<div dir="ltr">Ben,<div><br></div><div>The companies I do Open Source compliance work for would not be inclined to approve an Open Source review of what you suggest for use in the company, due to ambiguity.</div><div><br></div><div>Licenses can, and should, clearly state when an API is meant to be a connector to another work which can be under a different license and is not to be considered derivative. Handwaving about what a court should do when faced with two differently-licensed products implementing the same API is an invitation to long and pointless litigation about the developer's intent, etc. We don't want to win in court about this sort of thing. We want to never go to court.</div><div><br></div><div> Thanks</div><div><br></div><div> Bruce</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Aug 16, 2022 at 9:36 AM Ben Tilly <<a href="mailto:btilly@gmail.com">btilly@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Here is a solution that is worth considering.<div><br></div><div>Create 2 pieces of software that are compatible. One is under a BSD license and will accept the plugins in question. The other is under the AGPL. Any plugin written against the BSD version is clearly not derivative of the AGPL version and therefore can be under any BSD compatible license. And it should work against the AGPL version. Any plugin which only works with the AGPL version has to be covered by the AGPL.</div><div><br></div><div>In practice this boils down to a complicated way to say, "Here is the defined API that you can use without legal problems."</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Aug 14, 2022 at 9:39 AM Joel Kelley <<a href="mailto:jkelley@georgefox.edu" target="_blank">jkelley@georgefox.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt" id="gmail-m_824569112175732129gmail-m_-7027739230123541836gmail-docs-internal-guid-caa08438-7fff-ea5a-bfe8-56aa22c41bcf"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Dear All,</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">I would like to thank you all for your kind and helpful responses. </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">To provide some background, hopefully helpful, on the application in question, it helps manage timesheets, faculty contracts, and student offer letters as are commonly used in Higher Education. It is a web application written in Python with Flask that is designed to integrate with a University's Enterprise Resource Planning (ERP) system. Though with effort it could be run as a stand alone system.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">The application’s development has helped George Fox University in some needed ways, particularly during the pandemic, and we would like to be able to share it openly with other institutions. Having benefited from Open Source Software ourselves, this is the model we are looking towards for sharing this application.. We would like to use the AGPLv3 to protect against the case of a vendor taking the application, putting it behind a Software as a Service (SaaS) setup and not contributing anything back to the community. If a vendor wants to do something like that, we at least want the comfort of knowing they have to release their changes to the community as well.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">We are interested in a plugin exception due to the reality of software development at colleges and universities, particularly mid-sized and smaller institutions. A few areas we've broken out into plugins are validation, approvals, and payroll exports. Our internal plugins are written now in such a way that they would be fine to Open Source, and will be when the application is released. However, a small team faced with changing business rules is all too likely to end up hardcoding a position or employee ID number into an approval plugin instead of using an environmental variable. Other things, like validation of what makes a student offer letter valid at a particular school, or exactly how a custom internal system wants payroll data formatted, just may not make much sense to merge into a larger project. Most developers given enough time to do things, can code around the problems I've alluded to here. However, we didn't want to make a situation where we created an accidental incentive to violate the software license and having heard of projects using a plugin exception to the AGPLv3 in general sense we thought we would start looking there. </span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">As for Kevin's excellent reminder about taking care of the license of the existing code, since it's currently an internal project written by University employees I don't believe there is a problem there. We aren't a fork of an existing project. Looking at the third party libraries we use, fairly normal Python and Flask libraries, I don't see any that are AGPLv3 nor ones that I've heard of being a problem with AGPLv3. I'm a programmer not a lawyer though, which is why someone else will be doing a quick review before release.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">As for the grafana example I found that link on their blog post talking about a relicensing decision they made, the originating blog post was: <a href="https://grafana.com/blog/2021/04/20/grafana-loki-tempo-relicensing-to-agplv3/" target="_blank">https://grafana.com/blog/2021/04/20/grafana-loki-tempo-relicensing-to-agplv3/</a></span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Also, while I didn't see a match for what I was looking for in the SPDX list, it was interesting to see how additional permissions have been used elsewhere. However, I was, perhaps naively, hoping that there was an off the shelf and community approved extension. To McCoy's comment I would like your recommendation on someone in Oregon my University could talk to so I could pass the name on.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">As to Bradley's question of "are you really sure this is what you need?" I'm not entirely sure. I'm not really worried about how something like this would affect my institution, but rather the often exhausted IT teams at colleges and universities at large. Also, this is a learning experience for George Fox University, as it is the first large application we will be Open Sourcing, but we hope not that last one.</span></p><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap">Thank you all again for your responses. While the desire for a public Open Source release of this application is developer led at George Fox University, it does have board support and a desire to do it right, which is a very fortunate place to be before a release.</span></p><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Arial;color:rgb(0,0,0);background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre-wrap"><br></span></p><div><div dir="ltr"><div dir="ltr">From,<br><br>Joel Kelley<div>Senior Software Engineer<br><font style="color:rgb(0,0,0)" color="#888888">George Fox University</font></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Aug 12, 2022 at 2:00 PM Bradley M. Kuhn <<a href="mailto:bkuhn@ebb.org" target="_blank">bkuhn@ebb.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">McCoy Smith wrote:<br>
> the … site does list the Classpath Exception<br>
> (<a href="https://spdx.org/licenses/Classpath-exception-2.0.html" rel="noreferrer" target="_blank">https://spdx.org/licenses/Classpath-exception-2.0.html</a>) and the GCC RTL<br>
> Exception (<a href="https://spdx.org/licenses/GCC-exception-3.1.html" rel="noreferrer" target="_blank">https://spdx.org/licenses/GCC-exception-3.1.html</a>), of which you<br>
> say you were a "key drafter," so I'm not sure why you think that site<br>
> should be dismissed.<br>
<br>
I think it's probably obvious that no author endorses every list that their<br>
works of authorship show up on. But I think you were probably joking. 🤣<br>
<br>
In seriousness, the list isn't helpful for someone *choosing* an<br>
additional permission because (as mentioned) the list is incomplete, but also<br>
because there is no analysis of effectiveness, usefulness, efficacy and<br>
popularity on that site (by design, AFAIK). The list gives just enough<br>
information to be dangerous for AP-seekers. But, you're correct that a true<br>
unified catalog of APs and analysis of them does not exist.<br>
<br>
Tangentially, this blog post that my colleague Karen and I wrote might be of<br>
some interest in this context. In it, we analyze two different additional<br>
permissions that are attempting to accomplish the same task and explain why<br>
(in our opinion) one is a better choice than the other:<br>
<a href="https://sfconservancy.org/blog/2019/may/11/termination-backports/" rel="noreferrer" target="_blank">https://sfconservancy.org/blog/2019/may/11/termination-backports/</a><br>
<br>
While the post is about additional permissions unlike the one Joel is<br>
pondering, the on-topic point there is that there are so many ways to draft<br>
these things, and so many potential pitfalls, and that is what leads me to<br>
first focus on “are you really sure this is what you need?” questions first.<br>
<br>
-- bkuhn<br>
</blockquote></div>
_______________________________________________<br>
The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Official statements by the Open Source Initiative will be sent from an <a href="http://opensource.org" rel="noreferrer" target="_blank">opensource.org</a> email address.<br>
<br>
License-discuss mailing list<br>
<a href="mailto:License-discuss@lists.opensource.org" target="_blank">License-discuss@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org</a><br>
</blockquote></div>
_______________________________________________<br>
The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Official statements by the Open Source Initiative will be sent from an <a href="http://opensource.org" rel="noreferrer" target="_blank">opensource.org</a> email address.<br>
<br>
License-discuss mailing list<br>
<a href="mailto:License-discuss@lists.opensource.org" target="_blank">License-discuss@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr"><div>Bruce Perens K6BP</div></div></div></div>