[License-review] Approval: Server Side Public License, Version 2 (SSPL v2)

Brendan Hickey brendan.m.hickey at gmail.com
Thu Nov 22 14:18:18 UTC 2018


On Wed, Nov 21, 2018, 20:12 Bradley M. Kuhn <bkuhn at ebb.org wrote:

> Eliot Horowitz of MongoDB wrote:
> >    Below is an updated version of the Server Side Public License, which
> we
> >    are submitting for review in lieu of version 1.0.
>
> My confidence in MongoDB (the for-profit license steward of the SS Public
> License) is now completely gone.  Given this most recent political stunt,
> we
> should all demand years of trust-building before we take MongoDB seriously
> as
> a FLOSS license steward (a role they've pursued for only a month anyway).
>

Replying here as Elliot's message seems to have vanished into the ether,
despite appearing in the archives.

Apart from the GPLs are there any other OSI approved licenses with an
upgrade clause? These clauses may have their place, but there are risks.
One is uncertainty. While the SSPLv4 might be palatable to your
organization, but SSPLv5 could be unusable and all of a sudden you're cut
off from security fixes. This isn't a theoretical concern. One need look no
further than the short and happy life of the SSPLv1.

While I have some concerns about Mongo-as-steward (ex. Changing the license
if they decide you're holding the software wrong. This is essentially
what's happening with the move from the AGPL), I went to emphasize that I'm
generally skeptical of upgrade clauses. When the FSF introduced the GPLv3
they grafted on AGPL compatibility, allowing a user to link GPL code
without contributing back on equal terms. The FSF believes that this agrees
with the spirit of the GPLv2. I believe that I'll avoid version plus
licenses. (Hats off to Linus for seeing this problem coming from decades
away.)

As for the updated text Clause 13 of the SSPL still looks problematic both
practically and philosophically.

My objections with regard to OSD 9 still remain. Moving on...

Consider the licensing escape hatch: "any programs (other than the Program
or a modified version) for which you do not have the right to make the
Corresponding Source available under the terms of this License, under the
terms of a license that has been approved by the Open Source Initiative or
categorized by the Free Software Foundation as free."

I can do an end run around this by contracting away enough rights to
preclude licensing it under the SSPL and instead release it under a SSPL
incompatible free license.

The language that definition of offering the software as a service is
broad: "Making the functionality of the Program or modified version
available to third parties as a service includes, without limitation,
enabling third parties to interact with the functionality of the Program or
modified version remotely through a computer network, offering a service
the value of which entirely or primarily derives from the value of the
Program or modified version, or offering a service that accomplishes for
users the primary purpose of the Program or modified version."

Mongo has stated that they're aiming at cloud providers who offer Mongo as
a service. This language seems to include everyone and their dog. A sleep
tracking iPhone app that uses Mongo on a server, for example,
unquestionably exposes program functionality over a network. The license
should do a better job exempting this use if that's what the drafters had
in mind.

One part in particular gets to the heart of the debate around OSD 6: "primarily
derives from the value of the Program". I'm having a hard time reading this
as anything other than a literal value judgement based on field of endeavor.

Cutting in the other direction the carve out for Major Components looks
like it could undermine the entire purpose of the license. What are the
Major Components of AWS, Google Cloud or Azure?

Finally I'm curious to know if any relationship exists between the SSPL and
Commons Clause. There are enough similarities that I've got to wonder.

Brendan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20181122/703a9024/attachment.html>


More information about the License-review mailing list