[License-review] Please rename "Free Public License-1.0.0" to 0BSD.

[Rob Landley]

On 10/15/2018 04:10 PM, Richard Fontana wrote:
> On Wed, Oct 10, 2018 at 07:51:10AM -0500, Rob Landley wrote:
> 
>> I have evidence this is negatively impacting the adoption of the license.
> 
> (where I think "this" means the current state of affairs in which one
> license seems to have two names)
> 
> I am actually a mild fan of this license, though frankly I don't like
> *either* name at this point, but I do not think it's OSI's job to help
> with adoption of particular licenses.

I would be just as happy for OSI to delete its "Free Public LIcense" page
entirely and stop mentioning this license. I only want you to stop _undermining_
0BSD.

I did not ask for OSI's approval because nobody brought it to my attention. I
was _asked_ to submit to SPDX by my project's users. Last I heard of OSI before
this was that they had said there was too much license proliferation and had
thus stopped approving new licenses, and SPDX had arisen to fill in the gap.

I was unaware OSI had started up again, and still don't really understand why.
OSI explicitly rejected Creative Commons Zero. OSI's lawyer (acting in his
capacity _as_ OSI's lawyer) compared placing code in the public domain to
abandoning trash by the side of the highway (no really, paragraph 5 of
https://www.linuxjournal.com/article/6225 ).

Buildroot uses SPDX short identifiers for all its packages in the "make
legal-info" target.

Yocto does https://elinux.org/images/b/b1/ALS_2015_SPDX_r005.pdf

The Linux kernel has done a big "SPDX identifier" pass on its files:

  $ git log | grep -iw spdx | wc -l
  1490

I searched the LInux git history back to 2018 and the only mention of OSI I
found that _wasn't_ about drivers/acpi/osi.c (which is a windows compatability
thing was
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=255247c2770a

I.E:

> Add the full text of the GPL 2.0 license to the LICENSES directory.
...
> Philippe did some research on the GPL2.0 history:
> 
>   There is NO trustworthy version of an official GPL 2.0 text: the FSF
>   official texts are all fubar (if only in small and subtle ways). The FSF
>   texts should be authoritative, but then which one? They published more
>   GPL 2.0 versions than most. So we would be hard pressed to blame SPDX or
>   the OSI for having their own minor variant.

That's the only mention of your organization the linux kernel development
process seems to have made this decade. SPDX is mentioned over 1000 times.

That is why I submitted to spdx, and not to you.

I only heard about your "Free Public License" mistake when you (Richard Fontana)
contacted SPDX and asked them to change an existing decision which predated your
entire approval process. At which point SPDX contacted me and went "huh?" and I
had to engage to defend the status quo you were undermining.

I pointed out to SPDX I'd been publicly using this license for 2 years before
OSI ever heard of it, that SPDX's approval process had concluded before it was
ever submitted to OSI, and that OSI's own policy of staying in sync with SPDX
means that OSI is clearly the one that dropped the ball here.

I pointed out at the time that OSI hasn't got a procedure for admitting it made
a mistake. That's why _you_ asked SPDX to retroactively change its existing
decision to conform to the mistake OSI made after SPDX's public decision process
had concluded and the results announced.

>>> I think at this point we should primarily be looking at actual usage
>>> of each license name in the real world. Which license name, FPL or
>>> 0BSD, is in wider use? If 0BSD (or Zero Clause BSD) is a more widely
>>> used name for more actual code, I believe OSI should recognize that as
>>> the preferred name.
>>
>> The github thread I linked to
>> (https://github.com/github/choosealicense.com/issues/464) was titled "Possibly
>> add 0BSD license". It was started by someone other than me, without my
>> knowledge, using the 0BSD name.
> 
> I think this person was intending to use the "0BSD" SPDX identifier,

That would be why they put it in the title, yes.

> though they were treating the SPDX identifier *as* a sort of de facto
> name (though obviously one that is very close to one of the two
> spelled-out names in use for the license). That person has "0BSD" link
> to https://opensource.org/licenses/FPL-1.0.0.

It's the first google hit searching for "0BSD".

>> Christian Bundy, the person who submitted the license to OSI, was also asked
>> about the naming confusion and his contributions to the thread included the
>> quotes "we're comfortable using the 0BSD identifier on our license" and "we'll
>> be happy to stand behind any decision that's made (the same way that we support
>> SPDX in giving us the "0BSD" identifier)."
>>
>> I'm unaware of any real-world use of the "Free Public License" name. Google for
>> "free public license" produced no relevant hits on the first 3 pages, but plenty
>> of confusion with other licenses on the first page alone, including:
>>
>> https://en.wikipedia.org/wiki/Aladdin_Free_Public_License
>> https://www.gnu.org/licenses/gpl-3.0.en.html
> 
> I myself just did some searching and, contrary to what I expected to
> find, I think "Free Public License 1.0.0" is in greater use today than
> "Zero Clause BSD"

Links please?

> (if not "0BSD", which I am seeing as an SPDX
> identifier, or a name derived from an SPDX identifier, rather than a
> variant form of the name "Zero Clause BSD".

0BSD is the abbreviation for zero clause bsd.

Are you suggesting that 0BSD is _not_ related to the name "Zero Clause BSD" when
the organization that created that abbreviation explains what it's an
abbreviation for on its web page?

https://spdx.org/licenses/0BSD.html

> Now I guess that's now too
> surprising given that OSI approval of the license under the official
> name "Free Public License 1.0.0" probably affected adoption *and*
> naming of the license.

Again, links please? I could not find the information you claim to have found,
and I'd love to know how you distinguished OSI's influence from SPDX's approval
months before you even received a redundant submission of the license.

>> Meanwhile Android has shipped toybox ever since Android M,
> 
> But toybox doesn't even refer to the license as "Zero Clause BSD",
> does it?

http://landley.net/toybox/license.html

> And of course even license-compliant shipments of Android
> products might opt not to publish the license, named or otherwise. 

In the github thread I linked to, I talked about the stuttering problem. How
they include redundant copies of license text they don't _need_ to, which is a
problem my license was aimed at addressing? A problem which continues to this day:

  https://twitter.com/landley/status/973942533758873602

The phrase "stuttering problem" comes from the talk I gave about this topic at
Ohio Linuxfest in 2013, which I illustrated with a screenshot of page 325 of the
kindle paperwhite's about->license pulldown. It's a pity they only recorded
audio of that talk, I was pulling up web pages with primary sources the whole
time, and didn't record the sequence of tabs because they were pointing a
camcorder at the screen and I thought that meant they were recording video.

I tried to give the talk again at texas linuxfest to get a better recording, but
I gave myself heatstroke walking to the venue in 110 degree heat and rehydrating
with an energy drink (in my defense, "monster recovery" _claims_ to be
rehydrating; it is not). I'm proud I remained _upright_ through the talk, but
wouldn't call the results my most coherent presentation.

Both talks were given from the same outline. I added some URLs to the outline
for the second go, but it wasn't the full set from the first time...

  http://landley.net/talks/ohio-2013.txt

Those "notes to self" aren't necessarily of much use to other people, but it
should give you the idea.

>> and I've been asked
>> by multiple people about applying it to their own projects. Here are a couple
>> projects using it I'd never heard of before I just googled for "0bsd" and looked
>> at the first 2 pages of hits:
>>
>> https://nacho4d-nacho4d.blogspot.com/2016/08/license.html
>>
>> https://git.janouch.name/p/sensei-raw-ctl/commit/5f4a442a96b3ccdef4f78be4790f09d1b7b995db
> 
> (Regarding that second one, I see it as taking the SPDX identifier and
> using that as the license name, rather than abbreviating "Zero Clause
> BSD" to '0BSD', but maybe the distinction doesn't matter.)

SPDX uses "4bsd" for "four clause BSD", "3bsd" for "3 cleause BSD", and so on.
That's why they wanted to use 0BSD as the abbreviation (instead of my suggested
BSD0), for consistency with their other

I suggested "BSD0" to be similar to "CC0", but was happy to yield to conform to
their precedent to fit in with the others. (This is all in their mailing list
web archive.)

