Re: is this free?

[Seth David Schoen]

Henning Makholm writes:

> [EMAIL PROTECTED] (Bruce Perens) writes:
> 
> > Regarding the "monitor the web site" thing, I can't think of another good
> > way for them to notify you if there's a claim,
> 
> They don't have to.
> 
> They could simply say: To the best of our present knowledge we have
> the only  copyright to this software. We can't absolutely guarantee
> that, however, and kindly ask you to remember that this license ouly
> give you OUR permission to copy the software. If a third party can
> demonstrate a copyright claim on the software, you'll need HIS
> permission to copy in addition to ours.
> 
> Then they wouldn't need to revoke anything, and that is IMO the only
> free approach to that kind of eventualities.

I felt that the IBM Public License did an excellent job of expressing
this basic position.  It says:

Recipient understands that although each Contributor grants the
licenses to its Contributions set forth herein, no assurances are
provided by any Contributor that the Program does not infringe the
patent or other intellectual property rights of any other entity.
Each Contributor disclaims any liability to Recipient for claims
brought by any other entity based on infringement of intellectual
property rights or otherwise. As a condition to exercising the
rights and licenses granted hereunder, each Recipient hereby assumes
sole responsibility to secure any other intellectual property rights
needed, if any. [...]

Lovelier writing on free software from a major multinational corporation
I have never yet heard.

This is pretty close to what someone on slashdot proposed as a "quitclaim
license" a while back.  (This is an analogy to "quitclaim deeds" in real
estate, where you say something like "I give up to you whatever rights _I_
have in this land -- but I can't absolutely promise that someone _else_
might not also have some rights, which you would need to discuss with that
person".)

The IBM Public License doesn't even contain a third-party termination
clause; instead, _commercial_ distributors have to agree to indemnify
everyone else against the possible infringing consequences of their
commercial distribution.  This seems to me to be the best of all possible
worlds.

Again, corporate lawyers would have to decide whether they believe that
this strategy provides adequate protection -- but I think it's an awfully
good model of the way things might be done.

-- 
Seth David Schoen <[EMAIL PROTECTED]>  | And do not say, I will study when I
Temp.  http://www.loyalty.org/~schoen/  | have leisure; for perhaps you will
down:  http://www.loyalty.org/   (CAF)  | not have leisure.  -- Pirke Avot 2:5

Re: is this free?

[Bruce Perens]

From: Joey Hess <[EMAIL PROTECTED]>
> Hm, I didn't realize that. So what if I release a program under one of these
> licenses, and am promptly hit and killed by a bus on the way home? You can't
> contact me and you haven't before, so arn't you now prohibited from
> modifying the software? That doesn't sound very free.

Well, I wouldn't suggest that license for individuals. But all three, IBM,
APSL, and ATT include some means for you to notify them of modifications.
The Apple license required you to do so via a specific web site and I had them
weaken that simply because of the chance that they could go out of business and
the web site would not exist. In the case of a corporation, if no other means
is available you can notify them via the person who accepts service for the
corporation (such a person is legaly required to exist), and if the corporation
is no longer in existence, you publish a public notice directed to any
surviving copyright holders whoever they might be.

Thanks

Bruce

Re: is this free?

[Peter Makholm]

Raul Miller <[EMAIL PROTECTED]> writes:

> > rationale :
> >   4. Our Priorities are Our Users and Free Software
> >  ^^   ^
> 
> I don't understand your point.

Could the point be "Free software" as in FSF's free software
definition versus "Free software" as in Debian Free Software
Guidlines?


-- 
I congratulate you. Happy goldfish bowl to you, to me, to everyone,
and may each of you fry in hell forever. 
-- Isaac Asimov, "The Dead Past"

Re: is this free?

[Henning Makholm]

[EMAIL PROTECTED] (Bruce Perens) writes:

> Regarding the "monitor the web site" thing, I can't think of another good
> way for them to notify you if there's a claim,

They don't have to.

They could simply say: To the best of our present knowledge we have
the only  copyright to this software. We can't absolutely guarantee
that, however, and kindly ask you to remember that this license ouly
give you OUR permission to copy the software. If a third party can
demonstrate a copyright claim on the software, you'll need HIS
permission to copy in addition to ours.

Then they wouldn't need to revoke anything, and that is IMO the only
free approach to that kind of eventualities.

-- 
Henning Makholm  "*Tak* for de ord. *Nu* vinker nobelprisen forude."

Re: is this free?

[Henning Makholm]

[EMAIL PROTECTED] (Bruce Perens) writes:

> I agree that CYA seems to be an important theme of the license.

What does CYA mean?

