Re: [License-discuss] FAQ entry (and potential website page?) on "why standard licenses"?

2014-04-29 Thread Philip Odence 
touché
Maybe than “licenses that people think they understand"

From: Lawrence Rosen mailto:lro...@rosenlaw.com>>
Reply-To: mailto:lro...@rosenlaw.com>>, 
mailto:license-discuss@opensource.org>>
Date: Tue, 29 Apr 2014 08:33:10 -0700
To: mailto:license-discuss@opensource.org>>
Subject: Re: [License-discuss] FAQ entry (and potential website page?) on "why 
standard licenses"?

Philip Odence suggested:
> Hey maybe “well-understood” is a good alternative to “standard."

Note that the GPL is one of the "least-understood" licenses around, even by 
some of its supporters who make the most outrageous claims about linking. :-)

/Larry

From: Philip Odence [mailto:pode...@blackducksoftware.com]
Sent: Tuesday, April 29, 2014 4:52 AM
To: lro...@rosenlaw.com<mailto:lro...@rosenlaw.com>; 
license-discuss@opensource.org<mailto:license-discuss@opensource.org>
Subject: Re: [License-discuss] FAQ entry (and potential website page?) on "why 
standard licenses"?

___ License-discuss mailing list 
License-discuss@opensource.org<mailto:License-discuss@opensource.org> 
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] FAQ entry (and potential website page?) on "why standard licenses"?

2014-04-29 Thread Philip Odence 
Thanks, Larry. The list is not designed exactly for the purpose of this 
discussion, but I thought it might provide some useful, objective data. 
Certainly not taking anything personally.

All of your questions are good questions; most really important if one is 
recommending licenses which Black Duck generally, and the list absolutely, does 
not. The list is simply a ranking by “number of unique programs (in the Black 
Duck KnowledgeBase) under the license.” We call them as we see them, i.e. 
identifying the license declared for each project. So, while you might make a 
great point about the 2- and 3-clause BSD, we make the distinction and let 
lawyers decide whether they “give a damn about” it. We endeavor to capture any 
software freely available on the Internet and thus end up a long tail of 
associated licenses which are not strictly open source licenses. And, yes, we 
keep old projects and deprecated licenses. Understand that one of the key use 
cases the data are meant to support is scanning code to discover its 
composition, and often old components (with old licenses) turn up in new code.

For lawyers who review code, the message of the top 20 list is that there’s a 
clear Paredo distribution; if you understand the top 10 or 20, you are in 
reasonable shape. This is back to Luis’ original point of which we should not 
lose sight; there are a bunch of good reasons to steer developers towards a 
well-understood licenses. Hey maybe “well-understood” is a good alternative to 
“standard."



From: Lawrence Rosen mailto:lro...@rosenlaw.com>>
Reply-To: mailto:lro...@rosenlaw.com>>, 
mailto:license-discuss@opensource.org>>
Date: Mon, 28 Apr 2014 16:06:41 -0700
To: mailto:license-discuss@opensource.org>>
Subject: Re: [License-discuss] FAQ entry (and potential website page?) on "why 
standard licenses"?


Hi Philip,



Thanks for the Black Duck "Top 20" list of open source licenses. Your list is 
the best around, so please don't take the following criticism too personally. 
But this list demonstrates that even the ways that we calculate popularity are 
flawed. For example:



· Are GPLv2 and GPLv3 really one license nowadays with total 38% 
popularity, or still two licenses? [Ben Tilly already made that suggestion on 
this list.] And the classpath exception version of the GPL (at < 1%) qualifies 
that license for yet a third spot on your "Top 20" list?



· Same with the LGPL; is that one license at (5% and 2%, respectively) 
or one license at 7%?



· Are these numbers based on lines of code created, numbers of unique 
programs under the license, or number of copies of the software actually 
distributed? For example, under what criteria does the zlib/libpng license 
count? Wikipedia describes that license as intended for two specific software 
libraries but "also used by many other free software packages." That comment in 
Wikipedia is as vague and uninformative as the "< 1%" that you cite in your 
table. I say this to point out that numbers on a list need to be *interpreted* 
and *scaled* to be useful.



· Is there any value to listing the 2-clause and the 3-clause BSD 
licenses separately, given that no company lawyer in the world gives a damn 
about the distinctions between them? Meanwhile, every conversation about the 
BSD licenses on these OSI email lists concludes with the following great 
suggestion: "Why don't you use the Apache License 2.0 instead?" If OSI is ever 
going to recommend answers to easy legal questions, surely this is among them. 
It serves absolutely no useful purpose at this stage of our maturity to list 
each version of the BSD license separately – not even the two you placed on 
your list.



· You list the CDDL, a license created by a company that no longer 
exists and whose successor company doesn't use it. Do we still count deprecated 
licenses for as long as a even single copy of that code resides in the wild? 
Not only that, but two versions of that single obsolete license are 
individually listed in the "Top 20".



