Fwd: OSI approves CPAL at OSCON 2007

I have no idea why this never made it to the reflector.  I'll try sending again.

M

---------- Forwarded message ----------
From: Michael Tiemann <tiemann@...>
Date: Jul 27, 2007 1:43 AM
Subject: OSI approves CPAL at OSCON 2007
To: license-discuss@...


I wish that Russ Nelson or I would have been the first to be able to
report the results of the board meetings held at OSCON this week.  The
schedule of our activities was posted on our wiki, but that schedule
did not necessarily tell the whole story of our busy time in Portland.
 Between the 6 hour work session Sunday, the 10+ hour board meeting
Monday, programming and presentations Tue-Thu, the hour-long BOF on
Tuesday, the 2+ hour BOF on Wednesday night, and 16+ hours of booth
duty (usually attended by at least 2 OSI board members, and which
helped the OSI raise approximately $4000 from approximately 200
conference attendees), there has been a lot to juggle.  Not to mention
the challenge of coordinating 8 different board members staying in 8
different hotels, working for 8 different companies, each of which are
demanding lots of attention when we're not attending OSI-related
meetings.  I now have time to write this email because OSCON 2007 is
over for me, and I have a few hours before I need to wake up and catch
an early morning flight to my next destination.

In Monday's board meeting the topic of whether to approve the CPAL was
considered.   We took the advice of the License Approval Chair, which
was to approve the CPAL.  We know that there was not 100% consensus
among those who subscribe to license-discuss, but we felt that there
was reasonable consensus that the safe harbor of the license was
sufficiently broad to meet the requirements of the OSD and therefore
approve the license.  Whereas there was significant and broad
consensus *against* the predecessor version, the response by many to
the current version was a stark contrast that we read as general
acceptance.  In the course of taking that recommendation, which I
agreed with, I observed what I considered to be a mismatch between the
text of the license and the intentions discussed, debated, and before
us to approve.

I suggested that it would be better to correct the error in the
license as long as such correction did not in any way affect the
substance of the discussion of that license.  If the error had in any
way violated the OSD, I would have sent the license back to the review
process, as I did when the SimPL license was (erroneously) submitted
with incorrect text.  But this error related to a potential for
confusion where none need exist, in a license whose terms were
otherwise recommended for approval.  I thought it better to make a
change and approve a license with less potential for confusion than to
approve the license and deal later with the confusion, or force yet
another delay on an already long-delayed process simply to recount
votes that had already been cast.  The board discussed this and
agreed.

In the middle of all this, I was lobbied by a third party attending
OSCON to make additional changes that would have altered the substance
of the license, I said "no, we're not going to consider changing the
conditions of the bargain--we're only going to consider corrections to
the text to reflect the bargain that was discussed."  I further
explained that if the person's proposed change was not enough to
change consensus on license-discuss (to which he had posted his
suggestion to no avail), private lobbying wasn't going to get me to
suggest a private amendment to the licenseas a requirement for
approval.  The community had been consulted, and its stance on that
issue as well as the overall substance, which was not a unanimous
stance, was clear.

If the board were more efficient in conducting its business, perhaps
we would have time to check and re-check every submission while still
providing tolerable turn-around.  The board certainly values the
advice that the License Approval Committee provides to us--it is
advice we take very seriously and it is advice that helps us greatly
to define and communicate our statements about the licenses submitted
to us.  Even when a license is clearly OSD-compliant or clearly not
OSD-compliant, we are happy that there are "many eyes" reading along
with us, making the work both easier and more certain.  But it is an
advisory role, and ultimately it is up to the Board to discern what
and how much of that advice to take, not unlike a maintainer reading
comments from other reviewers before committing a patch in modified or
unmodified form.  And in this case, we took that advice (which was not
unanimous), accepted a change we considered to be an improvement in
clarity but not a change in substance, and approved the license.

I look forward to getting our minutes published and I look forward to
answering any other questions anybody on this list may have for me,
either in public email or privately.  This situation is not the
Board's preferred way to do things, but the Board does prefer to do
things it considers responsible compared to doing nothing because it
lacks any confidence whatsoever in its own ability to act responsibly.
 In this circumstance we felt it better to act than to wait (or, more
accurately, more harmful to wait than to act).

Some of you have already expressed your strong disagreement with our
decision, and you, too, are entitled to your opinion.  But know this:
the board does value your opinion, and we hope that you will continue
to provide it, both when you agree and when you disagree with our
policies, procedures, and decisions.  And the board takes very
seriously its responsibility for serving the communities of
developers, users, and other stakeholders who want to see more people
benefiting from more open source software, software that fulfills the
promise of the OSD.

