Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
I would like to see the 0BSD license cataloged in the appendix. Without it, the downstream Licensee project mis-detects 0BSD as the ISC license. The 0BSD license is basically the ISC license without requiring a copyright notice.
The 0BSD license meets criteria 1 and 2 for adding a license according to the CONTRIBUTING.md, but I'm not sure if it meets criteria 3 (at least 1000 repositories). It is difficult to verify if criteria 3 is met because 0BSD contains more or less a strict subset of the words present in the ISC license, so I was unable to construct a search query that matches only 0BSD but not ISC.
@rqou thanks for reporting this. Could you also file an issue at https://github.com/benbalter/licensee/issues and point out the exact license text you're getting a false indication of ISC for? I tried and didn't get a match against either text in https://spdx.org/licenses/0BSD.html or https://opensource.org/licenses/FPL-1.0.0
It may be that adding 0BSD here is the right solution for licensee, but it may not be as well.
On the 1000 repositories criteria...unfortunately we have no way get an exact result, but there's been no need to for licenses cataloged since making the criteria explicit (and maybe before) -- they easily exceed it. https://github.com/search?utf8=%E2%9C%93&q=0bsd+filename%3Alicense&type=Code&ref=searchresults would not find all uses, but only obtains 144 results. Feel free to (anyone) point out better evidence.
I would love if we could somehow agree (ISC, @landley, SPDX and OSI, and choosealicense.com by extension) in a standard progression for the BSD-style licenses, along the lines described in The Amazing Disappearing BSD License. This would simplify the nomenclature, reinforce the BSD-style license "brand", and clarify the meaning of ISC/0BSD/FPL.
I'm not sure what would need to be done to get there, though, or even if that's practical or desirable from a legal standpoint. But even if we only managed to agree on FPL vs. 0BSD for the name of the simplest grant in that progression, it would already be a good outcome. Thoughts?
@waldyrious I highly doubt that coordination is going to happen. It also doesn't matter that much. Lots of unconditional licenses might be very slightly confusing, but they present no other problems, in contrast with the far more numerous licenses with various conditions. If the differently named FPL or a BSD-0 ever get added to SPDX and enough adoption, we could add them too.
In the meantime, closing this for now. If/when anyone can document that 0BSD is in use for at least 1000 repos here, please re-open or make a pull request adding 0BSD. Thanks!
I hate to bump this after a few months of peace and quiet, but I just wanted to resolve this point:
Nobody on my team (or the OSI's board) had ever heard of the 0BSD when the FPL was being reviewed, so we were all surprised to hear that the 0BSD had skipped OSI approval and jumped straight to SPDX for an identifier. I don't want to rehash all of the issues with the 0BSD, but we're comfortable using the 0BSD identifier on our license, regardless of whether the 0BSD is actually approved by the OSI/FSF.
@landley's position is also clear:
I'm obviously heavily biased, and would prefer not to trample the original 0BSD with a modified ISC license, but when the time comes that we hit 1,000+ repos we'll be happy to stand behind any decision that's made (the same way that we support SPDX in giving us the "0BSD" identifier). Thanks for all of your time and effort (and head vs. wall pain) on getting this done The Right Way™, please reach out if there's anything I can help with.
I appear to have missed the earlier round of this...
On 03/23/2017 05:55 PM, Christian Bundy wrote: I hate to bump this after a few months of peace and quiet, but I just wanted to resolve this point: I'm not sure what would need to be done to get there, though, or even if that's practical or desirable from a legal standpoint. But even if we only managed to agree on FPL vs. 0BSD for the name of the simplest grant in that progression, it would already be a good outcome. Thoughts?
The name "zero clause BSD" was part of a strategy to promote public domain equivalent licensing (https://en.wikipedia.org/wiki/Public_domain_equivalent_license) by coming up with a both corporate friendly and hobbyist friendly version. This is necessary because post-GPLv3 too many programmers are lumping software copyrights in with software patents as "too dumb to live" and opting out of licensing their software at all. I'm trying to offer a palatable alternative, which requires being aware of and addressing a lot of issues. The first problem is that lawyers dislike "public domain", as I explained here: http://www.openwall.com/lists/musl/2016/03/23/11 That's a reply to a thread where Google's lawyers asked musl-libc to remove "public domain" code so musl could be used in chromium OS. I encountered this personally two months ago at linuxconf.au, where I had a ten minute argument with a Google developer whose position was that CC0 was a terrible license because it forces you to "give up your rights", but that my zero clause BSD was a much better license that he could use. (I tried to explain that they're equivalent but he literally wouldn't believe me.) Laywers like BSD because AT&T and BSDi sued each other and AT&T lost for violating the terms of a BSD license, thus it's proven to provide paychecks to laywers. So what I did was take the simplest thing I could call a BSD license (specifically the OpenBSD suggested template license at http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD) and make a single small change (removing half a sentence). I did this so I could call the result a BSD license and get that mental "rubber stamp". There were already 4 clause, 3 clause, and 2 clause BSD licenses. Zero Clause BSD was both "just another BSD license" and analogus to the existing CC0. The reason we need to revive public domain software is the collapse of copyleft. The GPL was a category killer in copyleft, preventing rivals like CDDL from gaining any traction and providing a single giant pool of reusable code under a single license. But there's no such thing as "the GPL" anymore, because GPLv3 split copyleft into incompatible warring camps. Now the Linux kernel and samba implement 2 ends of the same protocol but can't share code, even though both are GPL. A project that's "GPLv2 or later" couldn't accept code from _either_ source, which leaves projects like QEMU that want to turn kernel drivers into device emulations and gdb/binutils processor definitions into processor emulations stuck because they can't take code from both sources anymore. This situation sucks, it's only going to get worse with time (agpl, gpl-next, ubuntu shipping cddl code, maybe GPLv4 someday). Before this, copyleft was simple and let programmers ignore most of the legal issues around software licensing. We had a universal receiver license acting as a terminal node in a directed graph of license convertibility, and had a simple binary decision: "is this license GPL compatible or not?" If it is, treat it like the one license we're familiar with, if not ignore it. And we're done, we don't have to be lawyers. But with GPLv3, you now have to police all your contributions because "it's GPL" doesn't mean "my project can use it". Since GPLv3 split "the GPL", a lot of programmers (and companies) categorically refuse to get GPL code on them anymore. Android's no GPL in userspace policy (rewrite of the bluetooth daemon, etc) was a response to GPLv3 destroying "the GPL". Apple similarly froze xcode on the last GPLv2 release of gdb and binutils for 5 years while they sponsored the development of a replacement (clang/llvm), rewrote the smb server, and did a general "GPL purge" ala http://meta.ath0.com/2012/02/05/apples-great-gpl-purge/ In the absence of a universal receiver license, the next generation of programmers is taking one of two approaches: 1) Refusing to license their code. Not through ignorance, but as Napster-style civil disobedience lumping software copyright in with software patent as too dumb to live and refusing to participate. The next generation is waiting for all those old "series of tubes" fogies issuing DMCA takedowns on youtube AMV's and reaction videos to just _die_ already, and software licensing is an obvious extension of that. 2) Jumping to the other end of the spectrum looking for a universal donor license. I want to ENCOURAGE the second approach, because I can't deploy code with no license. But the universal donor of copyright licensing is the public domain, which was the victim of a protracted FUD campaign after copyright was extended to cover binaries in 1983 by the Apple vs Franklin ruling (https://en.wikipedia.org/wiki/Apple_Computer,_Inc._v._Franklin_Computer_Corp.) and the resulting shrinkwrap software gold rush competed directly with decades of accumulated public domain software. Commercial interests tried very hard to convince everyone that public domain software was poison, so you'd buy their proprietary software, and this got internalized by people like OSI's lawyer Larry Rosen, who wrote an article in 2002 comparing releasing code into the public domain to abandoning trash by the side o the highway. (No really, paragraph 5 of http://www.linuxjournal.com/article/6225) To work around the 30-year FUD campaign against public domain software, people came up with dozens of public domain adjacent licenses (bsd, mit, isc, apache...), which were _almost_ like