[License-discuss] Wrapping OSI licenses (UNCLASSIFIED)

[Karan, Cem F CIV USARMY RDECOM ARL (US)]

CLASSIFICATION: UNCLASSIFIED

Hi all, as some of you know, I'm the guy at the US Army Research Laboratory that is trying to push forward our Open Source policy.  As a part of that, I've outlined my concerns on copyright-based licenses, and the need for the US government (USG) to have an Open Source license that will continue to work even on works that don't have copyright attached[1].  The NOSA agreement (not a license!  It's in its name!) tries to address this by avoiding copyright entirely.  But it occurred to me that not everyone in the USG (or elsewhere) is going to want to use NOSA; there are good reasons for using (for example) AGPLv3, or Apache 2.0, etc.  Which is why I came up with the thought that maybe it's time to come up with a meta-license.  The meta-license would be designed to do the following:

1) Wrap any OSI-approved license transparently (the original license would not need to be changed to work with the meta-license).
2) Add in a severability clause, making it clear that if any one clause was struck down by the courts, then the others still stand (maybe a good idea, maybe bad?  Thoughts?)
3) Add in a new clause that makes it clear that for those portions of the covered work that don't have copyright attached, then the recipient of the code is agreeing to treat the material as if it had copyright for the purposes of the wrapped license.

There are a number of issues with this idea:

- I have no idea if this is even possible; I'm not a lawyer, and I'm not sure that monkey patching a license like this is possible. 

- I have no idea if it would be desirable by the community to do so.  

- I'm not sure if I've got all the right ideas in place; that is, would we need to add or remove anything to the meta-license?  If so, what?  

- Would it be compatible with all OSI-approved licenses?  If not, would there need to be a list of licenses it's approved to be used with?  How would that list be maintained and updated?  What if there are other, additional meta-licenses?  Could you mix and match them together and still have an Open Source license?

- Would OSI approve the idea of a meta-license?

I'm hoping for a constructive debate on this idea; if it worked, it could solve a fair number of problems (while creating a whole new set, no doubt! ;))

Thanks,
Cem Karan

[1] Most US Government works do not have copyright within the jurisdication of the USA.  If a license has a clause in it that relies on copyright (most OSI-approved licenses seem to), a lawyer could argue in court that the clause is invalid under US law because USG works generally don't have copyright attached.  How does this affect the USG, and the wider community as a whole?  The problem is the legal notion of severability (https://en.wikipedia.org/wiki/Severability); most, if not all, OSI-approved licenses don't address what happens to the license as a whole if a single clause in the license is found to be unenforceable.  A court may decide that the other clauses still stand on their own, or it may decide that the entire license is null and void.   This includes those wonderful clauses about no liability or warranty, which could be very, very expensive in litigation.  What's more, downstream users of USG-furnished code could get attacked once the license is null and void (after all, it's how the USG is getting contributions from the outside, and malicious actors could try to sabotage USG Open Source via this route and FUD).  This could turn into a really ugly FUD campaign that I personally would rather avoid.  This is WHY I keep hammering on this issue.

Thanks,
Cem Karan

---
Other than quoted laws, regulations or officially published policies, the views expressed herein are not intended to be used as an authoritative state of the law nor do they reflect official positions of the U.S. Army, Department of Defense or U.S. Government.


CLASSIFICATION: UNCLASSIFIED