On Fri, Mar 18, 2022 at 4:00 PM Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> wrote: > > On Fri, 18 Mar 2022 at 19:50, Richard Fontana <rfontana@xxxxxxxxxx> wrote: > > > > On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> wrote: > > > > > > On Fri, 18 Mar 2022 at 17:12, Richard Fontana <rfontana@xxxxxxxxxx> wrote: > > > > > > > > On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > > > > > > > > > > Hi, > > > > > > > > > > This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!) > > > > > > > > > > As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction. > > > > > > > > So the clause in question is this: > > > > > > > > "The name and trademarks of copyright holder(s) may NOT be used in > > > > advertising or publicity pertaining to the Software or any derivatives > > > > without specific, written prior permission." > > > > > > > > The license seems to have first appeared in a related project coming > > > > out of Stanford, Openflow. The quoted language seems to me to be more > > > > restrictive (and also ambiguous) than counterpart language in well > > > > known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: > > > > BSD-3-Clause]). > > > > > > > > My initial reaction is that this license is not FOSS and thus is not > > > > ok for Fedora. > > > > > > But, we have several MIT variants listed with a similar clause about > > > "advertising and publicity": > > > https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT > > > > The one here seems closest to what Fedora calls the "NTP variant" and > > which is an OSI-approved license under the name NTP license: > > https://opensource.org/licenses/NTP (SPDX: NTP). > > > > The difference is that the mininet license says: > > > > "The name and trademarks of copyright holder(s) may NOT be used in > > advertising or publicity pertaining to the Software or any derivatives > > without specific, written prior permission." > > > > while the NTP counterpart says: > > > > "and that the name (TrademarkedName) not be used in advertising or > > publicity pertaining to distribution of the software without specific, > > written prior permission." > > > > (where '(TrademarkedName)' is a placeholder). I think > > "TrademarkedName" may be a questionable choice of placeholder name. > > > > Anyway, one question is whether the differences between the NTP > > license clause and the corresponding Mininet license clause are > > significant. One obvious difference is that the "names" you can't use > > in the Mininet case are left unspecified. > > Unspecified? It's the name of the copyright holders. The trademarks are unspecified, but maybe that's not a significant problem. The way the NTP license is used in practice is that the specific "name" you're not allowed to use is specified in the license notice (University of Delaware in the oldest strata of NTP it seems). > Similarly, the > 3-Clause BSD License says: > > "3. Neither the name of the copyright holder nor the names of its > contributors may be used to endorse or promote products derived from > this software without specific prior written permission." Yes but I think "use[] to endorse or to promote" is a little more specific than "use[] in advertising or publicity". > I'll open an issue in their repo to propose switching to a standard > text, but if there's a negative answer, would this be a blocker? I don't know. I think it's a difficult case and requires further thought/discussion. I've only thought about this for a couple of hours :-) I feel that the inclusion of "trademarks" here is what is most distinctive. Assuming Mininet itself is a trademark of the copyright holders, why shouldn't I be able to say truthfully in some publicity statement that my fork of Mininet is based on Mininet (without notionally breaching the license)? This is different from licenses that require me to rename my fork to something else. It's also somewhat different from how the NTP license says I can't use the name "University of Delaware" when advertising my distribution of NTP or a derivative of NTP. I'd be somewhat curious to find out why Openflow decided to use this license, where they got it from, and how long they were using it. > > Iñaki > > > Another issue is that Fedora has had a pragmatic approach to approving > > old (typically minimalist permissive) licenses that takes into account > > the age of the license and the software it's historically associated > > with. I don't think this has been documented and I think it's > > something we ought to include in the material on standards for Fedora > > license approval Jilayne and I have been working on. Red Hat has taken > > the same approach in its review of RHEL package licenses identified > > through scanning tools. Basically, we are more forgiving with > > relatively old licenses. We apply higher standards for newer licenses > > associated with more recent projects, with the dividing line being > > roughly late 1990s/early 2000s (when the concept of FOSS license > > standardization began to take root). Some old licenses of this sort > > still end up being unapproved for Fedora, most famously SunRPC. > > > > The NTP license seems to be *really* old, apparently originating with > > the University of Delaware in the early 1990s if not earlier. The > > Mininet/Openflow license as far as I can tell from the quickest > > research doesn't seem to go back further than ~2012, which is "recent" > > for purposes of the standard I'm talking about. If anyone has further > > information on these points it would be helpful. Maybe the Openflow > > license was actually copied from some much older source -- it > > certainly looks like it. > > > > Richard > > > > > > > > Iñaki > > > > > > > Also a pretty good example of how upstream license metadata is untrustworthy. > > > > > > > > Richard > > > > > > > > > > > > > > Thanks, > > > > > Jilayne > > > > > > > > > > On 3/18/22 9:21 AM, Iñaki Ucar wrote: > > > > > > > > > > Hi, > > > > > > > > > > Is this license [1] acceptable for Fedora and what would be the > > > > > appropriate identifier for the License field? It seems to me some sort > > > > > of BSD, and in fact the authors themselves identify it as such in the > > > > > setup.py file [2], but I'd like to be sure. > > > > > > > > > > [1] https://github.com/mininet/mininet/blob/master/LICENSE > > > > > [2] https://github.com/mininet/mininet/blob/master/setup.py > > > > > > > > > > > > > -- > > > Iñaki Úcar > > > > > > > > -- > Iñaki Úcar > -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure