New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change license to CC0 #94

Merged
merged 1 commit into from Sep 3, 2013

Conversation

Projects
None yet
@Scotchester
Copy link
Member

Scotchester commented Aug 29, 2013

Prompted by licensing talk during a GitHub for Government webinar I attended today, I wanted to open this Pull Request to discuss potentially changing our license to CC0 (outside of the United States, where it is automatically in the public domain).

An extensive (but still ongoing) discussion about what license is most appropriate for government open source software is happening at the White House's Project Open Data. As of right now, a consensus seems to be forming around using CC0, as it is provides a bit more legal coverage than the Unlicense. That is what this PR implements (for now).

At the suggestion of this opendata.stackexchange.com answer, the language is borrowed from HHS's ckanext-datajson project. It seems simple and clear, and doesn't inundate this file with the full text of the CC0 license. (I do think it might be worth putting in the human-readable summary of CC0, though.)

The CONTRIBUTING.md document may warrant a few tweaks, if this change is accepted, as well.

Thoughts?

@cndreisbach @marcesher @contolini @Burton

@jpyuda

This comment has been minimized.

Copy link

jpyuda commented Aug 29, 2013

I like the CC0. At minimum, I'd pull in the plain language summary of it directly, instead of relying on the link out.

That said, is it particularly burdensome to include the full text of the CC0 directly?

@NoahKunin

This comment has been minimized.

Copy link
Contributor

NoahKunin commented Aug 29, 2013

Been following the license conversation around Project Open Data for quite some time [even before it jumped into GitHub] and I strong 👍 using CC0 here.

Also, no reason not to include full plan language text and hyperlink to full legal code.

@Burton

This comment has been minimized.

Copy link

Burton commented Aug 30, 2013

Will merge unless @marcesher or @cndreisbach see a technical reason not to do so at this time

@Scotchester

This comment has been minimized.

Copy link
Member

Scotchester commented Aug 30, 2013

Before you do, @Burton, let me add the plain language summary, and maybe give it another day to see if anyone else feels strongly about adding the full CC0 text.

I'll update the PR in the morning with the plain language summary.

@marcesher

This comment has been minimized.

Copy link
Member

marcesher commented Aug 30, 2013

I'm inclined to wait till next week. It's not urgent, for one. We'll be fully staffed next week, for another, unlike now through Tuesday when we're on a holiday. @virtix will want to weigh in as well. Let's hold off a few days, and learn together.

@cndreisbach

This comment has been minimized.

Copy link
Contributor

cndreisbach commented Aug 30, 2013

Mr. @Burton, I asked @Scotchester to send this pull request as a starting point for a discussion. So, to that:

US Government works must be in the public domain within the US. Open source software likes licenses. How do we resolve this? I see a few options:

  1. Use some sort of recognized public domain language. I chose the language of the Unlicense because it's based on the language used by SQLite, which is very successful at getting itself put inside all sorts of other software. CC0 works as well, although I don't see a compelling difference.

  2. Use an open source license, as it can be licensed outside the US. You would still need to state that the work is in the public domain in the US, but you could use the license for outside contributions. I have no idea who you'd put as the copyright holder for the license.

Given our goals, I think the first option is the best. If the majority are in favor of CC0, then that's fine by me. The fact that HHS uses it is a good reason.

@Burton

This comment has been minimized.

Copy link

Burton commented Aug 30, 2013

@cndreisbach The trouble with 2 is that we'd be asserting restrictions (however minimal) outside the U.S. that may not actually exist, or that we may not be in the position to assert. Agree re: HHS's precedent.

@NoahKunin

This comment has been minimized.

Copy link
Contributor

NoahKunin commented Aug 30, 2013

Really great conversation here - thanks all.

For those who are interested, here is some context on why the Unlicense was not chosen by HHS, and really shouldn't be used by anyone. It's not that CC0 provides a slightly more protection - they're frankly not even in the same league.

A great example of this is actually SQLite itself.

The language Unlicense uses is based on the marketing, or human readable version of the actual legal protections given by the SQLite creators. Check out how they actually support the license (emphasis added):

All code authors, and representatives of the companies they work for, have signed affidavits dedicating their contributions to the public domain and originals of those signed affidavits are stored in a firesafe at the main offices of Hwaci.

I mean, whoa. Getting a copy of those affidavits is as bullet proof as you can get if you're looking to build a business that uses SQLite. They don't stop there though - they even give you a way to purchase a license if you want absolute certainty.

Lastly, they have a contributor policy plus if you want to make a contribution as an employee of the company you need to send them a signed copyright release! This upgrades the licensing posture of SQLite from bullet proof to something resembling adamantium. This is why SQLite can be used with such confidence.

