My non-lawyerly conclusion:
===========================
This patent license is incompatible with the Open Source Definition, the
Free Software Definition, the Debian Free Software Guidelines, and the
GPL and LGPL licenses specifically.
What this means:
================
The above incompatibility will severely restrict implementation and
deployment of the standard, which is a problem that can only be solved
by:
1. fixing the license to address all its problems (described in
detail below),
2. assuming that the nebulous IPR claims are not valid and thus
ignoring the license requirements completely, or
3. dropping the encumbered IPR from the standard.
We've passed the deadline to fix the license, so (1) is out, and (2) and
(3) are the only potential choices left.
I believe the general consensus here is that the encumbered IPR at issue
is the (obvious) PRA algorithm.
Now even though I personally can't see how the PRA algorithm could
possibly be considered a non-obvious idea, I'm guessing that enough
people and companies will be unwilling to risk their livelyhood on that
stance, which means that fear of lawsuits will probably keep (2) from
being a viable option.
That leaves (3), dropping the algorithm completely.
Dropping that algorithm effectively means going back to Classic-SPF.
I believe that is what must be done.
I don't know how easily that can be done with the current wording and
breakdown of the standard--perhaps it would be relatively
straightforward since the PRA was pulled out, with just a few minor
edits necessary here and there, perhaps not.
Either way, I believe we have *no choice* in the matter: Like it or
not, SPF-Classic is now effectively the only choice we have.
(Personal Rant: I would have preferred a different solution. My
personal opinion as to the best technical option, were there no
licensing issues to muck things up, would have been some sort of
Unified-SPF with sender_agents included. With Unified SPF and
sender_agents, we'd get Return-Path protection, prevention of PRA
forgeries, and phishing protections--protecting from forgeries all three
things we're out to protect. That would have been just fantastic, but
nothing with a PRA in it is possible now, and that leaves us with only
SPF-Classic.)
The specific problems with the license:
=======================================
1. Issue:
======
Whatever IPR rights you might obtain for yourself
won't extend to everyone who gets a copy of your code.
Source:
=======
o Section 2.[12]'s wording of personal, nontransferable,
and nonsublicenseable,
o The wording under section 2.2.
o The last sentence of section 2.5.
Problems:
=========
o Violates OSD #7, DFSG #7
| Distribution of License
|
| The rights attached to the program must apply to all to whom
| the program is redistributed without the need for execution
| of an additional license by those parties.
o Fails Dissident test.
| The Dissident test.
|
| Consider a dissident in a totalitarian state who wishes to
| share a modified bit of software with fellow dissidents, but
| does not wish to reveal the identity of the modifier, or
| directly reveal the modifications themselves, or even
| possession of the program, to the government. Any requirement
| for sending source modifications to anyone other than the
| recipient of the modified binary---in fact any forced
| distribution at all, beyond giving source to those who receive
| a copy of the binary---would put the dissident in danger. For
| Debian to consider software free it must not require any such
| "excess" distribution.
o Violates Freedom #2
| The freedom to redistribute copies so you can help your
| neighbor
o Violates Freedom #3
| The freedom to improve the program, and release your
| improvements to the public, so that the whole community
| benefits
2. Issue:
======
Whatever Microsoft's unspecified IPR supposedly covers,
you can't do anything with it except Sender-ID-ish things.
Source:
=======
Section 2.1's "solely for the purpose of conforming with"
wording. Oddly enough the restriction isn't again
specifically listed under section 2.2.
Problems:
=========
o Violates OSD #6, DFSG #6
| 6. No Discrimination Against Fields of Endeavor
|
| The license must not restrict anyone from making use
| of the program in a specific field of endeavor. For
| example, it may not restrict the program from being used
| in a business, or from being used for genetic research.
o Violates Freedoms #1
| The freedom to study how the program works, and adapt
| it to your needs
o Violates Freedom #3
| The freedom to improve the program, and release your
| improvements to the public, so that the whole community
| benefits
3. Issue:
You must agree to comply with a set of (purportedly-applicable)
laws that the license alerts you to. (As opposed to being merely
alerted to the existence and purported applicability of these laws.)
Source:
=======
Section 6.2.
Problems:
=========
o Violates OSD #5
| 5. No Discrimination Against Persons or Groups
|
| The license must not discriminate against any person or
| group of persons.
|
| Rationale: In order to get the maximum benefit from the
| process, the maximum diversity of persons and groups should
| be equally eligible to contribute to open sources.
| Therefore we forbid any open-source license from locking
| anybody out of the process.
|
| Some countries, including the United States, have export
| restrictions for certain types of software. An
| OSD-conformant license may warn licensees of applicable
| restrictions and remind them that they are obliged to obey
| the law; however, it may not incorporate such restrictions
| itself.
o Violates DFSG #5
| 5. No Discrimination Against Persons or Groups
|
| The license must not discriminate against any person or
| group of persons.
o Violates the Dissident test
| The Dissident test.
|
| Consider a dissident in a totalitarian state who wishes to
| share a modified bit of software with fellow dissidents, but
| does not wish to reveal the identity of the modifier, or
| directly reveal the modifications themselves, or even
| possession of the program, to the government. Any requirement
| for sending source modifications to anyone other than the
| recipient of the modified binary---in fact any forced
| distribution at all, beyond giving source to those who receive
| a copy of the binary---would put the dissident in danger. For
| Debian to consider software free it must not require any such
| "excess" distribution.
o Violates Freedom #2
| The freedom to redistribute copies so you can help your
| neighbor
o Violates Freedom #3
| The freedom to improve the program, and release your
| improvements to the public, so that the whole community
| benefits
4. Issue:
======
You must agree to be judged by the laws of a specific
jurisdiction and be judged at a specific location.
