[License-review] [new license] Blue Oak Model License 1.0.0

Tue Dec 12 04:16:09 UTC 2023

Although I appreciate that it is an attempt to write a license in simple 
language, I wonder if the non-traditional language creates more problems 
than it solves.

"In order to receive this license, you must agree to its rules." This 
only states what the legal consequence of one's acceptance is. But what 
action by the user would be considered acceptance? It's not clear. Can 
one accept only "rules" but not other terms of the agreement? The word 
"receive" is also an odd word choice, although I suppose not something 
that can be misinterpreted.

I see only two acts that the user of the software has a duty to perform 
- "not do anything with this software that triggers a rule that you 
cannot or will not follow" and provide notice of the license to 
recipients of the software.
     a. Which statements in the license are "rules"? Everything? Only 
some things?
     b. What is the legal consequence of "triggering a rule you cannot 
follow"? If this sentence is not a "rule," then one still has the 
license/contract.
     c. What might the license recipient be doing that "triggers a rule 
you cannot or will not follow" other than not providing notice? But that 
has it's own cure provision. So what applies, a loss of license 
immediately or is there an opportunity to cure?

Who is a "contributor" and what legal rights or obligations do they 
have? It's not defined. A contributor is presumably the licensor, since 
the contributor is the party making the copyright and patent grants. But 
used colloquially in FOSS, the "contributor" is not necessarily the 
owner of the rights, it could just be the conduit used by the owner. 
Using "contributor" rather than "owner," "licensor," or a more legally 
accurate term than "contributor," is unnecessarily confusing.

"If anyone notifies you in writing that you have not complied with 
[Notices](#notices), you can keep your license by taking all practical 
steps to comply within 30 days after the notice. If you do not do so, 
your license ends immediately." Do I have to fix the problem universally 
or just with respect to the one who notified me in writing? All I have 
to do within 30 days is "take all practical steps to comply," I don't 
have to actually comply. What are "practical steps"? There's also no 
true deadline for compliance, I just have to "take practical steps" 
within thirty days. I suppose if I haven't taken a single "practical 
step" within 30 days the license terminates, but what if I've taken a 
practical step but not completed the task, or can only complete it by 
taking impractical steps? Or if that's the case, is this where the 
sentence about "not doing anything that triggers a rule that you cannot 
follow" kicks in - if I have created a situation where I can't complete 
providing notice, does the license terminate for having triggered a rule 
I cannot follow? But why not just make notice mandatory instead of this 
odd sequencing and possibility of partial performance, or no performance 
if it's not "practical"?

All that said though, boiled down to its elements there is (1) an 
unlimited grant of a perpetual copyright license; (2) an unlimited grant 
of a perpetual patent license; and (3) a requirement to make an effort 
to provide notice. So at the end of the day it's very difficult to parse 
and would have unpredictable outcomes, but I don't see that it could be 
construed in a way that violates the OSD nor does it fail to meet the 
non-OSD requirements. The closest is "To the extent that any terms are 
ambiguous, the ambiguity must not have a material effect on the 
application of the license," but I do not think that is a risk here.

Pam

Pamela S. Chestek (in my personal capacity)
Chestek Legal
300 Fayetteville Street
Unit 2492
Raleigh, NC 27602
+1 919-800-8033
pamela at chesteklegal.com
www.chesteklegal.com

On 11/7/2023 6:14 PM, Luis Villa wrote:
> I hereby submit the Blue Oak Model License 1.0.0 for OSI’s 
> consideration as a new license. It is just under five years old, so 
> not exactly “new”, but I have been asked by a number of people in the 
> Javascript community to submit it, as it is used by a critical 
> dependency and their policy requires OSI-approved licenses.
>
> # Describe what gap not filled by currently existing licenses that the 
> new license will fill.
>
> While preparing the first version of the Blue Oak Council permissive 
> license list, council members (including myself and other attorneys 
> specialized in open source) ended up trading notes about the features 
> of a good permissive license. No existing license boasted all of those 
> features, particularly including plain language drafting and a strong 
> patent grant, so we wrote this one.
>
> We wrote at more length about the license’s benefits in the initial 
> announcement, which I will avoid duplicating here:
> https://blueoakcouncil.org/2019/03/06/model.html
>
> # Compare it to and contrast it with the most similar OSI-approved 
> license(s).
>
> We feel that the license is:
>
> - easier to read, and more legally explicit with regards to patents 
> and cure provisions, than the traditional “academic” permissives 
> likeMIT <https://spdx.org/licenses/MIT.html>,BSD 
> <https://spdx.org/licenses/BSD-2-Clause.html>, orISC 
> <https://spdx.org/licenses/ISC.html>
>
> - shorter (~ 1/5th as long) and more permissive thanApache 2.0 
> <https://spdx.org/licenses/Apache-2.0.html>
>
> # Describe any legal review the license has been through, including 
> whether it was drafted by a lawyer.
>
> The license was drafted by me and other experience open source 
> attorneys. It did not otherwise undergo a public vetting prior to 
> publication.
>
> # Affirmativelystate that the license complieswith the Open Source 
> Definition, including specifically affirming it meets OSD 3, 5, 6 and 9.
>
> I believe that the license complies with the OSD, including 3, 5, 6, 
> and 9.
>
> # Identify what projects arealready usingthe license.
>
> This submission was prompted because the license is used in:
> https://www.npmjs.com/package/path-scurry (downloaded 10 million times 
> a week)
> https://www.npmjs.com/package/jackspeak (downloaded 9 million times a 
> week)
>
> Both of these are dependencies of the 
> https://www.npmjs.com/package/glob project (downloaded 126 million 
> times a week)
>
> In turn, three of the top five packages in the OpenJS “Impact” list 
> (Appium, Electron, and Node.js) depend on glob. As a result, OpenJS 
> Foundation approached me and asked me to submit the license to OSI. (I 
> am doing this as a favor, and am not being compensated for my time.)
>
> GitHub search additionally identifies about 2,000 files containing the 
> license string (which may or may not map to packages using the license).
>
> # Provide the identity and contact details of thelicense steward, if 
> known, and of the submitter. The OSI will try to get in touch with the 
> license steward if the license submitter is not the steward.
>
> Blue Oak Council (https://blueoakcouncil.org/about) is the steward. I, 
> Luis Villa, am on the board and drafting team of the Blue Oak Council, 
> and am serving as the contact for this submission.
>
> # Provide any additional information that the submitter believes would 
> be helpful for license review. For example, approval of the license by 
> Debian, the FSF or the Fedora Project would be relevant to the review 
> process.
>
> The license is allowed by Fedora:
> https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
>
> # Provide a unique name for the license, preferably including the 
> version number.
>
> Blue Oak Model License 1.0.0
>
> # If any exist, provide the unique identifier by other projects, like 
> SPDX or ScanCode.
>
> The SPDX license identifier is Blue-Oak-1.0.0.
> https://spdx.org/licenses/preview/BlueOak-1.0.0.html
>
> # Identify anyproposed tagsfor the license (when available; see below 
> regarding tagging).
>
> As far as I know these are not yet available.
>
>
> _______________________________________________
> The opinions expressed in this email are those of the sender and not necessarily those of the Open Source Initiative. Communication from the Open Source Initiative will be sent from an opensource.org email address.
>
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20231211/7c072213/attachment-0001.html>