[License-review] [Was: Submission of OSET Public License for Approval] -- National Security and Public Policy (3.5B and 4)

Josh Berkus josh at postgresql.org
Tue Sep 15 14:53:47 UTC 2015 

On 09/14/2015 09:34 PM, Meeker, Heather J. wrote:

> We do take the point that the general nature of these terms is
> potentially ambiguous.  However, even though national security and
> public policy interests are named generally here and not called out as
> particular statutes or regulations, the licensee would still ultimately
> be responsible for proof (presumably in the context of a defense against
> an enforcement claim by the copyright owner) for what legitimately
> constitutes national security or public policy interests.  There is
> jurisprudence on each of these terms of art, from different areas of the
> law.  So the question of what constitutes national security and public
> policy interests is not arbitrary, though it may not be specific.

That may be true under US law (the lawyers will need to weigh in on
this), but would it be true internationally?

> Speaking to the specific case in the comment, to the extent the end user
> is a government, and the government is not engaging in re-distribution,
> the conditions of the license are not applicable in any case.

Your team seems to be making some pretty strong assumptions about who is
going to use this software.  One of the things about releasing OSS is
that you don't know who's going to use it, and assuming things gets you
into trouble.

For example, nothing you've told me so far has invalidated my scenario
of code appropriation:

1. Company X grabs the OSET sofware;

2. They modify it for a voting product;

3. They get a compliant legislator to declare secrecy in voting software
to be "in the public interest".

4. Company X goes on the road selling modified OSET software without
ever releasing the modifications to the end users, yet still calling it
"open source", or even "OSET voting software".

Having dealt with the San Francisco and Calfornia governments for years,
this sort of scenario seems all-too-plausible.

Keep in mind that I'm representing the developer perspective, here, as
in "would I contribute to this project?"  So far, the answer is
definitely "no", specifically because of that language.

--Josh Berkus

More information about the License-review mailing list