The next OSI Board meeting is scheduled for August 11th, and it will
likely be at 11AM EDT (8AM PDT).  If you would like to attend (by
conference call), send me an email and I'll work out how to get you
dialed in.  If you'd like to address the board, I'll create time on
the schedule for that.

M

Michael Tiemann wrote:

> among those who subscribe to license-discuss, but we felt that there
> was reasonable consensus that the safe harbor of the license was
> sufficiently broad to meet the requirements of the OSD and therefore
> approve the license.  Whereas there was significant and broad

This is a very significant point.

Imagine Microsoft submits a Microsoft EULA, and then tacks on a safe
harbor of "These terms or the BSD but not the GPL."

It gets OSI approval due to that safe harbor?  What if the safe harbor
is "These terms or the BSD but not if you license any other code under
the GPL."   That isn't discriminatory against any field of endeavor,
is it.  But why approve it?

Allowing safe harbor seems to be a risky approval criteria if you wish to
maintain a semblence of descriptive trademark, don't you agree?

When an attorney comes along later and wants to discover what terms
are allowed in OSI approved licenses, they look at this precedent
of approval and then conclude what?

Perhaps licenses approved only due to a "safe harbor" provision must be
automatically "Not recommended" or asterisked with a footnote or
in their own category as not precedent or something.

Or maybe disallow safe harbor provisions.

Forrest J. Cavalier III wrote:

> Imagine Microsoft submits a Microsoft EULA, and then tacks on a safe
> harbor of "These terms or the BSD but not the GPL."

That's not possible, unless you mean the advertising clause version.
The current BSD is GPL compatible.

--
David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

David Woolley wrote:

> Forrest J. Cavalier III wrote:
>
>
>>Imagine Microsoft submits a Microsoft EULA, and then tacks on a safe
>>harbor of "These terms or the BSD but not the GPL."
>
>
> That's not possible, unless you mean the advertising clause version.
> The current BSD is GPL compatible.

Agreed, but the hypothetical is not the "current BSD."  It is
instead "Restrictive EULA OR the BSD, but not the GPL"

A safe harbor term of "BSD but not the GPL" is not GPL compatible.
...but apparently "BSD but not the GPL" can be an OSI approved
license, since the approval can go with the safe-harbor interpretation
of "oh, it's the BSD."

[And it does no good to make up an OSI rule of "cannot discriminate
against other licenses" because the effect can be done using terms,
rather than naming the GPL by name.  I picked the example to make
the problem clear.]

Wanted the close the loop and thank license-discuss and OSI for the approval of the Common Public Attribution License.  Now that we have Socialtext has followed the process, we are adopting CPAL and are OSI-Certified and genuinely Open Source.  If our license wasn't approved, we would have selected an OSI-Certified license less optimal for our products.  And since it was, other products can choose this path, and my hope is CPAL will grow our community.

Dan Bricklin has written a great guide for those considering adopting CPAL for their own projects:

https://www.socialtext.net/open/index.cgi?how_to_apply_the_cpal_to_your_product

Again, thank you to those who participated in the process.  Even though we might not have agreed, I am pleased with the outcome of the text and know most of you are.  I look forward to contributing to future discussions.

Ross




--
--
Ross Mayfield
CEO & Co-founder
Socialtext
1-877-GET-WIKI, ext. 209
655 High St. Palo Alto, CA 94301
ross.mayfield@...
skype:rossmayfield
company: http://www.socialtext.com
blog: http://ross.typepad.com
this email is: [ ] bloggable [ x ] ask first [ ] private

Forrest J. Cavalier III wrote:
>
> A safe harbor term of "BSD but not the GPL" is not GPL compatible.
> ...but apparently "BSD but not the GPL" can be an OSI approved
> license, since the approval can go with the safe-harbor interpretation
> of "oh, it's the BSD."

Licence intercompatibility is not a requirement of approval.  OSD
compliance is.  By your remark above, the Apache licence shouldn't
have been approved because rms said it wasn't compatible with GPL (V2).
So the Apache licence wasn't open-source?
--
#ken P-)}

Ken Coar, Sanagendamgagwedweinini  http://Ken.Coar.Org/
Author, developer, opinionist      http://Apache-Server.Com/

"Millennium hand and shrimp!"

Quoting Rodent of Unusual Size (Ken.Coar@...):

> Licence intercompatibility is not a requirement of approval.  OSD
> compliance is.  By your remark above, the Apache licence shouldn't
> have been approved because rms said it wasn't compatible with GPL (V2).
> So the Apache licence wasn't open-source?

