www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marvin Humphrey <mar...@rectangular.com>
Subject Re: Simplfying requirements for LICENSE and NOTICE
Date Tue, 09 Feb 2016 13:54:35 GMT
On Tue, Feb 9, 2016 at 3:38 AM, Jim Jagielski <jim@jagunet.com> wrote:

> Martin states, quite w/o validation that I can find, that the confusion
> which may or may not exist are "not solvable through improved
> documentation".

If you want to see confusion, audit TLP NOTICE files and see how many of them
conform to our recommendations.

I don't blame our TLP contributors, though. This is a policy problem, not an
execution problem.  We're asking software developers to do lawyer's work.
That's unreasonable.

> He then proposes another process, defined by documentation.

The proposed remedy is a policy change: stop building LICENSE and NOTICE
freeform and instead represent dependencies and their licensing information as
structured data.

> LICENSE and NOTICE are there for a reason. There is now a common
> precedent, esp related to ASF projects, what people should look
> for in LICENSE and NOTICE. We specifically call out important
> bits to be there, since these are the bits we are required to
> convey as well as the bits that people who use/consume/leverage
> our code look for.

OK, I can see the utility of maintaining the existing traditions of LICENSE

To satisfy that requirement, the list of dependencies can be put in machine
readable form and LICENSE and NOTICE can be autogenerated.  Both SPDX and
Apache Whisker offer possible approaches.

> I am all for simplification; I am all for better documentation;
> I am not for a substantial change to where we document and
> place these important bits, and have done so for many many years,
> based on an unproven assumption that better documentation won't
> "fix" the "problem"

This has come to a head because of mounting frustration in the Incubator over
our collective inability to produce conformant LICENSE and NOTICE files
consistently, despite enormous effort.  Additional documentation has been
proposed, but we're already drowning in documentation.  It seems to me that
the task of interpreting and excerpting dependency licensing is beset with
essential complexity rather than accidental complexity[1], and that it is thus
impractical to document our way out of this situation.

Marvin Humphrey

[1] https://en.wikipedia.org/wiki/No_Silver_Bullet

To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org
For additional commands, e-mail: legal-discuss-help@apache.org

View raw message