[License-review] Approval: Server Side Public License, Version 1 (SSPL v1)

Sat Oct 20 15:19:16 UTC 2018

Having thought more about this and the way that the SSPL FAQ reads I would recommend that the OSI continue to evaluate whether SSPL violates the OSD even if withdrawn.  And if it does, to make it clear that it does violate the OSD.

Otherwise their SSPL FAQ would read like the CC0 FAQ in that it was submitted but later withdrawn but they believe it to meet the OSD and therefore implies it is open source since it was never explicitly rejected.

While there was disagreement on CC0 on the patent clause there was debate and it is a FOSS license as CC0 has FSF approval.  

SSPL does not appear likely to pass but Mongo has already switched to it and implies it is open source even before the 60 days have run out partly under the “we submitted it to the OSI” banner.  Should it sit in limbo then they can continue to state this.  Should they withdraw the license they can say “we withdrew it just like CC0 which is open source”.

Maybe I’m paranoid but I really disliked the spin in the FAQ and the fact that they switched licenses already without either FSF or OSI approving the SSPL as FOSS.

Developers don’t always pay attention and given they have stated any updates to older versions moving forward are SSPL a developer just grabbing a security update suddenly means you’re not under AGPL anymore but SSPL.

That’s NOT operating in good faith as an “open source company”.  Which isn’t in their core values page anyway.

https://www.mongodb.com/company#core-values

I found nothing obvious about the license change on the download pages but I was surfing it with my phone.  Other than the press release and the activity here it appears to be a silent change.  Maybe if I downloaded it I would get a banner or something but I’m on my phone.

Sent from my iPhone

> On Oct 18, 2018, at 3:19 PM, Jim Jagielski <jim at jaguNET.com> wrote:
> 
> Well said. And if I had any standing, I'd vote +1 in response.
> 
>> On Oct 17, 2018, at 2:52 AM, Bradley M. Kuhn <bkuhn at ebb.org> wrote:
>> 
>> Richard Fontana came by IRC channels to find me today noting:
>>>> * fontana is curious to know bkuhn's thoughts on the MongoDB license
>> 
>> I missed him, but later opened license-review folder and found three posts
>> from him on the thread, so I will simply reply to his request here.
>> 
>> I frankly think the OSI should not waste its time reviewing a license like
>> this.  This is not simply another slightly-differently-worded,
>> obviously-Open-Source highly-permissive license that needs an OSI rubber
>> stamp.  By contrast, MongoDB's license (and their submission to OSI on the
>> same day of publication) is a campaign by a well-resourced for-profit company
>> to reframe what copyleft is.
>> 
>> A decade ago, the Affero GPL, authored by a small charity, was hotly debated
>> in the community, and there was lobbying to oppose its approval by OSI.
>> OSI took many months to decide about AGPL (November to
>> March), and while I don't think license committee discussion of that era are
>> archived publicly, I assume it was a complex topic for consideration, even
>> though Affero GPL had been promulgated in draft form for comment for years
>> before, and discussed rather extensively as part of FSF's public and lengthy
>> GPLv3 process.  In other words, even after many years of public discussion to
>> consider whether the Affero clause fit the OSD, the OSI still needed months
>> to think about it one last time.
>> 
>> MongoDB had no public process for this license.  Experts in copyleft
>> licensing were not asked for input before the license was officially
>> released.  The OSI was (apparently) not included early in the drafting
>> process as OSI has been when other copylefts (e.g., GPL, MPL).
>> Moreover, as others have mentioned in this thread, this license is
>> essentially a modified version of a license under the purview of another
>> steward who publicly urges license drafters to *not* do what MongoDB did.
>> 
>> Copyleft licenses are a different breed, and there is clever (and
>> difficult-to-interpret) drafting in the OSD to allow copyleft licenses to
>> qualify.  I think it's totally reasonable that OSI needs a higher standard
>> for copylefts than other types of licenses.
>> 
>> Furthermore, I think it is completely reasonable for the OSI to reject a
>> license review request not necessarily for the content of the license, but
>> on grounds that a public process of comment and discussion were not used to
>> draft a license containing a major policy change in FOSS licensing.  The
>> copyleft community has evolved from a single drafter vetting the drafts
>> through a single law firm (as RMS did for the Emacs Public License, GPLv1
>> and GPLV2), to a community process.  copyleft-next should be the standard,
>> and license stewards of copyleft licenses should be required to explain
>> why they *didn't* follow a process similar to copyleft-next's process as
>> part of their application to OSI.
>> 
>> I therefore suggest the OSI ask MongoDB to withdraw its submission, and ask
>> MongoDB to go back and engage in a public comment and drafting process.
>> --
>> Bradley M. Kuhn
>> 
>> Pls. support the charity where I work, Software Freedom Conservancy:
>> https://sfconservancy.org/supporter/
>> 
>> _______________________________________________
>> License-review mailing list
>> License-review at lists.opensource.org
>> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
> 
> 
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20181020/a9d4de67/attachment.html>