Subject: RE: Question on OSI position on BSD/MIT licenses
From: "Philippe Verdy" <verdy_p@wanadoo.fr>
Date: Tue, 2 Oct 2007 07:32:08 +0200

 Tue, 2 Oct 2007 07:32:08 +0200
> De : Chuck Swiger [mailto:chuck@codefab.com] wrote:
> [1]: I mention "substantially" because the OSD did not appear as perfect
> ab initio and has improved over time; some licenses which were approved
> earlier might not pass a review today.

If this cause compatibility concerns for some past licences that would not
pass today, this can be addressed by creating several levels of
compatibility within OSI, and including in the highest level only those
licences that pass the additional tests.

This means giving these "more compatible" licences an additional
certification logo, which includes and improves the previous logo, without
revoking the lower-level certification.

So the "OSI-compliant" logo is the minimum level and can be used by all
existing certified licensors, but another certification level can be made,
using the current rules as of 2007 by creating a "OSI compliant - version
2007" certification and logo, derived from the previous one or completing
the existing logo, so that the previous logo remains displayed identically
within it (the new logo would immediately benefit of the same level of
protection, being a derivated work).

Every year after a significant change has been made to the rules, the
existing certifications are reviewed, when requested by the authors of the
past licences or by interestedparties, and after the newer certification
program has been announced, to see if their licence pass the new test. If
they fail the new test, this should be without consequence on their past
logo. But if they succeed, they can legitimately upgrade their certification
logo to the newer version.

Revoking a certification should be exceptional (I wonder if past
certifications are revocable, and if there's a defined procedure to see if a
OSI certification claim is valid: are there certification registration
identifiers to help verifying this claim from a simple web search interface,
and linking to the original of the certified licence text, without having to
rely on approximative licence names with variable orthographies or
designations? Could a logo be designed that displays the unique
certification identifier in it?

Could the identifier (made of digits or capital letters or spaces or hyphen
only) be chosen by the licence submitter, possibly after a fixed part
determined by OSI (for example a country code and a year of first
certification)? Example: the identifier "01US-BSD" could be assigned to the
licence first published in US, and certified by OSI in 2001, by the Berkeley
University in San Diego (this is just an example, I did not verify the year
it was approved). If there are several similar licences from BSD for the
same year of certi, they could append a digit to it: "01US-BSD2".

This small identifier would appear attached to the registered logo meaning
"open-source, approved by OSI". The last version of the certification would
appear as a modification on top of it, or by a new design if needed (color,
glyphs, patterns, ...). The whole would create a small banner displayable as
an icon on website, in documentations, on the box of prebuilt products for
sale... The logo would not be usable by any third-party without the
displaying the unique identifier for the licence (that does not change even
if the certification was upgraded).

No display of this logo would be required on products licenced with a
OSI-compliant licence, but anyone making such claim of certification should
be able to give to anyone the certification number at any time and without
excessive delay.