Re: [License-discuss] Guidance for making license information available to users
ndard/files/pages/files/using_spdx_license_list_short_identifiers.pdf [6] https://patchwork.kernel.org/patch/10016189/ [7] https://github.com/nexB/scancode-toolkit [8] https://github.com/nexB/aboutcode-manager [9] https://github.com/nexB/aboutcode-toolkit [10] https://wiki.debian.org/CopyrightReviewTools -- Cordially Philippe Ombredanne +1 650 799 0949 | pombreda...@nexb.com DejaCode : What's in your code?! at http://www.dejacode.com nexB Inc. at http://www.nexb.com ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] notes on a systematic approach to "popular" licenses
On Sun, Apr 9, 2017 at 9:20 PM, Luis Villa wrote: > What's the "right" level to scan at? Top-level project-declared LICENSE > file? Or per-file throughout the tree? (Note that often those two measures > don't agree with each other.) MO is that the right level is scan at both levels and if needed surface any inconsistencies or contradictions. Scanning only the simpler top-level project-declared LICENSE or COPYING file is not enough and too often incomplete or inaccurate data based on my experience at scale. That said, I am the maintainer of the open source ScanCode toolkit, a fresh take to build a better mousetrap for license scanning: https://github.com/nexB/scancode-toolkit My goal is simple: I want the licensing of every open source code to be a problem solved. Not a question mark. e.g. working towards 100% licensing clarity and eventually ensure that no piece of existing open source code raises questions wrt. licensing to a user or aspiring user. For that I would like to scan it **all**... and setup some community peer review site so we can help every open source project add, refine or cleanup any missing, incomplete, inaccurate or contradicting licensing. Or at least make the data open and available for anyone to query otherwise. The main drag is as always resource availability (as in both human time, network , bandwidth and computing power) to fetch and scan everything from every package managers, forge, Sourceforge, Github, etc which represents a significant[sic] number of terabytes. This could become a lesser issue on the fetch side when softwareheritage.org is fully operational. But still. If anyone is interested by this, please contact me! -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] notes on a systematic approach to "popular" licenses
On Fri, Apr 7, 2017 at 8:14 PM, Smith, McCoy wrote: > But I think that at some point it would be helpful for there to be a > resource for people to sift through all the licenses on the list to > understand what they do and don’t do. You may also consider this https://enterprise.dejacode.com/licenses/ Every OSI licenses (and more) conditions have been carefully tagged as seen here: https://enterprise.dejacode.com/licenses/Demo/apache-2.0/#license-conditions (disclosure: this is a product of my company) -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] notes on a systematic approach to "popular" licenses
> On Thu, Apr 6, 2017 at 6:19 PM Philippe Ombredanne > wrote: >> >> On Thu, Apr 6, 2017 at 5:21 PM, Luis Villa wrote: >> > On Tue, Jan 10, 2017, 11:07 AM Luis Villa wrote: >> >> >> >> Hey, all- >> >> I promised some board members a summary of my investigation in '12-'13 >> >> into updating, supplementing, or replacing the "popular licenses" list. >> >> Here >> >> goes. >> [...] >> > Yet another (inevitably flawed) data set: >> > https://libraries.io/licenses >> >> With the merit that the all the underlying code is FLOSS. >> >> Another possible source --always biased-- could be Debian's popcon and >> some cross ref with debsources. On Fri, Apr 7, 2017 at 11:54 AM, Andrew Nesbitt wrote: > "inevitably flawed", would be great to get some feedback on how/why it's > flawed so I can improve it? > > System level package managers are in the pipeline for the end of the year, > but there are so fewer packages there that I can't see it moving the needle > much Andrew: my comment on "inevitably flawed" was to echo Luis point that any open source license popularity contest is likely to be flawed and biased one way or another regardless of the data set that is considered as a basis. That was not a reflection on any flaw in libraries.io which rocks! Accept my apologies if it came across this way -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] notes on a systematic approach to "popular" licenses
On Thu, Apr 6, 2017 at 5:21 PM, Luis Villa wrote: > On Tue, Jan 10, 2017, 11:07 AM Luis Villa wrote: >> >> Hey, all- >> I promised some board members a summary of my investigation in '12-'13 >> into updating, supplementing, or replacing the "popular licenses" list. Here >> goes. [...] > Yet another (inevitably flawed) data set: > https://libraries.io/licenses With the merit that the all the underlying code is FLOSS. Another possible source --always biased-- could be Debian's popcon and some cross ref with debsources. -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] License Question
