[License-review] Legacy license suggestion: CDDL 1.1

[Richard Fontana]

On Thu, May 15, 2025 at 12:56 PM Josh Berkus <josh.berkus at opensource.org> wrote:
>
> On 5/2/25 15:36, Warner, Brian (TS3K) via License-review wrote:
> > 2. Section 6.3 is new: "If You assert a patent infringement claim against Participant alleging that the Participant Software directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license."
> > 3. Section 7 is changed to remove the words "LOST PROFITS"
> > 4. A choice of venue was added: "NOTICE PURSUANT TO SECTION 9 OF THE COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL)
> > The code released under the CDDL shall be governed by the laws of the State of California (excluding conflict-of-law provisions). Any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California and the state courts of the State of California, with venue lying in Santa Clara County, California."
>
> So, reviewers, I can't see a way in my layman's reading that these
> changes make CDDL 1.1 not OSD-compliant.  Is there something I'm missing
> in the technical meaning of the language?
>
> I know we don't like choice-of-venue clauses, but in the past we've
> ruled that they are not OSD-violating, particularly for legacy licenses.

I would consider it OSD compliant.

Noting an issue that might otherwise get overlooked if this is
approved: In ancient times (~2006?) the OSI included CDDL 1.0 on its
list of "licenses that are popular and widely used or with strong
communities", a designation that came out ot the OSI's anti-license
proliferation initiative. The OSI continued to maintain this list and
as far as I understand still does so today (see e.g.
https://opensource.org/licenses?categories=popular-strong-community)

But in maintaining this list, the OSI treated steward-updates to
licenses inconsistently. It changed MPL 1.1 to MPL 2.0 and EPL 1.0 to
EPL 2.0, but it did not treat GPL and LGPL similarly - all approved
versions of GPL and LGPL continue to be designated as "popular and
widely used or with strong communities". This is possibly justifiable
given that the pre-v3 versions of the GPL and LGPL are probably at
least as widely used including by relatively new projects as the v3
versions, while the introduction of the 2.0 versions of MPL and EPL
probably had the effect of largely ending active use of MPL 1.1 and
EPL 1.0.  Then again this may expose a problem inherent in conferring
this status on MPL and EPL, which I think was, in reality, a
recognition of the political significance of the Mozilla and Eclipse
foundations and project communities more than a well-founded
determination that those licenses were ever "popular" in some
reasonable sense that matches the sense in which the (L)GPL and MIT
and BSD(2/3-clause) licenses were and are.

That brings us to CDDL, which I have always thought was the most
puzzling member of the popular and widely-used or with strong
communities list. I know *why* CDDL 1.0 was included in ~2006, it was
because at that moment in history Sun seemed to be releasing a fairly
significant number of projects under CDDL. However, that development
basically ended within a few years when Oracle acquired Sun and while
there are a small number of significant maintained projects that use
CDDL 1.0 today they are all basically forks of old Sun projects that
have no likelihood of ever migrating to CDDL 1.1, which as far as I
know isn't even used by Oracle anymore. All this is to say that I
would think the OSI should not update CDDL 1.0 to CDDL 1.1 on that
list the way it did for MPL and EPL. It would probably be better to
just get rid of that list since it's probably based on dubious or at
least outdated assumptions, political judgments and data, or to
replace it with something more objectively determined.

Richard