[License-review] December 2019 License-Review Summary
masson at opensource.org
Tue Apr 28 16:43:27 UTC 2020
In December, the License-Review mailing list went over the following:
- ESA Permissive PL v2.3,
- Mulan Permissive Software License v1 and v2
- LGPL-2+-KDE (Legacy)
- Cryptographic Autonomy License (Beta 4)
- CasperLabs Open Source License (COSL)
- BSD-1-Clause (Legacy)
ESA Permissive PL v2.3
Concern was expressed with conflicts between the license text and its
Mulan Permissive Software License v1 and v2
The Mulan Permissive Software License, version 1 and version 2, were
It was noted that this may be similar to licenses like the BSD+patents.
Ambiguity in which language is authoritative.
The authors explained that there was a need for a Chinese license to
engage the Chinese developer community with Chinese version
authoritative in case of conflict.
Possible for the authority of version to be different depending on the
country in use.?
Can the copyright holder decide which version is authoritative?
Two possibilities were suggested: the Chinese version be authoritative
in case of legal disputes, or users select either as the normative
The LGPL-2+-KDE license was submitted.
A question asked, and confirmed: license falls outside the scope of the
license review process.
Cryptographic Autonomy License (Beta 4)
Based upon ongoing discussions with the license review committee, the
author(s) withdrew Beta 3 and substituted Beta of the Cryptographic
Concerns offered regarding the effectiveness of the license, terms
preventing documentation, and Interoperability.
The lack of a patent grant and burdens placed on users for compliance
The importance of clarity due to uncertainty when being evaluated at
court was stressed.
Issues regarding difficulties in determining compliance were introduced
and the CAL seems to be a special-purpose license only applicable to
A strict reading was recommended, and examples where data about a third
party not be accessible on-demand were provided. It was offered that
network node governance agreements were more appropriate to manage
issues related to CAL than software licenses.
Requirements that the software user provides data back to the customer
even if the original software doesn’t make it available is
CAL has no mandatory functionality or method of compliance and instead
describes what is required and having a mandatory technical structure
As a SaaS license, it was argued, it would not be usable by non-
developers (e.g. Wordpress end-users) with compliance risks. It was
offered that CAL goes against the spirit of open source software and so
will continue advocating against the license.
A suggestion was made to reject the license due to bad intentions: it
would be better to focus on the license text without the classification
of participants and assuming moral standards.
Concern was voiced with the effect on downstream users.
Clarification was offered that user data is defined as “data which the
recipient has an existing right of ownership or possession” with
references to the GDPR and the CCPA.
The scope of CAL was questioned: forces apps that run on Holochain to
use an open source license? Is the use of Holochain APIs, and nothing
more considered distributing Modified Work? Would social network
software need to be under an open source license?
It was suggested that the requirement to assert patents against
interoperable open source software is a fundamental flaw.
A case was made that though any party can assert a patent, open source
projects don’t assert patents and that the difference with the CAL is
that the network breaks if interoperable software under other open
source licenses are allowed.
One offered that the rewording strengthened the justification of the
rights of users to their own data in terms of exercising user freedom,
however, may be too narrow.
CasperLabs Open Source License (COSL)
The initial comment was that the license is not a good candidate for
approval due to focus on a business model, complexity without good
reason, onerous obligations to the licensor, specific to distributed
ledger technology, unstable links, ceding decision power to the
licensor, clashes with OSDs 6, 8, and 10, that OSD 3 is not fully
It was offered that the terms in the license are more appropriate for
governance agreements, not software licenses.
A question was posed on why GPLv3, AGPL, or the CAL are insufficient
for the purposes of COSL?
It was suggested the license violates OSD 5, 6, 7, and 9.
As many people stated issues are unpassable it was proposed further
discussion was no longer needed.
A comment was made that the license privileges one set of contributors
over others and allows expropriation.
The BSD-1-Clause license was submitted for approval.
This was identified as an obvious case for approval.
The approval status of MIT-0 license was requested.
An observation was made that the notation on the SPDX list may be
inadvertent, noting originally listed as “not OSI-approved.”
Recognition was made that the license author/steward is not claiming it
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the License-review