· Wikipedia refers to the CPOL license as "mainly applied to content 
that is being published on a single community site for software developers" 
known as The Code Project. Wikipedia further reports that the CPOL license is 
neither "open" as defined by OSI nor "free" as defined by FSF. Why is it on 
your list at all?



/Larry





-Original Message-
From: Philip Odence [mailto:pode...@blackducksoftware.com]
Sent: Monday, April 28, 2014 2:48 PM
To: license-discuss@opensource.org<mailto:license-discuss@opensource.org>
Subject: Re: [License-discuss] FAQ entry (and potential website page?) on "why 
standard licenses"?



In case it helps, Black Duck publishes a top licenses list based on the number 
of projects in our KnowledgeBase (out of a c

Re: [License-discuss] FAQ entry (and potential website page?) on "why standard licenses"?

2014-04-28 Thread Philip Odence 
In case it helps, Black Duck publishes a top licenses list based on the
number of projects in our KnowledgeBase (out of a current total of about a
million) that utilize each respective license.
http://www.blackducksoftware.com/resources/data/top-20-open-source-licenses
 
The webpage only shows the top 20, but if OSI thought that 30, say, was a
good number, we could provide those.

By the way, we are working on improving the presentation of the list, but
I didn¹t want to wait for that before throwing the thought into the mix.



On 4/28/14, 4:57 PM, "Richard Fontana"  wrote:

>On Mon, 28 Apr 2014 13:31:06 -0700
>Ben Tilly  wrote:
>
>> Suggested solution, can we use the word "common" instead of
>> "standard"?  And our definition of common should be something
>> relatively objective, like the top X licenses in use on github, minus
>> licenses (like the GPL v2) whose authors are pushing to replace with a
>> different license.
>
>You'd exclude the most commonly-used FLOSS license from "common"?
>
> - RF
>___
>License-discuss mailing list
>License-discuss@opensource.org
>http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] [Infrastructure] Machine readable source of OSI approved licenses?

2014-02-25 Thread Philip Odence 
Below is a simple example of a marked up license.

The symbols << and >> designate the beginning and end of mark up statements.
In this case the top section is optional and marked as such with beginoptional 
and endoptional.
Within that and further down in the text are a total of three places where a 
copyright holders name can be used. For each of those is instruction on 
matching using a simple regex, in this case .+ which means any string of 
characters. For each there is also an example and also a variable name so the 
actual text could be captured.

This (in addition to the aforementioned matching guidelines) is to instruct a 
person or a program how to go about matching this license to some license text 
found in the wild.

I continue to think it would be valuable to have a call with a couple of 
representatives from each organization to explore synergies.


   <>

Copyright (c) < 
;match=.+;example=John Doe>>
All rights reserved.
<

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:

1. Redistributions of source code must retain the above copyright
   notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
   notice, this list of conditions and the following disclaimer in the
   documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY <> "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL <> BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

From: Phil Odence 
mailto:pode...@blackducksoftware.com>>
Reply-To: 
"license-discuss@opensource.org" 
mailto:license-discuss@opensource.org>>
Date: Tuesday, February 25, 2014 7:14 AM
To: "license-discuss@opensource.org" 
mailto:license-discuss@opensource.org>>
Subject: Re: [License-discuss] [Infrastructure] Machine readable source of OSI 
approved licenses?

We'll get you some examples and some more detail, but the main idea is to 
support matching (for both humans and programs). The idea is to do as much as 
we can with the general guidelines, but to mark up where need be (as in my BSD 
copyright text example).


From: Luis Villa mailto:l...@lu.is>>
Reply-To: 
"license-discuss@opensource.org" 
mailto:license-discuss@opensource.org>>
Date: Sunday, February 23, 2014 6:21 PM
To: License Discuss 
mailto:license-discuss@opensource.org>>
Subject: Re: [License-discuss] [Infrastructure] Machine readable source of OSI 
approved licenses?

On Mon, Feb 10, 2014 at 8:02 AM, J Lovejoy 
mailto:opensou...@jilayne.com>> wrote:

We are in the process of updating the text files with markup to implement the 
license matching guidelines located here: 
http://spdx.org/spdx-license-list/matching-guidelines - the goal being to 
provide a way to ensure that when one SPDX user identifies a license, it is 
reliably the same as when another SPDX user identifies the same license.  Of 
course, the main example of this is the BSD 3 and 4 clause licenses and Apache 
1.1, which may include the names of the specific copyright holder even though 
the rest of the license is exactly the same (goal being to avoid concluding 
every BSD-3-Clause with a different copyright holder name gets identified as a 
different license.)

Hi, Jilayne, Phil-
What is the intended markup here? The matching guidelines seem useful, but it 
isn't clear to me what a license marked up that way would look like. Is there 
an example somewhere?

Luis
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

Re: [License-discuss] [Infrastructure] Machine readable source of OSI approved licenses?

