[fielding@apache.org: Review of proposed Apache License, version 2.0]
- Forwarded message from Roy T. Fielding [EMAIL PROTECTED] - From: Roy T. Fielding [EMAIL PROTECTED] Subject: Review of proposed Apache License, version 2.0 Date: Sat, 8 Nov 2003 00:33:17 -0800 To: announce@apache.org X-Mailer: Apple Mail (2.552) The Apache Software Foundation is considering the adoption of a new set of licenses for our open source projects. We invite you to review and comment on the proposed 2.0 license and related material, which can be found at http://www.apache.org/licenses/proposed/ A mailing list has been set up for public review and discussion of the license prior to the ASF members meeting at ApacheCon [*]. The address is license AT apache.org and you can join it by sending a blank message to license-subscribe AT apache.org. The goals of this license revision have been to reduce the number of frequently asked questions, to allow the license to be reusable without modification by any project (including non-ASF projects), to allow the license to be included by reference instead of listed in every file, to clarify the license on submission of contributions, to require a patent license on contributions that necessarily infringe the contributor's own patents, and to move comments regarding specific Apache trademarks and attribution notices to a location outside the license terms (the NOTICE file). The result should be a license that is compatible with other open source licenses, such as the GPL, and yet still remains true to the original goals of the Apache Group and supportive of collaborative development across both nonprofit and commercial organizations. At least that's the idea -- if you note a potential problem with the new license, please let us know so that we can work on fixing it now rather than after it has been applied to our projects. Cheers, Roy T. Fielding, director, The Apache Software Foundation (fielding AT apache.org) http://roy.gbiv.com/ [*] ApacheCon is in Las Vegas, Nov 16-19 http://www.apachecon.com/ - End forwarded message - -- Martin Michlmayr [EMAIL PROTECTED]
Re: [fielding@apache.org: Review of proposed Apache License, version 2.0]
I am including the licenses inline. I will immediately follow up with comments, so that it is apparent which comments are mine and which are not. = == DO NOT PANIC! This is a draft for discussion purposes only. == == It has not yet been approved. It does not yet apply to any == == software distributed by the Apache Software Foundation.== == == == This long version combines a contributor license with the== == copyright license, thus allowing us to talk about patents, == == providing disclaimers for all of the contributors rather than == == just the Licensor, and creating a community condition that == == eliminates the need for CLAs from every contributor. == ==+== Apache License Version 2.0, October 2003 http://www.apache.org/licenses/ Copyright (C) 2003 The Apache Software Foundation. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. TERMS AND CONDITIONS FOR USE, REPRODUCTION, DISTRIBUTION, AND MODIFICATION 1. Licensing the Work. These terms and conditions for use, reproduction, distribution, and modification (the License) apply to any original work of authorship (the Work) containing a notice placed by the copyright owner (the Licensor) indicating that the Work is licensed under the Apache License, Version 2.0. 2. You. You or Your means an individual or legal entity exercising permissions granted by this License. By exercising any of the permissions granted to You in Sections 4 through 8 herein, You indicate Your acceptance of this License and all of its terms and conditions. 3. Contributors and Contributions. A. The Licensor and any individual or legal entity that voluntarily submits to the Licensor a Contribution to the Work are collectively addressed herein as Contributors. For legal entities, the entity making a Contribution and all other entities that control, are controlled by, or are under common control with that entity are considered to be a single Contributor. For the purposes of this definition, control means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. B. A Contribution is the original version of the Work and any modification or addition to the Work that has been submitted for inclusion in the Work, where such modifications and/or additions to the Work originate from that particular Contributor, or from some entity acting on behalf of that Contributor. C. A Contribution is submitted when any form of electronic, verbal, or written communication is sent to the Licensor, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the Contributor as Not a Contribution. D. Any Contribution submitted by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions, unless You explicitly state otherwise in the submission. 4. Contributor Grant of License. Subject to the terms and conditions of this License, each Contributor hereby grants to You: (a) a perpetual, non-exclusive, worldwide, fully paid-up, royalty free, irrevocable copyright license under its licensable copyrights in the Work to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute the Work and such derivative works; and, (b) a perpetual, non-exclusive, worldwide, fully paid-up, royalty free, irrevocable (subject to Section 5) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work and derivative works thereof, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution alone or by combination of their Contribution with the Work to which such Contribution was submitted by the Contributor. No
