IETF Logo Mail Archive

Re: IETF Last Call for two IPR WG Dcouments

Simon Josefsson <simon@josefsson.org> Sun, 30 March 2008 09:25 UTC

Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietfarch-ietf-archive@core3.amsl.com
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CEAB28C263; Sun, 30 Mar 2008 02:25:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.194
X-Spam-Level:
X-Spam-Status: No, score=-100.194 tagged_above=-999 required=5 tests=[AWL=-0.357, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_ORG=0.611, J_CHICKENPOX_23=0.6, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FEa7Kihl9dFB; Sun, 30 Mar 2008 02:25:29 -0700 (PDT)
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 069EB28C0DB; Sun, 30 Mar 2008 02:25:29 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C895A28C0DB for <ietf@core3.amsl.com>; Sun, 30 Mar 2008 02:25:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id joTrA1sALSwo for <ietf@core3.amsl.com>; Sun, 30 Mar 2008 02:25:26 -0700 (PDT)
Received: from yxa.extundo.com (yxa.extundo.com [83.241.177.38]) by core3.amsl.com (Postfix) with ESMTP id 4B79D28C1F7 for <ietf@ietf.org>; Sun, 30 Mar 2008 02:25:26 -0700 (PDT)
Received: from mocca.josefsson.org (yxa.extundo.com [83.241.177.38]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id m2U9PKCa027955 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 30 Mar 2008 11:25:20 +0200
X-Hashcash: 1:22:080330:ietf@ietf.org::hfrNMuyAGXqmYStw:JLib
From: Simon Josefsson <simon@josefsson.org>
To: "Joel M. Halpern" <jmh@joelhalpern.com>
Subject: Re: IETF Last Call for two IPR WG Dcouments
References: <20080324200545.D6E6328C3AE@core3.amsl.com> <87myoji2ut.fsf@mocca.josefsson.org> <47ECFEF8.6050400@joelhalpern.com> <877ifmq3oc.fsf@mocca.josefsson.org> <47ED19B2.1060006@joelhalpern.com>
OpenPGP: id=B565716F; url=http://josefsson.org/key.txt
X-Hashcash: 1:22:080330:jmh@joelhalpern.com::xzTx7n1Ty+Tfas+K:C5f4
Date: Sun, 30 Mar 2008 11:25:20 +0200
In-Reply-To: <47ED19B2.1060006@joelhalpern.com> (Joel M. Halpern's message of "Fri, 28 Mar 2008 12:15:46 -0400")
Message-ID: <873aq8ftrz.fsf@mocca.josefsson.org>
User-Agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux)
MIME-Version: 1.0
X-Virus-Scanned: ClamAV version 0.88.2, clamav-milter version 0.88.2 on yxa.extundo.com
X-Virus-Status: Clean
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org

I'm cc'ing ietf@ietf.org since others may have the same question.

"Joel M. Halpern" <jmh@joelhalpern.com> writes:

> I'll leave it up to others to comment on list, but you did not
> actually answer the question.
> How is it possible to write a license that lets anyone use the code
> any way they want, and modify it any way they want, but not have that
> license permit use in the open source projects you list.

The problem is that the wishes as expressed right now are too sketchy to
provide sufficient information for the trust to produce a good license.

There are examples of projects with good intentions that want to give
everyone the right to use code they publish in any way to end up with
copying conditions that prevent some subset of the community from using
the software.

Look at the mailing list archive of debian-legal.  Most of the software
licenses that are reviewed there have been written by organizations that
wants open source-friendly distribution of their code, but happens to
make one mistake or the other.

If people involved in free software licensing have trouble getting this
right, I have little confidence that people not involved in the free
software licensing will get the right.  Providing them with some
mechanism to test their proposed license against (i.e., the
OSD/FSD/DFSG) will help to avoid at least the most basic mistakes.

Ray asked if there were some reason to not use the NPOSL for this.  I
read that to imply that he thought the license would be a candidate.  If
my proposed text has been part of the documents, we could easily explain
how and why that license doesn't meet a needed criteria.

Thanks,
Simon

> Yours,
> Joel
>
> Simon Josefsson wrote:
>> "Joel M. Halpern" <jmh@joelhalpern.com> writes:
>>
>>> I do not understand the problem you want addressed.  The way this
>>> is worded, it doesn't matter what "open source" or "free software"
>>> is or becomes.  The intention is to grant anyone to do anything
>>> with the code segments.  That's what we ask the trust to
>>> do. Further in line.
>>
>> The problem is that without proper guidelines on how to make a software
>> license compatible with free software licenses, it is possible to end up
>> with something that won't be compatible, and thus wouldn't meet the
>> intended goals.
>>
>> Given that the IETF Trust doesn't publish drafts or have a history of
>> asking for community review on the legal license they chose, I believe
>> it is important that the IETF articulate its wishes in ways that reduce
>> chances of misunderstandings or are open for interpretation.
>>
>>> Simon Josefsson wrote:
>>>> Regarding -outbound section 4.3:
>>>>
>>> ...
>>>>    As such, the rough consensus is that the IETF Trust is to grant
>>>>    rights such that code components of IETF contributions can be
>>>>    extracted, modified, and used by anyone in any way desired.  To
>>>>    enable the broadest possible extraction, modification and usage, the
>>>>    IETF Trust should avoid adding software license obligations beyond
>>>>    those already present in a contribution.  The granted rights to
>>>>    extract, modify and use code should allow creation of derived works
>>>>    outside the IETF that may carry additional license obligations.
>>> This says that the trust is to grant rights so that code can be
>>> extracted, modified, and used by ANYONE.  I.e. our grant will not
>>> place restrictions on people.
>>
>> Agreed.
>>
>>>> I believe the intention here is good, but it leaves the IETF Trust with
>>>> no guidelines on how to write the license declaration that is likely to
>>>> work well in practice with actual products.  There are no reference to
>>>> what "open source" means in this context, and references to "free
>>>> software" is missing.
>>>>
>>>> I believe it would be a complete failure if code-like portions of RFCs
>>>> cannot be included into open source and free software products such as
>>>> the Debian project.
>>> If we grant anyone the right to use the code any way they want,
>>> which means that we specifically can not require preservation of
>>> notices or anything else, how could it fail to meet the
>>> requirements of the specific cases you list?
>>
>> If you show me the software license that is going to be used, the
>> community will be able to tell you.
>>
>> Writing software licenses that are compatible with free software
>> licenses is a complicated area, and there are many ways to fail.  If you
>> haven't evaluated licenses for compatibility before, I suggest to look
>> at what the debian-legal list has been doing.  There are subtle issues
>> that can prevent a license from giving the necessary rights.  As far as
>> I know the IETF Trust does not have extensive knowledge of free software
>> licensing and license compatibility considerations.  Helping them to get
>> this right by providing some sanity tests (the OSD, FSD and DFSG) to run
>> their drafts against will help them.
>>
>>>> To give the Trust something concrete to work with I propose to add the
>>>> following:
>>>>
>>>>   To make sure the granted rights are usable in practice, they need to
>>>>   at least meet the requirements of the Open Source Definition [OSD],
>>>>   the Free Software Definition [FSD], and the Debian Free Software
>>>>   Guidelines [DFSG].
>>>>
>>>> For those who fear that this will lead to complexity: releasing
>>>> something that is compatible with those requirements is simple.  The
>>>> modified BSD license meets those requirements, as does a number of other
>>>> methods, including releasing the work into the public domain.
>>> My concern is not complexity.  Referencing the specific documents
>>> is more restrictive than what the working group recommended.  I
>>> don't see why that would help anything.
>>
>> Please read again what I proposed, in particular "at least meet the
>> requirements".  If the Trust's software license do not meet those
>> requirements, then it clearly will not meet the intended IETF goals that
>> we agree on.
>>
>> /Simon
>>
_______________________________________________
IETF mailing list
IETF@ietf.org
https://www.ietf.org/mailman/listinfo/ietf

v2.23.0 | Report a Bug | By Email