The core audience are not developers per se - it's the lawyers who represent the company those devs work for, especially the for-profit ones. This is exactly the kind of protective due diligence lawyers love, and honestly, need. And it really doesn't cost us anything to give it to them.

The Unlicense doesn't have a full legal code supporting it. The liability protections are especially weak. Compare that to the legal code of CC0 and there's really no competition whatsoever. CC0 has very strong liability protections, plus it has an absolutely crucial severability clause. I'm sure you're all familiar with a pretty famous piece of legislation that forgot to include a severability clause...a lot of blood pressure spikes could have been avoided.

@JoshData

This comment has been minimized.

Copy link

JoshData commented Aug 30, 2013

Hey, all. Thanks for considering this. I think you guys have nailed the important points already, but I want to add that @konklone, @jwyg, and I recently wrote some broader advice about CC0 here which you may find useful: http://razor.occams.info/pubdocs/2013-08-19_license_free.pdf

@Scotchester

This comment has been minimized.

Copy link
Member

Scotchester commented Aug 30, 2013

Thanks for passing that along, @tauberer! That's a very helpful document.

One clarification, though: Your document mainly refers to "data". We are assuming that a software work falls under the definition of "data", yes?

Also (a question to everyone), are there any considerations regarding the licenses of software libraries that are included in our software that we should take into account? (Obvious example: jQuery.) That is, do we need to disclaim anywhere that our license waiver does not apply to those specific components that we are including?

@cndreisbach

This comment has been minimized.

Copy link
Contributor

cndreisbach commented Aug 30, 2013

@Scotchester That's a great question. Luckily, I don't think we have to worry about it. All external dependencies are pulled in after checkout: JavaScript & CSS via Bower, and Java & Clojure via Leiningen. The repo should have no external code in it currently.

Given @NoahKunin's comments and @tauberer's document, I'm convinced. Let's take @marcesher's advice and wait until @virtix can comment, but this pull request has my +1.

🐵 👍

@Scotchester

This comment has been minimized.

Copy link
Member

Scotchester commented Aug 30, 2013

Re: including the full legal code, this FAQ entry advises putting it in a file named COPYING: http://wiki.creativecommons.org/CC0_FAQ#May_I_apply_CC0_to_computer_software.3F_If_so.2C_is_there_a_recommended_implementation.3F

That said, it also suggests including a rather large comment at the top of every file, which seems... excessive.

@Scotchester

This comment has been minimized.

Copy link
Member

Scotchester commented Aug 30, 2013

@cndreisbach Ah, that is excellent. However, we should address the question for other @cfpb projects that do include those within the repo. (Or make it a policy that for us to open source a project, it has to manage its dependencies that way.)

@virtix

This comment has been minimized.

Copy link
Member

virtix commented Aug 30, 2013

Great open discussion. We should do more.

I'm OK with this, but let's do two simple things first:

@konklone

This comment has been minimized.

Copy link

konklone commented Aug 30, 2013

FWIW, I think that recommendation to put the text of CC0 in every file is overkill. I know a lot of people in the old school open source community do it this way with the GPL, but it's pretty rare in the broader open source world. The CC0 FAQ answer says that "CC and the FSF" recommend it, and I suspect it's more the FSF's opinion.

Also, I've just CC0-licensed a couple of projects that @JoshData and I run, unitedstates/congress and unitedstates/congress-legislators. They contain code and data, and CC0 looks great for both.

@cmc333333

This comment has been minimized.

Copy link
Contributor

cmc333333 commented Aug 30, 2013

+1. Seems like a great idea.

@Burton

This comment has been minimized.

Copy link

Burton commented Aug 30, 2013

@Scotchester While software is data to the extent that just about anything can be represented as 1s and 0s, I interpret @konklone and @tauberer's document as using the more traditional definition of data; ie, sets of facts or statistics. That's not to say they don't advise using CC0 for software works--it's quite fine--but I don't think their document is talking about software.

@artob

This comment has been minimized.

Copy link

artob commented Aug 31, 2013

@NoahKunin, as one of the founders of the Unlicense initiative, let me attempt to address some points of misunderstanding. First off, the intent of the Unlicense public domain dedication template was never to try and cover any and all bases. That would take an instrument (at least) the length of CC0, and CC0 already exists. For those who feel they need CC0, just use CC0.

Rather, the Unlicense addresses the wide gulf in-between trivial one-liner public domain dedications ("This project is in the public domain") and the (in many circles) perceived overkill of CC0. The relationship between the Unlicense and CC0 is not dissimilar to that between the MIT/X11 License and the Apache License: nobody doubts that Apache covers more bases, but hordes of developers explicitly continue to prefer and promote MIT for its relative brevity and simplicity.

