Subject: Re: Change ot topic, back to OVPL
From: Alex Bligh <alex@alex.org.uk>
Date: Thu, 25 Aug 2005 00:43:16 +0100

David,

I'm not sure I quite follow your argument, but yes it's similar to the
CDDL and GPL.

The difference (and I think this is Andrew's point), is that under the CDDL
and GPL, the recipient can write a letter to the distributor demanding
source, and under the GPL under certain circumstances of distribution (when
3(a) & 3(c) are not satisfied), anyone can.

Under the OVPL, there is an additional circumstance (when the distribution
is not public) where the ID can demand source.

If I was on Andrew's side of the argument, this would not be what I was
arguing about - by that I mean, if I was to find something offensive, it
would be the existence of the additional license in the first place - the
ability to for the ID to ask effectively "well I know I have a license to
this stuff, could you tell me what it is then, and when it started, given
you haven't chosen to openly publish it" would seem to me a non-pernicious
piece of mechanics. If there is "evil" there (I don't think there is), it's
in the original license-back - this is a blameless helper clause.

Incidentally, I'd point out the clause cuts both ways. It's reasonably well
known the GPL etc. can be relatively easily subverted by non-publication of
distributed mods. IE someone takes a GPL'd project and distributes mods
which satisfy 3(b) of the GPL - i.e. provide source code to those to whom
it is distributed, they need not provide them to others - only the recipient
has the right to see the modified source-code, and the recipient may
have good reason not to distribute it further (for instance commercial
advantage). So if A modifies a GPL app (say a maths library) and
incorporates it into a maths library for merchant bank B for tracking
stocks, and supplies B the source, noone is under any obligation to give
C the source. Many people think that is a flaw. In the OVPL, if the ID uses
its "powers" under 3.3, it has to make the mods publicly available for all.
So while it sounds scary for the ID to be able to send a letter, everyone
gets the advantage, i.e. they are the agent for discovery for the community.
The only difference the ID gets is the license-back, but that's the same
whether or not the original mod was made publicly available.

Alex

--On 24 August 2005 16:22 -0700 David Barrett <dbarrett@quinthar.com> wrote:

> Wilson, Andrew wrote:
>> You tell me: if I create an enhanced version of OVPL code and put it
>> on my company's internal server, have I made it available?
>>
>> If the intention is to give the ID rights to demand only
>> externally-distributed Modifications, the definition of Licensed
>> Modification could easily be changed to say that explicitly.
>
> Ahh, I think I see what you're saying.  In this case you're saying the
> developer can deny changes to the public, but not to the ID -- and you
> would find the requirement that the ID be given access when the public is
> not to be objectionable.
>
> However, I'm not sure if this is true; so far as I know, once you make
> *any* distribution, you need to make the source code available to
> *everyone*.  In other words, the only way to deny *anyone* the source is
> to deny *everyone* the source by not distributing your change, in any
> form.  Putting it on an internal server (presumably so others within the
> organization can obtain it) constitutes distribution, and thus requires
> public (to the world) source code release.
>
> This is the case irrespective of the ID.  Even with the GPL, you can't
> make and internally distribute private changes because the process of
> "internal distribution" is -- by definition -- distribution.
>
> (At least, this is what I was told by MySQL when I asked about how widely
> I could internally use private modifications to a MySQL server. They told
> me the GPL allowed me to make and use one server without releasing the
> source, but two or more constitutes distribution.)
>
> Specifically, the relevant paragraph in the CDDL (which is taken verbatim
> by the OVPL) for public disclosure is (hacked up to highlight the
> relevent bits):
>
>> 3.1.      Availability of Source Code.
>>
>> Any Covered Software that You distribute ... in Executable form must
>> also be made available in Source Code form... You must inform
>> recipients ... as to how they can obtain such Covered Software in
>> Source Code form...
>
> This says the scope of your *notification* can be limited to recipients,
> but it doesn't say that the scope of your *source code release* can be
> likewise limited.  Said another way, nowhere does it hint you can deny
> the source code to non-recipients.  Rather, it says that once you make
> and distribute a modification, you must:
>
> 	1) make it available (presumably, to anyone who asks), and
> 	2) notify the recipients how to get the source
>
> So, the only change introduced by the OVPL is to make an additional
> requirement:
>
> 	3) notify the ID how to get the source
>
> However, this only affects who you notify; not to whom you release.  And
> indeed, that doesn't seem terribly onerous.  In effect, the ID is
> basically treated like a recipient of any changes.  He's not given any
> special access, he's only notified when changes are made.
>
> This just ensures that the ID knows about all the code to which he is
> legally entitled; it prevents developers from creating a secret fork to
> which the ID has his unique rights, but simply was never notified existed.
>
> Now, you could argue that this notification right is unnecessary or
> objectionable, but that's a different debate.
>
> -david
>
>



Alex