-- 
Henning Makholm  "Ambiguous cases are defined as those for which the
   compiler being used finds a legitimate interpretation
   which is different from that which the user had in mind."

Re: is this free?

[Henning Makholm]

[EMAIL PROTECTED] (Bruce Perens) writes:

> 2. Only applies if you violate U.S. laws in their scope. If you export the
>software from Europe, it's not a violation.

Unless the U.S. legislature passes a law which declares itself as
applying world-wide. It may not be *enforceable* where I am, but it
would certainly be enforceable in the state of New York where I have
to agree to settle any disputes over the software.

-- 
Henning Makholm"What the hedgehog sang is not evidence."

Re: Fwd: Re: mutt no longer in non-us?

[Raul Miller]

On Mon, Nov 22, 1999 at 01:07:33PM +1000, Martin Pool wrote:
> Does anyone know of a plain-English summary of what may and may not
> be exported from the US? The question of whether hooks count as a
> cryptographic product -- and if so what type of hook -- arises again
> and again.

No.

This has been a primary point in the Bernstein case: the regulations
contradict the laws, the constitution, and judicial precedent.

-- 
Raul

Re: is this free?

[Russell Nelson]

Joey Hess writes:
 > Seth David Schoen wrote:
 > > Who said that was OSI certified?  It seems unlikely and counterintuitive
 > > to me, and it's not listed in OSI's current Approved Licenses list.
 > 
 > http://www.research.att.com/sw/tools/graphviz/whatsnew.html: 
 >  "Open Source license"
 > 
 > http://www.research.att.com/sw/tools/graphviz/download.html:
 >  "graphviz is now OSI Certified Open Source Software."

This license is not approved.  Thanks for bringing it to our
attention.  In the future, you can send such spottings to
[EMAIL PROTECTED]

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | can outdo them. Homeschool!

Re: is this free?

[Raul Miller]

> On Tue, Nov 23, 1999 at 09:51:06AM -0500, Raul Miller wrote:
> > [And, as an aside, I can see the advantage of building a
> > free-software-developer oriented debian subset which consists of only
> > software which can be combined with GPLed software -- without any
> > restrictions beyond those allowed in the GPL.]

On Tue, Nov 23, 1999 at 05:00:20PM +0100, Tomasz Wegrzanowski wrote:
> Mayby we wont allow other soft going to main ?
> 
> rationale :
>   4. Our Priorities are Our Users and Free Software
>  ^^   ^

I don't understand your point.

-- 
Raul

Re: is this free?

[Tomasz Wegrzanowski]

On Tue, Nov 23, 1999 at 09:51:06AM -0500, Raul Miller wrote:

> [And, as an aside, I can see the advantage of building a
> free-software-developer oriented debian subset which consists of only
> software which can be combined with GPLed software -- without any
> restrictions beyond those allowed in the GPL.]

Mayby we wont allow other soft going to main ?

rationale :
  4. Our Priorities are Our Users and Free Software
 ^^   ^

Re: is this free?

[Raul Miller]

From: Seth David Schoen <[EMAIL PROTECTED]>
> > But now the author of the package, or a contributor, can sue Baz for
> > _copyright infringement_ for exporting the package illegally, because
> > this violates the license terms and so infringes copyright!

On Tue, Nov 23, 1999 at 12:10:18AM -0800, Bruce Perens wrote:
> You'd have to be convicted of breaking the export law first. This is not
> like a civil rights violation - no conviction, no reason to sue.

But, the license is also revoked if there's a civil rights violation.

-- 
Raul

Re: is this free?

[Raul Miller]

On Tue, Nov 23, 1999 at 05:06:26PM +1000, Anthony Towns wrote:
> > It's a lot easier to put some stuff up on a website once you've made some
> > changes than it is to `regularly monitor the webiste for any notices'. The
> > former requires you to give the code to a friend to stick up somewhere,
> > the latter requires you to have regular internet access, and to keep
> > track of a website whose URL may change.

On Tue, Nov 23, 1999 at 12:51:50PM +0100, Patrik Nordebo wrote:
> Technically, you would be regularly monitoring the web site if you
> looked at it, say, once every millenium (or whatever). Isn't this kind
> of like the "reasonable copying fee" in the Artistic license (except
> that there it is defined to mean that, which is probably the only
> reason it doesn't fail the DFSG)? Of course the legal
> interpretation might be different. IANAL.

No.  This is a requirement on the user which kicks in not when they
acquire the copy but when they use the copy.

I'm under the impression that this requirement wouldn't currently hold
in the U.S. but it's written into the contract so you'd have to go to
court to prove that.  [U.S. copyright law says that, once you've legally
acquired a copy, fair use allows you to use that copy, including loading
it onto your system and making a backup copy.  However, can you be said
to have legally acquired a copy of this program if you've never visited
the website?]

> Actually, wouldn't even "never monitoring" be "regularly monitoring"?
> You are monitoring according to a rule, which seems to me that it fits
> the dictionary definitions in 1913 Webster's, WordNet and the 1982
> Concise Oxford Dictionary. I doubt this is what AT&T intended, but
> that is what regular means. Of course this will discriminate against
> "those who monitor the website irregularly", so it might still fail
> the DFSG.

This is a legal question, which means it's up to a judge to decide.

How much money are you prepared to spend to determine the answer to
this question?

> To take the argument about what "regular" means even further, can't
> you argue that _anything_ can fit? I monitor it when I feel like
> looking at it. I monitor it when I need to know something. Etc. It
> might be hard to convince a court that this is a reasonable
> interpretation of regular, though. :-(

Exactly.  You're essentially saying that the clause shouldn't hold up
in court, but that courts may not agree.

-- 
Raul

Re: is this free?

[Raul Miller]

On Nov 22, Raul Miller wrote:
> > it discriminates against people without regular internet access.
> > 
> > Also, it effectively requires a fee for use, unless you consider the
> > time of the person who uses it to have no value.  [same issue.]

On Mon, Nov 22, 1999 at 09:50:36PM -0600, Chris Lawrence wrote:
> It seems to be designed to protect users from being sued by anyone who
> might have a right to the code (other than AT&T of course), since it
> would be illegal for you to use the code if AT&T didn't have a valid
> right to license it in the first place.

Except that if you don't visit their web site you lose all rights to *use*
the software.

How are we going to guarantee that for people who install from cdrom
without a net connection?

I guess I can live with mild restrictions on development.  People who
modify the code need to carefully read the licenses for each piece
of software they modify.  But I can't see that there should be any
per-package restrictions on use.  That is discriminatory.

[And, as an aside, I can see the advantage of building a
free-software-developer oriented debian subset which consists of only
software which can be combined with GPLed software -- without any
restrictions beyond those allowed in the GPL.]

-- 
Raul

Re: is this free?

[Raul Miller]

On Mon, Nov 22, 1999 at 07:56:29PM -0800, Bruce Perens wrote:
> > it discriminates against people without regular internet access.
> 
> 1. The IBM and Apple licenses also ask for you to have a URL where your
>modifications can be found. I suspect things under those licenses are
>already accepted into main. This is specificaly negociated _for_debian_
>from IBM and Apple's previous policy, which required email with _every_
>modification.

This requirement, which is essentially a requirement that modifications
must be broadcast, is very different from the AT&T requirement that
anyone who uses the software is responsible for monitoring a web site.

> 2. Many people are capable of putting something on the web for you if you
>mail them a floppy. I'd do it if asked. I also give out free web sites
>to worthy causes, as do many people. So I don't think that regular internet
>access is a true barrier, and there are few places left in the world where
>irregular access can not be had.

This has nothing to do with the AT&T requirement.

> 3. I think it's _really_ stretching the point, anyway.
>
> 4. It's not a usage fee, and usage fees _would_ run awry of the DFSG.

It sounds like you're thinking of a different license's requirements
here, for "it".

-- 
Raul

Re: is this free?

[Patrik Nordebo]

On Tue, Nov 23, 1999 at 05:06:26PM +1000, Anthony Towns wrote:
> It's a lot easier to put some stuff up on a website once you've made some
> changes than it is to `regularly monitor the webiste for any notices'. The
> former requires you to give the code to a friend to stick up somewhere,
> the latter requires you to have regular internet access, and to keep
> track of a website whose URL may change.

Technically, you would be regularly monitoring the web site if you
looked at it, say, once every millenium (or whatever). Isn't this kind
of like the "reasonable copying fee" in the Artistic license (except
that there it is defined to mean that, which is probably the only
reason it doesn't fail the DFSG)? Of course the legal
interpretation might be different. IANAL.

Actually, wouldn't even "never monitoring" be "regularly monitoring"?
You are monitoring according to a rule, which seems to me that it fits
the dictionary definitions in 1913 Webster's, WordNet and the 1982
Concise Oxford Dictionary. I doubt this is what AT&T intended, but
that is what regular means. Of course this will discriminate against
"those who monitor the website irregularly", so it might still fail
the DFSG.

To take the argument about what "regular" means even further, can't
you argue that _anything_ can fit? I monitor it when I feel like
looking at it. I monitor it when I need to know something. Etc. It
might be hard to convince a court that this is a reasonable
interpretation of regular, though. :-(

This is probably not really very relevant to the discussion, but maybe 
some good can come of it. Or not.

-- 
Patrik Nordebo  [EMAIL PROTECTED]
http://www-und.ida.liu.se/~patno092
Phone: +46-(0)13-176664 Cell Phone: +46-(0)70-2361075
snail mail: Rydsvagen 48C, 584 31 Linkoping, Sweden

Re: is this free?

[Anthony Towns]

On Mon, Nov 22, 1999 at 11:32:31PM -0800, Bruce Perens wrote:
> AJ:
> > And in any case, whichever of obliation 2a and 2b you choose to fulfill,
> > it requires notifying AT&T
> This is also in the APSL and IBM licenses.

Then I don't see why you'd consider the APSL free. I'll note that it's not
listed in the list of OSI certified licenses at www.opensource.org.

Hmmm. I'll also note that the discussion re the APSL 1.1 in April
(http://www.debian.org/Lists-Archives/debian-legal-9904/threads.html)
essentially says `No, this isn't free' because of the termination clause,
which is still present. The only later discussion was, essentially ``Is
the APSL 1.1 free?'' -- Johnie Ingram, ``I think it's DFSG-free.'' --
Bruce. So forgive me if I go with the earlier opinion that was actually
backed up with arguments, and ignore this as a `precedent'.

The only difference between 

   (c) if You Deploy Covered Code containing Modifications made by
   You, inform others of how to obtain those Modifications by filling
   out and submitting the information found at
   http://www.apple.com/publicsource/modifications.html, if
   available
(from APSL 1.1)

and

   (c) must notify Apple and other third parties of how to obtain Your
   Deployed Modifications by filling out and submitting the
   required information found at
   http://www.apple.com/publicsource/modifications.html
(from APSL 1.0)

seems to be that the postcardware clause now only effects modification,
not use.

Oddly, I can't find anything requiring similar notification in the
Postfix/Jikes license.

> > The sixth point in GENERAL seems like it would discriminate against everyone
> > not living in New York, USA, personally.
> Also in just about every license ever written anywhere. QPL, MPL, NPL, IBM,
> APSL.

Well, every American license anyway. You'll note that this is a
name-brand-ism too, Qt do it, Netscape do it, IBM do it, Apple do it,
AT&T do it. Microsoft do it too. It's not a free-software-ism at all.

> Regarding the "monitor the web site" thing, I can't think of another good
> way for them to notify you if there's a claim, unless they demand you name
> and address.

``AT&T warrant that they will make any and all notifications regarding
the software available at such-n-such a url, licensees will be considered
notified after such a notice has been added to such-n-such url.''

They just have to send me a mail with the relevant notice, they don't
have to righteously insist I read every piece of mail I get.

*sigh* I don't see why OSI or SPI or whoever can't work together with
some of the swathes of lawyers from all these name-brand companies and
work out whatever CYA and patent problems there are with the BSD license
or the GPL and just be done with it.

Cheers,
aj

-- 
Anthony Towns <[EMAIL PROTECTED]> 
I don't speak for anyone save myself. PGP encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
results in slower code, and it results in more bugs.''
-- Linus Torvalds


pgpbLln5tOIPi.pgp
Description: PGP signature

Re: is this free?

[Seth David Schoen]

Joey Hess writes:

> Bruce Perens wrote:
> > > And in any case, whichever of obliation 2a and 2b you choose to fulfill,
> > > it requires notifying AT&T
> > 
> > This is also in the APSL and IBM licenses. What was considered non-free
> > were the ones that required you to send them email on _every_ modification,
> > that was judged to be too great a hardship and this was the compromise.
> 
> Hm, I didn't realize that. So what if I release a program under one of these
> licenses, and am promptly hit and killed by a bus on the way home? You can't
> contact me and you haven't before, so arn't you now prohibited from
> modifying the software? That doesn't sound very free.

Presumably you have heirs?  They inherit your intellectual property, too.

One of the problems with free software licenses which require you to _do
something_ is that they assume that the means of doing it and the
circumstances in which you can do it stay available.  There are a lot of
scenarios in which something major changes (the software author going out
of business, or dying intestate; the Internet crashing), and then the
interpetation of the license becomes pretty difficult.

Really simple licenses like the MIT license just don't have those problems.
You have some permissions, and you always have them, no matter what else
happens.  If someone else doesn't like that, that person will have to sue
you.

-- 
Seth David Schoen <[EMAIL PROTECTED]>  | And do not say, I will study when I
Temp.  http://www.loyalty.org/~schoen/  | have leisure; for perhaps you will
down:  http://www.loyalty.org/   (CAF)  | not have leisure.  -- Pirke Avot 2:5

Re: is this free?

