back to article Bruce Perens quits Open Source Initiative amid row over new data-sharing crypto license: 'We've gone the wrong way with licensing'

Last year, lawyer Van Lindberg drafted a software license called the Cryptographic Autonomy License (CAL) on behalf of distributed development platform Holo – and submitted it to the Open Source Initiative (OSI) for approval as an Open Source Definition-compliant (OSD) license. The debate over whether or not to approve the …

  1. This post has been deleted by its author

  2. keithzg

    Admittedly a fan of a new license

    While I definitely agree that license proliferation is a bad thing, I find myself actually being an advocate of a fairly new license: Copyleft-next.

    https://spdx.org/licenses/copyleft-next-0.3.0.html

    One of the nice things about it is that it's actually nicely short and readable, while nonetheless containing basically the entire stipulations of the GPLv3 license, and adds a 15-year sunset after which code released under its license becomes permissively licensed.

    1. doublelayer Silver badge

      Re: Admittedly a fan of a new license

      I don't have an objection to this license per se, but I don't see the merits you have described. It seems about as easy to read as other similarly-sized licenses, and more complex than many shorter ones. Furthermore, I note the following potential problems.

      First, there is a clause allowing the original author to dual-license the thing, letting a proprietary version exist. This may sound fine in that a company is unlikely to pay someone for something they can get for free, but it might also allow them to produce an increasing number of different versions under different licenses that will prove in future to be a pain to reintegrate. Worse still, it's not exactly clear who gets the right to dual license. Theoretically, only the original author gets that right. But since this license applies to all parts of a derived work a la GPL, what happens if I update the work of someone else. I might be able to dual license my additions while keeping the original code open, or I might be in violation if I try. I'm almost certainly not allowed to dual license the whole thing, but if I'm able to dual license my additions, I could be able to effectively nullify the requirement to release them under the same license by applying two licenses and then not distributing a version under the original license.

      Second, you have expressed that you like the sunset clause. That clause reads as follows: "The conditions in sections 2 through 5 no longer apply once fifteen years have elapsed from the date of My first Distribution of My Work under this License." This looks problematic to me. What does "first distribution" mean? If I release an update, does that count as a subsequent distribution of the original thing or does it start the clock over again? These questions may seem pointless, but it's this type of difficulty with licensing that can hamper innovation or rights to source. If I don't know whether or not I can do something, I'm less likely to work on a project, and companies who wish to take open source and turn it proprietary will jump on a license that has problems allowing them more leeway than was originally intended.

      1. Tinslave_the_Barelegged

        Re: Admittedly a fan of a new license

        > allowing the original author to dual-license the thing

        This.

        I once paid a developer of a GPL'ed application quite a substantial sum to include translations.as I was keen to be able to use the software in a trans-national company. The developer duly did the work, which would improve the application's wider applicability, but then chose to dual-license the result, and yes, the code I paid for was in the "pro" version.

      2. heyrick Silver badge

        Re: Admittedly a fan of a new license

        "I'm almost certainly not allowed to dual license the whole thing"

        One day other licences will drop the bullshit and catch up with the EUPL. Read it in the European language of your choice and note the compatibility clause in section 5.

        1. doublelayer Silver badge

          Re: Admittedly a fan of a new license

          As with the last license, after having read the one you mention, I have little objection to its content. However, I see no particular merits to this license and a few annoying aspects. The first is that this license includes many phrases that sound like this: "Nothing in this Licence is intended to deprive the Licensee of the benefits from any exception or limitation to the exclusive rights of the rights owners in the Work, of the exhaustion of those rights or of other applicable limitations thereto." It's reasonably clear what this sentence means, but it is by no means the clearest way to say that and the whole thing is written like this. Compared to the clarity and terseness in many other licenses, this is worse.

          Second, I note the geographic limitation to where this license can be argued; if I produce a work licensed under this in Canada and someone in India violates that license, I can only pursue some types of actions in Canadian or Indian courts, and must pursue some types in Belgian courts. That might never be a major problem, but I see no benefit to the restriction.

    2. overunder Silver badge

      Re: Admittedly a fan of a new license

      Before people settle on pros and cons, take a step back and ask...

      "...distributed peer-to-peer software needs a license that addresses cryptographic key rights"

      Mmmm... does it?

      Medeco has patents and controls on their key blanks, but if you want a blank, you can buy one second hand along with an angle cutter to cut them. It's a pain for the average "peer" as all they want is a copy of the damn key, and not in a few weeks. Meanwhile in those few weeks, the only non-peers with access to YOUR door are the official "distributors" and the so called bad guys until the paperwork is finished.

  3. Denarius Silver badge

    Am I missing something ?

    Too many "open source" licences, : agree. As for this case, what does this software do that ssh shared keys do already ? I await enlightenment if the fires dont keep me busy

    1. Warm Braw Silver badge

      Re: Am I missing something ?

      I was puzzled by this too. However, I think it may be related to the following, if I have understood it correctly (which should not be taken as given)...

      The issue at hand seems to be a sort of peer-to-peer cloud: the intention is that you put some data into it and it gets processed somewhere, perhaps in multiple different places. Other nodes may also get to validate the processing or data to check that participants aren't running rogue software.

      This means that your data may end up in the hands of people you don't know and who you haven't explicitly authorised to receive it. The licence appears to be intended to ensure that, if you run the software, you have a GDPR-like obligation to anyone whose data you have processed.

      It seems to me that the biggest problem here isn't the licence, but the entire concept. Clearly, there's a potential benefit in theory if you can have a sort of Bittorrent for lambda functions which might mean you're not at the mercy of your IoT provider's server infrastructure. Legally and practically, it seems like a complete nightmare - how do you even know who might have seen your data, never mind actually use the software licence (issued by a third party) to enforce your personal rights. And who would want to participate in such a network if they were potentially having to work out whose data they might have and whether any request to access it came from its legitimate owner.

      IAN, fortunately, AL, but this doesn't sound to me like the kind of problem a software licence can usefully resolve.

      1. Rich 2 Silver badge

        Re: Am I missing something ?

        Well you made more sense of it than I managed. Congrats.

        This doesn’t seem like a licensing issue at all to me though - stopping someone spying on your data seems like an issue much too important for a mere license to oversee.

        I’ve never understood the whole OSI thing. Why should anyone give a fig that some self-appointed organisation (because frankly, that’s what it is) deems your license worthy of its approval?

        1. doublelayer Silver badge

          Re: Am I missing something ?

          Having an external critic who can at least review licenses is a little useful for people who don't want to read the text of a long license or who might miss a thing that turns out to have a legal meaning but looks innocuous, and as such they could protect people from an intentionally hobbled license or one flawed by someone's imprecise legal language. It's unimportant to you if they approve of your license, but it could be important if they approve of someone else's license that you're using, and what they think of yours could be important to potential users or developers of your thing.

          That said, since they don't provide answers to various questions because that would be too close to legal advice, their usefulness ends there. The same provisos apply to other major players in the legal side of open source, such as the FSF and the places that actively search for license violations. They have some useful purposes, but it's important to know what they're doing and the many useful things they won't do.

      2. Yes Me Silver badge
        Thumb Up

        Re: Am I missing something ?

        As I understand the following clauses:

        4.2.1. No Withholding User Data

        4.2.2. No Technical Measures that Limit Access

        4.2.3. No Legal or Contractual Measures that Limit Access

        this basically says "you can't screw around your users" if you use the licensed crypto code to encrypt user data. That's pretty powerful, and it's certainly taking an open source licence where no open source licence has travelled before. But it seems to be in the spirit of OSS, extended to user data. I like it.

        Bruce pretending that open source licences mean that developers don't need lawyers is pretty remarkable. Sure, they don't need lawyers to put their code under a given licence. I do it all the time (well, occasionally). But if they get sued, or if someone takes their code and breaks the terms of the licence, they definitely need a lawyer.

        1. doublelayer Silver badge

          Re: Am I missing something ?

          I think the point of not needing a lawyer is that the people writing the code shouldn't need a lawyer to figure out what they are and aren't allowed to do with existing code. Just like you probably wouldn't hire a lawyer to read the terms of service documents, you shouldn't have to before you contribute code to an existing project.

          Take this example, which I recently did. I had an open source project that was a bit fiddly to get running, but less technical users wanted to use. I wanted to package up a version of it in binary form. However, you needed to link with some libraries that were under different open source licenses. Furthermore, I wrote a small skin around the main project to make the process of starting it easier. The following questions could be asked about my final package:

          1. Do I have to list the licenses for all of these libraries somewhere, along with their original source locations? If so, where do I have to put this and do I really have to include four copies of the MIT license that differ only in the copyright line at the top?

          2. What license is my extra code? Am I required to put it under a specific license based on what I'm doing with it? Do I have to set up a repo for what is a very small chunk of code that isn't very important?

          3. Does any part of this cross the line into "derived work", and do any of my licenses have an extra requirement for those?

          Depending on the specific licenses involved, the answers to those questions might not be obvious. Fortunately for me, all the licenses I needed were permissive, so I didn't have to worry that I was violating a more specific one. I think that the original sentiment was that licenses should remain simple enough that questions of this nature can be answered without needing to spend a lot of time considering legal language or checking definitions in legal texts or case law. Admittedly, I don't know if that's a problem we have seen, but I can see the theory of why it might be.

        2. gnasher729 Silver badge

          Re: Am I missing something ?

          Admittedly "Don't use this software to screw your users" is in contradiction to GPL's "use this software any way you like". On the other hand, it's good if you're not allowed to screw your users. So I can very much agree and disagree with Perens.

          1. Anonymous Coward
            Anonymous Coward

            @gnasher729 - Re: Am I missing something ?

            Not so fast, mate! You're doing it wrong. GPL says "use this software any way you like except for screwing your users". See, there's no contradiction here.

            1. Cederic Silver badge

              Re: @gnasher729 - Am I missing something ?

              Hmm, no. GPL lets you use the licenced code to do whatever you choose to your users, unless it relates to the code and software itself.

              Which is why you can embed Linux in your weapon systems, or use GIMP to create advertising, or use ADempiere to manage your Uighur re-education camp.

              That's the thing about freedom. To enjoy it you have to accept its downsides.

              1. DavCrav Silver badge

                Re: @gnasher729 - Am I missing something ?

                "Which is why you can embed Linux in your weapon systems, or use GIMP to create advertising, or use ADempiere to manage your Uighur re-education camp."

                To be fair, in each of these cases the users are not the ones being screwed.

                1. Michael Wojcik Silver badge

                  Re: @gnasher729 - Am I missing something ?

                  Well, you can also embed Linux in sex toys. Then it is the user who's...

          2. Doctor Syntax Silver badge

            Re: Am I missing something ?

            "use this software any way you like"

            Remember that statute law will always override contract law. "Any way you like" will still get you into trouble if what you like happens to be a transgression of the law of the land. It ought to be the latter that provides protection for customers, at least in a consumer environment.

            In a B2B transaction where there is less protection afforded by statute the customers should check the T&Cs, if necessary, run them past their lawyers, and then make a risk assessment before going ahead.

            Trying to extend licence law into areas where there are (or should be) existing protections, at least for consumers is scope creep for an organisation such as OSI. Admittedly I'm looking at this from a European PoV; things may be fuzzier in the US and maybe also in the UK in the future.

  4. Chronos
    Devil

    BSD

    I note with interest than Mr Perens conveniently ignores the three and four clause BSD licences which predate both the OSI and GPL. You really can't get much simpler if you want a lawyer-free experience, although they admittedly don't conform to the idealists' view that a licence should enforce openness of the resulting derivatives.

    Icon, because Beastie, whose position was usurped by a politically correct sex toy/space hopper a few years ago, roughly around the same time pet projects and idealism screwed up the ports system.

    1. NetBlackOps Bronze badge

      Re: BSD

      Yes, I particularly object to the exclusion of the BSD license.

    2. Jamie Jones Silver badge
      Thumb Up

      Re: BSD

      Ahhhh yes, I remember when ports was more than just a plaything for pkg developers...

      There have been some good advances, but some iffy ones, but woe betide anyone who dares have a different opinion... As you say, pet projects and idealism - it's why most of my patches remain local these days :-(

      I totally agree on the space hopper too!

    3. Venerable and Fragrant Wind of Change Bronze badge

      Re: BSD

      Erm, what? Who is ignoring the BSD licence, and how?

      Agreed, BSD is easygoing - though one might argue MIT is better still if you want lawyer-free. But that's nothing to do with this article. And ironically I don't think they're actually lawyer-free at all: rather they're a lawyer's minimum conditions for releasing source while covering an institutional arse against being sued.

      If you mean the "we only need three licences" comment, I read that as making a point about duplication in the proliferation of licences. Not about the licences themselves. I could speculate that it hints at "Apache is the modernised BSD", but to say that's what he meant would be putting words in his mouth. And I wouldn't entirely agree, but then I still think GPLv2 was a work of genius - in part because it kicked off the whole debate, but also because it's a lawyer-free work that's since held up in court against lawyer attacks.

      1. Chronos

        Re: BSD

        If we're going to be pedantic, the WTFPL is much more permissive. Apache does not replace the BSD licence and, for that matter, why the hell everything has to be "modernised" when there's sod-all wrong with it evades my ken.

      2. Anonymous Coward
        Anonymous Coward

        Re: BSD

        GPL V1 was Lawyer Free.For GPL V2 Stallman got a professor of Law from Columbia School of Law to help with the draft. The result has indeed held up in courts in the USA, in the Cherokee Nation (a Native American {Indian}Tribe in Oklahoma in the US which has their own court system in the EU and in several Asian Nations.

  5. LDS Silver badge
    Devil

    When you put ideology into software licenses....

    ... you can't really expect everybody shares your own ideology only.

    1. Anonymous Coward
      Anonymous Coward

      @LDS - Re: When you put ideology into software licenses....

      And this is absolutely normal. Just pick and use the license you feel comfortable with and let others have their choice.

      1. LDS Silver badge

        "And this is absolutely normal"

        Is it? Would you like any good you buy come attached with a string of requirements - which do not have anything to do with the good itself, but only try to assert some kind of principle? What if things start to come with licenses incompatible with each other, so you can't use them together, just because the designer or producer believes he or she could change mankind?

        This could lead to a balkanization of the software landscape (and next who knows what) that can only make it far worse.

        1. JohnFen Silver badge

          Re: "And this is absolutely normal"

          > Would you like any good you buy come attached with a string of requirements - which do not have anything to do with the good itself, but only try to assert some kind of principle?

          They already effectively do. When you buy something, you are not just buying the product itself, you are also funding the principles of the company that you're buying from, and that includes quite a lot of things that are unrelated to the product itself.

          > This could lead to a balkanization of the software landscape (and next who knows what) that can only make it far worse.

          The software landscape is already very balkanized anyway.

        2. Michael Wojcik Silver badge

          Re: "And this is absolutely normal"

          What if things start to come with licenses incompatible with each other, so you can't use them together, just because the designer or producer believes he or she could change mankind?

          I'm not seeing the problem. If a software package has a license you dislike, don't use it. Find an alternative or write your own.

          No one's entitled to free software. Personally, I'm perfectly happy with the authors of open-source software slapping all sorts of conditions into their licenses. If a license is onerous or problematic, people won't use the package. Developers who want their work adopted widely will use conventional FOSS licenses that are compatible with those of other packages.

  6. Trollslayer Silver badge
    Facepalm

    What does vaccination have to do with software licencing?

    This alone makes the system suspect.

    I support vaccination obviously but these people are deciding they can interfere in others' lives.

    1. JulieM Silver badge

      Re: What does vaccination have to do with software licencing?

      It means you can only use the software if you, your family and your staff are not walking biological weapons. Which I think is entirely reasonable. Some of the people who created software would not have lived long enough to do so without the benefits of modern medicine.

      1. katrinab Silver badge

        Re: What does vaccination have to do with software licencing?

        Vaccination is good, but it doesn’t belong in a software licence, and probably isn’t legally enforceable anyway. Are you required to hand over your medical records to your employer’s software distributor for a compliance check?

      2. Anonymous Coward
        Anonymous Coward

        Re: What does vaccination have to do with software licencing?

        Next stop is what ? You can only use the software if you can prove you've been castrated ? Please be careful whenever using the word reasonable.

        1. Michael Wojcik Silver badge

          Re: What does vaccination have to do with software licencing?

          Ah, a slippery-slope claim, the sign of having no real argument to make.

          If you don't like the conditions of the license, don't use the product. Or use it in violation of the license, and suffer the consequences, if any. No one's putting a gun to anyone's head here.

          Honestly, the things some of you worry about...

      3. iron Silver badge

        Re: What does vaccination have to do with software licencing?

        I present the ECOATPL license:

        Eat

        Custard

        On

        A

        Tuesday

        Public

        License

        You can only use software licensed under ECOATPL if you eat custard on Tuesdays. Stop eating custard on Tuesdays and you must uninstall the software.

        Some of the people who created software would not have lived long enough to do so without the benefits of custard. (because their pudding would have been too dry)

        See how ridiculous it is?

        1. Michael Wojcik Silver badge

          Re: What does vaccination have to do with software licencing?

          I don't have a problem with this. Will you be licensing anything interesting under these terms?

    2. Carpet Deal 'em Bronze badge

      Re: What does vaccination have to do with software licencing?

      I have a hard time seeing the vaccination requirement as anything but unenforceable. Coincidentally, so does Bruce Perens.

    3. veti Silver badge

      Re: What does vaccination have to do with software licencing?

      This is an answer to the above question "why do we need an OSI at all?"

      A hundred approved licences may sound like approximately 95 too many, but think how much worse it could be if there were nobody to filter out nonsense like this.

      1. Michael Wojcik Silver badge

        Re: What does vaccination have to do with software licencing?

        OK, how much worse could it be? What problem, exactly, would we face in the grim dystopia where there is no OSI?

        There was a software industry before the OSI. I'll go out on a limb and bet that, barring the complete destruction of civilization, there will be a software industry after the OSI.

        Yes, incentives to use a relatively small collection of licenses is good for industry, because it reduces the cost of compliance when using free software. And free software reduces cost for industry. But I see very little support for the thesis that most of the software which is widely used in the industry would suffer from a tremendous proliferation of licenses if OSI didn't exist.

    4. JohnFen Silver badge

      Re: What does vaccination have to do with software licencing?

      I agree. I'm extremely pro-vaccination and consider it a societal duty. But I would never accept a license like this, because I think this sort of thing has no place in software licenses.

      1. heyrick Silver badge
        WTF?

        Re: What does vaccination have to do with software licencing?

        Exactly. The software licence should concern itself with the software, period.

        While it might sound laudable to interfere in people's personal lives and require that they get themselves vaccinated like any sane person should...

        ...would you feel the same way if the licence requested that the user be a member of the NRA (or a registered gun owner for international users)? It's really no different. This sort of thing has no place in an implicit agreement about how to use software and/or its source.

        1. Michael Wojcik Silver badge

          Re: What does vaccination have to do with software licencing?

          would you feel the same way if the licence requested that the user be a member of the NRA

          Yes, I'd feel the same way. I just wouldn't use software licensed under those terms.

          I'm not buying the "has nothing to do with software" purity argument either. What's the warrant for that argument? On what grounds should licenses be restricted to terms which are relevant only to the thing licensed? A license is always an ideologically-inflected assertion of rights over a product of labor. Even the most liberal licenses (MIT, say, or CC0) are at the very least an endorsement of some concept of intellectual-property rights and the idea that some those rights can be disavowed.

          If I produce something under conditions in which I retain ownership, then I have the right to assert whatever ridiculous conditions I like about its use. Some of those conditions may be voided by law; some (probably all, in practice, given a sufficiently determined and well-resourced adversary) may be unenforceable. But I can assert them all I like, and anyone who says I shouldn't because of some halfbaked notion of pseudo-legalistic purity is welcome to fuck right off.

          1. heyrick Silver badge

            Re: What does vaccination have to do with software licencing?

            Yeah, YOU can assert whatever weird terms you like in a licence (some of mine require the user to be nice to kittens, but nobody has ever said anything, likely because nobody reads that stuff), because one can take it or leave it (or get it legally smacked down for reaching into contexts that are irrelevant to that which is being licenced).

            A bona fide "open source" licence should not. It should concern itself with exactly that which is necessary for the use of the software and/or source and no more.

            Don't get me wrong, it's a good idea to fight back against the stupidity of the anti vaccine people, but it's not something that belongs in a software licence. I mean, let's start with an obvious question - how the hell do you plan on enforcing that?

    5. Michael Wojcik Silver badge

      Re: What does vaccination have to do with software licencing?

      these people are deciding they can interfere in others' lives

      No they aren't. They're imposing a requirement on people who want to use the product of their labor. Those who don't like that requirement aren't obliged to use the software.

      They may be providing an incentive for the behavior they prefer, but they're not "interfering" in any substantial way.

  7. JulieM Silver badge

    From the Article

    "Well, it seems to me that the organization is rather enthusiastically headed toward accepting a license that isn't freedom respecting" -- Bruce Perens.

    You were already doing that when you accepted the Apache licence. Someone (*cough* Google *cough*) can write a program, release it in compiled, binary form only under the Apache licence, and still be entirely compliant with the licence. They can even call it Open Source and plaster the OSI logo all over their advertisements, without ever actually distributing a single byte of Source Code. The licence gives end users theoretical permissions n in respect of the Source Code, but there is nothing that obliges anyone to supply the Source Code in practice. Which rather makes a mockery of the whole thing.

    1. LDS Silver badge

      Re: From the Article

      Google, Amazon, Facebook & C. do it with the GPL as well. As long as they don't redistribute code to third parties they don't have to release the source code. All of them use internally a lot of modified code you won't ever see published, even when it's fully used to deliver external 'services'. All open source license were designed against COTS software, just all Xaas models bypass the old delivery method so they are free to exploit open source code and let them publish only what is needed to fully support their business model and profits.

      1. DuncanLarge Silver badge

        Re: From the Article

        All of that is fine.

        If you don't distribute the binaries, you don't need to distribute the source. It maters not if anyone is using the data your software created, that's just the output.

        Thats totally different from the Apache license issue. There you ARE distributing the software.

  8. DCFusor Silver badge

    Mixing freedom and money - or obligation

    Seems to me it's all tension around my title.

    I want to be able to claim I'm giving something away, while demanding either conditions on it - it's not really a gift - or a way to get paid for what I'm taking credit for giving away.

    Yeah, right.

    If I knew a way to resolve that one - I'd clue y'all in. But it seems obvious to me from the sheer number of attempts that this is mostly some kind of spin to have it both ways at once. And frankly, it seems like hubris to claim you've finally figured out a way to have your cake and eat it too. Someone has misplaced career goals - that kind of junk is "marketing".

    Most of us just have to get on with life, and mostly ignore these first world problems. Personally I just give my stuff away - I got the value out of it by using it myself, and simply ensuring no one else can take my own stuff from me or prevent me from using it, claiming it's their IP. seems like a worthwhile setup. Almost any of the licenses give me that, and frankly aren't even needed since copyright is automatic in most cases. Even if someone "BSDs" it and takes their changes or additions private - what I turned loose is still out there. Sad if they are fruity and don't give credit for it, but hey, that's icing, not the cake.

    As for getting paid, well I spent many years producing IP for hire, it's owned (if that is possible) by the people who paid me for the work, we're done, everyone went away happy AFAIK. They got a ROI, I got honed skills which are still valuable, win-win.

