[License-review] For Approval: libpng license, version 2.0

Mon Nov 19 06:14:03 UTC 2018

Henrik Ingo wrote:
> I think a silver lining here is that if the patches to the to-be-released
> version are all done by yourself, you would not be doing anything
> irrevocable by doing a release with what you have, and then seeking legal
> advice on the topic of how to craft the new "last version" of libpng
> license. For example, you could just do a new release without touching the
> LICENSE file at all.

I am aware: I would have released libpng v1.6.36, while discussing the
future license over here. But I already have two external contributors
and for that reason I was holding the release while discussing the new
"last version" of the license over here.

> Even here, it's in *your own interest* to have
> a lawyer involved to protect yourself, but I don't see any lasting harm to
> the community and your users if you wanted to go ahead and do a release
> quickly without waiting for legal advice.

This has been my plan, actually. I will seek advice, but I will
publish a release or two, meanwhile.

Lawrence Rosen wrote:
> What is the problem? The libpng license is permissive. It allows you
> to license your derivative works under any license of your choice,
> so long as you don't misrepresent it as entirely your own work; you
> must acknowledge that you created a derivative work; and you must
> leave the original libpng license in the source code to reflect the
> original work's availability under that original libpng license.

I plan to do all of that, but I'm afraid it's not sufficient.

This is what I inherited from my predecessor:

https://gist.githubusercontent.com/ctruta/5e276eb83213f9d66bf61539156830c5/raw/f8e00d357fb8a7f2dfda665ed2b14a55469bf912/x-libpng-license-v1.6.35.txt

The current license (as of v1.6.35) is not reusable across libpng
versions, or across contributors. If it were, I would have simply
left it as such, considered it a "legacy license", and applied here
for "OSI Legacy Approval".

Moreover, information that's specific to the libpng directory
structure is embedded in the license; see the references to directory
names like "scripts" and "contrib". What if I ever need to rename
these? The list of such directories is incomplete, too: for example,
the directories "projects" and "tests" fall in the same category,
although they are not mentioned.

I need a license text that does not require updating at every new
libpng release, or at every new contributor, or at every new change
in the directory structure.

> Why do you need a "version 2.0"?

Technically, it's not really a "version 2.0" that I need, but rather
a "last version". A version that maintains the spirit of all of the
previous license versions, from all of the previous libpng releases,
but one that requires no further modifications.

> You can already do almost anything you need to do to own the future
> of this program.

That sounds encouragingly easy. So how about the following plan:

1. I will withdraw my application for OSI Review.
2. I will have the license v2.0 reviewed by a lawyer.
3. I will make libpng releases under the license v2.0.
4. I will come back, later, and apply for OSI Legacy Review.

I believe that, by taking the steps 1, 2, 3 (albeit not necessarily in
that order) it will make the new license eligible for a Legacy Review.
And then, for myself and my successors, we may continue making libpng
releases for the foreseeable future, without having to touch it again.

What do you think?

Sincerely,
Cosmin