On Fri, 18 Mar 2022 at 19:50, Richard Fontana <rfontana@xxxxxxxxxx> wrote: > > On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> wrote: > > > > On Fri, 18 Mar 2022 at 17:12, Richard Fontana <rfontana@xxxxxxxxxx> wrote: > > > > > > On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > > > > > > > > Hi, > > > > > > > > This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!) > > > > > > > > As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction. > > > > > > So the clause in question is this: > > > > > > "The name and trademarks of copyright holder(s) may NOT be used in > > > advertising or publicity pertaining to the Software or any derivatives > > > without specific, written prior permission." > > > > > > The license seems to have first appeared in a related project coming > > > out of Stanford, Openflow. The quoted language seems to me to be more > > > restrictive (and also ambiguous) than counterpart language in well > > > known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: > > > BSD-3-Clause]). > > > > > > My initial reaction is that this license is not FOSS and thus is not > > > ok for Fedora. > > > > But, we have several MIT variants listed with a similar clause about > > "advertising and publicity": > > https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT > > The one here seems closest to what Fedora calls the "NTP variant" and > which is an OSI-approved license under the name NTP license: > https://opensource.org/licenses/NTP (SPDX: NTP). > > The difference is that the mininet license says: > > "The name and trademarks of copyright holder(s) may NOT be used in > advertising or publicity pertaining to the Software or any derivatives > without specific, written prior permission." > > while the NTP counterpart says: > > "and that the name (TrademarkedName) not be used in advertising or > publicity pertaining to distribution of the software without specific, > written prior permission." > > (where '(TrademarkedName)' is a placeholder). I think > "TrademarkedName" may be a questionable choice of placeholder name. > > Anyway, one question is whether the differences between the NTP > license clause and the corresponding Mininet license clause are > significant. One obvious difference is that the "names" you can't use > in the Mininet case are left unspecified. Unspecified? It's the name of the copyright holders. Similarly, the 3-Clause BSD License says: "3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission." which is quite similar. I think this is the reason they identify the license as BSD, I think they are talking about the 3-Clause BSD, where "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software." would account for clauses 1 and 2, I guess? I'll open an issue in their repo to propose switching to a standard text, but if there's a negative answer, would this be a blocker? Iñaki > Another issue is that Fedora has had a pragmatic approach to approving > old (typically minimalist permissive) licenses that takes into account > the age of the license and the software it's historically associated > with. I don't think this has been documented and I think it's > something we ought to include in the material on standards for Fedora > license approval Jilayne and I have been working on. Red Hat has taken > the same approach in its review of RHEL package licenses identified > through scanning tools. Basically, we are more forgiving with > relatively old licenses. We apply higher standards for newer licenses > associated with more recent projects, with the dividing line being > roughly late 1990s/early 2000s (when the concept of FOSS license > standardization began to take root). Some old licenses of this sort > still end up being unapproved for Fedora, most famously SunRPC. > > The NTP license seems to be *really* old, apparently originating with > the University of Delaware in the early 1990s if not earlier. The > Mininet/Openflow license as far as I can tell from the quickest > research doesn't seem to go back further than ~2012, which is "recent" > for purposes of the standard I'm talking about. If anyone has further > information on these points it would be helpful. Maybe the Openflow > license was actually copied from some much older source -- it > certainly looks like it. > > Richard > > > > > Iñaki > > > > > Also a pretty good example of how upstream license metadata is untrustworthy. > > > > > > Richard > > > > > > > > > > > Thanks, > > > > Jilayne > > > > > > > > On 3/18/22 9:21 AM, Iñaki Ucar wrote: > > > > > > > > Hi, > > > > > > > > Is this license [1] acceptable for Fedora and what would be the > > > > appropriate identifier for the License field? It seems to me some sort > > > > of BSD, and in fact the authors themselves identify it as such in the > > > > setup.py file [2], but I'd like to be sure. > > > > > > > > [1] https://github.com/mininet/mininet/blob/master/LICENSE > > > > [2] https://github.com/mininet/mininet/blob/master/setup.py > > > > > > > > > -- > > Iñaki Úcar > > > -- Iñaki Úcar _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
