Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm
Precedence: bulk
Reply-To: legal-discuss@apache.org
MIME-Version: 1.0
In-Reply-To: <1a9b01d08b4f$9cd64630$d682d290$@rosenlaw.com>
References: <1a9b01d08b4f$9cd64630$d682d290$@rosenlaw.com>
Date: Sun, 10 May 2015 16:16:40 -0700
Message-ID: 
 <CALGG8z1xg8X1D=9TjpCmDzP+eqQXKu_5S_PDAk3jqdbL03PoUg@mail.gmail.com>
Subject: Re: Proposal: Apache Third Party License Policy
From: Henri Yandell <bayard@apache.org>
To: Lawrence Rosen <lrosen@rosenlaw.com>
Cc: ASF Legal Discuss <legal-discuss@apache.org>
Content-Type: multipart/alternative; boundary=001a1144bc0c3262290515c2740e

--001a1144bc0c3262290515c2740e
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Sun, May 10, 2015 at 11:32 AM, Lawrence Rosen <lrosen@rosenlaw.com>
wrote:

> DRAFT: Apache Third Party License Policy (May 10, 2015)
>
>
>
> Apache projects have long been *universal donors* to many other software
> projects around the world. We are proud of that. We intend to continue th=
at
> tradition by requiring that all software aggregations distributed by Apac=
he
> Software Foundation will be licensed to the public under the *Apache
> License 2.0*. This means that all of our licensees around the world are
> free to:
>
>
>
> =C2=B7         Use Apache software for any purpose.
>
> =C2=B7         Make and distribute copies.
>
> =C2=B7         Create and distribute derivative works.
>
> =C2=B7         Access and use the source code.
>
> =C2=B7         Combine Apache and other software.
>
>
>
> In order to foster our Foundation community ethic to ensure the widest
> free participation in the open source software community, Apache has now
> decided to become also a *universal acceptor* of other open source
> software licensed to us from around the world.
>
>
>
> When technically appropriate for that software in the judgment of the PMC=
,
> Apache projects may accept contributions under ANY OSI-approved open sour=
ce
> license.
>

In practice this should be more generic than 'ANY OSI-approved'; i.e. there
should be a list of acceptable licenses which starts with "Any
OSI-approved' as the first item in the list. I wonder what wouldn't be on a
"you can incorporate" list.


> Such software may now be included in Apache aggregations that, as
> described above, will be licensed to the public under *Apache License 2.0=
*
> .
>

Does 'included' include 'requires'? Example being maven/rubygem/pypi builds
that install 3rd party software behind the scenes, and from a 3rd party,
due to instructions from an Apache product?


>
>
> Because Apache projects may now incorporate third party open source
> software into our software aggregations, we have added the following
> procedures for Apache software releases:
>
=C2=B7         Because all Apache project contributions will be licensed to
> Apache under an OSI-approved open source license, the above list of five
> fundamental software freedoms continues to apply to all Apache software.
> Downstream users and re-distributors of Apache software can continue to
> incorporate all of our open source software into their own products
> *unmodified* without incurring any special derivative work reciprocity
> obligations.
>
>
I think you should emphasize the last 8 words. For Apache, those are more
important than the unmodified. We open source everything, so having to open
source a small amount under a different license isn't a huge deal. Finding
that the primary Apache licensed source is under a different license is a
much bigger deal.


>
>
> =C2=B7         All releases containing any non-Apache open source license=
d
> contributions will be explicitly identified in a NOTICE file that our
> projects will create. The PMC is responsible to ensure that the text in t=
he
> NOTICE file expressly satisfies the notice and disclosure requirements of
> all relevant contribution licenses.
>
>
>

Presumably they will also provide the 3rd party source when required to?
Will that be within the Apache source or should infra and/or legal pmc
manage a separate download location for required 3rd party source?


> =C2=B7         *Modifiers* and re-distributors of Apache software will no=
w
> need to read the NOTICE files to determine whether they have any derivati=
ve
> work reciprocity requirements for specific contributions.
>
>
I recommend having Infra and/or Legal PMC automate a requirement that every
download must have a NOTICE file. Including jar files or other binaries
sent to 3rd party download locations.


>
>
> You may influence the inclusion or exclusion of specific third party
> contributions under OSI-approved licenses by joining the Apache project.
> All such decisions are made by Apache projects in public.
>

'contributions' seems odd here. I'd read that as a change to an Apache
owned piece of code, not aggregation of some other license.

If this is specific to Apache Open Office and MPL 2.0, why not start by
putting something in place specific for that project and license
combination.