On Thu, Feb 16, 2017 at 7:35 AM, Rick Moen wrote: and ext> [...] > The company selling the firmware does indeed bear the obligation to > comply with the licensing terms of the various codebases it ships that > were written by others, including the Linux kernel, > [...] > As a third party who is standing outside the commission of apparent > torts against some copyright owners of code within the 'firmware' image, > you have limited leverage, lacking standing for a copyright action. > [...] > I'm sure the above is not quite what you were hoping to hear, but I hope > it proves enlightening, nonetheless. Rick: This is enlightening and well written! I guess other courses of action could include: - getting advice from the FSF [1]. - in the past, discussing on gpl-violations [2] would have been an option, but it looks mostly dormant nowadays and its mailing lists pages are 404. - or if one feels strongly about the topic, public shaming? [1] https://www.gnu.org/licenses/gpl-violation.en.html [2] http://gpl-violations.org -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] US Army Research Laboratory Open Source License proposal
On Fri, Jul 22, 2016 at 11:23 PM, Lawrence Rosen wrote: > > It is true that this public domain result doesn't apply outside the U.S. But > if you apply a valid open source license to it – such as Apache 2.0 – that > should be good enough for everyone who doesn't live in the U.S. and > irrelevant for us here. Larry, are you suggesting that Cem considers using some statement more or less like this, rather than a new license? This U.S. Federal Government work is not copyrighted and dedicated to the public domain in the USA. Alternatively, the Apache-2.0 license applies outside of the USA ? On Sat, Jul 23, 2016 at 9:51 AM, Maarten Zeinstra wrote: > > Is that the correct interpretation of the Berne convention? The convention > assigns copyright to foreigners of a signatory state with at least as strong > protection as own nationals. Since US government does not attract copyright > I am unsure if they can attract copyright in other jurisdictions. Maarten, are you suggesting then that the lack of copyright for a U.S. Federal Government work would just then apply elsewhere too and that using an alternative Apache license would not even be needed? -- Cordially Philippe Ombredanne +1 650 799 0949 | pombreda...@nexb.com DejaCode : What's in your code?! at http://www.dejacode.com nexB Inc. at http://www.nexb.com ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] US Army Research Laboratory Open Source License proposal
On Fri, Jul 22, 2016 at 11:01 PM, Karan, Cem F CIV USARMY RDECOM ARL (US) wrote: > Hi, my name is Cem Karan. I work for the US Army Research Laboratory (ARL) in > Adelphi, MD. I'm in charge of defining the Open Source policy for ARL. As a > part of this, we need a license that meets our legal and regulatory needs, but > is ideally fully interchangeable with everything licensed under the Apache 2 > license as defined at http://www.apache.org/licenses/LICENSE-2.0.txt. We also > want our license to be fully accepted by OSI as a valid Open Source license. > > Unfortunately, we cannot directly use the Apache 2 license for all of our > code. Most of our researchers work for the US Federal Government and under US > copyright law any works they produce during the course of their duties do not > have copyright attached, so we have to rely on contract law as a protection > mechanism within the USA. What about this simpler approach: you could release your software under a choice of two licenses: - a public domain dedication (such as CC-0 or your own dedication) OR - the Apache-2.0 Could this alleviate the need to create a new license and still address your needs? -- Cordially Philippe Ombredanne +1 650 799 0949 | pombreda...@nexb.com DejaCode : What's in your code?! at http://www.dejacode.com nexB Inc. at http://www.nexb.com ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Source-attribution licenses and Javascript compatibility
On Fri, May 20, 2016 at 4:06 AM, Andi McClure wrote: > I am working on some projects (a programming language, a game library) for > which I wish to use a "source attribution" license-- for example, the zlib > license, or the 2-clause BSD license if I could somehow delete the second > clause. I want people redistributing or reusing source code from my project > to keep attribution along with the source; however, I do not want to put > conditions on people who are only distributing executable versions to be run > by end users. > > However it is ambiguous to me what "source" and "executable" mean when > dealing with interpreted languages, or in particular when dealing with > Javascript, which has developed an entire tools ecosystem around > "minifying". Consider these scenarios: > > 1. A developer has taken a Javascript library I wrote and embedded it into a > web app they wrote using a
Re: [License-discuss] Trove Classifiers