>> In 2015 I was asked by Samsung to submit the toybox license to SPDX, and did so
>> under the "Zero Clause BSD" name I'd used for it since 2013. The SPDX approval
>> process had already concluded and assigned the "0BSD" short identifier for it
>> before the license was ever submitted to OSI.
>>
>> Here's my original submission to SPDX:
>>
>> https://lists.linuxfoundation.org/pipermail/spdx/2015-June/000974.html
>>
>> Here's the timeline putting OSI's actions in context:
>>
>> https://lists.linux-foundation.org/pipermail/spdx-legal/2015-December/001574.html
>>
>> For more information, see the github thread.
> 
> Okay, it's obvious that you were calling it "Zero Clause BSD" -- in
> discussions of the license, not in any actual usage in source code,
> right? -- before Christian Bundy submitted FPL 1.0.0 for OSI approval.

I started privately using the name in 2013 and updated the license.html page to
use it in 2014:

https://github.com/landley/toybox/commit/1748bdb6bfe48cfe122973d26ab15186ee925101#diff-2b7114e6cae60ae1b5e5170b40ebf7fd

The backstory goes back to 2011, when I relaunched toybox because Tim Bird
pointed out an opportunity to influence Android development (with a very, very
large userbase):

http://lists.landley.net/pipermail/toybox-landley.net/2011-November/003802.html
https://github.com/landley/toybox/commit/c2806decbff8

Toybox's switch to the OpenBSD suggested template license was explicitly to make
the project more friendly for incorporation into the billion-seat Android market.

I gave a talk in February 2013 outlining my plans and progress so far, which had
a section on licensing:

http://landley.net/talks/celf-2013.txt
https://www.youtube.com/watch?v=SGmtP5Lg_t0

(That ~3 minutes on licensing was then expanded into the above Ohio Linuxfest
talk later that year.)

I tweaked the license to the 0BSD text a month after giving that ELC
presentation, I believe in response to conversations I had with people after my
talk:

https://github.com/landley/toybox/commit/ee86b1d8e25c

Although I updated the license _text_, I didn't start publicly using the "zero
clause BSD" license name or explaining my "public domain equivalent license"
strategy until 2014 because I didn't want to rock the boat for my initial
approach to the Android developers. (I didn't want to present a Fortune 500
corporation with more new ideas at once than necessary.)

Unfortunately, Android's then-head of open source development turned me down:

https://twitter.com/landley/status/342330763934576640
https://twitter.com/landley/status/342331052175552512

I persevered and switched to trying to convince phone manufacturers to
incorporate it into their versions (which worked, I got some contributions and
uptake). But once Google's decision seemed locked in, and the other big phone
vendors aware of the project, I started publicizing the new name and
corresponding "public domain equivalence" strategy in 2014:

https://github.com/landley/toybox/commit/1748bdb6bfe4

The reason I did so on the project's license.html web page rather than changing
"LICENSE" at the top of the source was because I wanted Fortune 500 lawyers to
see "the license has not changed in X years, the project is stable, nothing to
worry about".

Yes, there is explicit strategy in the name I chose for this license, as I
explained on the musl-libc mailing list after the ChromeOS lawyers reviewed that
project and then turned them down for inclusion:

https://www.openwall.com/lists/musl/2016/03/23/11

While I'm not myself a lawyer, I have a couple decades of experience with
lawyers' reasoning. You know about the busybox GPL enforcement suits I was a
plaintiff in from 2006-2009 (running the "does enforcing the license help
project development" experiment to get the emprical answer "no it does not" and
then being unable to _stop_ them once enough inertia had built up and the
lawyers smelled money in the water), and before that I spent a couple years
consulting for Cravath Swaine & Moore as a domain expert defending IBM from the
SCO lawsuits (2003-2005 I think, it was a while ago and I couldn't put it on my
resume until the trial was concluded because the other side can bury you in
discovery requests if they know who's working for their opposition). And before
_that_ I researched intellectual property law as a hobby for years. (Back when I
wrote for The Motley Fool I did a week of articles on it which were reviewed and
approved by the Motley Fool's in-house lawyers, ala
https://www.fool.com/archive/portfolios/rulemaker/2000/05/02/get-your-copyrights-here.aspx
. Heck, I drove to Boston and interviewed Richard Stallman in his office in
February 2001; that was more about computer history than IP law but he tried to
take credit for BSD releasing their source code and I couldn't get him
interested in software patents because he said it's "not our fight". He changed
his mind on that last one later.)

Anyway, in late 2014, Android merged the toybox code, shortly _after_ I started
publicizing the Zero Clause BSD name:

https://lwn.net/Articles/629362/

Elliott explained how he came to do that in this podcast, if you're curious:

http://androidbackstage.blogspot.com/2016/07/episode-53-adb-on-adb.html

And that's when other projects like Tizen started looking at toybox and its license:

https://wiki.tizen.org/Toybox

And that's when I got asked (by Samsung) to submit Zero Clause BSD to spdx.

> Before I did my own casual web searching and read the referenced
> github thread, I was expecting that the only use of the license under
> the FPL name was going to be a few projects of Christian Bundy, and
> that there would be overwhelming evidence of greater use of the name
> Zero Clause BSD. I don't see that evidence. From what I can see, the
> license sees little use under *either* name (some projects are using
> *both*), but my impression is that there is now greater use of the FPL
> name.

The reason the license sees less use that it should under either name is because
people see "oh, there are two competing versions of this license" which
COMPLETLY UNDERMINES the "fire and forget" argument that "this is as simple as
The GPL used to be back when there was such a thing as The GPL and not
incompatible warring factions".

I.E. Exactly what happened with github. And exactly what happened with the
license's mention on the wikipedia:

https://en.wikipedia.org/wiki/Public_domain_equivalent_license

Which started mentioning Zero Clause BSD all by itself:

https://en.wikipedia.org/w/index.php?title=Public_domain_equivalent_license&type=revision&diff=774395425&oldid=774393087

And then was updated to mention it's the Toybox license:

https://en.wikipedia.org/w/index.php?title=Public_domain_equivalent_license&type=revision&diff=775381194&oldid=775157806

And then OSI's mistake caught up with it:

https://en.wikipedia.org/w/index.php?title=Public_domain_equivalent_license&type=revision&diff=776574459&oldid=775923032

And if two names for the same license wasn't confusing enough, the FSF has spent
years trying to make "Free Software" as loaded a term as possible:

https://www.gnu.org/philosophy/open-source-misses-the-point.en.html

And the result is people's initial enthusiasm for the license evaporates once
OSI's mistake catches up with it.

> So let me revise my earlier thought. I can see how some people might
> find it confusing that there are two viable names for the same license
> (even though that situation is not unprecedented) and that the SPDX
> identifier is entirely unlike the official OSI name of the license. I
> can also see how the situation has maybe had some tiny negative effect
> on adoption of this license

It has had a significant negative effect.

> and that any greater use of FPL in the
> real world is likely a consequence of the OSI's publishing the license
> under that name.

100% false. SPDX has 10x the reach of OSI these days, but you've run a very
effective (if unintentional) smear campaign against 0BSD by implying it's a Free
Software and thus copyleft license, and negative reaction to GPLv3 that's led
large corporations to throw out the GPLv2 baby with the GPLv3 bathwater, and yes
people have been emprically tracking this:

http://meta.ath0.com/2012/02/05/apples-great-gpl-purge/

(Why do you think Apple wrote a Samba replacement? What do you think Android
write a new bluetooth daemon? Why do you Apple froze Xcode on the last GPLv2
rlease of gcc and binutils for _five_years_ while they sponsored LLVM
development to replace it, and Android's also been building exclusively with
LLVM for years and just removed GCC support from the r18 NDK last month:
https://github.com/android-ndk/ndk/wiki/Changelog-r17 ...)

Your name implies that 0BSD is related to the Free Software Foundation and
Copyleft. There is no more effective slur against the license undermining the
entire _concept_ of a public domain equivalent license.

> Evidence of real world usage is not really helpful here.

You mean it doesn't support your position?

Toybox is on a billion phones.

> I will attempt to contact Christian Bundy to see what he thinks.

You don't believe what he said in the github thread?

> Richard

Rob