www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henri Yandell <bay...@apache.org>
Subject Re: Proposal: Apache Third Party License Policy
Date Sun, 10 May 2015 23:16:40 GMT
On Sun, May 10, 2015 at 11:32 AM, Lawrence Rosen <lrosen@rosenlaw.com>

> DRAFT: Apache Third Party License Policy (May 10, 2015)
> Apache projects have long been *universal donors* to many other software
> projects around the world. We are proud of that. We intend to continue that
> tradition by requiring that all software aggregations distributed by Apache
> Software Foundation will be licensed to the public under the *Apache
> License 2.0*. This means that all of our licensees around the world are
> free to:
> ·         Use Apache software for any purpose.
> ·         Make and distribute copies.
> ·         Create and distribute derivative works.
> ·         Access and use the source code.
> ·         Combine Apache and other software.
> In order to foster our Foundation community ethic to ensure the widest
> free participation in the open source software community, Apache has now
> decided to become also a *universal acceptor* of other open source
> software licensed to us from around the world.
> When technically appropriate for that software in the judgment of the PMC,
> Apache projects may accept contributions under ANY OSI-approved open source
> license.

In practice this should be more generic than 'ANY OSI-approved'; i.e. there
should be a list of acceptable licenses which starts with "Any
OSI-approved' as the first item in the list. I wonder what wouldn't be on a
"you can incorporate" list.

> Such software may now be included in Apache aggregations that, as
> described above, will be licensed to the public under *Apache License 2.0*
> .

Does 'included' include 'requires'? Example being maven/rubygem/pypi builds
that install 3rd party software behind the scenes, and from a 3rd party,
due to instructions from an Apache product?

> Because Apache projects may now incorporate third party open source
> software into our software aggregations, we have added the following
> procedures for Apache software releases:
·         Because all Apache project contributions will be licensed to
> Apache under an OSI-approved open source license, the above list of five
> fundamental software freedoms continues to apply to all Apache software.
> Downstream users and re-distributors of Apache software can continue to
> incorporate all of our open source software into their own products
> *unmodified* without incurring any special derivative work reciprocity
> obligations.
I think you should emphasize the last 8 words. For Apache, those are more
important than the unmodified. We open source everything, so having to open
source a small amount under a different license isn't a huge deal. Finding
that the primary Apache licensed source is under a different license is a
much bigger deal.

> ·         All releases containing any non-Apache open source licensed
> contributions will be explicitly identified in a NOTICE file that our
> projects will create. The PMC is responsible to ensure that the text in the
> NOTICE file expressly satisfies the notice and disclosure requirements of
> all relevant contribution licenses.

Presumably they will also provide the 3rd party source when required to?
Will that be within the Apache source or should infra and/or legal pmc
manage a separate download location for required 3rd party source?

> ·         *Modifiers* and re-distributors of Apache software will now
> need to read the NOTICE files to determine whether they have any derivative
> work reciprocity requirements for specific contributions.
I recommend having Infra and/or Legal PMC automate a requirement that every
download must have a NOTICE file. Including jar files or other binaries
sent to 3rd party download locations.

> You may influence the inclusion or exclusion of specific third party
> contributions under OSI-approved licenses by joining the Apache project.
> All such decisions are made by Apache projects in public.

'contributions' seems odd here. I'd read that as a change to an Apache
owned piece of code, not aggregation of some other license.

If this is specific to Apache Open Office and MPL 2.0, why not start by
putting something in place specific for that project and license


View raw message