[License-review] Adapting the license-review process to AI
Roland Turner
roland at rolandturner.com
Tue Sep 10 06:38:19 UTC 2024
On 10/9/24 12:28, Pamela Chestek wrote:
> The concept (as I see it, and I may be completely wrong) is that the
> documents submitted might be for entire systems or they might be for
> just a single component, say, models. The review will be to make sure
> that the user will have all the rights guaranteed by the OSAID for
> whatever components, or systems, the legal terms might be applied to.
>
> We understand that there might be discrete and separate terms for the
> various components in a system. The OSI will not be evaluating systems
> as a whole to make sure that every component has approved terms -
> that's what a compliance program would do, which we are not doing. As
> with open source software, it will be up to the community, with
> support from OSI, to identify false claims that an AI system is open
> source when it is not, whether it's because some component is missing
> a necessary grant of rights or because the grant does not assure all
> the freedoms required.
>
There seems to me to be a serious batteries-not-included problem with
this approach. I do get the need to evaluate terms more broadly than
copyright-license terms[1] alone[2], but what you're describing appears
to be abdicating an obvious role for OSI completely:
* Yes, we obviously can't become a certification body for every OS AI
system in the world. Scope, resourcing at every level, assumptions
about what F/OSS is about, etc., would all be invalidated by this
approach.
* But limiting review and approval merely to component terms destroys
the meaning of OSI-approval for OSAID (because there would be no
such thing), in that it is by no means certain that the combination
of a set of compliant component terms will automatically yield a
compliant whole[3].
Naturally the few hundred largest systems will engage teams of lawyers
to tailor their terms — particularly at this early stage of development
— and these organisations are free to seek OSI approval for their
specific constellation of terms should they wish to, but leaving the
next million projects in the lurch, having to cobble their own system
terms together seems like a serious problem. Yes, OSI can't and doesn't
offer legal advice, but the availability of a body of "likely
reasonable" approved terms for selection at the very beginning of a
small project has been a very important benefit of OSI's approval
process (and the reason for a published list of approved licenses, and
for the non-proliferation work, etc.). I'd suggest that it would be
serious own-goal for OSI to fail to provide analogous whole-system-terms
approvals for the OSAID.
*Stefano*, is there a current documented position on the intended approach?
- Roland
1: "distribution terms" in the OSD
2: e.g. I mentioned Data Transfer Agreements (DTAs) earlier.
3: We could in principle make certain that this was the case by
reviewing not only each license, but also the combinatorial closure of
all licenses as applied in all possible combinations to AI systems but,
erm, this would likely be an even bigger problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20240910/65befc01/attachment.htm>
More information about the License-review
mailing list