www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: Non OSI approved licenses
Date Wed, 03 May 2017 21:51:12 GMT
> On May 3, 2017, at 2:30 PM, Christopher <ctubbsii@apache.org> wrote:
> On Wed, May 3, 2017 at 2:50 PM Roy T. Fielding <fielding@gbiv.com <mailto:fielding@gbiv.com>>
>> On May 3, 2017, at 5:54 AM, Christopher <ctubbsii@apache.org <mailto:ctubbsii@apache.org>>
>> For what it's worth, the *only* reason I initially considered ALv2 for my own projects
and recommended it to my employer for theirs, before I started contributing to Apache software,
was because it was approved by both OSI and FSF. I doubt I'm not alone in that.
> There are a lot of people who think that way, now. ALv2 did not start as an OSI
> approved license. OSI didn't even think we had cause to create a new license.
> They have since understood that there is more to open source than copyright.
> "There are a lot of people who think that way" - Yes, that's my point: this is the present
reality we must consider.

We have considered it.

>> These groups are excellent proxies for what is "well-known" and "widely accepted"
(I'm not aware of a better source, anyway). If those qualities matter at all to the ASF, then
it makes sense to strongly prefer licenses approved by these groups over legally-equivalent
ones which are relatively unknown. (Admittedly, I don't know what form this "preference" should
>> I think any decision we make to restrict (or just "prefer") another group's approved
licenses is still our own decision. So, I don't think it makes them them the "license arbiter
for Apache" any more than the choice to follow the Google Style Guide makes Google the style
arbiter or the choice to follow Semver 2.0.0 makes semver.org <http://semver.org/> the
API arbiter.
> We just went though an actual, real-world example in which that statement would
> be factually incorrect.  The ACE license is not OSI-approved, for no other reason
> than it is a legacy, project-specific variant of BSD.  Jim suggested we forbid its inclusion
> in an Apache software release based solely on the fact that OSI had not approved
> that specific license.
> I understand the example, but I don't think it makes what I was saying incorrect. All
I was saying here is that following Jim's suggestion would not result in any loss of autonomy,
because that would still be our decision... and one we could reverse if we felt like it.

Umm, any choice of an arbiter would obviously be reversible.  That doesn't justify
making the choice in the first place.

> As for Jim's suggestion itself, I don't know whether I agree with him or not. What I
do know is that using other licenses has consequences for adoption and community growth, and
IMO people (ASF and otherwise) should avoid them when possible, if they think those consequences
might be significant.
> I'm more in agreement with wrowe in:
> "The ASF organization is simply the best judge of what licenses
> are compatible and which are incompatible with the AL 2.0, but
> once that JIRA ticket is evaluated as compatible, it's back to the
> PMC's hands whether the OSI recognition is important or not."
> and also:
> "-1 for adding more marketing text to NOTICE/LICENSE/README"
> What Apache distributes in our source releases is entirely covered by the terms
> of the Apache License 2.0, whether or not specific files within those products
> have terms that are *subsets* of those in ALv2.  We satisfy the individual license
> terms by the contents of LICENSE and NOTICE files, and require those file
> contents to remain (if applicable) in all downstream distributions.
> What other companies receive from the ASF is a package under the Apache License.
> This is us, the ASF, telling the world that the entire package can be redistributed
> under the terms of the Apache License NO MATTER WHAT is enclosed in the
> package.  Period.  It is our responsibility to ensure that statement is true, not OSI's.
> Companies trust Apache far more than they trust OSI.
> According to https://www.apache.org/legal/ <https://www.apache.org/legal/>, "Sadly,
we are unable to offer legal opinions or advice to the public."
> I've heard this elsewhere as "the ASF does not provide legal advice to the public; please
consult a lawyer for specific legal advice".

We do not provide advice for contexts outside the ASF.  Of course, we do have lawyers
that work on behalf of the ASF.  There's a difference.

> The ASF can say whatever it wants about our software licenses' compatibility and that
its conditions subsume that of another license. In the end, this is nothing more than our
own opinion. And, it would be irresponsible for companies to simply take our word for it.
In fact, we explicitly suggest they *don't* take our word for it. Isn't that what we mean
by the above statements about not providing legal advice to the public?


Honestly, I have no time for this today.   Perhaps we can have a nice discussion over
a good meal some time and I can explain what all those statements mean.


View raw message