Subject: Re: For Approval: NASA Open Source Agreement Version 1.1
From: Ben Reser <ben@reser.org>
Date: Fri, 13 Feb 2004 01:41:45 -0800

On Fri, Feb 13, 2004 at 01:09:47AM -0800, Richard Schilling wrote:
> Maybe it's just me, but I keep getting back to open source software 
> licenses as a means to efficiently distribute software and allow people 
> ready access to the knowledge it represents, and not so much as a 
> mechanism to try a get license-savvy organizations to let their guard 
> down.

I don't think that's Larry's intent.  I think he's trying to get a
justification for a deparature form the norm of open source licenses.  I
don't think this is a huge deal.

> On 2004.02.12 21:03 Lawrence E. Rosen wrote:
> >I'll reply off-list.

I hope you realize it's generally considered rude to quote someones
private email to you on a public list without their specific permission
to do so.  Considering that Larry is an active contributor to this list,
I'm sure he would have sent his email to the list if he'd intended to
publish it to the world.

> I didn't see a many points in your original posting that served any 
> purpose other than to "call on the carpet" the motives and approach of 
> the authors.
>
> If you are a lawyer, of all people, I would expect to see more 
> constructive discussion about the license itself and how it can be made 
> to comply with opensource.org's requirements.  You should know, with 
> all due respect to you and your profession, that providing specific 
> reasons/alternatives, and avoiding taunting questions, is appropriate 
> in helping NASA get their license to meet opensource.org requirements.  
> If you're acting as council, please council on what they can do, not 
> what they should have done.  We would all learn from that approach.
> 
> And, yes, I'm offended at the tone of the response NASA got to their 
> posting.  They've done more for open source work than many other 
> organizations would even dream.  They invented Beowulf cluters, for 
> heaven's sake.
> 
> Did I misread your response?  Perhaps, but read it as such I did.  I 
> certainly respect what you do, but I also expect to see more respect 
> directed to submitters of new licenses.

Yes you misread his email.  He gave some initial thoughts with a clear
statement that he intends to follow up with a more detailed review
later.  I think he wanted to get some questions out in the open to have
them answered between when he posted his email and hopefully when he
found the time to do a detailed review.

I'm certain Larry would have given specific analysis on the exact text
of the license later.

> Now, with respect to the INDEMIFY clause (section 8), which says :
> 
> B. Waiver and Indemnity: RECIPIENT AGREES TO WAIVE ANY AND ALL CLAIMS
> AGAINST THE UNITED STATES GOVERNMENT, ITS CONTRACTORS AND
> SUBCONTRACTORS, AS WELL AS ANY PRIOR RECIPIENT AND SHALL INDEMNIFY AND
> HOLD HARMLESS THE UNITED STATES GOVERNMENT, ITS CONTRACTORS AND
> SUBCONTRACTORS, AS WELL AS ANY PRIOR RECIPIENT FOR ANY LIABILITIES,
> DEMANDS, DAMAGES, EXPENSES OR LOSSES THAT MAY ARISE FROM RECIPIENT'S
> USE OF THE SUBJECT SOFTWARE, INCLUDING ANY DAMAGES FROM PRODUCTS BASED
> ON, OR RESULTING FROM, THE USE THEREOF.  RECIPIENT'S SOLE REMEDY FOR
> ANY SUCH MATTER SHALL BE THE IMMEDIATE, UNILATERAL TERMINATION OF THIS
> AGREEMENT.
> 
> There is nothing in opensource.org's criteria that says the licensing 
> party shall refrain from waivers and indeminification.  NASA's policies 
> require specific wording in section 8, and if that wording is not 
> significantly different than what has been accepted before, then I 
> don't see a problem.  It's an administrative detail, really.
> 
> I would like to see specific argument as to why, in NASA's case this 
> wording does not need to apply to their sub-contractors.  To me this is 
> more appropriate to NASA's sub-contracting needs than what's in the 
> other licenses.  They know what's best for them, so let them 
> demonstrate that.

The only comments made regarding this was that we didn't particularly
like it and that we wanted a explanation as to why they thought it was
necessary in addition to a traditional warranty disclaimer.

> And if opensource.org throws out a license on this issue, I think it 
> would be wise for opensource.org to review its criteria.  I would 
> suggest separating (in opensource.org's criteria) certain areas when 
> evaluating new licenses.  For example, develop clear criteria for the 
> following and specify which items make/break an open source designation:
> 
> 	distribution,
> 	re-distribution,
> 	deriverative works,
> 	copyright,
> 	waivers,
> 	deriverative works,
> 	related services,
> 	quality controls.
> 
> 
> opensource.org says what a license should have, but the website doesn't 
> say enough about what the authors *can* do with their license.
> 
> Specifically, I maintain that copyright and waivers are *not* 
> determinants of an open source license, and I think it's improtant (if 
> that's opensource.org criteria as well) to clearly state that.  I would 
> also suggest that as long as distribution is met, regardless of it's 
> means, with or without re-distribution, the license be considered open 
> source.

Nobody said it was a reason to reject the license yet.  I've identified
a couple situations with the license that I do think violate the OSD.
I'm not sure the indemnification would in and of itself violate the OSD.

However, while reading these licenses we notice things that may simply
be an oversight on the part of the drafters.  We often point them out in
the hope that they will clarify them to be more clear or change them to
be "better."  Since this license is being put before us before its used,
now is the time to bring such issues up.

> From the end user's perspective getting a software product from one 
> place -vs- 1,000 places and having the software tracked are not 
> determinants of an open source license, per se.  They get freedom of 
> availability, use, modification and a means to submit changes.  And 
> that's what defines a collaborative project.  All else is optional.

Not really entirely true.  Only being able to get it from "one place"
would mean a restriction that would violate the OSD.  I presume from
this you mean from the original author (e.g. NASA in this case).
Problem is the original author may decide to stop distributing the
software, might take the registration site down, etc etc etc....  Such
situations create problems for the continued free distribution of the
software.
 
> Availability of the code and documentation, and the right to modify for 
> personal use seem to me to be the baseline criteria to any open source 
> license. 

Maybe in your opinion but the OSD goes beyond that.  Read through the
archives of the list to get an idea of how the OSD is interpreted.

I think you need to relax.  NASA hasn't been given an official
response.  The process of reviewing the license includes asking
questions and making suggestions.  It's not over.  I suspect that this
license will eventually get approval after possibly some minor
modifications.

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org

"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3