Excellent point.  Although patents (the real kind, that exist outside
Ballmer press releases), if valid, relevant, and not freely licensed,
can prevent encumbered code from being open source, the relevance of
Microsoft Corporation's rattling of possible non-existent sabres against
copyleft has no obvious relevance to the OSD merits of its licences that
spokesmen claim will soon be submitted for OSI scrutiny.

--
Cheers,                                      "Reality is not optional."
Rick Moen                                             -- Thomas Sowell
rick@...

Rodent of Unusual Size wrote:

Pay attention, eh?  That is a stupid strawman, and I think you need to
be more careful how you elided my message.

My point is about trademark dilution and confusion, not GPL compatibility.

If you have a license with terms fitting the description of:
        [Restrictive Non-OSD Compliant Terms]
        OR (Safe Harbor = BSD but not the GPL)

the whole license gets OSI certified?

What does the OSI-certified mark describe?  The license, or the safe
harbor?  Why certify the license when only the safe harbor is what
passes?

On 7/31/07, Rick Moen <rick@...> wrote:

[... patents ...]

> Microsoft Corporation's rattling of possible non-existent sabres against
> copyleft has no obvious relevance to the OSD merits of its licences that
> spokesmen claim will soon be submitted for OSI scrutiny.

If you mean that OSI should bury its head in the sand regarding legal analysis

http://www.actonline.org/documents/ACT-GPLv3-Legal-Risks.pdf

talking about the risks of

- Tortious Interference

- Group Boycott Under Antitrust Law

- Copyright Misuse

well... I, for one, disagree.

regards,
alexander.

Quoting Alexander Terekhov (alexander.terekhov@...):

> If you mean that OSI should bury its head in the sand regarding legal analysis

Wow, _love_ that completely irrelevant, non-sequitur straw man.  Need any
help beating it up?

--
Cheers,             "Don't use Outlook.  Outlook is really just a security
Rick Moen            hole with a small e-mail client attached to it."
rick@...                        -- Brian Trosko in r.a.sf.w.r-j

On 7/31/07, Rick Moen <rick@...> wrote:
> Quoting Alexander Terekhov (alexander.terekhov@...):
>
> > If you mean that OSI should bury its head in the sand regarding legal analysis
>
> Wow, _love_ that completely irrelevant, non-sequitur straw man.

I thought you were "just trying to get discussion on the merits or
flaws of the license" (the GPLv, that is).

I'm just trying to help you. :-)

http://www.actonline.org/documents/ACT-GPLv3-Legal-Risks.pdf

http://www.actonline.org/documents/GPLv3-License-or-Contract.pdf

> Need any help beating it up?

Go ahead.

regards,
alexander.

Alexander Terekhov writes:

> On 7/31/07, Rick Moen <rick@...> wrote:
>> Quoting Alexander Terekhov (alexander.terekhov@...):
>>
>> > If you mean that OSI should bury its head in the sand regarding legal analysis
>>
>> Wow, _love_ that completely irrelevant, non-sequitur straw man.
>
> I thought you were "just trying to get discussion on the merits or
> flaws of the license" (the GPLv, that is).

That was me, not Rick Moen.  However, I am not interested in trollish,
off-topic and/or frivolous pseudo-legal analyses -- just an evaluation
of whether the GPLv3 meets the OSD.

Michael Poole

Quoting Alexander Terekhov (alexander.terekhov@...):
> > Wow, _love_ that completely irrelevant, non-sequitur straw man.
>
> I thought you were "just trying to get discussion on the merits or
> flaws of the license" (the GPLv, that is).

I honestly didn't think I'd made a particularly subtle point (and odds
are, it was based on misinterpretation of a rather ambiguous upthread
post), but I'll restate it, anyway:

Licences submitted to the OSI can be judged either OSD-compliant or not
irrespective of the personal merits of the drafter.  In particular,
such licences' OSD-compliance in no way hinges on the drafter's
selection of targets for his/her public bloviating about alleged patents
-- that sideshow being, as such, simply irrelevant to the question.

> I'm just trying to help you. :-)

Gee, thanks.  Curious minds want to know:  Have we perhaps just been
treated to a "witnessing" of some kind?

On 7/31/07, Rick Moen <rick@...> wrote:
> Quoting Alexander Terekhov (alexander.terekhov@...):
> > > Wow, _love_ that completely irrelevant, non-sequitur straw man.
> >
> > I thought you were "just trying to get discussion on the merits or
> > flaws of the license" (the GPLv, that is).
>
> I honestly didn't think I'd made a particularly subtle point (and odds
> are, it was based on misinterpretation of a rather ambiguous upthread

Sorry, that was Michael Poole. My fault.

You mean Pinkerton Doctrine and all that? :-)

regards,
alexander.