Marshall Eubanks <tme@xxxxxxxxxxxxxx> writes: > Simon asked that this go to the IETF list. Thanks for moving this back to the IETF list. I believe these discussions should be public. Many considerations appears to have been made that the wider IETF community is unaware of. I would expect information like this to be part of the IETF Trust minutes, but it seems no minutes have been published since September 2008: http://trustee.ietf.org/minutes.html > Begin forwarded message: > >> From: Marshall Eubanks <tme@xxxxxxxxxxxxxx> >> Date: June 23, 2009 11:30:50 AM EDT >> To: Simon Josefsson <simon@xxxxxxxxxxxxx> >> Cc: Trustees <trustees@xxxxxxxx> >> Subject: Re: [Trustees] Proposed Revisions to the IETF Trust >> LegalProvisions (TLP) >> >> >> On Jun 23, 2009, at 10:18 AM, Simon Josefsson wrote: >> >>> "Contreras, Jorge" <Jorge.Contreras@xxxxxxxxxxxxxx> writes: >>> >>>> >>>>>> 4.e -- this new section clarifies the legend requirements for Code >>>>>> Components that are used in software under the BSD License. >>>>> In short, >>>>>> the user must include the full BSD License text or a shorter >>>>>> pointer >>>>>> to it (which is set forth in Section 6.d) >>>>> ... >>>>>> 6.d -- the BSD legend/pointer described in 4.e above >>>>> >>>>> The text in 6.d doesn't work. Part of the BSD license (quoted in >>>>> your >>>>> document) is this paragraph: >>>>> >>>>> Redistributions in binary form must reproduce the above copyright >>>>> notice, this list of conditions and the following disclaimer in the >>>>> documentation and/or other materials provided with the >>>>> distribution. >>>>> >>>>> If you replace the BSD license with a pointer, you would violate >>>>> that >>>>> part of the BSD license. >>>>> >>>>> To avoid simple mistakes when changing things related to the >>>>> BSD license >>>>> (which now appears to be the norm rather than the exception) I >>>>> believe >>>>> it would be a good idea for the IETF Trust to talk with people and >>>>> organizations who understands open source licensing. I'm sure the >>>>> Software Freedom Law Center could help here. >>>> >>>> Simon (removing the large cc list): >>>> >>>> This language was added after extensive review and consultation with >>>> open source experts, including members of the IESG. There are >>>> several >>>> open source projects (including some run by Yahoo) that use a >>>> pointer >>>> for the BSD license, rather than the full text. We do not think >>>> this is >>>> a violation of the BSD language. You may disagree, which is why >>>> there >>>> is a public comment period for these documents. But please don't >>>> assume >>>> that these decisions were taken rashly or without serious >>>> consideration. >>> >>> Can you name the open source projects that operate like this? I've >>> never heard of a model like this before, and I'm interested to learn >>> about it if it is used successfully. >> >> Dear Simon; >> >> There was a lot of discussion about this inside the Trust, and I was >> originally in favor of >> sticking with the BSD 15 line template and was very dubious about a >> "license by reference" approach. However, there was push-back on the >> length of this (from, e.g. Pasi Eronen), and then Russ found out >> that for YAHOO the Before continuing the response, should we understand that the rationale for this change is to shorten the license text that has to be included in derived works? Did the Trust do anything to identify whether the wider IETF community feels this is a problem? In other words: on whose behalf is this change made? If that is the rationale, has an alternative to the BSD license been considered? The GNU All Permissive (GAP) license is comparable in size to the excerpt in 6.d. The entire GAP license reads: Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. Another option is to describe the common practice that many open source packages are using: include a short blurb in the file or function that contains the derived work, pointing to a file included in the distribution. >>>> YUI JavaScript library and the Django web framework (used in >>>> datatracker.ietf.org) don't include the license terms in every file. >>> >>> The code contain this: >>> >>> /* >>> Copyright (c) 2009, Yahoo! Inc. All rights reserved. >>> Code licensed under the BSD License: >>> http://developer.yahoo.net/yui/license.txt >> >> It is not hard to find examples of this, both within Yahoo and >> without. >> See, e.g., http://developer.yahoo.com/yui/docs/AttributeProvider.js.html This usage is typical and fine. In general, there are two reasons why this usage is fine. Only one condition needs to hold: 1) The publisher of the material is not a "redistributor" of the code under the BSD license. 2) The copyright holder includes the BSD license in the package. Note that Yahoo includes the entire copy of the BSD license where it has used others code in the YUI package. The new IETF policy text suggests that recipients redistribute code components under the BSD license when they include only the notification text in section 6.d. I.e., not the entire BSD license text. Doing that would violate the letter of the BSD license. This is not the same situation as for the Yahoo case, since the recipients of an IETF work is neither the copyright holder nor does the redistributed combined work necessarily include the entire BSD license. >> So, we researched the status of the BSD license in this regard. >> I took it upon myself to query various people I know in the open >> software community That is excellent, and I applaud you for it. I believe this background information is important for the community to know about, because information like this creates confidence in your work. I'm curious why information like this is only communicated re-actively. Is it due to lack of manpower? It may be that communicating material like this pro-actively would create less work in the long term. > While the individual responses are private (I could certainly ask > people if they mind being quoted, but I wanted to get this out today), > typical is this : > >> "Yahoo is following common practice." They are indeed. My claim is that the new IETF policy would result in situations where common practice is not followed. >> I did not receive a single negative response. Actually, one of the cut out responses said that re-distributors must include the BSD template in the distribution. That is my concern. /Simon >> I also talked with corporate counsel from a large corporation with a >> heavy IETF involvement, who at least did not object to this. >> >> In addition, the other Trustees did their own research, and this was >> discussed both internally and externally over a period of over 2 >> months. >> >> And, of course, our own counsel, Jorge Contreras, researched this >> and agrees with the feasibility of the license by reference >> approach. >> >> After all of this, the Trust developed consensus around the license >> by reference option. >> >> So, I feel that the Trustees have done due diligence here. >> >> Of course, there is never a final word on these matters. If you know >> reasons why this is inadvisable, I would be glad to hear them. That >> is, of course, why all of these matters go to community review. > > I of course extend this request to everyone. It is important to get > this right. > > Regards > Marshall > >> >> >> Regards >> Marshall >> >> >>> >>> >>> Which open source experts did you consult about licensing? >>> >>> Providing background information and rationale behind changes when >>> posting drafts would give you the benefit of doubt about these >>> issues, >>> and would probably build more confidence in the change within the >>> IETF >>> community. >>> >>> /Simon >>> >> >> _______________________________________________ >> Trustees mailing list >> Trustees@xxxxxxxx >> https://www.ietf.org/mailman/listinfo/trustees >> _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf