[License-review] January 2019 Summary
Elmar Stellnberger
estellnb at elstel.org
Tue Feb 5 14:34:47 UTC 2019
Basically all original authors need to consent on an issue (as is
with any kind of copyright holders) at least if they have not signed a
contract to install a majority vote which can be done in addition to the
C-FSL license.
The license which was discussed in detail with Debian folks was
S-FSL. However this license is somewhat fundamentally different to C-FSL.
Elmar
On 04.02.19 23:01, Lukas Atkinson wrote:
> In January, the License-Review mailing list discussed:
>
> * the new license review process
> * Server Side Public License, Version 2 (SSPL v2)
> * Convertible Free Software License, Version 1.3 (C-FSL v1.3)
> o What are the problems with Original Authors?
> o How is the C-FSL different from CLAs or permissive licenses?
> o Why is the publication requirement a problem?
> o Can the C-FSL be OSI-approved?
> * Convertible Free Software License, Version 1.4 (C-FSL v1.4)
>
> This summary can also be read online at
> https://opensource.org/LicenseReview012019
> <https://opensource.org/LicenseReview012019>
>
> The corresponding License-Discuss summary is online at
> https://opensource.org/LicenseDiscuss012019
> <https://opensource.org/LicenseDiscuss012019> and covers discussion on
> the opensource.dev info site, Open Data, “intimacy” in open source
> licenses, relicensing and maintainer–community dynamics, and VanL’s
> upcoming license.
>
> *License Committee Report*
>
> Richard Fontana provides the license committee report.
>
> The new license review process has been adopted, and will apply for
> ongoing reviews. Simon Phipps clarifies that the OSI Board will handle
> review decisions like any other board vote, but taking into account the
> advice and discussion on the license-review mailing list Phipps confirms
> that this new process means that “Stallman’s four freedoms are an
> assumed precondition for evaluation.” OSI-approved licenses should be
> fine for general use, and ensure a level playing field.
>
> SSPL v2: the discussion is ongoing. The board will decide on 2019-02-18.
>
> C-FSL v1.3: approval of the previous version was withheld, and version
> 1.3 was submitted. The board will decide on 2019-02-18.
>
> Bruce Perens suggests that both licenses should be rejected: The new
> version of the C-FSL just seems to package the same discriminatory terms
> in different words. And the SSPL only receives comments on how it
> conflicts with Open Source principles or comments that argue that such a
> license is necessary, without proposing a solution to these conflicts.
>
> *Server Side Public License, Version 2*
>
> Eliot Horowitz (MongoDB) announces that MongoDB is working towards a new
> revision of the SSPL. Horowitz clarifies that the focus on “service” is
> intended to cover multiple facets: not only offering a network service,
> but also offering services that derive their /value/ from the software
> or services that provide the functionality of the software. Horowitz
> claims that the source disclosure requirements are narrower under the
> SSPL (only when offering the software as a service) than under the AGPL
> (when users interact with modified versions of the software) because he
> considers it to be easier to determine the purpose of the use of the
> software than to determine whether the software has been modified (Note:
> hmm).
>
> Gil Yehuda appreciates the clarifications of the SSPL over the AGPL, but
> notes that the SSPL only seems to be OSD-compliant for most users – but
> not all.
>
> Bruce Perens sees the SSPL as incompatible with OSD #9 “License must not
> restrict other software” because the SSPL requires the disclosure of
> software that is aggregated with but not derivative or part of the
> SSPL-covered software. “I wrote #9 into the OSD to prohibit /exactly/
> this sort of conduct. Exactly. The text is really clear.”
>
> Horowitz asserts that the goal of the SSPL is not to prevent commercial
> use in order to sell enterprise licenses, merely to protect “innovative
> open source software” (read: MongoDB’s own hosted offering) from
> exploitation (read: competition) by large cloud vendors. John Cowan
> finds this confusing: why would MongoDB be fine with users installing
> MongoDB on servers in the cloud, but not with cloud providers offering
> managed services? The cloud provider would get paid either way. Vadim
> Tkachenko views MongoDB’s stance as hypocritical: they want to suppress
> competitors to their business model, while still painting themselves as
> an Open Source company because that drove adoption of MongoDB by developers.