Source:
=======
Section 6.4
Problems:
=========
o Always objected to on license-discuss for practical
reasons. (It creates superfluous incompatibilities
with any other licenses with choice-of-law and
choice-of-venue restrictions.)
o GPL and LGPL incompatible.
5. Issue:
======
Your rights can be stripped away if you assert your
patent rights or initiate a lawsuit.
Source:
=======
Section 2.4
Problems:
=========
o GPL and LGPL-incompatible. (From
http://www.gnu.org/licenses/license-list.html ,
"We don't think those patent termination cases
are inherently a bad idea, but nonetheless they
are incompatible with the GNU GPL.")
o Possibly fails Tentacles of Evil test
| The Tentacles of Evil test.
|
| Imagine that the author is hired by a large evil corporation
| and, now in their thrall, attempts to do the worst to the
| users of the program: to make their lives miserable, to make
| them stop using the program, to expose them to legal
| liability, to make the program non-free, to discover their
| secrets, etc. The same can happen to a corporation bought out
| by a larger corporation bent on destroying free software in
| order to maintain its monopoly and extend its evil empire. The
| license cannot allow even the author to take away the
| required freedoms!
6. Issue:
======
The fact that either side has entered into this license
is effectively public knowledge.
Source:
=======
Section 6.9
Problems:
=========
Fails the Dissident Test
| The Dissident test.
|
| Consider a dissident in a totalitarian state who wishes to
| share a modified bit of software with fellow dissidents, but
| does not wish to reveal the identity of the modifier, or
| directly reveal the modifications themselves, or even
| possession of the program, to the government. Any requirement
| for sending source modifications to anyone other than the
| recipient of the modified binary---in fact any forced
| distribution at all, beyond giving source to those who receive
| a copy of the binary---would put the dissident in danger. For
| Debian to consider software free it must not require any such
| "excess" distribution.
7. Issue:
======
You have to separately agree to and sign a Patent license at all.
Source:
=======
Section 2.5
Problems:
=========
o Violates OSD #7, DFSG #7
| 7. Distribution of License
|
| The rights attached to the program must apply to all to whom
| the program is redistributed without the need for execution
| of an additional license by those parties.
o Violates OSD #10
| 10. License Must Be Technology-Neutral
|
| No provision of the license may be predicated on any
| individual technology or style of interface.
|
| Rationale: This provision is aimed specifically at licenses
| which require an explicit gesture of assent in order to
| establish a contract between licensor and licensee.
| Provisions mandating so-called "click-wrap" may conflict
| with important methods of software distribution such as
| FTP download, CD-ROM anthologies, and web mirroring; such
| provisions may also hinder code re-use. Conformant
| licenses must allow for the possibility that (a)
| redistribution of the software will take place over
| non-Web channels that do not support click-wrapping of the
| download, and that (b) the covered code (or re-used
| portions of covered code) may run in a non-GUI environment
| that cannot support popup dialogues.
o Violates Freedom #2
| The freedom to redistribute copies so you can help your
| neighbor
o Violates Freedom #3
| The freedom to improve the program, and release your
| improvements to the public, so that the whole community
| benefits
o Fails Desert Island Test
| The Desert Island test.
|
| Imagine a castaway on a desert island with a solar-powered
| computer. This would make it impossible to fulfil any
| requirement to make changes "publicly available" or to send
| patches to some particular place. This holds even if such
| requirements are only "upon request", as the castaway might be
| able to receive messages but be unable to send them. To be
| free, software must be modifiable by this unfortunate castaway,
| who must also be able to legally share modifications with
| friends on the island.
o Fails Dissident Test
| The Dissident test.
|
| Consider a dissident in a totalitarian state who wishes to
| share a modified bit of software with fellow dissidents, but
| does not wish to reveal the identity of the modifier, or
| directly reveal the modifications themselves, or even
| possession of the program, to the government. Any requirement
| for sending source modifications to anyone other than the
| recipient of the modified binary---in fact any forced
| distribution at all, beyond giving source to those who receive
| a copy of the binary---would put the dissident in danger. For
| Debian to consider software free it must not require any such
| "excess" distribution.
References:
===========
OSD: Open Source Definition, according to OSI, at
http://www.opensource.org/docs/definition.php
DFSG: Debian Free Software Guidelines, according to SPI, at
http://www.debian.org/social_contract#guidelines
Freedoms: Free Software Definition, according to FSF, at
http://www.gnu.org/philosophy/free-sw.html
Tests: Desert Island Test, Dissident Test, Tentacles of Evil Test.
These tests are used on debian-legal as thought experiments
to help determine whether a license meets the DFSG. They
can be found in a draft of a DFSG FAQ at:
http://people.debian.org/~bap/dfsg-faq.html
--
Mark Shewmaker
mark(_at_)primefactor(_dot_)com