[License-review] Approval: Server Side Public License, Version 2 (SSPL v2)

Bradley M. Kuhn bkuhn at ebb.org
Thu Nov 22 00:50:42 UTC 2018


Eliot Horowitz of MongoDB wrote:
>    Below is an updated version of the Server Side Public License, which we
>    are submitting for review in lieu of version 1.0.

My confidence in MongoDB (the for-profit license steward of the SS Public
License) is now completely gone.  Given this most recent political stunt, we
should all demand years of trust-building before we take MongoDB seriously as
a FLOSS license steward (a role they've pursued for only a month anyway).

Let's recap: The SS Public License version 1.0 was put into production
without any public discussion (nor even private discussion with any license
evaluation authority), only to be shown to have serious drafting and policy
flaws.  Now, after just 35 days of its existence, and having been put into
immediate active use for a key project for those same 35 days, the SS Public
License v1 has already been declared deprecated by its license steward.  Yet,
after all that, MongoDB has *still* not engaged in a public collaborative
process of licensing drafting [0], but instead simply threw a substantially
modified version of the SS Public License over the wall again to "see if this
one sticks" instead.

Such a situation, of course, would have been an irrecoverable disaster for
any normal inbound=outbound FLOSS project.  The only reason the situation
*might* be salvageable here is that MongoDB is completely opposed to putting
themselves on equal footing with their users; they refuse to even be bound by
the terms of the SS Public License themselves.  But that itself points at
another vector of deep flaws that should lead us to conclude the situation
with MongoDB and their unilateral licensing changes is likely hopeless.

I renew my call for an outright rejection of the SS Public License by OSI on
procedural grounds.  OSI should ask for MongoDB to allow for time -- which
should be counted in years, not days -- for license vetting by the broader
FLOSS community, of which license-review is just a tiny subset.

  * * *

As an undergraduate in the early 1990s, one evening I was complaining to my
roommate, Michael Tietjen, about the inefficiency of legislative bodies like
the US Congress -- arguing that so much time was wasted while nothing was
accomplished.  Tietjen countered with an excellent argument which immediately
convinced me to change my position: no one should live in a society where
the laws can change overnight; laws should be reasonably predictable by the
populace to plan their lives.  Changes in laws need time to propagate before
promulgation, so they're well understood before they are enacted.

FLOSS licenses often serve as the de-facto laws of our community.  Licensing
changes to projects should be planned, discussed by all stakeholders as
equals, and have ample time to gestate.  MongoDB has done the opposite here:
whipsawing changes to actual legal terms of an actual project faster than the
community can effectively digest them and plan.  After doing so twice, MongoDB
twice came asking OSI for a fast, post-hoc rubber stamp.  We've already
collectively given MongoDB too much of our valuable time on their preferred
schedule.  We shouldn't adhere to their unreasonable schedule anymore.

MongoDB, if you want to regain at least some of the credibility you've lost,
please do the right thing and withdraw your submission to license-review, and
come back in one year with a license draft that's had the bare minimum of time
to develop, grow, and receive adequate feedback from the broader FOSS community.


[1] It's been made clear by OSI officers that license-review is *not* a place
    designed for license drafting work, but rather is for evaluation of
    licenses that have already been through a thorough drafting process.

--
Bradley M. Kuhn

Pls. support the charity where I work, Software Freedom Conservancy:
https://sfconservancy.org/supporter/



More information about the License-review mailing list