On Mon, Jul 04, 2016 at 08:33:02AM +0200, Florian Weimer wrote: > cryptlib is licensed under the Sleepycat license with a SaaS restriction: > > “Note that decoupling the software from the user, for example by running in > a SaaS configuration, does not exempt you from these requirements.” > > (Full text attached.) > > This was not part of the original Sleepycat license, so a new license tag is > required. > > Maybe this license is not even free; this additional clause seems to be a > restriction on use. But perhaps it is not so different from the AGPL. It's not really clear how the additional sentence modifies "these requirements". I suppose it suggests that the author equates "running in a SaaS configuration" as equivalent to "redistribution". This degree of restrictiveness is difficult to reconcile with either GPLv2 or GPLv3. I am also mindful of the interpretive principle I used to occasionally espouse, essentially that we should scrutinize especially closely the conditions of any bespoke copyleft license (or standard copyleft license apparently supplemented by bespoke informal restrictive interpretive statements), where the business model of the licensor is some variant of 'proprietary relicensing', as (it seems) here. So, overall I'm inclined to say this license (which is not equivalent to the Sleepycat license) is free but should be treated as incompatible with GPLv2 and GPLv3, despite the author's effort to benefit from the traditional understanding of GPL compatibility of the original Sleepycat license, and despite my earlier comment. Separately, I am going to notify Patrick Masson of the Open Source Initiative that cryptlib appears to be improperly claiming OSI certification based on the use of a license that is not OSI-approved. Richard _______________________________________________ legal mailing list legal@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/legal@xxxxxxxxxxxxxxxxxxxxxxx