Hen

--001a1144bc0c3262290515c2740e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><div class=3D"gmail_quo=
te">On Sun, May 10, 2015 at 11:32 AM, Lawrence Rosen <span dir=3D"ltr">&lt;=
<a href=3D"mailto:lrosen@rosenlaw.com" target=3D"_blank">lrosen@rosenlaw.co=
m</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margi=
n:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link=3D"#056=
3C1" vlink=3D"#954F72" lang=3D"EN-US"><div><p class=3D"MsoNormal"><span sty=
le=3D"font-size:12.0pt;color:black">DRAFT: Apache Third Party License Polic=
y (May 10, 2015)<u></u><u></u></span></p><p class=3D"MsoNormal"><span style=
=3D"font-size:12.0pt;color:black"><u></u>=C2=A0<u></u></span></p><p class=
=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:black">Apache projects=
 have long been <b><i>universal donors</i></b><i> </i>to many other softwar=
e projects around the world. We are proud of that. We intend to continue th=
at tradition by requiring that all software aggregations distributed by Apa=
che Software Foundation will be licensed to the public under the <b>Apache =
License 2.0</b>. This means that all of our licensees around the world are =
free to:<u></u><u></u></span></p><p class=3D"MsoNormal"><span style=3D"font=
-size:12.0pt;color:black"><u></u>=C2=A0<u></u></span></p><p><u></u><span st=
yle=3D"font-size:12.0pt;font-family:Symbol;color:black"><span>=C2=B7<span s=
tyle=3D"font:7.0pt &quot;Times New Roman&quot;">=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0 </span></span></span><u></u><span style=3D"font-size:=
12.0pt;color:black">Use Apache software for any purpose.<u></u><u></u></spa=
n></p><p><u></u><span style=3D"font-size:12.0pt;font-family:Symbol;color:bl=
ack"><span>=C2=B7<span style=3D"font:7.0pt &quot;Times New Roman&quot;">=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span></span></span><u></u><=
span style=3D"font-size:12.0pt;color:black">Make and distribute copies.<u><=
/u><u></u></span></p><p><u></u><span style=3D"font-size:12.0pt;font-family:=
Symbol;color:black"><span>=C2=B7<span style=3D"font:7.0pt &quot;Times New R=
oman&quot;">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span></span>=
</span><u></u><span style=3D"font-size:12.0pt;color:black">Create and distr=
ibute derivative works.<u></u><u></u></span></p><p><u></u><span style=3D"fo=
nt-size:12.0pt;font-family:Symbol;color:black"><span>=C2=B7<span style=3D"f=
ont:7.0pt &quot;Times New Roman&quot;">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0 </span></span></span><u></u><span style=3D"font-size:12.0pt;co=
lor:black">Access and use the source code.<u></u><u></u></span></p><p><u></=
u><span style=3D"font-size:12.0pt;font-family:Symbol;color:black"><span>=C2=
=B7<span style=3D"font:7.0pt &quot;Times New Roman&quot;">=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span></span></span><u></u><span style=
=3D"font-size:12.0pt;color:black">Combine Apache and other software.<u></u>=
<u></u></span></p><p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;co=
lor:black"><u></u>=C2=A0<u></u></span></p><p class=3D"MsoNormal"><span styl=
e=3D"font-size:12.0pt;color:black">In order to foster our Foundation commun=
ity ethic to ensure the widest free participation in the open source softwa=
re community, Apache has now decided to become also a <b><i>universal accep=
tor</i></b> of other open source software licensed to us from around the wo=
rld. <u></u><u></u></span></p><p class=3D"MsoNormal"><span style=3D"font-si=
ze:12.0pt;color:black"><u></u>=C2=A0<u></u></span></p><p class=3D"MsoNormal=
"><span style=3D"font-size:12.0pt;color:black">When technically appropriate=
 for that software in the judgment of the PMC, Apache projects may accept c=
ontributions under ANY OSI-approved open source license. </span></p></div><=
/div></blockquote><div><br></div><div>In practice this should be more gener=
ic than &#39;ANY OSI-approved&#39;; i.e. there should be a list of acceptab=
le licenses which starts with &quot;Any OSI-approved&#39; as the first item=
 in the list. I wonder what wouldn&#39;t be on a &quot;you can incorporate&=
quot; list. <br><br></div><div>=C2=A0</div><blockquote class=3D"gmail_quote=
" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><=
div link=3D"#0563C1" vlink=3D"#954F72" lang=3D"EN-US"><div><p class=3D"MsoN=
ormal"><span style=3D"font-size:12.0pt;color:black">Such software may now b=
e included in Apache aggregations that, as described above, will be license=
d to the public under <b>Apache License 2.0</b>.</span></p></div></div></bl=
ockquote><div><br></div><div>Does &#39;included&#39; include &#39;requires&=
#39;? Example being maven/rubygem/pypi builds that install 3rd party softwa=
re behind the scenes, and from a 3rd party, due to instructions from an Apa=
che product?<br></div><div>=C2=A0</div><blockquote class=3D"gmail_quote" st=
yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div =
link=3D"#0563C1" vlink=3D"#954F72" lang=3D"EN-US"><div><p class=3D"MsoNorma=
l"><span style=3D"font-size:12.0pt;color:black"><u></u><u></u></span></p><p=
 class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:black"><u></u>=
=C2=A0<u></u></span></p><p class=3D"MsoNormal"><span style=3D"font-size:12.=