2014-02-25 Thread Philip Odence 
We'll get you some examples and some more detail, but the main idea is to 
support matching (for both humans and programs). The idea is to do as much as 
we can with the general guidelines, but to mark up where need be (as in my BSD 
copyright text example).


From: Luis Villa mailto:l...@lu.is>>
Reply-To: 
"license-discuss@opensource.org" 
mailto:license-discuss@opensource.org>>
Date: Sunday, February 23, 2014 6:21 PM
To: License Discuss 
mailto:license-discuss@opensource.org>>
Subject: Re: [License-discuss] [Infrastructure] Machine readable source of OSI 
approved licenses?

On Mon, Feb 10, 2014 at 8:02 AM, J Lovejoy 
mailto:opensou...@jilayne.com>> wrote:

We are in the process of updating the text files with markup to implement the 
license matching guidelines located here: 
http://spdx.org/spdx-license-list/matching-guidelines - the goal being to 
provide a way to ensure that when one SPDX user identifies a license, it is 
reliably the same as when another SPDX user identifies the same license.  Of 
course, the main example of this is the BSD 3 and 4 clause licenses and Apache 
1.1, which may include the names of the specific copyright holder even though 
the rest of the license is exactly the same (goal being to avoid concluding 
every BSD-3-Clause with a different copyright holder name gets identified as a 
different license.)

Hi, Jilayne, Phil-
What is the intended markup here? The matching guidelines seem useful, but it 
isn't clear to me what a license marked up that way would look like. Is there 
an example somewhere?

Luis
___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

[License-discuss] OSI and the SPDX license list

2014-01-23 Thread Philip Odence 
Hello all,

I'm Phil Odence, chair of the Linux Foundation's SPDX project, and new to this 
group (at Patrick Masson's suggestion). There was some recent discussion on 
this list that suggests an opportunity for more collaboration between the SPDX 
group and OSI.

Probably many of you are aware of SPDX and previous collaboration between the 
two organizations. Mainly we worked together on the SPDX license list 
http://spdx.org/licenses/ syncing short name identifiers and making sure the 
SPDX list covered all OSI-approved licenses and provided an indication of 
OSI-approved licenses.

 Your recent discussion included a couple topics which the SPDX Legal Team is 
also working on:
Machine readable licenses- We are well underway with 'marking up' popular 
license text to indicate optional or variable parts (e.g. copyright holder in 
the BSD license)
Headers- We are in the midst of discussing how to handle headers vs. actual 
license text and the "or later" issue.

If OSI is working on the above issues and other related ones, I suggest a 
meeting between interested parties of both organizations to cross-polinate 
ideas, minimize redundancy and generally coordinate for mutual benefit. I would 
be happy to organize, if someone will suggest the appropriate OSI participants.

Thanks for your time,
Phil

L. Philip Odence
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence
pode...@blackducksoftware.com<mailto:pode...@blackducksoftware.com>
http://www.blackducksoftware.com<http://www.blackducksoftware.com/>
http://twitter.com/podence
http://www.linkedin.com/in/podence
http://www.networkworld.com/community/odence (my blog)


___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss

[License-discuss] OSI and the SPDX license list

2014-01-23 Thread Philip Odence 
Hello all,

I'm Phil Odence, chair of the Linux Foundation's SPDX project, and new to this 
group (at Patrick Masson's suggestion). There was some recent discussion on 
this list that suggests an opportunity for more collaboration between the SPDX 
group and OSI.

Probably many of you are aware of SPDX and previous collaboration between the 
two organizations. Mainly we worked together on the SPDX license list 
http://spdx.org/licenses/ syncing short name identifiers and making sure the 
SPDX list covered all OSI-approved licenses and provided an indication of 
OSI-approved licenses.

 Your recent discussion included a couple topics which the SPDX Legal Team is 
also working on:
Machine readable licenses- We are well underway with 'marking up' popular 
license text to indicate optional or variable parts (e.g. copyright holder in 
the BSD license)
Headers- We are in the midst of discussing how to handle headers vs. actual 
license text and the "or later" issue.

If OSI is working on the above issues and other related ones, I suggest a 
meeting between interested parties of both organizations to cross-polinate 
ideas, minimize redundancy and generally coordinate for mutual benefit. I would 
be happy to organize, if someone will suggest the appropriate OSI participants.

Thanks for your time,
Phil

L. Philip Odence
Vice President of Corporate and Business Development
Black Duck Software, Inc.
8 New England Executive Park, Suite 211, Burlington MA 01803
Phone: 781.810.1819, Mobile: 781.258.9502
Skype: philip.odence
pode...@blackducksoftware.com<mailto:pode...@blackducksoftware.com>
http://www.blackducksoftware.com<http://www.blackducksoftware.com/>
http://twitter.com/podence
http://www.linkedin.com/in/podence
http://www.networkworld.com/community/odence (my blog)


___
License-discuss mailing list
License-discuss@opensource.org
http://projects.opensource.org/cgi-bin/mailman/listinfo/license-discuss