[License-discuss] Proposal: Apache Third Party License Policy

Lawrence Rosen lrosen at rosenlaw.com
Thu May 28 18:40:45 UTC 2015 

Nigel, I was looking forward to your answers. They are well thought out. :-)


 

But this part isn't true: "Whereas Apache is currently just ALv2 or ALv2 +
some permissive license with a attribution clause." Read our NOTICE files
(such as they currently exist), or browse the public archives of our
contributions and our aggregations, or run code scans. The current policy
allows "exceptions" to that policy you paraphrased:

 

https://www.apache.org/legal/ramblings.html

 

http://www.apache.org/legal/resolved.html 

 

OTOH, the draft proposal is less than a page long and fits easily in an
email. (See attached.)

 

Under the current rambled Apache policy there is a Legal-JIRA that is
supposed to be posted for every question about what is "an exception."
We're in the 200's in that archive. And the responses there do not benefit
from any of the analytical skills [like Nigel's and many others!] here at
OSI's license-discuss at . 

 

So help Apache!  If there is a set of OSI-approved licenses that adequately
scope "aggregations," including of course the EPL and MPL and the like, that
you think are appropriate for an Apache project to include in an Apache
aggregation, I'd much rather that OSI identify those licenses than that
Apache's engineers JIRA it to death. 

 

The statement that you "use [GPL] where applicable" is right-on! I
occasionally recommend that license too (as at CAVO@ here at OSI). But
please don't forget the final paragraph in the draft Apache proposal:

 

You may influence the inclusion or exclusion of specific third party
contributions under OSI-approved licenses by joining the Apache project. All
such decisions are made by Apache projects in public.

 

Under the Apache Way, I'd rather trust an OSI-blessed list of acceptable
FOSS licenses, and have Apache projects give you a NOTICE file and let you
decide. Remember, under ALv2 our Apache distributed aggregations are ALL
always FOSS.

 

Finally, please, I'd rather hear the following statement from another brave
lawyer here besides me.

 

Nobody who modifies and redistributes software should accept the safety of
Apache or any other FOSS software in a "brain-dead" way (quoting another
email here). Be aware that we live in a commercial open source software
world that includes the legal doctrine of "willful blindness
<http://en.wikipedia.org/wiki/Willful_blindness> ."

 

/Larry

Lawrence Rosen

"If this were legal advice it would have been accompanied by a bill."

 

 

From: Tzeng, Nigel H. [mailto:Nigel.Tzeng at jhuapl.edu] 
Sent: Thursday, May 28, 2015 9:40 AM
To: Lawrence Rosen; 'License Discuss'
Subject: Re: [License-discuss] Proposal: Apache Third Party License Policy

 

Larry,

 

We're not afraid of GPL and use it where applicable.  The "where applicable"
part is the issue. Same with "ALL other" OSI-approved licenses since each
package would have to be reviewed as to whether it would be okay.

 

Whereas Apache is currently just ALv2 or ALv2 + some permissive license with
a attribution clause.   It is easy for a Project Manager or Legal to say "if
it's from Apache it's okay to use".  It's a known quantity and you can trust
the brand.  Muddy the waters and this is no longer true and a huge step
backwards.

 

Show me the case law to prove what you term aggregation is not what the FSF
calls derivative and provide indemnification against copyright infringement
if it isn't aggregation.  

 

THEN the concerns are mitigated.  Otherwise inclusion of any copyleft
licensed code in Apache projects is a huge issue for users.

 

From: Lawrence Rosen <lrosen at rosenlaw.com <mailto:lrosen at rosenlaw.com> >
Reply-To: Lawrence Rosen <lrosen at rosenlaw.com <mailto:lrosen at rosenlaw.com>
>, License Discuss <license-discuss at opensource.org
<mailto:license-discuss at opensource.org> >
Date: Wednesday, May 27, 2015 at 2:17 PM
To: License Discuss <license-discuss at opensource.org
<mailto:license-discuss at opensource.org> >
Subject: Re: [License-discuss] Proposal: Apache Third Party License Policy

 

Nigel, your answer echoes many others:

 

> If I have to start checking every Apache package for GPL code I'll have to

> strongly recommend that we approach all Apache packages with caution.

 

If we amended the proposal to leave out the GPL licenses, would that calm
your concerns? 

 

I'd really hate to do that at Apache for that set of generous FOSS licenses,
but fear is fear.... Apache didn't cause this fear of "infection" and Apache
can't cure it. There is a group of attorneys that is drafting an appropriate
"exception" that would allow at least some GPL software to be aggregated
with Apache software.

 

But are ALL other OSI-approved licenses OK with you? 

 

/Larry

 

 

From: Tzeng, Nigel H. [mailto:Nigel.Tzeng at jhuapl.edu] 
Sent: Wednesday, May 27, 2015 9:42 AM
To: members at apache.org <mailto:members at apache.org> ; lrosen at rosenlaw.com
<mailto:lrosen at rosenlaw.com> ; 'License Discuss'
Subject: Re: [License-discuss] Proposal: Apache Third Party License Policy

 

Thanks, without the context it was somewhat harder to follow on
license-discuss.

 

Consider this a vote in the negative as a non-member user of Apache
software. If I have to start checking every Apache package for GPL code I'll
have to strongly recommend that we approach all Apache packages with
caution.

 

Becoming a "universal acceptor" significantly impacts your ability to be a
"universal donor".  I have no desire to accidentally be the cause of any
organization I work for becoming the test case for what is an aggregation vs
what is a derivative.  If Apache was willing to indemnify downstream
users.yah, I didn't think so.

 

Nice try though.

 

From: "lrosen at rosenlaw.com <mailto:lrosen at rosenlaw.com> "
<lrosen at rosenlaw.com <mailto:lrosen at rosenlaw.com> >
Reply-To: "members at apache.org <mailto:members at apache.org> "
<members at apache.org <mailto:members at apache.org> >, "lrosen at rosenlaw.com
<mailto:lrosen at rosenlaw.com> " <lrosen at rosenlaw.com
<mailto:lrosen at rosenlaw.com> >, License Discuss
<license-discuss at opensource.org <mailto:license-discuss at opensource.org> >
Date: Tuesday, May 26, 2015 at 10:16 PM
To: License Discuss <license-discuss at opensource.org
<mailto:license-discuss at opensource.org> >
Subject: [License-discuss] Proposal: Apache Third Party License Policy

 

[This has been a hellishly long thread on private Apache lists before the
board cut off discussion on revised policies. Below was the short start of
it I submitted over two weeks ago. Apache board members don't want to revise
current policy. Many Apache members don't want it. Still, it is a serious
proposal to bring some more freedom and cooperation to open source. Please
treat this as a political document for license-discuss at . /Larry]

 

.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20150528/3b1e90c1/attachment.html>
-------------- next part --------------
An embedded message was scrubbed...
From: "Lawrence Rosen" <lrosen at rosenlaw.com>
Subject: Proposal: Apache Third Party License Policy
Date: Tue, 26 May 2015 19:16:40 -0700
Size: 18575
URL: <http://lists.opensource.org/pipermail/license-discuss_lists.opensource.org/attachments/20150528/3b1e90c1/attachment.mht>

More information about the License-discuss mailing list