On Mon, 21 Mar 2022 at 18:10, Richard Fontana <rfontana@xxxxxxxxxx> wrote: > > On Fri, Mar 18, 2022 at 9:44 PM Pamela Chestek <pchestek@xxxxxxxxx> wrote: > > > > Isn't there a much bigger problem, namely "to any person obtaining a copy of this Software to deal in the Software under the copyrights without restriction ..." > > > > For comparison, the MIT language is: "to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation ..." > > > > They've added "under the copyrights." I assume the intent was to carve out the trademarks from the grant, but they've also, I would say, carved out patents. I would argue that because the license is specifically for copyrights only one can't imply a license for patents. > > Interesting, I had overlooked that but this seems significant. As far > as I can tell from searching, the Overflow license (the license used > here) is the first case of a license that adds "under the copyrights" > to that MIT license language. Though this is speculation, given the > origins of these projects and what I understand to be the approximate > date of launching of the Overflow project it all feels a bit like some > lawyer in the Stanford tech transfer office was trying to "pull a fast > one", as it were. If the Overflow project (or this license) is > actually much older than I am assuming, that would be useful to know > though. Here I'm a bit lost, and I don't understand the implications. But the OpenFlow license is present in Open vSwitch, which is supported by RedHat as part of its virtualization technologies. > > As to the trademark question, IMHO I tend to agree with Richard that the license prohibits lawful nominative/referential fair use. The BSD license says "endorse," which does allow for lawful use (a proper nominative fair use would not suggest endorsement). "Promote" is a closer call; if I say "LibreOffice is a fork of OpenOffice" at a time when OpenOffice is more well-known, that might be considered using "OpenOffice" in a promotional way. But since it travels with "endorse," there is an argument that they didn't mean to prohibit a lawful referential use. I don't think that can be said for the Mininet license. I think the intentions may have been good with the Mininet license, but done in a way that probably crosses the line. As for this clause, I found that the W3C license (which is listed as a good license for Fedora) contains an almost identical one: https://www.w3.org/Consortium/Legal/2002/copyright-software-20021231. Iñaki > > > > > > Pam > > > > On Fri, Mar 18, 2022 at 4:37 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote: > >> > >> On Fri, Mar 18, 2022 at 4:00 PM Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> wrote: > >> > > >> > On Fri, 18 Mar 2022 at 19:50, Richard Fontana <rfontana@xxxxxxxxxx> wrote: > >> > > > >> > > On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> wrote: > >> > > > > >> > > > On Fri, 18 Mar 2022 at 17:12, Richard Fontana <rfontana@xxxxxxxxxx> wrote: > >> > > > > > >> > > > > On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: > >> > > > > > > >> > > > > > Hi, > >> > > > > > > >> > > > > > This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!) > >> > > > > > > >> > > > > > As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction. > >> > > > > > >> > > > > So the clause in question is this: > >> > > > > > >> > > > > "The name and trademarks of copyright holder(s) may NOT be used in > >> > > > > advertising or publicity pertaining to the Software or any derivatives > >> > > > > without specific, written prior permission." > >> > > > > > >> > > > > The license seems to have first appeared in a related project coming > >> > > > > out of Stanford, Openflow. The quoted language seems to me to be more > >> > > > > restrictive (and also ambiguous) than counterpart language in well > >> > > > > known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: > >> > > > > BSD-3-Clause]). > >> > > > > > >> > > > > My initial reaction is that this license is not FOSS and thus is not > >> > > > > ok for Fedora. > >> > > > > >> > > > But, we have several MIT variants listed with a similar clause about > >> > > > "advertising and publicity": > >> > > > https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT > >> > > > >> > > The one here seems closest to what Fedora calls the "NTP variant" and > >> > > which is an OSI-approved license under the name NTP license: > >> > > https://opensource.org/licenses/NTP (SPDX: NTP). > >> > > > >> > > The difference is that the mininet license says: > >> > > > >> > > "The name and trademarks of copyright holder(s) may NOT be used in > >> > > advertising or publicity pertaining to the Software or any derivatives > >> > > without specific, written prior permission." > >> > > > >> > > while the NTP counterpart says: > >> > > > >> > > "and that the name (TrademarkedName) not be used in advertising or > >> > > publicity pertaining to distribution of the software without specific, > >> > > written prior permission." > >> > > > >> > > (where '(TrademarkedName)' is a placeholder). I think > >> > > "TrademarkedName" may be a questionable choice of placeholder name. > >> > > > >> > > Anyway, one