Marshall Eubanks <tme(_at_)americafree(_dot_)tv> writes:
Simon asked that this go to the IETF list.
Thanks for moving this back to the IETF list. I believe these
discussions should be public. Many considerations appears to have been
made that the wider IETF community is unaware of.
I would expect information like this to be part of the IETF Trust
minutes, but it seems no minutes have been published since September
2008: http://trustee.ietf.org/minutes.html
Begin forwarded message:
From: Marshall Eubanks <tme(_at_)americafree(_dot_)tv>
Date: June 23, 2009 11:30:50 AM EDT
To: Simon Josefsson <simon(_at_)josefsson(_dot_)org>
Cc: Trustees <trustees(_at_)ietf(_dot_)org>
Subject: Re: [Trustees] Proposed Revisions to the IETF Trust
LegalProvisions (TLP)
On Jun 23, 2009, at 10:18 AM, Simon Josefsson wrote:
"Contreras, Jorge" <Jorge(_dot_)Contreras(_at_)wilmerhale(_dot_)com> writes:
4.e -- this new section clarifies the legend requirements for Code
Components that are used in software under the BSD License.
In short,
the user must include the full BSD License text or a shorter
pointer
to it (which is set forth in Section 6.d)
...
6.d -- the BSD legend/pointer described in 4.e above
The text in 6.d doesn't work. Part of the BSD license (quoted in
your
document) is this paragraph:
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the
distribution.
If you replace the BSD license with a pointer, you would violate
that
part of the BSD license.
To avoid simple mistakes when changing things related to the
BSD license
(which now appears to be the norm rather than the exception) I
believe
it would be a good idea for the IETF Trust to talk with people and
organizations who understands open source licensing. I'm sure the
Software Freedom Law Center could help here.
Simon (removing the large cc list):
This language was added after extensive review and consultation with
open source experts, including members of the IESG. There are
several
open source projects (including some run by Yahoo) that use a
pointer
for the BSD license, rather than the full text. We do not think
this is
a violation of the BSD language. You may disagree, which is why
there
is a public comment period for these documents. But please don't
assume
that these decisions were taken rashly or without serious
consideration.
Can you name the open source projects that operate like this? I've
never heard of a model like this before, and I'm interested to learn
about it if it is used successfully.
Dear Simon;
There was a lot of discussion about this inside the Trust, and I was
originally in favor of
sticking with the BSD 15 line template and was very dubious about a
"license by reference" approach. However, there was push-back on the
length of this (from, e.g. Pasi Eronen), and then Russ found out
that for YAHOO the
Before continuing the response, should we understand that the rationale
for this change is to shorten the license text that has to be included
in derived works? Did the Trust do anything to identify whether the
wider IETF community feels this is a problem? In other words: on whose
behalf is this change made?
If that is the rationale, has an alternative to the BSD license been
considered? The GNU All Permissive (GAP) license is comparable in size
to the excerpt in 6.d. The entire GAP license reads:
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
Another option is to describe the common practice that many open source
packages are using: include a short blurb in the file or function that
contains the derived work, pointing to a file included in the
distribution.
YUI JavaScript library and the Django web framework (used in
datatracker.ietf.org) don't include the license terms in every file.
The code contain this:
/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
It is not hard to find examples of this, both within Yahoo and
without.
See, e.g., http://developer.yahoo.com/yui/docs/AttributeProvider.js.html
This usage is typical and fine. In general, there are two reasons why
this usage is fine. Only one condition needs to hold:
1) The publisher of the material is not a "redistributor" of the code
under the BSD license.
2) The copyright holder includes the BSD license in the package.
Note that Yahoo includes the entire copy of the BSD license where it has
used others code in the YUI package.
The new IETF policy text suggests that recipients redistribute code
components under the BSD license when they include only the notification
text in section 6.d. I.e., not the entire BSD license text. Doing that
would violate the letter of the BSD license. This is not the same
situation as for the Yahoo case, since the recipients of an IETF work is
neither the copyright holder nor does the redistributed combined work
necessarily include the entire BSD license.
So, we researched the status of the BSD license in this regard.
I took it upon myself to query various people I know in the open
software community
That is excellent, and I applaud you for it.
I believe this background information is important for the community to
know about, because information like this creates confidence in your
work. I'm curious why information like this is only communicated
re-actively. Is it due to lack of manpower? It may be that
communicating material like this pro-actively would create less work in
the long term.
While the individual responses are private (I could certainly ask
people if they mind being quoted, but I wanted to get this out today),
typical is this :
"Yahoo is following common practice."
They are indeed. My claim is that the new IETF policy would result in
situations where common practice is not followed.
I did not receive a single negative response.
Actually, one of the cut out responses said that re-distributors must
include the BSD template in the distribution. That is my concern.
/Simon
I also talked with corporate counsel from a large corporation with a
heavy IETF involvement, who at least did not object to this.
In addition, the other Trustees did their own research, and this was
discussed both internally and externally over a period of over 2
months.
And, of course, our own counsel, Jorge Contreras, researched this
and agrees with the feasibility of the license by reference
approach.
After all of this, the Trust developed consensus around the license
by reference option.
So, I feel that the Trustees have done due diligence here.
Of course, there is never a final word on these matters. If you know
reasons why this is inadvisable, I would be glad to hear them. That
is, of course, why all of these matters go to community review.
I of course extend this request to everyone. It is important to get
this right.
Regards
Marshall
Regards
Marshall
Which open source experts did you consult about licensing?
Providing background information and rationale behind changes when
posting drafts would give you the benefit of doubt about these
issues,
and would probably build more confidence in the change within the
IETF
community.
/Simon
_______________________________________________
Trustees mailing list
Trustees(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/trustees
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf