-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Write a license #4
Comments
CockroachDB apparently is another fairly high-profile BUSL user? https://www.cockroachlabs.com/blog/oss-relicensing-cockroachdb/ It was discussed on this podcast episode recently as a good example in particularly because it has a highly objective, clear additional use grant. (In contrast, the podcasters are not so positive about how HashiCorp has communicated on their use grant(s).) |
Okay! Circling back here ... we (Sentry) are ready to go on this one. We've written a license we're calling Functional Source License (FSL). We've got a draft of the license on a draft of a website to promote it (using this repo for GH pages; we own fsl.software for when the time comes): https://getsentry.github.io/loose-confederation/ cc: @heathermeeker interested in your feedback in particular on this one. 🙏 |
cc @kemitchell for possible feedback as well |
Why conflate the license for use now with the schedule for relicensing later? Business Source does that, but your complaint against Business Source seems to be that it does too much, with too much flexibility. |
I have a lot of comments. Is it possible to do a real-time drafting session? |
I'm up for it. :) Early next week okay? |
We were aligned with some of the BUSL principles, like having some period of time during which competing uses of the software were prohibited, after which a full conversion to an open source license occurs. Our main issue with the BUSL was that because the "Additional Use Grant", "Change Date" and "Change License" can be defined by the licensor, no two versions of actually implemented license were alike. The FSL attempts to solve for this by hardwiring definitions of competing use, the non-compete period and the actual change license. We also thought about simply having a non-compete restriction that expired after a set time, but ultimately decided that it was important that the software become available under an open source license. |
This comment was marked as outdated.
This comment was marked as outdated.
There are clearly some license terms that lots and lots of people want, like "do whatever you want, just don't hold us liable". But for businesses looking to defend themselves from competitors with small steps back from open terms, the rule has been lots of variation. If MariaDB had "hard-coded" its own "Additional Use Grant", rather than making it as a field to fill, Hashi probably wouldn't have adopted the Business Source. Their "Change Licenses" and "Change Dates" differ, too. The old trade-off between adaptability and adoption applies. I don't see any strong correlations between the kinds of present-tense license rules companies want and the release schedule or target license they choose. Many teams interested in restricted licenses don't want scheduled relicensing at all. So piling all those choices into one "standardized" license only means more potential disagreement and misfit. I've long had it on my list to publish versioned terms just for scheduling relicensing of published code onto new terms. Decouple that from the restricted license terms that apply in the meantime, so we can focus more on finding and popularizing reusable restricted forms, like the PolyForm licenses. |
Thanks @kemitchell. We did have a conversation internally about whether we think our goals could be met by adopting PolyForm. The reason we decided to initiate a new effort is that we like the BUSL except for the variability, and we're not seeing critical mass with PolyForm's adoption. From initial conversations with other smaller companies in our orbit, we think we have a shot to build adoption around FSL. We shall see! 🤞 |
About this line in the FSL Q&A (link)
Unclear if the one year non-compete term provide companies enough coverage for their work, especially as their project matures and significant enhancements take longer than a year to ship. One extreme scenario is a large cloud provider deciding to bundle a 1-year old version of an FSL project with their other offerings. This becomes especially challenging as the project matures and there are fewer needle moving enhancements each year. At that point, a year old version of the software may be “good enough” and the cloud provider’s distribution advantage may make it hard for the project owner to stay competitive. IMO the non-compete term should be longer than a year. This doesn’t materially change the intent or the spirit of the FSL but provides contributors the ability to stay competitive. |
|
My reply: "One of our goals is to keep the parameters to an absolute minimum, to aid in adoption. The simpler we can keep it the more easily it will get picked up, is the thinking." |
Blog post and draft on separating scheduled relicensing from initial license terms: https://writing.kemitchell.com/2023/10/24/Scheduled-Relicensing |
@gauthamcs What is your comfort level with two years? Could you get behind that? |