    I do see the value in copyright assignment to some big "good for us all "project, like Linux. But once you hand over your work, it's not yours - which is fine if your motivation was to aid the big project. If you had ulterior motives, well, shame on you.

    1. doublelayer Silver badge

      Re: Mixing freedom and money - or obligation

      I'm not disagreeing with you, but there are also reasons people choose to use less permissive licenses. Linux is GPL, for example, to keep the community benefiting from the code that was given away; the original authors aren't demanding anything from users, but if their work is extended, they ask that the results are similarly given away. I frequently find it irritating to decide exactly what license I should put on some code, and I often feel, after reading some license comparisons, a desire to simply release the thing, say "do what you want with it", and call it good. Unfortunately, that approach usually doesn't work because potential users are unsure about what is allowed without a specific license and I haven't included those indemnifications that every standard license has.

      1. JohnFen Silver badge

        Re: Mixing freedom and money - or obligation

        > Unfortunately, that approach usually doesn't work because potential users are unsure about what is allowed without a specific license and I haven't included those indemnifications that every standard license has.

        I address this issue in a particular way (I copied the idea from other devs -- it's not mine). When I release software without conditions, I include clear wording to that effect in the documentation. In addition to that, for those who really need a "license" in order to be able to use it in their business model, I include a way to contact me for it. Then I provide a license to that particular person or company that grants them nonexclusive, perpetual, worldwide rights to use that particular version of the software as they see fit.

    2. JohnFen Silver badge

      Re: Mixing freedom and money - or obligation

      > Personally I just give my stuff away - I got the value out of it by using it myself, and simply ensuring no one else can take my own stuff from me or prevent me from using it, claiming it's their IP. seems like a worthwhile setup.

      Me too.

      I basically stopped using OSS licenses years ago, for a whole lot of reasons. Now, my software falls into one of three categories, licensing-wise. Most software I write is released into the public domain outright. Some software I release with a license that is generally along the lines of OSS licenses, but is of my own devising. I also release a small amount of software under a closed-source license (although source is always available to customers).

  9. RLWatkins

    Translated from lawyer-speak...

    "There are people who don't want me to get my way, but I can describe what they're doing in a way that makes them look bad."

    I'm on the fence about the license, but the attorney's statement about the approval process is a point against it.

  10. John Geek

    LGPL, AGPL, Apache, and BSD/MIT

    I like the PostgreSQL version of the BSD style license. and if there is no PARTY1 (The University of California in the PG license), its even simpler.

    Portions Copyright © 1996-2020, $PARTY2

    Portions Copyright © 1994, $PARTY1

    Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies.

    IN NO EVENT SHALL $PARTY1 BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF $PARTY1 HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

    $PARTY1 SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND $PARTY1 HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.

    1. Doctor Syntax Silver badge

      If I were $PARTY2 I'd want to be included in those disclaimers as well.

  11. stiine Silver badge
    Facepalm

    so, the lawyer wouldn't characterize it that way

    That was a very lawyerly way of saying "You're correct but my client is paying me for that to be incorrect."

  12. BinkyTheMagicPaperclip

    Perens doesn't seem very well informed

    As mentioned, the BSD license needs to be included. OpenBSD specifically excludes Apache2 in the permitted license list, for instance.

    Linux is not the only way of doing open source..

  13. bkuhn

    more on the out-of-context quote at end

    The quote at the end is out-of-context and I suspect readers who see just

    that part might not fully understand my position. Here's a link to a post on

    OSI list that makes my position clear: http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2020-January/004630.html

  14. heyrick Silver badge

    accepting a license that isn't freedom respecting

    Depending upon where you are, one could say the same for the GPL...namely because the not terribly well defined linkage issue [*] meaning that the GPL only plays with itself so you can't bring in code from other sources (bsd, CDDL, etc) and use it alongside while respecting the freedoms of the licence that code was originally released under.

    * - makes sense for Linux, not so much for other systems and ways of doing things.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020