[License-review] [Non-DoD Source] Re: NOSA 2.0 and Government licensing [was: moving to an issue tracker [was Re: Some notes for license submitters]]

[Karan, Cem F CIV USARMY RDECOM ARL (US)]

> From: License-review [license-review-bounces at lists.opensource.org] on behalf of Bruce Perens [bruce at perens.com]
> Sent: Wednesday, June 20, 2018 6:08 PM
> To: License submissions for OSI review
> Subject: Re: [License-review] [Non-DoD Source] Re: NOSA 2.0 and Government licensing [was: moving to an issue tracker [was Re: Some notes for license submitters]]
>
> On Wed, Jun 20, 2018 at 2:33 PM, Karan, Cem F CIV USARMY RDECOM ARL (US) <cem.f.karan.civ at mail.mil < Caution-mailto:cem.f.karan.civ at mail.mil > > wrote:

>> If we were able to do this (using a copyright-based license), then it would
>> be better to just use one of the OSI-approved licenses (I personally prefer
>> Apache 2.0, but that's just me).
>
> Yes. And IMO everyone would be happier, and you'd have a license with broad
> compatibility rather than government specialized.

You have no idea how much I agree with you... I'm as unhappy having to keep
hammering on this as you are that I am hammering on it, but without solving it,
I'm afraid that GOSS could become a trojan horse and harm OSS in general.  I
really, really want to be a good Open Source citizen, and that means protecting
not just the USG, but also anyone that downloads and incorporates GOSS into
their own projects.

>> We need PDF generation software that will handle digital signatures
>> correctly
> Sorry, do you mean digital attestation of correctness of the text and its
> origin, or consent? One can still sign with a pen and lick a stamp.

The former; we use our Common Access Cards (CAC) to digitally sign forms,
which proves that the form wasn't modified after we signed it.  We can still
use pen & paper, but we're trying to (very slowly) move into the 21st century.

>> But every license I've seen depends on copyright for its enforcement; that
>> is, you only have permission to use the software if you comply with the
>> license terms, which includes the terms that allow you to use the copyrighted
>> material.

> Right. But some rather large percentage of that Open Source can not be
> copyrighted. You already have permission for that portion. It doesn't have to
> be stated in the license. It's inherent in the law.
>
> FSF points out that people already have rights and they are loath to take
> them away. Nobody else bothers talking about the rights you already have.

I understand what you're saying, but the issue is that if a license makes a
claim **based on the assumption that there is copyright in the material**, it
is a false claim.

The problem is that if that is one clause of a larger license, does the fact
that one clause is unenforceable affect the rest of the license?  Different
lawyers have differing opinions, and as far as I know, it hasn't been settled
by the courts yet.  This is the crux of why the government is looking to
create a new license that is not based on copyright.  So that it isn't on the
hook for warranty and liability because it made a copyright claim that it
doesn't have, and so that downstream users are protected when they use
and incorporate GOSS into their own projects.

>> Without some method of stating the conditions under which a person can use
>> the code, it is possible for a party to injure themselves in some manner, and
>> sue the USG.
>
> That's why you use a disclaimer of warranty. The disclaimer is not
> copyright-based.

OK, and then we need to also handle the patent and other IP claims, as well as
the Anti-Deficiency Act requirements, etc.  That will end up with numerous
notices, none of which are considered to be Open Source, and all of which
combined make everyone who is looking at it feel a little nauseous.  By having
a license that handles everything at once, that is approved by the OSI, we're
done.



There is another way that I floated at one point, but it got swamped by other
discussions: meta-licenses, AKA contract amendments.  The USG and OSI would
work together to come up with some standard clauses that could be added to
ANY OSI-approved license to modify it to make it work on material that doesn't
have copyright attached.  The simplest clause that I can think of is the
following:

"""
Amendment to LICENSE.txt: If any clause in the LICENSE.txt file is declared
unenforceable by a court of competent jurisdiction, then that clause shall be
severed from the LICENSE.txt, and all other clauses shall remain in full
force.
"""

I'm not a lawyer, and I just whipped that up right now, I'm *positive* real
lawyers could come up with better language, but it gets the idea across.  It
may be worthwhile to address copyright claims in some manner as well, but I'm
not sure how.

Questions that need to be answered by this approach:

1) Would OSI approve such an approach?
2) Can it be done?  E.g., the Apache 2.0 license has an END OF TERMS AND
   CONDITIONS line at the end; if I add in new text, then it isn't Apache 2.0
   anymore.  If I put it in a different file, can it be ignored because it is after the
   end of terms and conditions?
3) If 1 & 2 are OK, would the USG accept it? (this part is on me, but I'm not
   going to try too hard without at least some buy-in from OSI that it would
   be acceptable.)

If all of the above are true, then I'd propose whatever the language is be
approved by OSI as an approved amendment that goes in a file called
LICENSE_AMENDMENT.txt.  The language would have to make it clear as to which
license is being amended, how it's being amended, etc. (all the stuff that
smart lawyers should be doing, and not programmers that think that they know
more than they really do.)

Let me know if this is an acceptable approach.

Thanks,
Cem Karan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20180621/c3c9baca/attachment.html>