question is whether the differences between the NTP > >> > > license clause and the corresponding Mininet license clause are > >> > > significant. One obvious difference is that the "names" you can't use > >> > > in the Mininet case are left unspecified. > >> > > >> > Unspecified? It's the name of the copyright holders. > >> > >> The trademarks are unspecified, but maybe that's not a significant problem. > >> > >> The way the NTP license is used in practice is that the specific > >> "name" you're not allowed to use is specified in the license notice > >> (University of Delaware in the oldest strata of NTP it seems). > >> > >> > Similarly, the > >> > 3-Clause BSD License says: > >> > > >> > "3. Neither the name of the copyright holder nor the names of its > >> > contributors may be used to endorse or promote products derived from > >> > this software without specific prior written permission." > >> > >> Yes but I think "use[] to endorse or to promote" is a little more > >> specific than "use[] in advertising or publicity". > >> > >> > I'll open an issue in their repo to propose switching to a standard > >> > text, but if there's a negative answer, would this be a blocker? > >> > >> I don't know. I think it's a difficult case and requires further > >> thought/discussion. I've only thought about this for a couple of hours > >> :-) > >> > >> I feel that the inclusion of "trademarks" here is what is most > >> distinctive. Assuming Mininet itself is a trademark of the copyright > >> holders, why shouldn't I be able to say truthfully in some publicity > >> statement that my fork of Mininet is based on Mininet (without > >> notionally breaching the license)? This is different from licenses > >> that require me to rename my fork to something else. It's also > >> somewhat different from how the NTP license says I can't use the name > >> "University of Delaware" when advertising my distribution of NTP or a > >> derivative of NTP. > >> > >> I'd be somewhat curious to find out why Openflow decided to use this > >> license, where they got it from, and how long they were using it. > >> > >> > > >> > Iñaki > >> > > >> > > Another issue is that Fedora has had a pragmatic approach to approving > >> > > old (typically minimalist permissive) licenses that takes into account > >> > > the age of the license and the software it's historically associated > >> > > with. I don't think this has been documented and I think it's > >> > > something we ought to include in the material on standards for Fedora > >> > > license approval Jilayne and I have been working on. Red Hat has taken > >> > > the same approach in its review of RHEL package licenses identified > >> > > through scanning tools. Basically, we are more forgiving with > >> > > relatively old licenses. We apply higher standards for newer licenses > >> > > associated with more recent projects, with the dividing line being > >> > > roughly late 1990s/early 2000s (when the concept of FOSS license > >> > > standardization began to take root). Some old licenses of this sort > >> > > still end up being unapproved for Fedora, most famously SunRPC. > >> > > > >> > > The NTP license seems to be *really* old, apparently originating with > >> > > the University of Delaware in the early 1990s if not earlier. The > >> > > Mininet/Openflow license as far as I can tell from the quickest > >> > > research doesn't seem to go back further than ~2012, which is "recent" > >> > > for purposes of the standard I'm talking about. If anyone has further > >> > > information on these points it would be helpful. Maybe the Openflow > >> > > license was actually copied from some much older source -- it > >> > > certainly looks like it. > >> > > > >> > > Richard > >> > > > >> > > > > >> > > > Iñaki > >> > > > > >> > > > > Also a pretty good example of how upstream license metadata is untrustworthy. > >> > > > > > >> > > > > Richard > >> > > > > > >> > > > > > > >> > > > > > Thanks, > >> > > > > > Jilayne > >> > > > > > > >> > > > > > On 3/18/22 9:21 AM, Iñaki Ucar wrote: > >> > > > > > > >> > > > > > Hi, > >> > > > > > > >> > > > > > Is this license [1] acceptable for Fedora and what would be the > >> > > > > > appropriate identifier for the License field? It seems to me some sort > >> > > > > > of BSD, and in fact the authors themselves identify it as such in the > >> > > > > > setup.py file [2], but I'd like to be sure. > >> > > > > > > >> > > > > > [1] https://github.com/mininet/mininet/blob/master/LICENSE > >> > > > > > [2] https://github.com/mininet/mininet/blob/master/setup.py > >> > > > > > >> > > > > >> > > > > >> > > > -- > >> > > > Iñaki Úcar > >> > > > > >> > > > >> > > >> > > >> > -- > >> > Iñaki Úcar > >> > > >> > >> > >> -- > >> _______________________________________________ > >> legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx > >> To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx > >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > >> List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx > >> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure > -- Iñaki Úcar _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
