Re: mininet license

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> wrote:
>
> On Fri, 18 Mar 2022 at 17:12, Richard Fontana <rfontana@xxxxxxxxxx> wrote:
> >
> > On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote:
> > >
> > > Hi,
> > >
> > > This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement.  They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
> > >
> > > As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction.
> >
> > So the clause in question is this:
> >
> > "The name and trademarks of copyright holder(s) may NOT be used in
> > advertising or publicity pertaining to the Software or any derivatives
> > without specific, written prior permission."
> >
> > The license seems to have first appeared in a related project coming
> > out of Stanford, Openflow. The quoted language seems to me to be more
> > restrictive (and also ambiguous) than counterpart language in well
> > known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX:
> > BSD-3-Clause]).
> >
> > My initial reaction is that this license is not FOSS and thus is not
> > ok for Fedora.
>
> But, we have several MIT variants listed with a similar clause about
> "advertising and publicity":
> https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT

The one here seems closest to what Fedora calls the "NTP variant" and
which is an OSI-approved license under the name NTP license:
https://opensource.org/licenses/NTP (SPDX: NTP).

The difference is that the mininet license says:

"The name and trademarks of copyright holder(s) may NOT be used in
advertising or publicity pertaining to the Software or any derivatives
without specific, written prior permission."

while the NTP counterpart says:

"and that the name (TrademarkedName) not be used in advertising or
publicity pertaining to distribution of the software without specific,
written prior permission."

(where '(TrademarkedName)' is a placeholder). I think
"TrademarkedName" may be a questionable choice of placeholder name.

Anyway, one question is whether the differences between the NTP
license clause and the corresponding Mininet license clause are
significant. One obvious difference is that the "names" you can't use
in the Mininet case are left unspecified.

Another issue is that Fedora has had a pragmatic approach to approving
old (typically minimalist permissive) licenses that takes into account
the age of the license and the software it's historically associated
with. I don't think this has been documented and I think it's
something we ought to include in the material on standards for Fedora
license approval Jilayne and I have been working on. Red Hat has taken
the same approach in its review of RHEL package licenses identified
through scanning tools. Basically, we are more forgiving with
relatively old licenses. We apply higher standards for newer licenses
associated with more recent projects, with the dividing line being
roughly late 1990s/early 2000s (when the concept of FOSS license
standardization began to take root). Some old licenses of this sort
still end up being unapproved for Fedora, most famously SunRPC.

The NTP license seems to be *really* old, apparently originating with
the University of Delaware in the early 1990s if not earlier. The
Mininet/Openflow license as far as I can tell from the quickest
research doesn't seem to go back further than ~2012, which is "recent"
for purposes of the standard I'm talking about. If anyone has further
information on these points it would be helpful. Maybe the Openflow
license was actually copied from some much older source -- it
certainly looks like it.

Richard

>
> Iñaki
>
> > Also a pretty good example of how upstream license metadata is untrustworthy.
> >
> > Richard
> >
> > >
> > > Thanks,
> > > Jilayne
> > >
> > > On 3/18/22 9:21 AM, Iñaki Ucar wrote:
> > >
> > > Hi,
> > >
> > > Is this license [1] acceptable for Fedora and what would be the
> > > appropriate identifier for the License field? It seems to me some sort
> > > of BSD, and in fact the authors themselves identify it as such in the
> > > setup.py file [2], but I'd like to be sure.
> > >
> > > [1] https://github.com/mininet/mininet/blob/master/LICENSE
> > > [2] https://github.com/mininet/mininet/blob/master/setup.py
> >
>
>
> --
> Iñaki Úcar
>
_______________________________________________
legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Gnome Users]     [KDE Users]

  Powered by Linux