[Seth David Schoen]

Bruce Perens writes:

> From: Seth David Schoen <[EMAIL PROTECTED]>
> > Some software distributors make you say "I am aware of the export laws"
> > and some make you say "I promise to abide by the export laws".  There is a
> > _huge_ difference between the two policies; the former is doing you a
> > service by preventing you from getting in trouble by accident, while the
> > latter is adding new restrictions on your behavior.
> 
> Where was this argument when the license was being reviewed? As far as I
> can tell, we got to a point where everybody decided it was Open Source
> although one person had a complaint about its being tear-open.

I had put up a web page with my objections, and sent private e-mail about it
to the OSI board.  

It was reprinted on LinuxToday and linked from slashdot.  The OSI agreed
with my concern, and Apple removed the clause from the APSL.

I don't think license-discuss existed yet.

You can read the slashdot discussion:

http://slashdot.org/article.pl?sid=99/03/26/2142207&mode=thread

Actually, you posted a few messages in that discussion.

(A lot of people missed my point there; I wasn't proposing that Apple
violate the law, but that Apple not help penalize or threaten other people
who do violate the law -- or users in countries with which the US has
political disputes.)

> The important thing it does here is let ATT off from being an accomplice.
> I don't believe that ascertaining that someone is merely _aware_ of the
> law lets you off from being an accomplice. But I'm not terribly comfortable
> with this clause.

Can it be that US law requires private citizens and companies to help
enforce the law by extracting promises like this?  

When I go to the hardware store and buy a tool or a dangerous chemical, I
don't have to promise not to use it to harm someone.  The store assumes that
I have responsibility for my own actions.

When I buy a BART ticket, it doesn't say on the back "This ticket is void if
you use it to go to the East Bay in order to commit a crime".

I could make many more analogies of cases in which people are willing to do
things for me without first getting me to promise to obey laws.  Some of
these analogies would be closer to the case of distributing software than
others.

With free software licenses, there is a concerted effort to be idealistic
and also to attain high standards about things like being nondiscriminatory.
So it's appropriate to be uncomfortable about finding a clause in a free
software license which might sound perfectly reasonable and ordinary in a
proprietary software license.  If it doesn't meet the standards and ends up
being discriminatory, it's still not a free software license even if it is
necessary for the convenience or protection of the software author.

(When the APSL controversy came around, I _almost_ wanted to start a
thread "Can corporations write free software?" -- because some people were
telling me that "corporate lawyers" would ultimately always insist on
various conditions that sounded bad to me, and would reject the body of
existing free software licenses as too risky.  Obviously, lots of
corporations _are_ contributing to free software projects under traditional
licenses -- with the approval of their lawyers.  The question is whether
one set of lawyers or the other is misinformed, since they obviously seem
to disagree with one another.  Unfortunately, that thread wouldn't
accomplish anything useful without the participation of some of those actual
corporate lawyers.)

> > I don't think there was any BXA-restricted cryptography in Apple's release
> > of Darwin either.
> 
> I'm sorry, I was not aware that Apple got in any sort of trouble about
> Darwin - and if so, it's still on the net under the APSL, so what has
> changed?

No, I mean that I objected to the original APSL, too, even though there was
no crypto in what they were proposing to release under it.

> > But now the author of the package, or a contributor, can sue Baz for
> > _copyright infringement_ for exporting the package illegally, because
> > this violates the license terms and so infringes copyright!
> 
> You'd have to be convicted of breaking the export law first. This is not
> like a civil rights violation - no conviction, no reason to sue.

I don't think this would necessarily stop copyright holders from using their
position to threaten people over their export activities.  And I don't think
that copyright holders should have that power, with a free software license.

Even though a conviction under criminal law might be necessary for a
justified lawsuit, lots of people are willing to bring unjustified lawsuits,
even as a means of harassment or to try to get someone to settle.  The
protections provided to defendents under civil law are much less extensive
than the protections under criminal law.

-- 
Seth David Schoen <[EMAIL PROTECTED]>  | And do not say, I will study when I
Temp.  http://www.loyalty.org/~schoen/  | have leisure; for perhaps you will
dow

Re: is this free?

[Joey Hess]

Bruce Perens wrote:
> > And in any case, whichever of obliation 2a and 2b you choose to fulfill,
> > it requires notifying AT&T
> 
> This is also in the APSL and IBM licenses. What was considered non-free
> were the ones that required you to send them email on _every_ modification,
> that was judged to be too great a hardship and this was the compromise.

Hm, I didn't realize that. So what if I release a program under one of these
licenses, and am promptly hit and killed by a bus on the way home? You can't
contact me and you haven't before, so arn't you now prohibited from
modifying the software? That doesn't sound very free.

