tag:blogger.com,1999:blog-1440782732761683346.post7506671356598609076..comments2023-03-25T06:19:11.416-04:00Comments on The Software Risk Report: GPL Project Watch List for Week of 07/04, 4th of July EditionErnest M. Parkhttp://www.blogger.com/profile/04149855406607674190noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-1440782732761683346.post-11186587746451649442008-07-15T13:15:00.000-04:002008-07-15T13:15:00.000-04:00Hi Russell,I have spent a great deal of time revie...Hi Russell,<BR/><BR/>I have spent a great deal of time reviewing open source licenses. There is a great deal of "stuff" that would qualify as a legitimate open source license, even if it is redundant, duplicitous or silly. <BR/><BR/>OSI currently lists 70+ licenses. This listing misses an important point. Qualifying a license as meeting the basic tenants of "free software" may no longer be sufficient. <BR/><BR/>What I propose is that OSI expand the qualifications for approval.<BR/><BR/>http://www.opensource.org/approval<BR/>- Ensure approved licenses conform to the Open Source Definition <BR/>- Identify appropriate License Proliferation Category <BR/>- Discourage vanity and duplicative Licenses <BR/>- Ensure a thorough, transparent, and timely review (e.g., within 60 days) <BR/>- Provide current status of license review requests <BR/><BR/>Note that a category exists specific to the "license proliferation" issue. OSI includes this, but I feel this needs to meet more stringent review. <BR/><BR/>Secondly, there is currently no consideration for the reality that licenses must "cooperate" in a way that one license is not viral or overpowers another.<BR/><BR/>The reality of open source and free software is that the "use" of such meets four conditions - "copying" (personal use), "modification", "distribution", and "anything else".<BR/><BR/>License conflict issues do NOT come in for personal use. Therefore, the interoperability of licenses needs to be considered for specific use cases - modification and distribution.<BR/><BR/>If OSI Approved in the future means more than the fact that the license is "free software", is not terribly self serving, is distinct, then it will have value and mean something into the future.<BR/><BR/>OSI Approval is still a hallmark that users want to see. However, if OSI fails to address the interoperability based on use type, then OSI fails to take into account the complexity of programming and the way that free software is used.<BR/><BR/>Would OSI allow one license to impose conditions on another separately licensed piece of code if the two are combined into one project?<BR/><BR/>What if they are "bundled" for distribution. Would OSI think an approved license should be able to impose licensing terms on all software in the bundle?<BR/><BR/>In the future, should OSI approval look further than silos of free software and associated licenses?<BR/><BR/>Russell, I find what OSI does to be valuable. However, the world is changing, and the use of free software is changing with it. If OSI understands these changes, they can identify constraints within which software licenses will behave, and "approve" these licenses for identified uses.<BR/><BR/>Failing to do so, OSI is already a relic since OSI approval does not address the reality of the combination and interaction of multiple licenses in a given modified project.<BR/><BR/>In conclusion, I do hope that the definition expands such that a license can attempt to satisfy a "license" approval, and an "interoperability" approval separately.Ernest M. Parkhttps://www.blogger.com/profile/04149855406607674190noreply@blogger.comtag:blogger.com,1999:blog-1440782732761683346.post-61289091624135477102008-07-15T12:16:00.000-04:002008-07-15T12:16:00.000-04:00I infer from your words about license proliferatio...I infer from your words about license proliferation that you don't understand the issue. Let me explain.<BR/>There is, and has always been, a tension in the Open Source Definition. Who determines whether something meets the definition? (This is a similar issue to who gets to say what the Bible means. It's called "hermeneutics)" We have always maintained that it is we who decide.<BR/>So if we decide, then we must speak. If a license meets the terms of the Open Source Definition, then we say that it does, by approving it. That served us well for many years, but in the past three years, it has served us less well. A movement has arisen in the Open Source world that says that too many licenses are bad for us. It hurts code reuse, it's hard on users who feel a need to understand every license on software they use, and it promotes unnecessary fragmentation. <BR/>What if we start saying that some licenses are not approved even though it meets the Open Source Definition? Other parties will step up to say "Read the license. It's Open Source. Meets every point of the definition", which will destroy the value of the Open Source brand. <BR/>Do you see the issue we're struggling with, and why it's trivial when people outside of OSI criticize us? No matter what we do, we lose.Russ Nelsonhttps://www.blogger.com/profile/17586083637805291834noreply@blogger.com