Question on OSD #5

Tzeng, Nigel H. Nigel.Tzeng at jhuapl.edu
Thu Nov 22 12:45:20 UTC 2007 

On another front...I would like to release somewhat more sensitive code on restricted networks.

With respect to OSD #5 do folks believe that releasing under an OSI approved license but having to mark the software as FOUO (For Official Use Only) or SECRET breaks OSD #5?

The impact of FOUO markings is somewhat vague but might be sufficient for our own protection with respect to sensitivity.  This is roughly equivalent to the export restrictions covered under OSD #5.  SECRET obviously has far more impact on distribution.

Perhaps this isn't an issue for the open source community in general but I was curious if this discussion/need had been covered before.  

I would also want to stay compliant if I extended some open source project, made the code available but could only do so on classified networks due to the resulting classification.  This is one reason I tend to only look at open source projects with a permissive license.  I don't have to worry about that.

Is an exception desirable or necessary (from a community  perspective... lawyers will be involved eventually)?

If I suggest that we modify MS-RL Conditions and Limitations to:

(A) Reciprocal Grants- For any file you distribute that contains code from the software (in source code or binary format), you must provide recipients the source code to that file along with a copy of this license, which license will govern that file <CHANGE>subject to any export or classification restrictions.  Classified derivatives should be made available on an appropriate classified network if possible.<CHANGE>   You may license other files that are entirely your own work and do not contain code from the software under any terms you choose.

>From an OSI approval standpoint would this modification immediately fail OSD 5? 

I guess there are two issues here:  

1) If I release under a reciprocal license did I just preclude anyone from using it in a classified environment?  That would be a minor oops for me that I'm trying to fix with the changes above but there are also other, more annoying, solutions (like folks can call us to get a different license).

2) If I need to release in a restricted environment due to export or classification concerns am I no longer able to do Open Source, as defined by the OSI, at all?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20071122/cdbb8341/attachment.html>

More information about the License-discuss mailing list