December 2019 License-Review Summary

License-Review mailing list topics for December 2019:

  • ESA Permissive PL v2.3,
  • Mulan Permissive Software License v1 and v2
  • LGPL-2+-KDE (Legacy)
  • Cryptographic Autonomy License (Beta 4)
  • CasperLabs Open Source License (COSL)
  • BSD-1-Clause (Legacy)
  • MIT-0

ESA Permissive PL v2.3

Concern was expressed with conflicts between the license text and its FAQ

Mulan Permissive Software License v1 and v2

The Mulan Permissive Software License, version 1 and version 2, were introduced.

It was noted that this may be similar to licenses like the BSD+patents. Ambiguity in which language is authoritative.

The authors explained that there was a need for a Chinese license to engage the Chinese developer community with Chinese version authoritative in case of conflict.

Possible for the authority of version to be different depending on the country in use.?

Can the copyright holder decide which version is authoritative?

Two possibilities were suggested: the Chinese version be authoritative in case of legal disputes, or users select either as the normative version.


The LGPL-2+-KDE license was submitted.

A question asked, and confirmed: license falls outside the scope of the license review process.

Cryptographic Autonomy License (Beta 4)

Based upon ongoing discussions with the license review committee, the author(s) withdrew Beta 3 and substituted Beta of the Cryptographic Autonomy License.

Concerns offered regarding the effectiveness of the license, terms preventing documentation, and Interoperability.

The lack of a patent grant and burdens placed on users for compliance was introduced.

The importance of clarity due to uncertainty when being evaluated at court was stressed.

Issues regarding difficulties in determining compliance were introduced and the CAL seems to be a special-purpose license only applicable to Holochain.

A strict reading was recommended, and examples where data about a third party not be accessible on-demand were provided. It was offered that network node governance agreements were more appropriate to manage issues related to CAL than software licenses.

Requirements that the software user provides data back to the customer even if the original software doesn’t make it available is overreaching.

CAL has no mandatory functionality or method of compliance and instead describes what is required and having a mandatory technical structure is unwise.

As a SaaS license, it was argued, it would not be usable by non-developers (e.g. Wordpress end-users) with compliance risks. It was offered that CAL goes against the spirit of open source software and so will continue advocating against the license.

A suggestion was made to reject the license due to bad intentions: it would be better to focus on the license text without the classification of participants and assuming moral standards.

Concern was voiced with the effect on downstream users.

Clarification was offered that user data is defined as “data which the recipient has an existing right of ownership or possession” with references to the GDPR and the CCPA.

The scope of CAL was questioned: forces apps that run on Holochain to use an open source license? Is the use of Holochain APIs, and nothing more considered distributing Modified Work?  Would social network software need to be under an open source license?

It was suggested that the requirement to assert patents against interoperable open source software is a fundamental flaw.

A case was made that though any party can assert a patent, open source projects don’t assert patents and that the difference with the CAL is that the network breaks if interoperable software under other open source licenses are allowed.

One offered that the rewording strengthened the justification of the rights of users to their own data in terms of exercising user freedom, however, may be too narrow.

CasperLabs Open Source License (COSL)

The initial comment was that the license is not a good candidate for approval due to focus on a business model,  complexity without good reason, onerous obligations to the licensor, specific to distributed ledger technology, unstable links, ceding decision power to the licensor, clashes with OSDs 6, 8, and 10, that OSD 3 is not fully fulfilled.

It was offered that the terms in the license are more appropriate for governance agreements, not software licenses.

A question was posed on why GPLv3, AGPL, or the CAL are insufficient for the purposes of COSL?

It was suggested the license violates OSD 5, 6, 7, and 9.

As many people stated issues are unpassable it was proposed further discussion was no longer needed.

A comment was made that the license privileges one set of contributors over others and allows expropriation.


The BSD-1-Clause license was submitted for approval.

This was identified as an obvious case for approval.


The approval status of MIT-0 license was requested.

An observation was made that the notation on the SPDX list may be inadvertent, noting originally listed as “not OSI-approved.”

Recognition was made that the license author/steward is not claiming it is OSI-approved.


If you'd like to participate on the lists, head over to for information on how to subscribe.

To promote and protect open source software and communities...

For over 20 years the Open Source Initiative (OSI) has worked to raise awareness and adoption of open source software, and build bridges between open source communities of practice. As a global non-profit, the OSI champions software freedom in society through education, collaboration, and infrastructure, stewarding the Open Source Definition (OSD), and preventing abuse of the ideals and ethos inherent to the open source movement.

Open source software is made by many people and distributed under an OSD-compliant license which grants all the rights to use, study, change, and share the software in modified and unmodified form. Software freedom is essential to enabling community development of open source software.