-- 
see shy jo

Re: is this free?

[Bruce Perens]

From: Seth David Schoen <[EMAIL PROTECTED]>
> Some software distributors make you say "I am aware of the export laws"
> and some make you say "I promise to abide by the export laws".  There is a
> _huge_ difference between the two policies; the former is doing you a
> service by preventing you from getting in trouble by accident, while the
> latter is adding new restrictions on your behavior.

Where was this argument when the license was being reviewed? As far as I
can tell, we got to a point where everybody decided it was Open Source
although one person had a complaint about its being tear-open.

The important thing it does here is let ATT off from being an accomplice.
I don't believe that ascertaining that someone is merely _aware_ of the
law lets you off from being an accomplice. But I'm not terribly comfortable
with this clause.

> I don't think there was any BXA-restricted cryptography in Apple's release
> of Darwin either.

I'm sorry, I was not aware that Apple got in any sort of trouble about
Darwin - and if so, it's still on the net under the APSL, so what has
changed?

> But now the author of the package, or a contributor, can sue Baz for
> _copyright infringement_ for exporting the package illegally, because
> this violates the license terms and so infringes copyright!

You'd have to be convicted of breaking the export law first. This is not
like a civil rights violation - no conviction, no reason to sue.

Thanks

Bruce

Re: is this free?

[Bruce Perens]

AJ:
> And in any case, whichever of obliation 2a and 2b you choose to fulfill,
> it requires notifying AT&T

This is also in the APSL and IBM licenses. What was considered non-free
were the ones that required you to send them email on _every_ modification,
that was judged to be too great a hardship and this was the compromise.

> The first point in GENERAL, is unreasonable: ``if you ever use this
> software, you aren't allowed to ever sue us for any piece of your IP we
> may have used if it's in this software''.

Also in the Mozilla public license.

> The sixth point in GENERAL seems like it would discriminate against everyone
> not living in New York, USA, personally.

Also in just about every license ever written anywhere. QPL, MPL, NPL, IBM,
APSL.

Regarding the "monitor the web site" thing, I can't think of another good
way for them to notify you if there's a claim, unless they demand you name
and address. The IBM and APSL licenses also address claims, although they
don't seem to provide any good way of communicating information about claims.

Thanks

Bruce

Thanks

Bruce

Re: is this free?

[Seth David Schoen]

Bruce Perens writes:

> From: Seth David Schoen <[EMAIL PROTECTED]>
> > The OSI does worry about export restrictions as license conditions; that
> > was a problem with the original Apple Public Source License.  There is
> > still some controversy about that license, but the OSI got Apple to remove
> > the export-restriction language from the license entirely.
> 
> The problem with the APSL export language was that it broadened the scope
> of U.S. law to cover other countries, etc. The ATT language does not. It
> says you assure ATT you won't violate U.S. export laws. This:
> 
> 1. Lets ATT off the hook if you do - very important.

Users should perhaps have to affirm that they are aware of the export laws
when they download the software -- but _not_ promise to abide by them as a
license condition!

Some software distributors make you say "I am aware of the export laws"
and some make you say "I promise to abide by the export laws".  There is a
_huge_ difference between the two policies; the former is doing you a
service by preventing you from getting in trouble by accident, while the
latter is adding new restrictions on your behavior.

(Whether these restrictions are "new" in the sense of creating previously
nonexistent obligations is a very contentious political debate.  But, as
I will mention below, there is a practical consequence: there could be
more or different penalties associated with violating the restrictions.)

> 2. Only applies if you violate U.S. laws in their scope. If you export the
>software from Europe, it's not a violation.

The US government shows a tendency toward believing that the export laws
have been violated when code written by US citizens ends up outside of the
US _at all_ (in places where the government doesn't want it to be), even if
there are theoretically legal means by which it could have gotten there.
(I'm thinking of the investigation of Phil Zimmermann.)  So maybe the US
will even say at some point that US export laws are extraterritorial.

The license certainly doesn't say anything about whether the laws are
extraterritorial or not.

> There's no cryptography in there, anyway.

I don't think there was any BXA-restricted cryptography in Apple's release
of Darwin either.

The applicable export restrictions are not the controls on cryptography but
the prohibitions against providing technical assistance to the "state
sponsors of terrorism" and their citizens.  I believe that there there are
currently seven countries on that list.

I had a very broad objection to the whole idea of writing any export
restrictions into a free software license at all.  My original statement
of that objection was a little long-windered.  Let me see whether I can
express it more concisely with an example.

Suppose that there is some supposedly free software package which is
useful to someone in country Foo, whose government is a state sponsor of
terrorism, or country Bar, whose government isn't a state sponsor of
terrorism, but, if this package perhaps contains cryptography, to whose
citizens the US nonetheless makes it illegal to send this package.