We've found much the same with the Unlicense: many developers would like to dedicate their project to the public domain, but feel they need something more explicit than a one-liner statement to that effect. Unlicense.org serves as a dedication template they can draw on, plus perhaps more importantly a jumping point and repository of knowledge to case examples from thousands of other projects who've done the same. Most projects do use the template as-is, others use it as the foundation for something more explicit still (sometimes including patent protection verbiage, or the like).

Now, the fact is that the vast bulk of public domain code here on GitHub uses merely a simple single-line public domain dedication, so evidently a lot of folks feel that suffices and works for them. Indeed, some developers do consider even the Unlicense's four paragraphs to be overkill (let alone CC0's verbiage). However, for those who do feel they need an increased level of formality, there is the Unlicense and CC0—in that order. In situations warranting maximal formality, such as the present one, certainly you'd use CC0. That's no reason, though, to disparage different choices made by others in entirely different contexts.

As for the CLA process of SQLite, that's just standard best practice for any large software project that has developed a sufficient level of formality, regardless of whether the software is dedicated to the public domain or more restrictively licensed. Every project that wishes to cover all bases and be "bulletproof" should consider collecting CLAs; but again, the vast majority (copyrighted or not) do not, as it is widely perceived to be an overkill level of paperwork and a barrier to entry for contributors. Context matters.

@cndreisbach

This comment has been minimized.

Copy link
Contributor

cndreisbach commented Sep 2, 2013

@bendiken Thanks for coming in and commenting. I've been a proponent of the Unlicense and will likely still use it for personal projects. Thank you for all your work on it.

@NoahKunin

This comment has been minimized.

Copy link
Contributor

NoahKunin commented Sep 3, 2013

@bendiken Additional thanks for jumping in and adding to the conversation.

@NoahKunin

This comment has been minimized.

Copy link
Contributor

NoahKunin commented Sep 3, 2013

@konklone +1 to a comment on every file being overkill. A file (i.e. LICENSE) at the top of the repo is sufficient.

@cndreisbach

This comment has been minimized.

Copy link
Contributor

cndreisbach commented Sep 3, 2013

There's a few changes that have to be made to other files in the repo for this to be complete, but I'm going to go ahead and merge it and then make those changes so @Scotchester gets the credit for this great pull request. Thanks to everyone for the discussion.

@cndreisbach cndreisbach closed this Sep 3, 2013

@cndreisbach cndreisbach reopened this Sep 3, 2013

cndreisbach added a commit that referenced this pull request Sep 3, 2013

Merge pull request #94 from Scotchester/patch-1
Change license to CC0

@cndreisbach cndreisbach merged commit 1095637 into cfpb:master Sep 3, 2013

1 check was pending

default Merged build triggered.

@Scotchester Scotchester deleted the Scotchester:patch-1 branch Sep 3, 2013

@Scotchester

This comment has been minimized.

Copy link
Member

Scotchester commented Sep 3, 2013

@virtix Where would be the best place to discuss how to modify our Source Code Policy? In that Gist's comments?

@Burton

This comment has been minimized.

Copy link

Burton commented Sep 3, 2013

@Scotchester That's a good place for soliciting feedback from outsiders. I imagine you have CC0 in mind; a more pressing need in my mind is a clause that addresses public contributions to our code.

@Scotchester

This comment has been minimized.

Copy link
Member

Scotchester commented Sep 3, 2013

Yes, both! We should both specify what our default terms are for code we write, as well as that public contributions will also be released that way (see the newly updated CONTRIBUTING.md in this repo).

@Scotchester

This comment has been minimized.

Copy link
Member

Scotchester commented Sep 3, 2013

P.S.: Thanks for the link to Ben's article. Good stuff. In particular, should we worry about note 3? Or was that settled when we accepted our first public pull request?

@NoahKunin

This comment has been minimized.

Copy link
Contributor

NoahKunin commented Sep 3, 2013

Ah, note 3. I remember it well. If I recall, the law around that issue is located at: http://www.law.cornell.edu/uscode/text/31/1342

@NoahKunin

This comment has been minimized.

Copy link
Contributor

NoahKunin commented Sep 3, 2013

One more thing - I think we should probably have a different thread to handle @Burton's request, especially since this PR is now closed.

To keep feedback productive, it would be great to have the conversation around a pull request to the Source Code Policy gist - gives the public something tangible to react to. We can then come back here and cross-link.

@JoshData JoshData referenced this pull request Nov 5, 2013

Merged

Add CC0 as a license #126

dvogel pushed a commit to dvogel/congress that referenced this pull request Feb 8, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment