Dne 17. 07. 24 v 15:45 Richard Fontana napsal(a):
On Wed, Jul 17, 2024 at 7:33 AM Michal Schorm <mschorm@xxxxxxxxxx> wrote:Hello, I'd like a review of 'MariaDB Business Source License (BSL)'. Here is a specific instance of the license: https://github.com/mariadb-corporation/MaxScale/blob/24.02/licenses/LICENSE2106.TXT Here is FAQ about it: https://mariadb.com/bsl-faq-mariadb/ TL;DR: the license says it's non-free, but it becomes free (GPL in this case) after a specific time. -- Apart from this specific case, I'd like to hear your guidance in similar cases in general - whether they are mostly accepted or rather avoided (by Fedora), as more licenses with this idea exists, e.g.: https://github.com/getsentry/sentry/blob/master/LICENSE.mdAs noted, BUSL-1.1 is already not allowed. The only other distantly conceptually related license that has been considered by Fedora AFAIK is the historically significant, but largely unused, license formerly known as the Transitive Grace Period Public License, which was classified as "good" under the Callaway system. However, TGPPL is quite different from BUSL in that it is a copyleft license (OSL derivative I believe) with a temporary permission for *licensees* to distribute original or derivative works under a proprietary license. The BUSL-derived Sentry licenses (currently the subject of an SPDX issue) have AFAIK not been considered by Fedora, and I hope that these licenses have no impact on any existing Fedora package. But you've also asked an interesting question that also hasn't come up before: "once it reaches the condition to transform to a free license, whether it is absolutely fine to add the software to Fedora under that specific free license, or whether there is any specific point of view the Fedora Legal team holds, or other specific requirements how to list the license correctly." I think it's "fine" in theory, but somewhat risky. I imagine that in some cases it won't be clear whether a particular version mixes BUSL (at various stages of the process towards the "change date") and post-BUSL licenses. And if we concluded that the change date had occurred for everything, we might want to require some further action, at a minimum documenting the conclusion (not just in the license tag) and probably also at least including a copy of the post-BUSL allowed license.
Chm, I wonder how to for example apply security fix? Imagine there is some security issue fixed in the most recent version, will we reimplement such patch?
Vít
I think we can cross the bridge when we come to it -- or have we come to it? Also: "Fedora package maintainers shouldn't try to guess the resulting license(s) that applies to the user, they should only list the licenses of the contents of the binary rpm. In this case, assuming that the license already transformed to the free one might be the guessing package maintainer shouldn't do." I think this is alluding to the "no effective license" principle. But in lots of situations we have to make guesses and interpretations of various sorts. I can maybe see adopting the position that these licenses are so odious that we don't want to distribute anything that was even formerly under them (until the theoretical trigger to free is reached) but that seems a little extreme to me if it's just a kind of political gesture. There's already a license allowed in Fedora -- it's pretty obscure and I can't remember the name offhand -- where the license basically says something like "proprietary until the year 2000, then you have the following FOSS license" and this is allowed because in that case the change date is clearly something that occurred *long* ago. Richard
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
