Subject: Re: Looking for OSI approval of license
From: Karl Fogel <kfogel@red-bean.com>
Date: Thu, 07 Apr 2011 17:48:37 -0400

"Herrick, Rick" <herrickr@mir.wustl.edu> writes:
>I'll take this to the people that know all the contacts in legal and
>administration and see what kind of reaction I get.  Thanks a lot for
>the information, this is the sort of thing that really helps clarify
>the need for these sorts of changes.

Thanks, Rick.

Note I've moved this to license-discuss@ now.  Folks on license-discuss@,
this is the first time you're seeing the thread, so see below for more
context.  Due to some UI lossage (spotted eventually by Andy Oliver), it
took us a while to get the discussion properly redirected to this list.
We'll try to keep it here from this point on.

-Karl

>-----Original Message-----
>From: Karl Fogel [mailto:kfogel@red-bean.com]
>Sent: Thursday, April 07, 2011 4:06 PM
>To: Herrick, Rick
>Cc: Jim Jagielski; license-discuss@opensource.org
>Subject: Re: Looking for OSI approval of license
>
>"Herrick, Rick" <herrickr@mir.wustl.edu> writes:
>>The primary issue is that this has already been through the legal
>>compliance and approval process at Washington University, Harvard, and
>>Howard Hughes Medical Institute. Given the nature of the software
>>(managing clinical research data in compliance with federal HIPAA
>>requirements), the longevity of the current license (since 2005), and
>>the lack of, um, nimbleness on the part of large academic institutions'
>>respective legal departments, I'm not sure it's possible for us to
>>adopt another licensing scheme within a practical timeframe.
>
>Rick, would it be possible to put me in touch with those lawyers?
>
>I'm the License Committee Chair of the OSI -- still quite green, as we held the committee
elections yesterday, but as it happens I've recently been in similar discussions with
some other universities and we ended up persuading them to go with a standard open source
license.  I would like very much for that to happen here.
>
>One solution:
>
>Use a standard license (say, Simplified BSD-style), but include with the software a
non-binding human-readable preface, pointing out all the factual -- but non-license-related
-- things are currently in the XNAT license, for example:
>
>  - The fact that this is not a trademark agreement (yes, and that
>    remains true whether the license talks about it or not)
>
>  - No clinical-use approval implied (right, but that can be pointed out
>    without it being part of the license text)
>
>  - Etc
>
>Even given that the XNAT license is simple in its own right, it is still unfamiliar
to everyone.  The thing about a standard open source license is that a given legal department
only needs to learn it once.
>Thereafter, the *marginal* cost of the license drops to nearly zero -- any time you
see that license, you know what you're getting, and you don't have to re-evaluate it.
>
>Thus in the aggregate, *any* standard open source license is less costly (to the ecosystem
as a whole, including even other departments of your own university) than any rarely-used
license, even if the latter is a marvel of simplicity and readability in its own right.
>
>If they haven't much experience with open source licenses, they probably won't understand
how big a problem license proliferation would be.  We
>*cannot* have every software producer rolling their own license too.  No quantity of
lawyers will ever be sufficient to make that sustainable.
>
>One way to convey this to them is to point out how much work they would have had to
do if every piece of open source software the universities use right now came with its
own unique license.  Do a quick survey -- it won't take you long -- and you'll quickly
be in the hundreds of thousands of dollars in legal expenses, if accounted fairly.
>
>If they don't want to cause that problem to other institutions, or to other parts of
their own institutions, then the answer is to use one of the standard licenses, which
already provide all the protections they need and can reasonably enforce.  I would suggest
the Simplified BSD-style license, but can provide other options or references if they
need.
>
>Best,
>-Karl Fogel
>
>>I understand that that's not your problem, but that's our motivation :)
>>
>>-----Original Message-----
>>From: Jim Jagielski [mailto:jim@jimjag.com]
>>Sent: Thursday, April 07, 2011 12:31 PM
>>To: Herrick, Rick
>>Cc: osi@opensource.org
>>Subject: Re: Looking for OSI approval of license
>>
>>Hello there Rick, thanks for contacting us.
>>
>>A more detailed email follow-up will be coming in a short while, but
>>what was/is the rationale for requiring a new license; what aspects
>>prevent you from being able to use one of the many existing
>>OSI-approved licenses?
>>
>>Thx in advance.
>>
>>On Apr 7, 2011, at 1:10 PM, Herrick, Rick wrote:
>>
>>> Hi, I'm a developer on the XNAT project here at WashU. We're
>>> interested in trying to get an open-source license for some support
>>> software (Atlassian stuff) but don't have an OSI-approved license. So
>>> I have some questions about getting this approved. The license is
>>> viewable at:
>>>
>>> http://www.xnat.org/Download+XNAT
>>>
>>> As best I can tell, this license complies with the Open Source
>>> Definition, but I can't provide you with the license proliferation
>>> category, as that page seems to be unavailable at the moment.
>>>
>>> Please let me know how to proceed with this request. I'm not the
>>> license steward at this point, but would like to hold off getting him
>>> involved until such time as it's absolutely necessary, since he's
>>> pretty busy running the group!
>>>
>>> Any help would be much appreciated and any information I can provide
>>> will be provided forthwith!  Thanks!
>>>
>>> Rick Herrick
>>> Sr. Programmer/Analyst
>>> Neuroinformatics Research Group
>>> Washington University School of Medicine
>>>
>>>
>>> The material in this message is private and may contain Protected
>>> Healthcare Information (PHI). If you are not the intended recipient,
>>> be advised that any unauthorized use, disclosure, copying or the
>>> taking of any action in reliance on the contents of this information
>>> is strictly prohibited. If you have received this email in error,
>>> please immediately notify the sender via telephone or return mail.
>
>The material in this message is private and may contain Protected
>>> Healthcare Information (PHI).  If you are not the intended
>>> recipient, be advised that any unauthorized use, disclosure,
>>> copying or the taking of any action in reliance on the contents of
>>> this information is strictly prohibited.  If you have received this
>>> email in error, please immediately notify the sender via telephone
>>> or return mail.