On Wed, May 4, 2016 at 4:02 PM, Paul R. Tagliamonte wrote: > Hey all, > > For those who don't know, Trove classifiers are used by the Python > world to talk about what is contained in the Python package. Stuff > like saying "It's under the MIT/Expat license!" or "It's beta!". > > > I was looking at the tags, and I saw one that made me "wat" a bit. > >> License :: OSI Approved :: GNU Free Documentation License (FDL) > > AFAIK the GFDL is *not* OSI approved, both due to it not being a > software license, as well as I'm sure the invariant clauses being an > issue. > > Has anyone come across this yet? Anyone have objections to me trying > to clean up the Trove list? Good catch! Cleaning the list is going to be easy on the Python.org side, especially since a new Pypi site is in the making. [1] The harder or impossible part would have be to clean up the 1000+ of packages using this faulty classifier But there is really only three of these [2] and all of them look either pretty old or abandoned and none has its packages effectively hosted or distributed on Pypi. [1] https://pypi.io/ [2] https://pypi.python.org/pypi?:action=browse&c=63 -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Open Source License API Soft-launch
On Thu, Apr 28, 2016 at 3:15 PM, Paul R. Tagliamonte wrote: > Hey -discuss, > Over the last few flights I've been on, I've hacked up an API for OSI > approved Open Source licenses. > > It's in soft-launch, so nothing pushed out yet, and I'd appreciate it > being kept public-but-not-pushed until after I write up a blog post > about it. > > Part of this is a machine readable copy of the OSI Licenses, found at: > https://github.com/opensourceorg/licenses > > It's underdocumented, so bear with me while I get things together! > > You can find the Open Source API at: > >https://api.opensource.org/ Very nice. Congrats and thanks! -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] Any Free License, an open source license
On Tue, Nov 10, 2015 at 3:17 AM, Christopher Allan Webber wrote: [...] > I decided to author the most open license of all time, for those who > just can't decide over license minutiae. Here it is. Simply copy this > into your programming headers and you are on the path to maximal > freedom. > > # -- (C) > # Released under the "Any Free License 2015-11-05", whose terms > # are the following: > # This code is released under any of the free software licenses listed on > # https://www.gnu.org/licenses/license-list.html > # which for archival purposes is > # > https://web.archive.org/web/20151105070140/http://www.gnu.org/licenses/license-list.html Chris: This is not a license proper, but a choice among many licenses. Therefore there is no need for any "approval". Approval would apply to each individual license and not to all conjunctive or disjunctive license combinations or permutations, even for a something allowing anything. As an aside, this notice of yours is unlikely as open and "free" of constraints as it may look on the surface. What does any mean? Can it be a subset of the choices? What if the terms conflicts? Must I pick one license among them all? Must I or can I or not pass this choice downstream? To be clear you would need to address all these (and likely many other) related issues.... So this may not be such a good idea after all. -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
Re: [License-discuss] BSD 3-clause and copyright notices
On Tue, Sep 29, 2015 at 6:13 PM, Zluty Sysel wrote: > Hi all, > > After conquering many hurdles along the way, it looks like the company > I am a part of is willing to release a good part of the source code we > own as open source software. Before we do that though there are a > couple of outstanding issues that I was hoping someone on this mailing > list could clarify. We want to use a BSD 3-clause and immediately > publish the source code on a public code repository allowing > contributions from users. The questions that have arisen are the > following: > > 1) Clause 2 requires users that distribute the software in binary form > to reproduce the copyright notice. Since the holder of the copyright > notice is the very same company that makes the source code available > to them, would it be possible to selectively waiver this obligation to > a particular set of users without infringing on the Open Source > definition or the BSD license itself? > If the answer was negative, would including the existence of such a > waiver in the license itself preclude it from being considered an open > source software license? As the copyright holder you can do as you please. You do not need to attribute yourself for your own code, though that is of course nice anyway ;) No need for a waiver. A waiver would be rather an awkward and weird thing. > 2) When accepting contributions to the source code repository from > external sources, I have seen that is sometimes customary to include > an additional copyright line to the license text included at the top > of the source file, crediting the person or company that contributed > the new code or file. Either that or an author file. Simpler is better. > Would then the waiver mentioned in question 1) be in violation of the > additional copyright holder(s)' rights? May be not in violation of their rights but in contradiction with your eventual obligations. Think about it this way: What if you were such an external contributor: you worked hard to provide code enhancements to this project. And as a thank you note, you have . nothing. This would not be great, would it? > 3) When reproducing the copyright notice in binary distributions, must > one parse all source