[License-discuss] FAQ entry on CLAs

Engel Nyst engel.nyst at gmail.com
Tue Jan 20 18:46:59 UTC 2015 

On 01/18/2015 02:57 PM, Radcliffe, Mark wrote:
> As Allison noted, most OSI approved licenses can be used for inbound
> use, but we do not take a position on that issue in approving
> licenses. [..] Thus, the approval of a license by OSI as meeting the
> criteria of the OSD does not reflect a review of the use of the
> license as "inbound" but only "outbound".

This is deeply concerning. Is OSI's position out of the sudden that it
has approved some licenses which haven't been checked for compliance
with #5, #6 and #7 for any person or entity receiving code?

OSD contains exceptions, entities which the license might prohibit from
incorporating or distributing code under that allegedly open license?

That's plain illogical. It's like, when a developer licenses their work
under an open license, the license "wasn't reviewed" for conformance
with OSD, thus it might not grant the permissions to anyone receiving
the software. But when you're a mere *LICENSEE* [with CLA] of that
developer, then suddenly your purported license "was reviewed" for OSD
conformance.
(or if you're accumulating copyright, then your license somehow becomes
"reviewed")

That doesn't make any sense. How is the open source license not good?
How doesn't it give permissions set out in OSD? And WHY was it approved
if it doesn't comply?

I don't see in OSD #3 that the license "may prohibit modifications and
derivative works or distributing them under the same license, if you're
for example Random J. Developer, writing and licensing your patch, and
not a copyright accumulator of a kind or another".

I don't know how is this under doubt. If, by licensing their code under
an OSI-approved license, developers aren't giving permissions "to any
entity", then software developed without CLAs is under doubt. I guess
the next thing is to see how long will OSI continue to use open source
software developed without CLAs. Because, while OSI might think it has
received open source software, if the project you got it from has an
OSI-approved license from copyright holders, it wouldn't matter: the
license itself *may not have given permission* to distribute in the
first place.

It might have been, who knows, one of those 'some' unspecified
OSI-approved licenses that you suggest wouldn't work inbound=outbound.

> Different communities have different approaches

Wanting more licenses is not, and cannot be, about *uncertainty* whether
a license meets the OSD.

Different entities have different reasons for wanting *additional*
stuff. They might WANT to give another license to some or all, now or in
the future, open source or proprietary. Therefore they *choose* to ask
for another license. Or they might have policies for committers to
repositories they host, therefore they might have an agreement for that.
Or they might OFFER to enforce the license in a court of law for more or
all copyrightable material in a work.

Or they might want another license, and instead of being upfront about
it, they attempt to place open source licensing under fear, uncertainty
and doubt.

But that Open Source Definition page out there sets the criteria
according to which the license must conform, for any copyright holders
to grant permissions to any entity receiving code under that license.

Since when is OSI going back on that, and claims now that "some"
entities might not receive these permissions for "some" OSI-approved
licenses?

> the Apache Software Foundation uses specific CLAs for its projects

Does ASF use CLAs /because/ AL2.0 is uncertain, it hasn't been checked
whether it gives them the rights to reuse, modify, distribute the code
they'd receive under it, under the conditions of AL2.0?

> FSF has long used an assignment approach

Indeed, for some projects, and for some not. FSF's practice has (like
ASF's) confused people, and both were (ab)used to further confusion.

Regardless, does it follow from here that GPL might not be safe to use
inbound, it might not give the permissions to copy, modify and further
distribute derivative works of the code when an entity is receiving it
under GPL?

This is a non-sequitur, and shocking that OSI thinks it's okay to
popularize it.

(random signature...)

-- 
  "Excuse me, Professor Lessig, may I ask you to sign this CLA, so we can
*legally* have your permission to remix and distribute your CC-licensed
works?"
  ~ Permission culture, take two.

More information about the License-discuss mailing list