Re: [fielding@apache.org: Review of proposed Apache License, version 2.0]
BIG NOTICE: None of these licenses are official. They are all drafts. On Sat, Nov 08, 2003 at 10:03:55AM +, Brian M. Carlson wrote: I am including the licenses inline. I will immediately follow up with comments, so that it is apparent which comments are mine and which are not. 3. Contributors and Contributions. C. A Contribution is submitted when any form of electronic, verbal, or written communication is sent to the Licensor, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the Contributor as Not a Contribution. D. Any Contribution submitted by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions, unless You explicitly state otherwise in the submission. I'm not sure that this is even legal, at least in the US. 5. Reciprocity. If You institute patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to You under this License shall terminate as of the date such litigation is filed. In addition, if You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work itself (excluding combinations of the Work with other software or hardware) infringes Your patent(s), then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. I think that we have prohibited such litigation-termination licenses as non-free. 7. Redistribution with Modification. You may modify Your copy or copies of the Work or any portion of it, thus forming another work product based on the Work (a Derivative Work), and reproduce and distribute such modifications or the Derivative Work, provided that You also meet the following conditions: (a) You must give any other recipients of the Derivative Work a copy of this License along with the Derivative Work. (b) You must retain, in the source code of any Derivative Work that You distribute, all copyright, patent, or trademark notices from the source code of the Work, excluding those notices that only pertain to portions of the Work that have been excluded from the Derivative Work. If the Work includes a NOTICE file as part of its source code distribution, the Derivative Work must include a readable copy of the notices contained within that NOTICE file, excluding those notices that only pertain to portions of the Work that have been excluded from the Derivative Work, in at least one of the following places: within a NOTICE file distributed as part of the Derivative Work; within the source code or documentation, if provided along with the Derivative Work; or, within a display generated by the Derivative Work, if and wherever such third-party notices normally appear. You may add Your own notices alongside or as an addendum to the original NOTICE information. The contents of the NOTICE file are for informational purposes only and do not modify the terms and conditions of this License. Others might wish to comment on this section. My problem is that if NOTICES contains advertisement notices (like in this case), the license is probably not GPL-compatible. (c) You must cause any modified files to carry prominent notices stating that You changed the files. You may add Your own copyright statement to such modifications and may provide (sublicense) additional or different license terms and conditions for use, reproduction, distribution or further modification of Your modifications, or for the Derivative Work as a whole, provided that the sublicense complies with the conditions stated in this License. 8. Redistribution with Additional Terms. You may choose to offer, and to charge a fee for, warranty, support, indemnity, or liability obligations and/or other rights consistent with the scope of the license granted herein (Additional Terms). However, You may do so only on Your own behalf and as Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold every Contributor harmless for any liability
Re: [fielding@apache.org: Review of proposed Apache License, version 2.0]
How Apache went from a rather decent 5 clause license to the proposed 11 clause license is a mystery to me. I strongly suggest the license be gone over with a fine toothed comb and searched for areas where it can be made more general and less specific. On Sat, 08 Nov 2003, Brian M. Carlson wrote: D. Any Contribution submitted by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions, unless You explicitly state otherwise in the submission. I can see no way that this term can ever be enforced without active agreement on the part of the contributor. Mere transfer of IP is not enough to establish an affirmation of the terms of the license for contributions. Furthermore, the entire section 3 of this license is totally useless and belongs somewhere else besides a software license. 5. Reciprocity. If You institute patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to You under this License shall terminate as of the date such litigation is filed. In addition, if You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work itself (excluding combinations of the Work with other software or hardware) infringes Your patent(s), then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. This is not DFSG free. While software patents are generally held to be bad, it is not the purpose of a Free Software license to discriminate against who can use the software. [This also has the wierd side effect of effectively granting to each Contributor a license to use without royalty any of the Licensee's patents applicable to software, no matter how legitimate those patents are.] We should be dealing with invalid and/or improper software patents through legislation and/or litigation rather than adding usage restrictions to our formerly free software licenses. 7 (b) [...] The contents of the NOTICE file are for informational purposes only and do not modify the terms and conditions of this License. Either NOTICE is copyright and warranty information, and it can't be removed, or its not, and it can... this section seems to want it both ways. I'm tempted to consider the requirement to keep the NOTICES file compatible with the DFSG as it appears to contain copyright notices, but if it doesn't actually fullfill that role (ie, is purely informational) it needs to be removeable to comply with the DFSG. 11. Limitation of Liability. Under no circumstances and under no [...] This limitation of liability shall not apply to liability for ^ death or personal injury resulting from Licensor's negligence ^ to the extent applicable law prohibits such limitation. Some ^^^ The limitation phrase in this warranty is suspicious. Most likely what they mean is we are not liable to the maximum extent possible under applicable law rather than we are liable to the extent law prohibts such limitation. [I'm not up on my warranty law, but someone really ought to get a second opinion on this clause, as it definetly doesn't jive with what I'm used to reading.] When I get a chance, I'll look at the other licenses, but I see that some of the same troubling clauses from the Apache License 2.0 show up there as well. [Feel free to forward these comments anywhere appropriate and/or draw attention to them. I haven't done so because I'm not set in stone yet on my opinions.] Don Armstrong -- When I was a kid I used to pray every night for a new bicycle. Then I realised that the Lord doesn't work that way so I stole one and asked Him to forgive me. -- Emo Philips. http://www.donarmstrong.com http://www.anylevel.com http://rzlab.ucr.edu signature.asc Description: Digital signature
Legality of .DEBS in Medialinux.
Hi, I'm Marco Ghirlanda, Linux Advisor at the Virtual Reality and Multi Media Park of Turin, Italy. (www.vrmmp.it). We developed for our Open Source Lab (www.opensourcelab.it) a remastered version of the Knoppix Live Cd, Medialinux, wich includes most ot the audio, graphic and video software that is in the Debian collection of packages. This Cd was primarly done for testing purposes and to make our students try the linux + multi media softwares without too many problems. I've included many software from external repositories, but I didn't take care (until now) about the legal conseguences of this action. The fact is that I would like to know if there is a legal risk, in Italy or in the world to distribute on a cd .deb's from http://marillat.free.fr/dists/unstable/main/binary-i386/ (like libdvdcss2 or mplayer, or w32codecs, and so on...). To be sure would I need to remove all this software and include only packages from the main section (excluding also contrib and non-free sections?). I'm surely a bit confused... Full list of packages is at ftp://209.50.230.46/medialinux/debs(list_of_software).txt I'm very new to this part of the Linux Story and I will like some advices on where to start Thanks in advance to everybody who is going to answer this post, Marco Ghirlanda
Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library
[Follows set to debian-legal.] On Thu, Nov 06, 2003 at 02:22:31PM -0500, John Belmonte wrote: If the library as a whole must be under GPL license, how is it significant that parts of it were once under LGPL or on the public domain? The purpose of the License field is to tell the user what license the software in the package is under, not to give a history of previous or constituent licensing. I don't think you understand licensing very well. If more than one party still holds copyright in an aggregate work, no one party can make a single license apply to the work as a whole, as you say. What do you mean by once under the LGPL or public domain? What mechanism do you propose causes works to stop being licensed under the LGPL, or withdrawn from the public domain? Mere distribution in compliance with the terms of the GNU GPL is certainly not such a mechanism. Historical (i.e., inapplicable) licensing is not necessarily something that needs to be explained in a debian/copyright file, though it might be of use to people if there are many confused questions on the subject with respect to a given package. Constituent license is indeed apropos for debian/copyright, as it's reasonable to expect our users to be bound by those licenses if they attempt to modify or further distribute the packge in question. I suggest you scrutinize the licenses in your own packages more closely, as you appear to have been working from a number of invalid assumptions. If you have any questions, please consult the debian-legal mailing list for advice. -- G. Branden Robinson|When we call others dogmatic, what Debian GNU/Linux |we really object to is their [EMAIL PROTECTED] |holding dogmas that are different http://people.debian.org/~branden/ |from our own. -- Charles Issawi signature.asc Description: Digital signature
Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library
On Sat, Nov 08, 2003 at 02:43:21PM -0500, Branden Robinson wrote: a single license apply to the work as a whole, as you say. What do you mean by once under the LGPL or public domain? What mechanism do you propose causes works to stop being licensed under the LGPL, or withdrawn from the public domain? Mere distribution in compliance with the terms of the GNU GPL is certainly not such a mechanism. I think what's being said is that this work, or any part of it _can be_ distributed under the terms of the GNU GPL, which is certainly accurate if it incorporates a mixture of works under the GNU GPL, works under the GNU LGPL, and works in the public domain. The copyright file need not be exhaustive. As an example, I am the sole copyright holder of works which I allow to be distibuted under the terms of the GNU GPL. Also, if you pay me a certain number of dollars, I'll grant you a non-exclusive but otherwise unlimited license to copy, modify, and distribute the work. The package copyright file needn't mention the availability of the second license provided the first is adequite to permit distribution by Debian while also satisfying our Free Software Guidelines. -- Brian Ristuccia [EMAIL PROTECTED] [EMAIL PROTECTED] pgp582BnTf4zy.pgp Description: PGP signature
Re: Bug#218832: ITP: libnettle -- a low-level cryptographic library
Branden, I don't disagree with anything you've stated regarding my sloppy arguments. However, as you are implying on a public forum that I don't grasp the subject matter of licenses, I'm going to defend myself a little. I wrote, unfortunately, If the library as a whole must be under GPL license, how is it significant that parts of it were once under LGPL or on the public domain? What I meant was if a library file (in object form) contains both GPL and non-GPL'd software, how is it significant that any of it is non-GPL? This was from the admittedly narrow point of view of an application that can't use GPL'd software, a case I had stuck in my head. The libnettle maintainer pointed out that it is significant, because such an application can still statically link to the library, assuming it only drew from non-GPL object files. I'm interested in the notion of license metadata for file packages (in the general sense)-- what the semantics would be, whether or how it could be useful, etc. As someone pointed out, there is no such thing for Debian packages. But ITP's do have the License field, so I was asking about the semantics of an entry like GPL, LGPL, public domain. Here it means that parts of the package are covered by one license, parts by another, etc. It doesn't always mean this. See http://bugs.debian.org/205951, for example. Regards, -John Belmonte Branden Robinson wrote: [Follows set to debian-legal.] On Thu, Nov 06, 2003 at 02:22:31PM -0500, John Belmonte wrote: If the library as a whole must be under GPL license, how is it significant that parts of it were once under LGPL or on the public domain? The purpose of the License field is to tell the user what license the software in the package is under, not to give a history of previous or constituent licensing. I don't think you understand licensing very well. If more than one party still holds copyright in an aggregate work, no one party can make a single license apply to the work as a whole, as you say. What do you mean by once under the LGPL or public domain? What mechanism do you propose causes works to stop being licensed under the LGPL, or withdrawn from the public domain? Mere distribution in compliance with the terms of the GNU GPL is certainly not such a mechanism. Historical (i.e., inapplicable) licensing is not necessarily something that needs to be explained in a debian/copyright file, though it might be of use to people if there are many confused questions on the subject with respect to a given package. Constituent license is indeed apropos for debian/copyright, as it's reasonable to expect our users to be bound by those licenses if they attempt to modify or further distribute the packge in question. I suggest you scrutinize the licenses in your own packages more closely, as you appear to have been working from a number of invalid assumptions. If you have any questions, please consult the debian-legal mailing list for advice. -- http:// if ile.o g/
