<!DOCTYPE html><html><head><title></title></head><body><div>Dear OSI License Review Committee,</div><div><br></div><div>I appologize, my previous message included a prior version of the license that was missing the Anti-Removal clause. I've included the correct attachment here.</div><div><br></div><div>It is also available here: <a href="https://github.com/jscarle/MIT-I/blob/develop/LICENSE">https://github.com/jscarle/MIT-I/blob/develop/LICENSE</a></div><div><br></div><div>Sincerely,</div><div>Jean-Sebastien Carle</div><div><br></div><div>On Thu, Jul 31, 2025, at 10:48 AM, Jean-Sebastien Carle wrote:</div><blockquote type="cite" id="qt" style=""><div>Dear OSI License Review Committee,</div><div><br></div><div>I am submitting the Irrevocable MIT License (MIT-I) for review and consideration for OSI approval.</div><div><br></div><div>1. Purpose and Context</div><div><br></div><div>In recent years, the open source ecosystem\u2014particularly within the .NET community\u2014has experienced a marked increase in what developers refer to as "bait-and-switch" practices. Widely adopted, foundational libraries have, after years of being distributed under permissive licenses like MIT or Apache-2.0, been relicensed under more restrictive or commercial terms. In some cases, maintainers have also removed prior releases from public repositories, restricting access for the community.</div><div><br></div><div>Notable, Chronological Examples:</div><div><br></div><div>Hangfire (2019):</div><div>Introduced commercial usage restrictions, changing from its original permissive license to a more restrictive model.</div><div><br></div><div>IdentityServer (2022):</div><div>IdentityServer4 was discontinued and replaced by Duende IdentityServer, adopting a commercial license that restricted free use to organizations under $1M annual revenue, effectively removing the free and open-source option for the broader community.</div><div><br></div><div>Moq (2023):</div><div>Introduced SponsorLink telemetry in version 4.20, which created privacy concerns and introduced a "nagware" component. Although later rolled back due to community backlash, this event eroded trust and exposed a vulnerability in open source project governance.</div><div><br></div><div>FluentAssertions (2024):</div><div>Switched from Apache-2.0 to a paid commercial license for all commercial use as of version 8.0, catching much of the community off guard.</div><div><br></div><div>AutoMapper (2025):</div><div>Introduced a dual/commercial licensing model, making certain features or uses subject to commercial licensing.</div><div><br></div><div>MediatR (2025):</div><div>Adopted a similar dual/commercial licensing approach, following the pattern of AutoMapper.</div><div><br></div><div>WiX (2025):</div><div>Introduced the Open Source Maintenance Fee, moving from free software to paid software for all users.</div><div><br></div><div>These incidents have directly disrupted production software, build pipelines, and ongoing development efforts for countless teams and organizations worldwide. They have also generated significant uncertainty and mistrust, as users can no longer assume that the rights granted under permissive licenses will remain available or that distributed software will remain accessible.</div><div><br></div><div>2. License Overview</div><div><br></div><div>The MIT-I License is based closely on the OSI-approved MIT License but introduces two explicit changes:</div><div><br></div><div>1. Irrevocability Clause:</div><div>"The rights and permissions granted under this license for this version (and all previous versions) of the Software are perpetual, non-exclusive, and irrevocable. The copyright holder(s) may not revoke, modify, or relicense this version of the Software or any previous version released under these terms. This version of the Software will remain under the terms of this license forever."</div><div><br></div><div>2. Anti-Removal Clause:</div><div>"The Software may not be removed from public repositories solely for the purpose of limiting access to versions previously distributed under this license."</div><div><br></div><div>3. Justification for Changes</div><div><br></div><div>A. Irrevocability</div><div><br></div><div>Problem:</div><div>While the MIT License grants rights "free of charge, to any person obtaining a copy," there is ongoing debate over whether the copyright holder could, after-the-fact, attempt to revoke those rights for already-published versions, or relicense them in a manner that would cloud the rights of existing users. Legal scholars generally agree that MIT is "effectively irrevocable," but this is not explicit. Recent examples such as Hangfire (2019), IdentityServer (2022), and FluentAssertions (2024) have demonstrated that authors may attempt to alter licensing terms in ways that are unexpected and disruptive for the user community.</div><div><br></div><div>Solution:</div><div>By explicitly stating that the grant is irrevocable for all versions ever released under the MIT-I License, this license closes the door to after-the-fact revocation or retroactive relicensing, removing any legal gray area and enhancing user trust.</div><div><br></div><div>B. Anti-Removal</div><div><br></div><div>Problem:</div><div>Several high-profile cases (notably IdentityServer (2022) and Moq (2023)) have seen maintainers remove prior versions of software from public package repositories (such as NuGet or GitHub), with the intent of forcing migration to new, more restrictive licenses or to prevent continued use of "grandfathered" open source versions. This practice disrupts production systems, CI/CD pipelines, and the broader software supply chain. The MIT License does not currently prevent this.</div><div><br></div><div>Solution:</div><div>The MIT-I License introduces a narrowly scoped clause prohibiting removal "solely for the purpose of limiting access" to previously distributed versions. This prevents anti-competitive or community-hostile behavior, while not interfering with legitimate removals for DMCA compliance, malware, or security incidents.</div><div><br></div><div>4. Why These Changes Are Necessary and Not Already Covered</div><div><br></div><div>Irrevocability:</div><div>No currently OSI-approved license makes irrevocability as explicit and unambiguous as MIT-I. The Apache-2.0 license includes a patent grant that is irrevocable under certain conditions, but the copyright grant itself is not as clearly defined in terms of irrevocability as is now needed in practice.</div><div><br></div><div>Anti-Removal:</div><div>No major OSI license addresses the scenario of removal for the purpose of restricting access. This provision is essential to prevent "soft" revocation via disappearance from public infrastructure, a tactic not envisioned when the MIT License was created.</div><div><br></div><div>5. Summary</div><div><br></div><div>The MIT-I License preserves the well-understood, widely-accepted terms of the MIT License but explicitly addresses two modern vectors for undermining open source stability and trust: legal ambiguity about license permanence, and the threat of intentional removal from distribution channels. These two changes are narrowly tailored, with the intent of protecting the open source community from recent real-world harms while maintaining maximal freedom for all parties.</div><div><br></div><div>This license text has not been reviewed by a lawyer. It was drafted solely by me, as an open source developer and community member.</div><div><br></div><div>I respectfully request the OSI's consideration and approval of the Irrevocable MIT License (MIT-I) as an official open source license.</div><div><br></div><div>Sincerely,</div><div>Jean-Sebastien Carle</div><div><br></div><div><br></div><div><b>Attachments:</b></div><ul><li>MIT-I.txt</li></ul></blockquote><div><br></div></body></html>