Subject: Re: Change of topic, back to OVPL
From: Chuck Swiger <chuck@codefab.com>
Date: Tue, 30 Aug 2005 18:37:20 -0400

On Aug 30, 2005, at 3:45 PM, Russell Nelson wrote:
> Chuck Swiger writes:
>>>> Can you point to a posting on freebsd-questions, or netbsd-help, or
>>>> one of the other BSD mailing lists (or on Usenet) where someone had
>>>> a significant problem resulting from the BSD license term
>>>> variations in libc, libm, etc?
[ ... ]
> I refer specifically to BlackDuck's claim that there are hundreds of
> variants of licenses.  Now, maybe they're just blowing their own horn,
> but if they expect to be able to convince lawyers that their product
> is valuable, they'll need to start from a legally defensible position.

Never heard of it, or them.

Page two of a Google search suggests you might be talking about a  
site called blackducksoftware.com with "Manage the complexity of full  
lifecycle license compliance for both proprietary and open source  
software IP." and "Improve the diligence of due diligence with  
accurate analysis of IP origins and obligations." on their homepage...?

Why would I, or the OSI, or others on this list especially care  
whether BlackDuck has a valuable product or a legally defensible  
position?

> But more generally, most hackers don't take licensing very seriously.

Most hackers don't want to have to take licensing very seriously.   
Unfortunately, the current legal environment (DMCA, WIPO, software  
patents) is not conducive towards giving hackers writing software  
much choice about the matter.

> If it looks like the BSD license, they're going to take it as the BSD
> license.  Your evidence that there's not a problem is not evidence of
> the absence of a problem; merely the absence of concern about a
> problem.

I don't think the assessment that there is an absence of concern is  
either fair or accurate.  There have been more than four hundred CVS  
commits to ports/LEGAL at:

http://www.freebsd.org/cgi/cvsweb.cgi/ports/LEGAL

...and the documentation covers the topic of software licensing and  
the appropriate way to handle various forms of non-permissive  
licensing in some detail:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/ 
porting-restrictions.html

People writing software under new licenses is a concern, at least if  
the license is restrictive, but generally is not a significant  
problem in practice.

> Other people have been telling us that licenses are deadly
> serious, and that each additional license imposes a cost of tens of
> thousands of dollars.

If a small business owner, or a company of a dozen people have to  
confront a cost of tens of thousands of dollars, that would be a big  
deal.

If a company of ten thousand people has to spend tens of thousands of  
dollars, that's less financially significant than deciding whether to  
provide them all with a cheap mousepad or a good one.

> It's easy to be Cavalier with other people's money.  Politicians do it
> all the time.

True.  It has not been my observation that the OSI board is apolitical.

> You can also take the point of "Well, it's a gift.
> Don't look a gift license in the mouth."  But that's besides the
> point.  People who are giving away open source software typically are
> not doing it to make a gift of their effort to the world.  They're
> doing it to get a return on their risk and effort.  Without meaning to
> be overly cynical, people who give away their software expect
> improvements in return.  If they don't get those improvements, they'll
> be disappointed.

The OSI board seems to be losing touch with the individuals and who  
actually write open source software, for no other reason than to  
share their work, with no compensation exchanged, and with no  
particular expectation of getting something back in return.

If you spent more time with such people, and less with VCs and  
lawyers and people looking to make a profit from software, perhaps  
you would be less cynical.

> It is part of OSI's mission to help people be successful in their open
> source endeavors.  That means .... helping people to choose a license
> appropriate for their needs.  Sometimes it means helping them craft
> the best possible license.  If I am guilty of being extra-grumpy in
> Alex's direction, it is only because I want him to have the best
> license --as I see it--.

You seem more worried about whether Black Duck can make a profit than  
whether the OVPL is compliant with the Open Source Definition.   
Something is not right there.
> I've spoken to some people from large enterprises.  They're getting
> tired of all these licenses, and at some point they're going to put
> their foot down and say "Okay, that's it!  If you want us to use your
> software, you'd better use a license we've already approved, because
> frankly, your software isn't worth its license."

Let them do just that.

If somebody or some organization decides not to use a particular open  
source software package for whatever reasons they may have, that  
decision is up to them.  Why is this exercise of free choice a problem?

(Assuming for the sake of discussion that it actually is.  My  
observation has been that many people will run software if does  
something they want, need, or even looks cool, even if it installs  
spyware and adware along with the pretty screensaver or IE toolbar  
offering searching and special sales offers via popups.)

If these large corporations want to do something to clean up software  
licensing, they could move out of the glass houses they live in and  
refrain from odious clauses in their EULA's which violate EU and  
other regional data protection and privacy laws, which prohibit  
effective security policies (any software which restricts the number  
of backups you may take, which prohibits bug-testing, security  
analysis, reverse engineering, etc), prohibit fair testing and  
comparisons (see Microsoft's .Net [clause 5.9] or SQLServer licenses  
[clause 1e] for prime examples).

-- 
-Chuck