Disbelieving in the legitimacy of those restrictions, free software user
Baz, a US citizen, sends copies of the package to friends in Foo and Bar.

If Baz is discovered by the US government, and it's in a bad mood, he
might be punished for violating the Arms Export Control Act or various
other export restriction laws.  OK, Baz understood what he was doing, and
hopefully he encrypted the package before exporting it -- but perhaps
he gets caught somehow and prosecuted.  There's not much he can do about
that.

But now the author of the package, or a contributor, can sue Baz for
_copyright infringement_ for exporting the package illegally, because
this violates the license terms and so infringes copyright!

So, not only is Baz potentially criminally liable for violating export
laws, but he is then _also_ potentially liable for a separate civil
copyright penalty.  That means that the copyright holder, by writing
export law into the license, has helped _enforce_ the export law by
creating a new penalty for violating it.

It's not reasonable to say that "free software authors will never sue
people for exporting packages".  Free software authors are human, too --
or sometimes corporate.  Perhaps they don't like Baz for other reasons,
or the government encourages them to sue, or they have political beliefs
of their own and may disapprove of Baz's decision to help make the
software more widely available.  Or they may just want to send a message
or help protect their copyright.  If a restriction in a license would
_never_ be enforced by a copyright holder, it shouldn't be in the
license.

That's why the OSD/DFSG says that the license "must not discriminate"; I
said concerning that APSL that if your license helps enforce a discriminatory
law, by making people promise to discriminate or by creating an extra
penalty for people who don't discriminate, then your li

Re: is this free?

[Anthony Towns]

On Mon, Nov 22, 1999 at 07:56:29PM -0800, Bruce Perens wrote:
> > it discriminates against people without regular internet access.
> 1. The IBM and Apple licenses also ask for you to have a URL where your
>modifications can be found. 

It's a lot easier to put some stuff up on a website once you've made some
changes than it is to `regularly monitor the webiste for any notices'. The
former requires you to give the code to a friend to stick up somewhere,
the latter requires you to have regular internet access, and to keep
track of a website whose URL may change.

This clause appears to apply even if you only compile the code without
particularly modifying it, too, presuming that involves `accessing or
using the Source Code'. This doesn't seem a reasonable thing to require
of our autobuilders.

In addition, `please monitor this website', seems just as bad as `watch
all our ads on TV'.

And in any case, whichever of obliation 2a and 2b you choose to fulfill,
it requires notifying AT&T, which has been consistently considered
non-free in the past.

Requiring you to grant AT&T an irrevocable right to make and sell and
modify and distribute and whatnot any patch seems a bit unbalanced,
too: if AT&T is so scared of misusing other people's intellectual "property",
that they reserve the right to terminate the license at any time, then
demanding an unrestricted, perpetual irrevocable license to any changes
you might make seems completely unreasonable.

The first point in GENERAL, is unreasonable: ``if you ever use this
software, you aren't allowed to ever sue us for any piece of your IP we
may have used if it's in this software''.

The sixth point in GENERAL seems like it would discriminate against everyone
not living in New York, USA, personally.

> 3. I think it's _really_ stretching the point, anyway.

Personally, I have enough trouble regularly monitoring slashdot, let
alone every random website run by some random guy who happens to have
written some program I use once a month.

All these name-brand licenses have the same problem, IMO. They're not
about a bunch of equals working together on a product, they're about
some Big Player working with a bunch of nameless munchkins on a product.
It's not the cover-your-ass aspect that's causing problems; the GPL
and BSD licenses do a fair bit of that anyway; it's the imbalance of
the thing.

Perhaps AT&T would be more inclined to make a license that's actually
free if they replaced all the `AT&T's with, say, `IBM', and checked to
see if what rights and obligations they were left with were acceptable.

But `you'll check our website every day or so and only use our code in
this project; we'll use your code however we see fit, and we'll sue you if
you've mislead us in any way'? Please.

BTW, www.opensource.org doesn't seem to have web based archives of its
license-discuss list?

Cheers,
aj

-- 
Anthony Towns <[EMAIL PROTECTED]> 
I don't speak for anyone save myself. PGP encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
results in slower code, and it results in more bugs.''
-- Linus Torvalds


pgp6oYXtzUNga.pgp
Description: PGP signature

Re: is this free?

[Bruce Perens]

I agree that CYA seems to be an important theme of the license.

ATT is the juiciest of lawsuit targets because their pockets are so deep. Any
attorney there who did not exert effort on CYA would be remiss in his duties.

I think they should have the right to CTAs if they do it in a way that keeps
their license in Open Source.

Thanks

Bruce

Re: is this free?

[Chris Lawrence]

On Nov 22, Raul Miller wrote:
> it discriminates against people without regular internet access.
> 
> Also, it effectively requires a fee for use, unless you consider the
> time of the person who uses it to have no value.  [same issue.]

It seems to be designed to protect users from being sued by anyone who
might have a right to the code (other than AT&T of course), since it
would be illegal for you to use the code if AT&T didn't have a valid
right to license it in the first place.

It's like me saying: I wrote this code, but there may be people in the
universe who think they have rights to it.  If there are, and their
claims are legitimate, then it may be illegal for me to distribute the
code and for you to use it (at least under the current license).  I
will update the license if this becomes the case.

To put it another way: we're not entirely sure the schmuck who "wrote"
this code didn't steal it from Microsoft.  So we're covering our butts
and yours by reserving the right to revise the license if that is
actually the case (however remote the possibility).

IANAL, of course.  Would be nice if we had one around here ;-)


Chris
-- 
=
|Chris Lawrence   |  You have a computer.  Do you have Linux?   |
|   <[EMAIL PROTECTED]>  |http://www.linux-m68k.org/index.html |
| | |
|   Grad Student, Pol. Sci.   |Visit the Amiga Web Directory|
|  University of Mississippi  |   http://www.cucug.org/amiga.html   |
=

Re: is this free?

[Bruce Perens]

> it discriminates against people without regular internet access.

1. The IBM and Apple licenses also ask for you to have a URL where your
   modifications can be found. I suspect things under those licenses are
   already accepted into main. This is specificaly negociated _for_debian_
   from IBM and Apple's previous policy, which required email with _every_
   modification.

2. Many people are capable of putting something on the web for you if you
   mail them a floppy. I'd do it if asked. I also give out free web sites
   to worthy causes, as do many people. So I don't think that regular internet
   access is a true barrier, and there are few places left in the world where
   irregular access can not be had.

3. I think it's _really_ stretching the point, anyway.

4. It's not a usage fee, and usage fees _would_ run awry of the DFSG.

Thanks

Bruce

Re: is this free?

[Raul Miller]

On Mon, Nov 22, 1999 at 07:13:25PM -0800, Bruce Perens wrote:
> It's DFSG-compliant as far as I can tell. I went through several passes with
> them.

it discriminates against people without regular internet access.

Also, it effectively requires a fee for use, unless you consider the
time of the person who uses it to have no value.  [same issue.]

Then again, maybe there's nothing wrong with open source software which
has a usage fee?  After all, there's no specific language prohibiting that
(as long as the software can be distributed for free).  [Which is to say,
if this license is Open Source then software which requires a usage fee
should also be considered Open Source.]

-- 
Raul

Re: is this free?

[Bruce Perens]

From: Seth David Schoen <[EMAIL PROTECTED]>
> The OSI does worry about export restrictions as license conditions; that
> was a problem with the original Apple Public Source License.  There is
> still some controversy about that license, but the OSI got Apple to remove
> the export-restriction language from the license entirely.

The problem with the APSL export language was that it broadened the scope
of U.S. law to cover other countries, etc. The ATT language does not. It
says you assure ATT you won't violate U.S. export laws. This:

1. Lets ATT off the hook if you do - very important.
2. Only applies if you violate U.S. laws in their scope. If you export the
   software from Europe, it's not a violation.

There's no cryptography in there, anyway.

Thanks

Bruce

Re: is this free?

[Bruce Perens]

It's DFSG-compliant as far as I can tell. I went through several passes with
them.

Bruce

Re: mutt no longer in non-us?

[Tomasz Wegrzanowski]

On Mon, Nov 22, 1999 at 03:29:03PM -0800, Joey Hess wrote:
> Chris Lawrence wrote:
> > It highly inconveniences our users, however.  No part of the Social
> > Contract says "protesting stupid laws is more important than our users."
> 
> How does it inconvencience our users?

a) None looks for mailing program with no encription in non-us
b) there is often no non-us on cds
c) this damages users' brains and having damaged brain is inconvencient
   (at laest for me)

> > It also inconveniences the Debian maintainer, who has to maintain two
> > different forks of the same code (source and binary).  It wastes space
> > on our mirrors.  It creates confusion by having multiple packages that
> > do the exact same thing (less a system() or two).
> 
> What are you talking about? Both source and binary would go in non-US.

Stop this thread now !!!
There is no strong nor any other encription in mutt.
If you think EVERY program calling pgp/gpg have to go to non-us
then what is contrib for ??? And mutt can work without pgp/gpg
so it doesnt belong to contrib.