>
> Rob Landley notes that license or governance changes often result in
> more successful forks, as in the case of XFree86/X.Org. MongoDB’s
> license change to the SSPL has already caused it to be dropped by Linux
> distros, and compatible replacements (e.g. from Amazon) or maintained
> forks (e.g. from Percona) are already available. “OSI aside, the
> community seems to have pretty clearly spoken.” However, Nigel Tzeng
> cautions that this is a matter of long-term investment. MongoDB will
> certainly continue to invest into their core product, whereas forks
> might not see comparable effort.
>
> Carlo Piana insists that the review should focus on the legally binding
> license text, not on MongoDB’s intention. However, this also means that
> Horowitz’ clarifications are irrelevant unless they become part of the
> license.
>
> *Convertible Free Software License, Version 1.3*
>
> Elmar Stellnberger submits a completely rewritten version of the
> license. The goal of this license is that maintainers of an open source
> project are free to change the license of the project, and can integrate
> any downstream modifications. Without the C-FSL, the project license
> could only be changed if the project uses a permissive license, if all
> copyright holders consent, or if all contributors signed a Contributor
> License Agreement (CLA) – but none of these ensure that downstream
> modifications are available under the same license. The C-FSL is
> therefore a copyleft license where contributors give designated
> “Original Authors” special relicensing rights.
>
> The idea of this license in general and the rewrite for the third
> version specifically are viewed quite critically on the mailing list.
>
> Carlo Piana recognizes “substantial effort to overcome most of the
> criticisms to the original version” but is frustrated with the apparent
> lack of understanding Stellnberger shows for this criticisms. Bruce
> Perens isn’t satisfied at all: “When you request a “rewrite” of a
> license with a /fundamental goal/ that is in conflict with the OSD, you
> are likely to get a rewritten license with the same problem as the
> original. And in this case we did.” Similarly, Brendan Hickey finds that
> the rewrite “doesn’t address fundamental objections raised in the last
> version. […] There’s nothing wrong with proprietary software, just don’t
> call it open source.”
>
> There are three major criticisms of the C-FSL:
>
> 1) The special role of Original Authors is discriminatory, as argued by
> Brendan Hickey: “This is conceptually incompatible with the OSD. Any
> license that implements this is non-free.”
>
> 2) The C-FSL is trying to do copyright assignments in disguise.
>
> 3) The license imposes an onerous publication requirement for all changes.
>
> Carlo Piana
> <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2019-January/003911.html>
> provides an excellent analysis of the biggest problems with the license.
>
> *What are the problems with Original Authors?*
>
> Under the C-FSL, Original Authors can be appointed to act as the
> “effective copyright holders“. These can relicense the software by
> themselves, without having to acquire individual consent from all
> copyright holders – contributors have given implicit consent in advance.
> It is not clear what the rules of consensus among Original Authors are
> (majority vote?).
>
> These Original Authors are just a subset of all copyright holders, which
> disenfranchises other contributors. Simon Phipps points out that while
> there is precedent for asymmetric licenses, each half must still
> effectively be an OSI-approved license. (Note: Asymmetry was debated but
> ultimately removed during the approval process of the Upstream
> Compatibility License
> <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2016-October/002856.html>
> in 2016–2017.)
>
> Forks can assign their own Original Authors only if the fork is at least
> 65% different – a very high threshold. This deprives the forked project
> of their rights in the code. Stellnberger’s intention for this hurdle is
> that it prevents two concurrent groups of Original Authors.
>
> But the freedom to fork is exactly what Open Source is about! Rob
> Landley writes a long email which traces through xfree96 and early Linux
> history, highlighting the differences between project forks and
> community forks and why a fork can be good for the community: “what this
> license is trying to do with its “original developers” nonsense does not
> match reality, even a little. […] It is /conceptually/ broken.” Bruce
> Perens agrees: the C-FSL not only violates the OSD, it is also bad for
> the community. A separate thread ensues with numerous examples of
> relicensing, forks, and maintainer–community dynamics (Note: covered in
> the License-Discuss summary).