code files to find out all of the contributors' > names and include them in full? Or is it enough to simply provide a > LICENSE file that only credits the original author (the company that > made the source code available originally) so that users of the source > code can simply reproduce that particular file in their binary > distributions? This is your call. Projects often create an AUTHORS file to list contributors to keep things simple. And/or list the major contributors in the a LICENSE or COPYING. Again giving credits to contributors is the _right and nice thing_ to do. (check out the scancode-toolkit if you want to create such a list of copyrights, disclaimer: I am an author of it) > Thank you in advance, In summary, my 2 cents: The BSD license is simple, so keep things simple. You do not need to credit yourself in your own redistribution. Forget about adding waivers or other weird things to it: the weirder your license, the less likely anyone will want to contribute anything. I would not touch code with such a weird waiver (even with a very long pole). And If you are lucky enough to ever receive contributions from others, giving credit whether required or not is _always_ the right thing and the nice thing to do. Embrace open source and be happy! And IANAL, TINLA -- Cordially Philippe Ombredanne ___ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
On the licensing terms of the open source licenses text
Dear licenses enthusiasts, I have a question about the licenses of the text of the licenses themselves. Very specifically, I wanted to create our own license, based on the OSL, but I am taking the OSL here as an example. And taking the OSL as example gives definitely a recursive feel to the topic... The OSL and many other licenses have fine prints like that: > "This license is Copyright (C) 2003-2004 Lawrence E. Rosen. > All rights reserved. Permission is hereby granted to copy and > distribute this license without modification. This license may > not be modified without the express written permission of its > copyright owner." This obviously restricts the reuse of the license text in other licenses. On the other hand, every web page on opensource.org has the following footer: > "Copyright C 2004 by the Open Source Initiative > The contents of this website are licensed under the > Open Software License 2.1 or Academic Free License 2.1" This could be construed as making the text of the licenses available under the OSL. So the questions are: How can I reuse the text of a license like the OSL to create a new license? Is this licensed under the OSL? Or restricted to Larry's terms? Can I create a new license, for instance the nexB public license, based on the text of the OSL, or other license text but with every reference to the OSL removed, except for copyright attributions, creating a derivative work of the license text? And if I use an existing OSI approved license as a base, would I need to go through the full legal commentary to submit it for approval? (BTW, I know this was debated in the past, but did not find any conclusion on the topic. -- Cheers Philippe philippe ombredanne | nexB - Open IT Asset Management 1 650 799 0949 | pombredanne at nexb.com http://www.nexb.com -- license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3
On the licensing terms of the open source licenses text
Dear licenses enthusiasts, I have a question about the licenses of the text of the licenses themselves. Very specifically, I wanted to create our own license, based on the OSL, but I am taking the OSL here as an example. And taking the OSL as example gives definitely a recursive feel to the topic... The OSL and many other licenses have fine prints like that: > "This license is Copyright (C) 2003-2004 Lawrence E. Rosen. > All rights reserved. Permission is hereby granted to copy and > distribute this license without modification. This license may > not be modified without the express written permission of its > copyright owner." This obviously restricts the reuse of the license text in other licenses. On the other hand, every web page on opensource.org has the following footer: > "Copyright C 2004 by the Open Source Initiative > The contents of this website are licensed under the > Open Software License 2.1 or Academic Free License 2.1" This could be construed as making the text of the licenses available under the OSL. So the questions are: How can I reuse the text of a license like the OSL to create a new license? Is this licensed under the OSL? Or restricted to Larry's terms? Can I create a new license, for instance the nexB public license, based on the text of the OSL, or other license text but with every reference to the OSL removed, except for copyright attributions, creating a derivative work of the license text? And if I use an existing OSI approved license as a base, would I need to go through the full legal commentary to submit it for approval? (BTW, I know this was debated in the past, but did not find any conclusion on the topic. -- Cheers Philippe philippe ombredanne | nexB - Open IT Asset Management 1 650 799 0949 | pombredanne at nexb.com http://www.nexb.com -- license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3