0pt;color:black">Because Apache projects may now incorporate third party op=
en source software into our software aggregations, we have added the follow=
ing procedures for Apache software releases:</span> <br></p></div></div></b=
lockquote><span style=3D"font-size:12.0pt;color:black"></span><blockquote c=
lass=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;=
padding-left:1ex"><div link=3D"#0563C1" vlink=3D"#954F72" lang=3D"EN-US"><d=
iv><p><u></u><span style=3D"font-size:12.0pt;font-family:Symbol;color:black=
"><span>=C2=B7<span style=3D"font:7.0pt &quot;Times New Roman&quot;">=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span></span></span><u></u><spa=
n style=3D"font-size:12.0pt;color:black">Because all Apache project contrib=
utions will be licensed to Apache under an OSI-approved open source license=
, the above list of five fundamental software freedoms continues to apply t=
o all Apache software. Downstream users and re-distributors of Apache softw=
are can continue to incorporate all of our open source software into their =
own products <b><u>unmodified</u></b> without incurring any special derivat=
ive work reciprocity obligations.<u></u><u></u></span></p><p class=3D"MsoNo=
rmal"><span style=3D"font-size:12.0pt;color:black"><u></u></span></p></div>=
</div></blockquote><div><br></div><div>I think you should emphasize the las=
t 8 words. For Apache, those are more important than the unmodified. We ope=
n source everything, so having to open source a small amount under a differ=
ent license isn&#39;t a huge deal. Finding that the primary Apache licensed=
 source is under a different license is a much bigger deal. <br></div><div>=
=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;bo=
rder-left:1px #ccc solid;padding-left:1ex"><div link=3D"#0563C1" vlink=3D"#=
954F72" lang=3D"EN-US"><div><p class=3D"MsoNormal"><span style=3D"font-size=
:12.0pt;color:black">=C2=A0<u></u></span></p><p><u></u><span style=3D"font-=
size:12.0pt;font-family:Symbol;color:black"><span>=C2=B7<span style=3D"font=
:7.0pt &quot;Times New Roman&quot;">=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0 </span></span></span><u></u><span style=3D"font-size:12.0pt;color=
:black">All releases containing any non-Apache open source licensed contrib=
utions will be explicitly identified in a NOTICE file that our projects wil=
l create. The PMC is responsible to ensure that the text in the NOTICE file=
 expressly satisfies the notice and disclosure requirements of all relevant=
 contribution licenses.<u></u><u></u></span></p><p class=3D"MsoNormal"><spa=
n style=3D"font-size:12.0pt;color:black"><u></u>=C2=A0</span></p></div></di=
v></blockquote><div><br></div><div>Presumably they will also provide the 3r=
d party source when required to? Will that be within the Apache source or s=
hould infra and/or legal pmc manage a separate download location for requir=
ed 3rd party source?<br></div><div>=C2=A0</div><blockquote class=3D"gmail_q=
uote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1e=
x"><div link=3D"#0563C1" vlink=3D"#954F72" lang=3D"EN-US"><div><p class=3D"=
MsoNormal"><span style=3D"font-size:12.0pt;color:black"><u></u></span></p><=
p><u></u><span style=3D"font-size:12.0pt;font-family:Symbol;color:black"><s=
pan>=C2=B7<span style=3D"font:7.0pt &quot;Times New Roman&quot;">=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </span></span></span><u></u><b><u><=
span style=3D"font-size:12.0pt;color:black">Modifiers</span></u></b><span s=
tyle=3D"font-size:12.0pt;color:black"> and re-distributors of Apache softwa=
re will now need to read the NOTICE files to determine whether they have an=
y derivative work reciprocity requirements for specific contributions. <u><=
/u><u></u></span></p><p class=3D"MsoNormal"><span style=3D"font-size:12.0pt=
;color:black"><u></u></span></p></div></div></blockquote><div><br></div><di=
v>I recommend having Infra and/or Legal PMC automate a requirement that eve=
ry download must have a NOTICE file. Including jar files or other binaries =
sent to 3rd party download locations. <br></div><div>=C2=A0</div><blockquot=
e class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc sol=
id;padding-left:1ex"><div link=3D"#0563C1" vlink=3D"#954F72" lang=3D"EN-US"=
><div><p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:black">=
=C2=A0<u></u></span></p><p class=3D"MsoNormal"><span style=3D"font-size:12.=
0pt;color:black">You may influence the inclusion or exclusion of specific t=
hird party contributions under OSI-approved licenses by joining the Apache =
project. All such decisions are made by Apache projects in public.<u></u><u=
></u></span></p></div></div></blockquote></div><br></div><div class=3D"gmai=
l_extra">&#39;contributions&#39; seems odd here. I&#39;d read that as a cha=
nge to an Apache owned piece of code, not aggregation of some other license=
.<br><br></div><div class=3D"gmail_extra">If this is specific to Apache Ope=
n Office and MPL 2.0, why not start by putting something in place specific =
for that project and license combination. <br></div><div class=3D"gmail_ext=
ra"><br></div><div class=3D"gmail_extra">Hen<br><br></div></div>

--001a1144bc0c3262290515c2740e--