[License-discuss] FAQ entry (and potential website page?) on "why standard licenses"?

Philip Odence podence at blackducksoftware.com
Tue Apr 29 11:52:14 UTC 2014


Thanks, Larry. The list is not designed exactly for the purpose of this discussion, but I thought it might provide some useful, objective data. Certainly not taking anything personally.

All of your questions are good questions; most really important if one is recommending licenses which Black Duck generally, and the list absolutely, does not. The list is simply a ranking by “number of unique programs (in the Black Duck KnowledgeBase) under the license.” We call them as we see them, i.e. identifying the license declared for each project. So, while you might make a great point about the 2- and 3-clause BSD, we make the distinction and let lawyers decide whether they “give a damn about” it. We endeavor to capture any software freely available on the Internet and thus end up a long tail of associated licenses which are not strictly open source licenses. And, yes, we keep old projects and deprecated licenses. Understand that one of the key use cases the data are meant to support is scanning code to discover its composition, and often old components (with old licenses) turn up in new code.

For lawyers who review code, the message of the top 20 list is that there’s a clear Paredo distribution; if you understand the top 10 or 20, you are in reasonable shape. This is back to Luis’ original point of which we should not lose sight; there are a bunch of good reasons to steer developers towards a well-understood licenses. Hey maybe “well-understood” is a good alternative to “standard."



From: Lawrence Rosen <lrosen at rosenlaw.com<mailto:lrosen at rosenlaw.com>>
Reply-To: <lrosen at rosenlaw.com<mailto:lrosen at rosenlaw.com>>, <license-discuss at opensource.org<mailto:license-discuss at opensource.org>>
Date: Mon, 28 Apr 2014 16:06:41 -0700
To: <license-discuss at opensource.org<mailto:license-discuss at opensource.org>>
Subject: Re: [License-discuss] FAQ entry (and potential website page?) on "why standard licenses"?


Hi Philip,



Thanks for the Black Duck "Top 20" list of open source licenses. Your list is the best around, so please don't take the following criticism too personally. But this list demonstrates that even the ways that we calculate popularity are flawed. For example:



·         Are GPLv2 and GPLv3 really one license nowadays with total 38% popularity, or still two licenses? [Ben Tilly already made that suggestion on this list.] And the classpath exception version of the GPL (at < 1%) qualifies that license for yet a third spot on your "Top 20" list?



·         Same with the LGPL; is that one license at (5% and 2%, respectively) or one license at 7%?



·         Are these numbers based on lines of code created, numbers of unique programs under the license, or number of copies of the software actually distributed? For example, under what criteria does the zlib/libpng license count? Wikipedia describes that license as intended for two specific software libraries but "also used by many other free software packages." That comment in Wikipedia is as vague and uninformative as the "< 1%" that you cite in your table. I say this to point out that numbers on a list need to be *interpreted* and *scaled* to be useful.



·         Is there any value to listing the 2-clause and the 3-clause BSD licenses separately, given that no company lawyer in the world gives a damn about the distinctions between them? Meanwhile, every conversation about the BSD licenses on these OSI email lists concludes with the following great suggestion: "Why don't you use the Apache License 2.0 instead?" If OSI is ever going to recommend answers to easy legal questions, surely this is among them. It serves absolutely no useful purpose at this stage of our maturity to list each version of the BSD license separately – not even the two you placed on your list.



·         You list the CDDL, a license created by a company that no longer exists and whose successor company doesn't use it. Do we still count deprecated licenses for as long as a even single copy of that code resides in the wild? Not only that, but two versions of that single obsolete license are individually listed in the "Top 20".



·         Wikipedia refers to the CPOL license as "mainly applied to content that is being published on a single community site for software developers" known as The Code Project. Wikipedia further reports that the CPOL license is neither "open" as defined by OSI nor "free" as defined by FSF. Why is it on your list at all?



/Larry





-----Original Message-----
From: Philip Odence [mailto:podence at blackducksoftware.com]
Sent: Monday, April 28, 2014 2:48 PM
To: license-discuss at opensource.org<mailto:license-discuss at opensource.org>
Subject: Re: [License-discuss] FAQ entry (and potential website page?) on "why standard licenses"?



In case it helps, Black Duck publishes a top licenses list based on the number of projects in our KnowledgeBase (out of a current total of about a

million) that utilize each respective license.

http://www.blackducksoftware.com/resources/data/top-20-open-source-licenses

The webpage only shows the top 20, but if OSI thought that 30, say, was a good number, we could provide those.



By the way, we are working on improving the presentation of the list, but I didn¹t want to wait for that before throwing the thought into the mix.







On 4/28/14, 4:57 PM, "Richard Fontana" <fontana at sharpeleven.org<mailto:fontana at sharpeleven.org>> wrote:



>On Mon, 28 Apr 2014 13:31:06 -0700

>Ben Tilly <btilly at gmail.com<mailto:btilly at gmail.com>> wrote:

>

>> Suggested solution, can we use the word "common" instead of

>> "standard"?  And our definition of common should be something

>> relatively objective, like the top X licenses in use on github, minus >> licenses (like the GPL v2) whose authors are pushing to replace with

>> a different license.

>

>You'd exclude the most commonly-used FLOSS license from "common"?

>

> - RF

>_______________________________________________

>License-discuss mailing list

>License-discuss at opensource.org<mailto:License-discuss at opensource.org>

>http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss



_______________________________________________

License-discuss mailing list

License-discuss at opensource.org<mailto:License-discuss at opensource.org>

http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

_______________________________________________ License-discuss mailing list License-discuss at opensource.org<mailto:License-discuss at opensource.org> http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20140429/468864d2/attachment.html>


More information about the License-discuss mailing list