Re: [fielding@apache.org: Review of proposed Apache License, version 2.0]
On Sun, 2003-11-09 at 01:25, Don Armstrong wrote: 5. Reciprocity. If You institute patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to You under this License shall terminate as of the date such litigation is filed. In addition, if You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work itself (excluding combinations of the Work with other software or hardware) infringes Your patent(s), then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. This is not DFSG free. While software patents are generally held to be bad, it is not the purpose of a Free Software license to discriminate against who can use the software. [This also has the wierd side effect of effectively granting to each Contributor a license to use without royalty any of the Licensee's patents applicable to software, no matter how legitimate those patents are.] We should be dealing with invalid and/or improper software patents through legislation and/or litigation rather than adding usage restrictions to our formerly free software licenses. I'm unable to get into a long term discussion about this right now. Just be on notice that this kind of opinion is senseless and utterly counterproductive to free software development. So you want companies to grant perpetual, non-exclusive, worldwide, fully paid-up and royalty free patent licenses that are completely irrevocable even when another company is using their software and suing them for software patent infringement? Get a clue people. If a patent licence does not terminate under such circumstances then a free software friendly company may have no useful negotiating position whatsoever. It can't counterclaim with its own claims of patent infringement because it gave them up. The company needs to be able to say Yes, I may be infringing upon your software patent X but if you initiate legal action against me you may be infringing upon software patent Y. Care to negotiate? If it can't do that it is a sitting duck for any opportunistic litigant. While reciprocity cannot stem the rise of companies that are just patent licensing/litigation shells (that are unlikely to infringe upon patents because they don't produce anything) it may still just provide a slight disincentive for them to target free software if their business runs upon quality software products like Apache. No sane company will ever grant a perpetual, non-exclusive, worldwide, fully paid-up and royalty free patent licence without a reciprocity clause. Debian should not be indirectly legitimising the business endeavour of engaging in litigation against free software developers and destroying free software itself via licensing royalties. Debian should not be attempting to kneecap the potential negotiating positions and counterclaims of free software friendly companies in order for their software to be included in Debian. Regards, Adam
Re: [fielding@apache.org: Review of proposed Apache License, version 2.0]
On Sun, 09 Nov 2003, Adam Warner wrote: So you want companies to grant perpetual, non-exclusive, worldwide, fully paid-up and royalty free patent licenses that are completely irrevocable even when another company is using their software and suing them for software patent infringement? What I'd like to see is perpetual, non-exclsive, worldwide, fully paid-up and royalty free patent licenses that are completely irrevocable when included in a work of Free Software or a derivative of such a work. Useage restrictions like this are, plain and simple, not free. Consider the following: Entity Alfred is using a piece of software which is essential to Alfred's business model that Entity Betty has developed. The software is licensed under a license with a reciprocity clause. Alfred also develops Free and proprietary softare, and has numerous Software Patents, some of which Betty is possibly infringing upon. Betty sues Alfred for software patent violations unrelated to tne pieces of software under discussion. Alfred cannot counter sue Betty without loosing the ability to use the piece of software developed by Betty, without which, Alfred would go out of business (or have to replicate at prohibitive costs.) If a patent licence does not terminate under such circumstances then a free software friendly company may have no useful negotiating position whatsoever. We currently don't allow Free Software licenses to use copyright as a negotiating stick to beat upon their litigation opponents. If we were to allow such a clause for software patents, we might as well allow a similar reciprocity clause for software copyrights. Software patents are a serious problem, but restricting the usage of Free Software is not the solution. Don Armstrong -- Three little words. (In decending order of importance.) I love you -- hugh macleod http://www.gapingvoid.com/graphics/batch35.php http://www.donarmstrong.com http://www.anylevel.com http://rzlab.ucr.edu signature.asc Description: Digital signature