Software moves very fast; a year old is ancient - I'd expect less time, not more. |
For an individual, but for an enterprise? Would some ginormous company be willing to use a year-old version of (e.g.) Sentry for (e.g.) half the price? Does that matter? |
@gavin-zee @heathermeeker and I had a drafting session today, here's the doc we're marking up. We plan to touch base again tomorrow with @gavin-zee bringing a revision. We're consolidating our story internally on FSL as an objectively better BUSL that deepens Sentry's commitment to our Open Source values: balancing user freedom and developer sustainability. We're planning to go with 2 years instead of the current 1. The BUSL default is 4, and almost all of the examples we find in the wild use the default (@benvinegar feel free to add links/color):
@heathermeeker makes the point that anyone who wants to relicense sooner than that certainly can. We are likely going to remove the MIT variant, for a few reasons:
Our intention is to relicense from BUSL to FSL by November 17. |
Note that removing the MIT variant would likely prevent significant adoption in the JS space, where MIT is the primary license used. |
There is also the (theoretical) incompatibility between Apache 2 and GPL2, which would drive toward MIT. |
Definitely better than 1-year. IMO if anyone can relicense to a shorter duration than the default, we could just have the default to a longer duration. |
One thing to consider is that Apache2 retains patent grants, MIT magically loses them past the changeover. So ... that's a bit odd. |
If we want/need more than one change license then here are a few somewhat rational sets of licenses to allow:
I'd probably lean towards (3) or (4), because I like a stronger relationship with OSI. P.S. Should we try to get more 👀 here? |
Have you discussed with OSI already to see if the FSL has a chance of being recognized by them? While I understand there's some value of alignment with OSI, I feel like the set is so large that it substantially waters down the strength of the messaging. It also feels like the more viral licenses that are in the OSI set might conflict with other goals? Personally, from the OSI list I'd feel that CDDL/EPL are not popular enough, GPL/LGPL are viral which makes adoption harder especially in a business context, and BSD is pretty similar to MIT so might have negative net value. The MPL is the only one from that set that seems like an interesting option. |
I have a call with @smaffulli on the calendar later today. The goal is not to have FSL recognized as an OSD-compliant license, but if there's an opportunity for a more general approval of our approach I'd rather secure it than not. :-) |
For simplicity, I think it would be easiest to say the change license kicks in two years after the initial public release date of the Software. The Software would be the version number of the software released under the license. It would include all code associated with that particular version. The next version would be "new" Software and the change license counting would start anew for that version from its initial release date. I worry that if we don't tie this to a version number and release date it becomes very difficult for users of the Software to know when their rights kick in under the change license without a lot of additional effort (i.e., having to look through all PRs and merges). |
I mean, a released version would presumably match a commit, and anything included in that commit would become available at the latest 2 years after that commit date, so that seems fine - it's ok if some parts of the software are available sooner. |
Single, earlier change date = better for the licensee Individual change date for each commit = better for the licensor, but wouldn't any truly substantive commits (i.e., introducing new features or functionality) be under a new version anyways? I don't have a philosophical attachment either way - I just want to make sure the license is clear on its face in plain English |
Drafting session (final?) scheduled for Monday at 11am US/Pacific. @ljharb et al. lmk if you would like to join. |
Chiming in here on request from @chadwhitacre. I've been following along the conversation here. I have a bit of a different perspective, since I'm currently using ELv2 and not BUSL (though I did consider it). I really do like the idea of the FSL, especially the time-released aspect borrowed from BUSL, but ultimately, it fails to offer a key protection that ELv2 provides my business: preventing somebody from removing license gates from an open-core code base. A "license gate" being a part of the code base that is protected by a license key, for example, a set of enterprise features. To give context, unlike Sentry, Keygen does monetize the self-hosted edition of Keygen via an enterprise edition called Keygen EE. This is in addition to Keygen CE, the free community edition, and the managed Keygen Cloud