[License-review] Fwd: [Non-DoD Source] Resolution on NOSA 2.0

Bruce Perens bruce at perens.com
Fri Mar 2 20:47:50 UTC 2018 

On Fri, Mar 2, 2018 at 9:31 AM, Tzeng, Nigel H. <Nigel.Tzeng at jhuapl.edu>
wrote:

> I’ll make comments as a NOSA license user and a former NOSA community
> project contributor in red.
>
> *This open source agreement (“Agreement”) defines the rights of use,
> reproduction, modification and redistribution of certain software*
> *released by the United States Government (“Government”) as represented by
> the Government Agency listed below (“Government Agency”).*
>
>
>
> Although I would not actually *recommend *that any entity other than the
> United States Government make use of this license, it doesn't make sense to
> have a license that* requires *that the project be originated by only one
> legal entity, the United States Government. Should OSI then accept licenses
> that require the project to be originated by Canada and 210 other nations,
> and by IBM and a large number of other corporations? It wouldn't make sense
> for OSI or the developer community. I think you can make this text work for
> the government or another contributor without losing any of the legal
> protection you wish to have.
>
> This is a special purpose license for the USG just like the ESA licenses
> are special purpose licenses for the ESA.  It replaces NOSA 1.3 so there is
> no proliferation issue.
>
No, but there is the combinatorial issue. The broad Open Source developer
community would like to make use of this code (and *any *code under an OSI
license) in their own projects, and not simply treat it as an island apart
from the rest of Open Source where the Government does it's
mostly-stand-alone Cathedral development. So, ignoring the issue of license
proliferation, we should address whether they can parse the license,
whether there are ambiguities in the text and in law, to what degree they
will need professional counsel simply to make use of the license, whether
they can practically combine work under it with work under other licenses,
and what risks they face in using it.

If you don't expect the broader Open Source community should actually be
participating, you don't need OSI's approval. Just please don't call it
"Open Source".

> *The United States Government, as represented by Government Agency, is an
> intended third-party beneficiary of all subsequent redistributions of the
> Subject Software.*
>
>
>
> Please explain what "intended third-party beneficiary" means in this
> context. Why is it necessary for the U.S. Government to be this
> beneficiary, rather than all of the contributors?
>
>
>
> NOSA projects have been fairly large software releases from NASA and NASA
> is the primary contributor and NOSA projects are controlled by NASA.  As
> such they probably wish to call out that they are an intended beneficiary.
> Doesn’t seem necessary but doesn’t seem to hurt anything either.
>

You might be missing that "third-party beneficiary" has a special meaning
in contract law. The implication here is that the Government receives a
material benefit from transactions *by other licensors *under this license,
and that by this language the Government is granted a right to sue for
breach of contract regarding those transactions by other parties, rather
than (or in addition to) the direct licensor of a particular work who might
sue for both copyright infringement and breach of contract.

This is all really confusing, because NOSA 2.0 is to a great extent a
copyright license, and the power to sue is mainly derived from copyright
infringement, and only secondarily from breach of contract. We have one
lower court ruling, in one district, affirming that Open Source licenses
are enforceable as contracts; only months ago and that case isn't even
over. So just what rights NASA has under contract law as a third-party
beneficiary of an Open Source license seem to me to be ambiguous, and
perhaps based on undecided law. I don't know of another Open Source license
that uses this sort of language, and I don't even know about its use in
proprietary intellectual property licensing. I'd like to hear from more
than one lawyer on this topic, and perhaps read some case law, before I can
believe that this language isn't problematical or an invitation for a long
expensive court dispute.


>
> *…*
>
>
>
> *F. “Original Software” means the software first released under this
> Agreement by Government Agency with the Government Agency designation and
> title listed above, including source code, object code and accompanying
> documentation, if any.*
>
>
>
> I think "Initial Work" is less confusing. Other licenses use that term.
> Also, this definition is exclusive to Government and I don't see that this
> is necessary simply to define an initial work.
>
>
>
> As noted above NOSA Projects are projects initially released by NASA (or
> other USG entities).  The projects are usually cathedral in nature.
>

Sure, but it's still not good practice to actually *narrow *this
definition, introducing more things to argue about in court at great
expense. Was it actually released by a government agency? What about the
designation or title? Were they correct? None of this is necessary to
define an Initial Work.


> * C. Under Patent Rights:  Subject to, and, so long as You comply with,
> the terms and conditions of this Agreement, each Contributor hereby grants
> to You (with respect to the Subject Software and its Contributions to or
> Derivative Works of the Subject Software) and You grant to each recipient
> (with respect to Your Contributions to and Derivative Works of the Subject
> Software, as defined in Paragraphs 1.B and 1.C) a non-exclusive, worldwide,
> royalty-free, irrevocable (except as stated in Paragraphs 3.J and 5.A)
> license with respect to its Covered Patents to make, have made, use,
> redistribute, reproduce, sell, offer to sell, import, sublicense and
> otherwise transfer the Subject Software.*
>
> This is the strong patent clause. See Larry's comments at
> https://www.rosenlaw.com/lj9.htm
>
> NOSA project adoption doesn’t impact wider FOSS adoption as it is a
> special purpose license largely used only by NASA and perhaps by other USG
> agencies for USG created projects.
>
By this you are stating that you don't actually expect participation by the
broader Open Source community, who have to worry about patent lawsuits and
(sometimes) their intellectual property portfolios. Which leads me to
wonder why OSI should be considering this license at all. If you expect
this to be an island in development, the Government can make its own rules
and we can not stop them. Just please don't call the result "Open Source".

Obviously you haven't addressed some of the larger concerns, such as why
the NOSA 2.0 attempts to attach permission terms to software which is
obviously in the public domain, which the general public has an
unrestricted right to use without any such terms. It's not at all clear to
me that it's a good idea for OSI to assist NASA in delivering this new
invention of contractually-restricted public-domain software to the Open
Source world.

    Thanks

    Bruce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20180302/1c9f1147/attachment-0001.html>

More information about the License-review mailing list