March 2019 License-Review Summary

In March, the License-Review mailing list saw the retraction of the SSPL from review, and discussed a set of GPLv3 Additional Terms.

The License-Discuss list (summarized at https://opensource.org/LicenseDiscuss032019) was far more active. Among other things, it discussed Van Lindberg's upcoming Cryptographic Autonomy License, and saw extensive discussion about the license review process: whether the conduct of the list is appropriate, whether there might be alternatives to using email, and whether PEP-style summaries would help.

License Committee Report

Richard Fontana provides the license committee report:

  • CFSL v1.4: The review period is over. Fontana explains why he thinks the license should be rejected. The OSI board subsequently rejected the license.

  • SSPL v2: MongoDB withdrew the license from review.

  • Twente License: A decision is due 2019-04-05.

Server Side Public License, Version 2

Eliot Horowitz announces that MongoDB retracts the SSPL from the OSI approval process, citing a lack of community support as a reason.

Josh Berkus is disappointed in the withdrawal: “this license poses interesting questions about how copyleft can be extended (or not) and how the OSD's clauses about software packaging need to change in a SaaS world.” Berkus thinks the contents of the license were not appropriately considered, and that too many responses were ad-hominem attacks.

This leads to extensive discussion of the License-Review process (see the License-Discuss summary).

GPL 3+ with Whonix Additional Terms

Patrick Schleizer submits a set of Additional Terms for the GPLv3 for review. These terms try to improve the limitation and disclaimer of warranty in the GPL by incorporating language from the doom3 and micropolis licenses.

This submission raises two governance questions:

  • Should the OSI review Additional Terms for the GPL? This is discussed in a separate section below.
  • Does it make sense for the OSI to review licenses that were not first reviewed by a lawyer? This is discussed on License-Discuss as “the pro-se license constructor”.

Brendan Hickey asks whether Schleizer had talked with the FSF about these improvements. Patrick Schleizer links to such a message.

Schleizer wonders why the GPL allows indemnification terms without containing such terms itself. Richard Fontana mentions this was done solely for Apache 2.0 compatibility, and links to the GPLv3 rationale documents.

Fontana notices that the proposed terms use the word “nonwithstanding” opposite to its intended effect.

Based on the feedback (see also the separate sections), Patrick Schleizer decides to withdraw the license but intends to prepare a revised version.

Should the OSI review GPL Additional Terms?

Patrick Schleizer points out that the GPLv3 Additional Terms mechanism allows “other non-permissive additional terms” to be removed by the user, so that no Additional Terms can render the license non-free. Richard Fontana thinks that if these Additional Terms don't create a new license, then that is a good argument that such Additional Terms are out of scope for OSI review.

Bruce Perens argues [1,2] that adding terms to a license necessarily creates a new license, and points at the recent Commons Clause as an example where simple additions had huge effect. But Schleizer points out that adding Additional Terms is just an exercise of the rights under the GPL, and shouldn't be treated as a modification of the license.

Richard Fontana suggests the OSI shouldn't review Additional Terms, if only to limit license proliferation. Fontana notes the Additional Terms have sometimes be misused, and that review could be valuable for widely used Additional Terms. Fontana points out that the OSI did review two sets of GPLv3 Additional Permissions though they behaved like separate licenses. One is the LGPLv3.

Fontana also suggests that the OSI should defer to the FSF for review of Additional Restrictions. Bruce Perens disagrees [1,2]: The OSI shouldn't give the FSF special status that would exclude some licenses from a review here, in particular not any kind of veto power. However, the OSI should respect the FSF's authority on the GPL and not review licenses that contain “GPL” in their name.