>
> The Original Authors can always appoint more Original Authors. But this
> doesn’t guarantee that the Original Authors hold a significant copyright
> stake in the work. The concept of authorship also gets muddy when code
> from another project is included. Brendan Hickey notices that this
> allows the 65% rule to be circumvented, for example by including a huge
> third party library, or by including only a tiny part of the C-FSL
> covered code.
>
> Rob Landley points out that licenses don’t determine who the copyright
> holder is, but what the copyright holders allow /other/ people to do.
> This spawns a small discussion about the role of /joint authorship/ in
> Open Source.
>
> *How is the C-FSL different from CLAs or permissive licenses?*
>
> The goal of this license is that the maintainers can easily relicense
> the project, without having to deal with CLAs. If the CLAs and the C-FSL
> are criticized so much why not also permissive licenses, Stellnberger asks?
>
> Permissive licenses effectively allow anyone to relicense the code,
> whereas the C-FSL assigns this right to the Original Authors (see above
> criticism).
>
> Carlo Piana notes that contributors can refuse to sign a CLA in which
> case their changes cannot be merged into the upstream project, but
> contributors cannot refuse the C-FSL because it applies implicitly as
> soon as the changes are made. Brendan Hickey points out that Project
> Harmony <http://www.harmonyagreements.org/> can be used for standard-ish
> CLA templates. In any way, allowing a maintainer team to do arbitrary
> relicensing is not a problem for Open Source to solve.
>
> Note: a further problem with allowing arbitrary relicensing is that
> contributors do not know up front which rights may be licensed.
> Contributors must therefore assume that they retain no rights except
> those explicitly licensed back through the C-FSL. A CLA at least
> explicitly enumerates which rights are licensed, and says whether they
> are licensed exclusively. The C-FSL’s implicitness might be a problem if
> a jurisdiction’s copyright laws require a specific contract form for
> these right transfers.
>
> *Why is the publication requirement a problem?*
>
> Carlo Piana notices that any changes to a C-FSL covered work must be
> published within a month, even incomplete or buggy changes. This
> violates the author’s right to decide whether to publish at all.
>
> This is APPROPRIATION, plain and simple. So any changes I make,
> whether or not released to the public, are contributed with an
> equivalent of an assignment, granting rights over the derivative
> code, including the copyright of the developer, which are not
> available to the developer and there is no way to avoid it.
>
> Elmar Stellnberger responds that the publication requirement for buggy
> changes was not intentional. And isn’t such a publication obligation
> similar to the Vim or Affero licenses? (Note: Nope. While Vim has a
> publication requirement, it also has an alternative GPLv2+ relicensing
> clause. And the AGPL doesn’t require publication except when the
> software is conveyed or made available to users over a network.)
>
> Nigel Tzeng sees this publication requirement as a deal killer. All
> changes would have to be in public repositories. And because it would be
> extremely easy to be non-compliant, the C-FSL is a license trap.
>
> *Can the C-FSL be OSI-approved?*
>
> Brendan Hickey points out that the Debian Project has long argued
> <https://lists.debian.org/debian-legal/2016/01/msg00023.html> that the
> C-FSL violates the DFSG, so OSI will hopefully not decide differently.
>
> Carlo Piana suggests that the license might become OSD-compliant if the
> CLA-like aspect only triggers on contribution to the upstream project,
> not as soon as the code is modified. “I expected something in this
> direction with the new license, conversely I only see stubborn rewording
> that makes it more hard to lay persons to spot how the license in
> practice work.” Elmar Stellnberger rejects this suggestion: “That would
> lead the whole clause of original authors ad absurdum” and make it too
> easy for other people to relicense the project.
>
> *Convertible Free Software License, Version 1.4*
>
> Elmar Stellnberger submits the next revision of the C-FSL. Lukas
> Atkinson summarizes the changes: minor clarifications and a closed
> loophole. But no progress regarding the fundamental criticism has been
> made, so that further review seems pointless.
>
>
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
More information about the License-review
mailing list