[License-review] Adapting the license-review process to AI

Roland Turner roland at rolandturner.com
Tue Sep 10 06:38:19 UTC 2024


On 10/9/24 12:28, Pamela Chestek wrote:

> The concept (as I see it, and I may be completely wrong) is that the 
> documents submitted might be for entire systems or they might be for 
> just a single component, say, models. The review will be to make sure 
> that the user will have all the rights guaranteed by the OSAID for 
> whatever components, or systems, the legal terms might be applied to.
>
> We understand that there might be discrete and separate terms for the 
> various components in a system. The OSI will not be evaluating systems 
> as a whole to make sure that every component has approved terms - 
> that's what a compliance program would do, which we are not doing. As 
> with open source software, it will be up to the community, with 
> support from OSI, to identify false claims that an AI system is open 
> source when it is not, whether it's because some component is missing 
> a necessary grant of rights or because the grant does not assure all 
> the freedoms required.
>

There seems to me to be a serious batteries-not-included problem with 
this approach. I do get the need to evaluate terms more broadly than 
copyright-license terms[1] alone[2], but what you're describing appears 
to be abdicating an obvious role for OSI completely:

  * Yes, we obviously can't become a certification body for every OS AI
    system in the world. Scope, resourcing at every level, assumptions
    about what F/OSS is about, etc., would all be invalidated by this
    approach.
  * But limiting review and approval merely to component terms destroys
    the meaning of OSI-approval for OSAID (because there would be no
    such thing), in that it is by no means certain that the combination
    of a set of compliant component terms will automatically yield a
    compliant whole[3].

Naturally the few hundred largest systems will engage teams of lawyers 
to tailor their terms — particularly at this early stage of development 
— and these organisations are free to seek OSI approval for their 
specific constellation of terms should they wish to, but leaving the 
next million projects in the lurch, having to cobble their own system 
terms together seems like a serious problem. Yes, OSI can't and doesn't 
offer legal advice, but the availability of a body of "likely 
reasonable" approved terms for selection at the very beginning of a 
small project has been a very important benefit of OSI's approval 
process (and the reason for a published list of approved licenses, and 
for the non-proliferation work, etc.). I'd suggest that it would be 
serious own-goal for OSI to fail to provide analogous whole-system-terms 
approvals for the OSAID.

*Stefano*, is there a current documented position on the intended approach?

- Roland


1: "distribution terms" in the OSD

2: e.g. I mentioned Data Transfer Agreements (DTAs) earlier.

3: We could in principle make certain that this was the case by 
reviewing not only each license, but also the combinatorial closure of 
all licenses as applied in all possible combinations to AI systems but, 
erm, this would likely be an even bigger problem.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20240910/65befc01/attachment.htm>


More information about the License-review mailing list