27:59 2022 From: kevin+osi at km6g.us (Kevin P. Fleming) Date: Fri, 21 Oct 2022 11:27:59 -0400 Subject: [License-discuss] Clarity on Licensing for SaaS In-Reply-To: References: Message-ID: On Fri, Oct 21, 2022 at 11:08 AM Bryan Masterson wrote: > Users come to my site, which includes jQuery and the widget - both are in the browser source, and therefore have their licence data displayed, but the modules, and the OS, and the DB software are never actually distributed.... > > So how do open source licences apply in this case? Do I have to publish a list on my website of things I am using? That could create security risks. Or do they only apply if I sell the software to someone else to host on their site? I have a mixture of my IP that I don't want to reveal publicly, with open source software that makes it all work. > > I haven't really found anything that clearly explains how the licencing works in this case, only when "distributing software", which to me means sharing/selling the software to someone... For the vast majority of OSI-approved licenses, the activities you noted above do not trigger any license obligations because you are only using the software and not distributing it. A notable exception is the AGPL family of licenses, which extend the 'distribution' definition to include 'providing access to the functionality of the software over a network' (my paraphrase, not the actual license language). The likely reason that you haven't found anything which covers this is because in 99.99% of cases there is no license impact on your usage of the software. From tg at mirbsd.de Fri Oct 21 18:59:46 2022 From: tg at mirbsd.de (Thorsten Glaser) Date: Fri, 21 Oct 2022 18:59:46 +0000 (UTC) Subject: [License-discuss] Clarity on Licensing for SaaS In-Reply-To: References: Message-ID: Kevin P. Fleming dixit: >For the vast majority of OSI-approved licenses, the activities you >noted above do not trigger any license obligations because you are >only using the software and not distributing it. A notable exception >is the AGPL family of licenses, which extend the 'distribution' >definition to include 'providing access to the functionality of the And, of course, anything that *is* distributed to the user. This usually encompasses all frontend code (ECMAscript), but also if the backend code exposes copyrightable parts of itself, such as large help messages. In general, making available a list of shoulders you stand on is considered good code provenance hygiene. bye, //mirabilos -- I believe no one can invent an algorithm. One just happens to hit upon it when God enlightens him. Or only God invents algorithms, we merely copy them. If you don't believe in God, just consider God as Nature if you won't deny existence. -- Coywolf Qi Hunt