www-legal-discuss mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@gbiv.com>
Subject Re: Non OSI approved licenses
Date Wed, 03 May 2017 18:50:24 GMT
> On May 3, 2017, at 5:54 AM, Christopher <ctubbsii@apache.org> wrote:
> For what it's worth, the *only* reason I initially considered ALv2 for my own projects
and recommended it to my employer for theirs, before I started contributing to Apache software,
was because it was approved by both OSI and FSF. I doubt I'm not alone in that.

There are a lot of people who think that way, now. ALv2 did not start as an OSI
approved license. OSI didn't even think we had cause to create a new license.
They have since understood that there is more to open source than copyright.

> These groups are excellent proxies for what is "well-known" and "widely accepted" (I'm
not aware of a better source, anyway). If those qualities matter at all to the ASF, then it
makes sense to strongly prefer licenses approved by these groups over legally-equivalent ones
which are relatively unknown. (Admittedly, I don't know what form this "preference" should
> I think any decision we make to restrict (or just "prefer") another group's approved
licenses is still our own decision. So, I don't think it makes them them the "license arbiter
for Apache" any more than the choice to follow the Google Style Guide makes Google the style
arbiter or the choice to follow Semver 2.0.0 makes semver.org <http://semver.org/> the
API arbiter.

We just went though an actual, real-world example in which that statement would
be factually incorrect.  The ACE license is not OSI-approved, for no other reason
than it is a legacy, project-specific variant of BSD.  Jim suggested we forbid its inclusion
in an Apache software release based solely on the fact that OSI had not approved
that specific license.

What Apache distributes in our source releases is entirely covered by the terms
of the Apache License 2.0, whether or not specific files within those products
have terms that are *subsets* of those in ALv2.  We satisfy the individual license
terms by the contents of LICENSE and NOTICE files, and require those file
contents to remain (if applicable) in all downstream distributions.

What other companies receive from the ASF is a package under the Apache License.
This is us, the ASF, telling the world that the entire package can be redistributed
under the terms of the Apache License NO MATTER WHAT is enclosed in the
package.  Period.  It is our responsibility to ensure that statement is true, not OSI's.
Companies trust Apache far more than they trust OSI.

Lawyers understand that concept, just fine, since traditional software licensing
occurs as master licenses by one corporation, regardless of how many components
developed by multiple entities might be in the package being licensed.


View raw message