offering. Risking the monetization of Keygen EE would undermine my original motivation for open sourcing Keygen: to increase enterprise adoption. To give a bit more context — Keygen's code base is a monorepo, and it is not dual-licensed. The entire code base is licensed under ELv2. And Keygen Cloud, Keygen EE, and Keygen CE are all the same code base (Keygen Cloud is actually an instance of Keygen EE, licensed by Keygen itself). Since Keygen was previously closed source, I didn't want to split the repo up into the Instead, I opted for ELv2 because it offered me the ability to say, "hey, I'm making this open source, do what you want with it, just don't compete with me or remove the license gates for the paid features." (I originally pondered BUSL as well, with an additional use grant to cover those protections, but found ELv2 was simpler and less ambiguous, so I ultimately went with ELv2.) Right now, FSL can't help me with that latter protection, which is very important to me since I am monetizing the self-hosted edition of Keygen via the enterprise edition. I would hate for somebody to fork Keygen, strip the license gates, and then leave money on the table there i.r.t. potential customers of Keygen EE using the "free" fork instead. tl;dr: Much like ELv2, FSL provides protection from cloud competition, but unlike ELv2, FSL does not provide protection from self-hosted "competition" (via a fork and stripping away license gates). |
Thanks @ezekg. I was talking to another COSS founder recently and self-hosting is like 80% of their revenue, so you're not the only one. For better or worse, FSL as written is for companies like Sentry that don't monetize self-hosting. My gut is we shouldn't try too hard to expand the aim of FSL, but rather ship it as an incremental improvement to BSL, and follow up in the coming months/years with wider movement-building (#2) that encompasses multiple approaches (parallel to SUL / Fair-code but with more investment ;-). |
@chadwhitacre i'd love to, but i have a conflicting meeting that hour. |
If we don't put a date in the license file itself, then we need some level of effort to discover the start date. We trade off licensor effort for licensee effort, in other words. Can we talk about "publication" to keep it generic (could be published as a commit on GitHub, as a package on npm/pypi, as a tarball on Sourceforge, etc.)?
|
Okay! @gavin-zee @heathermeeker and I had our call, we've got a version of the license that we are ready to present as our final draft. I've convert it to markdown and put it back up on the site. Speak now or forever hold your peace! |
I talked this through with @gavin-zee ... copyleft doesn't fit our values so those are out. BSD and ISC don't really offer anything over MIT, so based on that it seems like Apache 2.0 + MIT will cover like 99%+ of the community we're aiming for. I'm going to add a FAQ to this effect. |
MIT and Apache 2.0 cover the bases for permissive. |
Last call for input on the FSL draft. We're two days out from our announcement event (#7), it's time to promote DRAFT to 1.0 and relicense Sentry and Codecov. 💃 |
Closed with #12! Relicensing Sentry and Codecov on getsentry/team-ospo#212 ahead of #7 tomorrow. |
Thank you all for your participation! 🙏 I'll link the blog post here tomorrow once it's live. |
Hey, i am a bit late here but just now found this and read the draft and got a question regarding:
I worry that "competing on any service" could be interpreted quite broadly between companies in the tech sector. When a company provides consulting, which might include consulting on using sentry, would that be competing? And therefor not allow that consulting company to use sentry? What happens when sentry (the company) offers an important client to adapt some software for them? Would that mean sentry (the company) offers software development and any company offering software development is now offering a competing service and cannot use sentry (the software) anymore? |
Hey @FlorianLudwig, thanks for chiming in but yes you are bit late. :) Could you file this as a new issue asking for clarification on "competing on any service"? |
That is explicitly called out as a permitted use:
|
BUSL-1.1 is an interesting approach but is hampered by the variables it allows for:
The first of these is especially wide open, resulting in wildly different meanings for different implementations such as MariaDB, Sentry, and HashiCorp. This makes every BSL/BUSL unique, which means that compliance departments have to individually review each implementation, greatly slowing adoption.
Let's write a new license that takes the best of BUSL-1.1, in particular the "delayed open source publishing" approach, and tightens it up so that it can be something compliance departments can work with more easily.
Draft website: fsl.software
Draft license: Google Doc
☝️☝️☝️☝️☝️☝️☝️☝️☝️☝️☝️☝️☝️☝️☝️
The text was updated successfully, but these errors were encountered: