[License-review] For Approval: libpng license, version 2.0
Henrik Ingo
henrik.ingo at avoinelama.fi
Mon Nov 5 15:51:19 UTC 2018
Cosmin
First of all, thank You, Glenn - may he rest in peace, and the other
contributors for libpng.
Since you asked for feedback and help, as well as the review, I wanted to
mention: Are you aware that there exist non-profit organizations that
provide pro bono legal services for open source projects. I'm sure libpng
will qualify if you wanted to ask for help through these channels.
These two act like umbrella foundations, providing both accounting and
legal services to projects:
https://www.spi-inc.org/ (SPI)
https://sfconservancy.org/ (Conservancy)
This one only provides legal help:
https://www.softwarefreedom.org/ (SFLC)
Also, as things are connected, if you choose to become an associated
project under the SPI, then chances are their pro bono lawyer will in fact
come from the SFLC roster.
This list is of course populated with great legal minds as well, but in my
experience a lawyer giving your formal legal counsel will trump a mailing
list discussion any day.
None of the above is to imply that I would be opposed to your submission as
it stands. I guess my first reaction is that libpng as a library is
embedded into larger software applications, so there would be some value in
ending up with a simpler and shorter alternative. So it would be worth
looking into the alternatives you mentioned, such as moving the
contributors to a separate flat list.
Other than that, the precedent set by Python seems like a solid reference,
and sometimes history of a project is what it is and we just have to live
with a slightly longer legal text.
henrik
On Mon, Nov 5, 2018 at 7:23 AM Cosmin Truta <ctruta at gmail.com> wrote:
> Full name: PNG Reference Library License, version 2.0
> Short identifier: libpng license v2.0
> License text: see Appendix below
> URL:
>
> https://gist.github.com/ctruta/5e276eb83213f9d66bf61539156830c5#file-license-md
> Public discussion:
>
> https://sourceforge.net/p/png-mng/mailman/png-mng-implement/thread/CAAoVtZxmEtyf37JYhsjdxY4PjdCXfGRSB6g7PTORY0xx_cBL8w%40mail.gmail.com/#msg36407040
>
>
> == Introduction ==
>
> Dear OSI reviewers,
>
> My name is Cosmin Truta, and earlier this year I became the new
> maintainer of the PNG Reference Library (also known as "libpng"),
> succeeding Glenn Randers-Pehrson.
>
> I published the newest official libpng release, version 1.6.35,
> still carrying Glenn's copyright notice and unmodified license,
> back in September, after I took over from Glenn's latest beta
> (1.6.35-beta02). The development on libpng version 1.6.36 is under
> way, and I would like to release the final version not only under
> my copyright notice, but also under a new license.
>
> Unlike other software licenses that change rarely or not at all, the
> libpng license has been always changing, with every published libpng
> release, and even with every published beta and release candidate.
> I would like change this practice: follow what the rest of the
> open-source software world is doing, and have the libpng license
> frozen also.
>
> Upon taking over from Glenn, I had a dilemma: should I just add in
> my own copyright notice, and add any future acknowledged contributor
> to the list of Contributing Authors in the existing paragraphs? Or,
> rather, should I add an entire paragraph with my own copyright notice,
> and another mentioning the Contributing Authors associated with my
> own copyright notice, etc.? I found disadvantages in both choices.
>
> I am aware of licenses that have been published in new versions,
> with new terms and conditions, but with keeping the old terms and
> conditions also. For example, I am familiar with the Python license,
> in which the license agreement for version 2/3/etc. incorporates
> the old "CNRI License Agreement for Python 1.6.1", and the even older
> "CWI License Agreement for Python 0.9.0 through 1.2".
>
> Is this the best way to go forward with the libpng license? In this
> email I am asking not only for your review, but also for your expert
> advice.
>
> == Distinguish ==
>
> The libpng license 2.0 is the terms and conditions from the zlib
> license, plus the disclaimer from the Boost license.
>
> The list of Contributing Authors is flattened into a separate AUTHORS
> file, as in many other prominent open-source software projects.
>
> The legacy libpng license, all the way to 1.6.35, is also included.
> I will keep the Contributing Authors lists intact, as they are
> arguably part of the old license. I won't change those lists because
> that would mean changing the old license, and I am not sure about the
> consequences of doing so.
>
> == Rationale: Why the zlib license for terms and conditions ==
>
> The present-day zlib and libpng licenses are similar in spirit, but
> not identical in letter. They are often referred to, collectively
> (but incorrectly) as "the zlib/libpng license".
>
> I would like to make the new license as close to the zlib license as
> possible, with two small clarifications. Here goes:
>
> > Permission is hereby granted to use, copy, modify, and distribute
> > this software, or portions hereof, for any purpose, without fee,
> > subject to the following restrictions:
> >
> > 1. The origin of this software must not be misrepresented; you
> > must not claim that you wrote the original software. If you
> > use this software in a product, an acknowledgment in the product
> > documentation would be appreciated, but is not required.
> >
> > 2. Altered source versions must be plainly marked as such, and must
> > not be misrepresented as being the original software.
> >
> > 3. This Copyright notice may not be removed or altered from any
> > source or altered source distribution.
>
> See https://opensource.org/licenses/Zlib
>
> == Rationale: Why the Boost license for disclaimer ==
>
> Years ago, I had proposed adopting the zlib license, verbatim, for
> libpng, but Glenn did not agree. He did not like zlib's disclaimer,
> because of UCITA.
>
> UCITA may have failed to become a Uniform Act in the U.S., but it is
> still in effect in two states, Virginia and Maryland. (Maryland is
> Glenn's state.)
>
> This is about disclaiming explicitly the warranty of non-infringement.
>
> Logically, the zlib license disclaimer sounds perfectly fine to me.
> To me (caution: IANAL), "no express or implied warranties" literally
> means "no express or implied warranties". Or, let's make it simpler,
> "no warranties" means literally "no warranties". There should be no
> need to be explicit about the warranties of non-infringement (or
> fitness for a purpose, or merchantability, etc. etc. etc.)
>
> But UCITA claims otherwise, and Glenn was concerned about that.
>
> Given where I live, none of that bothers me. However, in deference
> to Glenn, and to not jeopardize (in Glenn's opinion) anybody who
> hacks libpng in a jurisdiction where UCITA is in effect, I looked
> over the various disclaimers in other licenses, and eventually
> decided on the disclaimer from the Boost license.
>
> Here goes:
>
> > The software is supplied "as is", without warranty of any kind,
> > express or implied, including, without limitation, the warranties
> > of merchantability, fitness for a particular purpose, title, and
> > non-infringement. In no even shall the Copyright owners, or
> > anyone distributing the software, be liable for any damages or
> > other liability, whether in contract, tort or otherwise, arising
> > from, out of, or in connection with the software, or the use or
> > other dealings in the software, even if advised of the possibility
> > of such damage.
>
> One last note: the reason I chose the Boost license disclaimer,
> instead of the very similar MIT license disclaimer, is because of
> the extra warranty disclaimer (that of "title"), and because it
> explicitly protects not only "the Copyright owners" but also
> "anyone distributing the software". However, I do not have a strong
> opinion on this matter.
>
> == Legal review ==
>
> As far as the story goes, the libpng license and the zlib license
> were initially submitted to OSI for review, independently, in the
> mid-90's. According to my second-hand knowledge, OSI approved the
> zlib license text, and recommended the libpng project to adopt
> the zlib license text, verbatim. (That did not happen. Although the
> public at large commonly uses the term "zlib/libpng license", the
> libpng releases continued to be published under the very-slightly-
> different "OSI-approved libpng license", until libpng version 1.0.6.)
>
> As of libpng version 1.0.7 (released in July 2000), in reaction to
> UCITA being on its way to being enacted in Maryland, Glenn started
> making licensing modifications, adding explicit disclaimers, for his
> protection.
>
> There have been other modifications in the license text along the
> way, until it became the present-day libpng license. There was no
> other legal review that I'm aware of.
>
> == License proliferation ==
>
> I am aware that OSI prefers to not introduce a new license, if an
> existing one would do.
>
> As I've mentioned before, I have, in the past, proposed to the PNG
> Group to just adopt the OSI-approved zlib license, as-is, for new
> libpng releases, but nobody in the group agreed that it would be a
> wise idea.
>
> Summarizing my proposal, publishing future libpng releases under
> "libpng license 2.0" +plus+ "libpng legacy license 1.0" is what
> I would consider the safest option.
>
> However, there are several possible plans and scenarios, which I am
> willing to discuss.
>
> PLAN A:
> The "libpng license 2.0" could be published and reused standalone
> by any other projects, but we will release libpng with the "libpng
> license 2.0" plus "libpng legacy license 1.0", as in my original
> proposal. Could OSI certify the 2.0+1.0 pair (Python-like) as a
> legacy license? Could OSI certify 2.0 alone as a reusable license?
> ("PLAN A" is essentially my above proposal.)
>
> PLAN B:
> If OSI isn't interested in a new "libpng license 2.0", but can help
> us shape the present-day libpng license into a form that can be
> frozen, reusable by us (the PNG Group) only, for the foreseeable
> future, that would also be acceptable. In that case, could OSI
> certify the reshaped-and-frozen 1.0 as a legacy license?
>
> PLAN C:
> If OSI believes that the "libpng legacy license 1.0" (which is not
> reusable) can be completely replaced by the "libpng license 2.0"
> (which is reusable), and there is no need for the 2.0+1.0 pair to
> accompany the future libpng releases (and also no need for the
> 2.0+1.0 pair to be certified as a legacy license), I am willing to
> give a try to this idea, although (in my non-expert opinion) I
> consider this one a riskier proposition.
>
> PLAN D:
> As in "PLAN C", but if OSI believes that the present-day zlib license
> can fully replace the present-day libpng license, I am also willing
> to give this idea a try (but I will need more assurances for it in
> this case, since I consider this the riskiest proposition, and so do
> other people in the PNG Group).
>
> == Epilogue ==
>
> A few weeks ago, in October, Glenn passed away. (R.I.P., Glenn!)
>
> Importantly, he wrote the following about my proposed licensing,
> back in September:
>
> "I have reviewed it and it looks OK to me."
>
> Thank you very much for your attention.
>
> Sincerely,
> Cosmin
>
>
> == Appendix: The license text ==
>
> COPYRIGHT NOTICE, DISCLAIMER, and LICENSE
> =========================================
>
> PNG Reference Library License version 2
> ---------------------------------------
>
> * Copyright (c) 1995-2018 The PNG Reference Library Authors.
> * Copyright (c) 2018 Cosmin Truta.
> * Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson.
> * Copyright (c) 1996-1997 Andreas Dilger.
> * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
>
> The software is supplied "as is", without warranty of any kind,
> express or implied, including, without limitation, the warranties
> of merchantability, fitness for a particular purpose, title, and
> non-infringement. In no even shall the Copyright owners, or
> anyone distributing the software, be liable for any damages or
> other liability, whether in contract, tort or otherwise, arising
> from, out of, or in connection with the software, or the use or
> other dealings in the software, even if advised of the possibility
> of such damage.
>
> Permission is hereby granted to use, copy, modify, and distribute
> this software, or portions hereof, for any purpose, without fee,
> subject to the following restrictions:
>
> 1. The origin of this software must not be misrepresented; you
> must not claim that you wrote the original software. If you
> use this software in a product, an acknowledgment in the product
> documentation would be appreciated, but is not required.
>
> 2. Altered source versions must be plainly marked as such, and must
> not be misrepresented as being the original software.
>
> 3. This Copyright notice may not be removed or altered from any
> source or altered source distribution.
>
>
> PNG Reference Library License version 1 (for libpng 0.5 through 1.6.35)
> -----------------------------------------------------------------------
>
> libpng versions 1.0.7, July 1, 2000 through 1.6.35, July 15, 2018 are
> Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson, are
> derived from libpng-1.0.6, and are distributed according to the same
> disclaimer and license as libpng-1.0.6 with the following individuals
> added to the list of Contributing Authors:
>
> Simon-Pierre Cadieux
> Eric S. Raymond
> Mans Rullgard
> Cosmin Truta
> Gilles Vollant
> James Yu
> Mandar Sahastrabuddhe
> Google Inc.
> Vadim Barkov
>
> and with the following additions to the disclaimer:
>
> There is no warranty against interference with your enjoyment of
> the library or against infringement. There is no warranty that our
> efforts or the library will fulfill any of your particular purposes
> or needs. This library is provided with all faults, and the entire
> risk of satisfactory quality, performance, accuracy, and effort is
> with the user.
>
> Some files in the "contrib" directory and some configure-generated
> files that are distributed with libpng have other copyright owners, and
> are released under other open source licenses.
>
> libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are
> Copyright (c) 1998-2000 Glenn Randers-Pehrson, are derived from
> libpng-0.96, and are distributed according to the same disclaimer and
> license as libpng-0.96, with the following individuals added to the
> list of Contributing Authors:
>
> Tom Lane
> Glenn Randers-Pehrson
> Willem van Schaik
>
> libpng versions 0.89, June 1996, through 0.96, May 1997, are
> Copyright (c) 1996-1997 Andreas Dilger, are derived from libpng-0.88,
> and are distributed according to the same disclaimer and license as
> libpng-0.88, with the following individuals added to the list of
> Contributing Authors:
>
> John Bowler
> Kevin Bracey
> Sam Bushell
> Magnus Holmgren
> Greg Roelofs
> Tom Tanner
>
> Some files in the "scripts" directory have other copyright owners,
> but are released under this license.
>
> libpng versions 0.5, May 1995, through 0.88, January 1996, are
> Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
>
> For the purposes of this copyright and license, "Contributing Authors"
> is defined as the following set of individuals:
>
> Andreas Dilger
> Dave Martindale
> Guy Eric Schalnat
> Paul Schmidt
> Tim Wegner
>
> The PNG Reference Library is supplied "AS IS". The Contributing
> Authors and Group 42, Inc. disclaim all warranties, expressed or
> implied, including, without limitation, the warranties of
> merchantability and of fitness for any purpose. The Contributing
> Authors and Group 42, Inc. assume no liability for direct, indirect,
> incidental, special, exemplary, or consequential damages, which may
> result from the use of the PNG Reference Library, even if advised of
> the possibility of such damage.
>
> Permission is hereby granted to use, copy, modify, and distribute this
> source code, or portions hereof, for any purpose, without fee, subject
> to the following restrictions:
>
> 1. The origin of this source code must not be misrepresented.
>
> 2. Altered versions must be plainly marked as such and must not
> be misrepresented as being the original source.
>
> 3. This Copyright notice may not be removed or altered from any
> source or altered source distribution.
>
> The Contributing Authors and Group 42, Inc. specifically permit,
> without fee, and encourage the use of this source code as a component
> to supporting the PNG file format in commercial products. If you use
> this source code in a product, acknowledgment is not required but would
> be appreciated.
>
>
> TRADEMARK
> =========
>
> The name "libpng" has not been registered by the Copyright owners
> as a trademark in any jurisdiction. However, because libpng has
> been distributed and maintained world-wide, continually since 1995,
> the Copyright owners claim "common-law trademark protection" in any
> jurisdiction where common-law trademark is recognized.
>
>
> OSI CERTIFICATION
> =================
>
> As of version 1.0.6, libpng was OSI Certified Open Source Software.
> OSI Certified Open Source is a certification mark of the Open Source
> Initiative.
>
> OSI has not addressed the license updates after libpng version 1.0.6.
>
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
--
henrik.ingo at avoinelama.fi
+358-40-5697354 skype: henrik.ingo irc: hingo
www.openlife.cc
My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20181105/064afe66/attachment-0001.html>
More information about the License-review
mailing list