public domain equivalent licenses except that they required you to copy a specific blob of text into all derived works, and those blobs of text varied from license to license. This led to a "stuttering problem" where derived works incorporating code from multiple sources would concatenate multiple licenses, which quickly gets ridiculous. The kindle paperwhite's about->license has over 300 pages of license text. Android's toolbox project (the thing toybox is replacing) had dozens of concatenated copies of the same BSD license: https://github.com/android/platform_system_core/blob/master/toolbox/NOTICE When I asked why they said it's because the copygight dates had changed, and a strict reading of the license meant... Only public domain equivalent licensing provides equivalent simplicity to what "the GPL" offered. Fire and forget, you don't have to be a laywer, because public domain equivalent licensing collapses together. You can combine code under 0BSD, the unlicense, cc0, wtfpl, or a simple "public domain" dedication such as libtomcrypt's (https://github.com/mkj/dropbear/blob/master/libtomcrypt/LICENSE) and then use any one of those as the resulting license, without stuttering. With public domain, you don't have to choose a license: you can always change it later. The "should I choose apache or isc or mit" decision paralysis drives people to side with napster-style opting out because it's _not_ universal donor licensing. Add the stuttering problem and it quickly becomes "this is too complex and fiddly to understand, I'm not getting it on me". I looked at existing public domain equivalent licenses before creating my own, but "the unlicense" (unlicense.org) is confusing "This code is unlicensed, I can't use it...", Creative Commons Zero is extremely complicated for what it does and has received a lot of FUD (some of which is spillover from various "don't use creative commons licenses for source code, it's not appropriate" campaigns from Eben Moglen and similar). WTFPL has swearing in the name (which turns out to be an issue for some people)... Zero clause BSD is "more BSD than BSD". It's a very simple story I can tell people to convince them to license their darn code. This is why I objected so strongly to OSI retroactively renaming this license. There were _reasons_ for 0BSD to be named what it was. Calling the license "free" anything implies an affiliation with the Free Software Foundation putting it on the wrong side of the historical GPL vs BSD divide. I'm trying to convince people disappointed by the loss of a universal receiver license to move to universal donor licensing, so that they don't refuse to license their code at _all_ (which ~80% of github is doing). OSI muddying that message was incredibly frustrating.
Nobody on my team (or the OSI's board) had ever heard of the 0BSD when the FPL was being reviewed,
Which surprised me because SPDX had approved it months earlier and OSI had a policy of keeping itself in sync with SPDX. We discussed it on the spdx list, and SPDX published their license approvals.
so we were all surprised to hear that the 0BSD had skipped OSI approval and jumped straight to SPDX for an identifier.
When Android merged toybox, Samsung asked me to submit it to SPDX for approval (to simplify Samsung's internal processes), so I did. Nobody ever asked me to submit it to OSI. At the time I knew that OSI's lawyer wrote the article comparing public domain to abandoning trash by the side of the highway (linked above) and that their FAQ disapproved of CC0, the most prominent public domain equivalent license: https://opensource.org/faq#cc-zero And that they had started pushing back against license proliferation years ago, which at the time meant they'd stopped approving new licenses: https://opensource.org/proliferation
I don't want to rehash all of the issues <https://lists.spdx.org/pipermail/spdx-legal/2015-December/001580.html> with the 0BSD, but we're comfortable using the 0BSD identifier on our license, regardless of whether the 0BSD is actually approved by the OSI/FSF.
I think the best summary of the issues was actually the timeline I posted: https://lists.spdx.org/pipermail/spdx-legal/2015-December/001574.html I'm not the only person to strip down a BSD license into a public domain equivalent license, the John the Ripper project also did so: http://www.openwall.com/john/doc/LICENSE.shtml http://openwall.info/wiki/john/licensing But they used a different starting point (freebsd's license) and came up with a differently worded result. If that one had existed at the time, I'd have used it, but they did that in 2015. (After I relicensed toybox, before I submitted it to SPDX.) Yet a license with _exactly_ the same wording as 0BSD was submitted to OSI under a different name both after SPDX approved it and after Android shipped it in the M preview. I'll accept that's all a big coincidence, but OSI failed to do any sort of due dilligence. OSI had a policy of keeping itself in sync with SPDX. Months after SPDX had approved the new license they didn't notice SPDX had already approved this license under a name it had since (having raised the "but it's ISC" issue during the initial approval process, and accepted the reference to OpenBSD as justification). Months later, OSI noticed the conflict, but because OSI has no mechanism for admitting it made a mistake, they asked SPDX to change the name of 0BSD. I objected, both explaining the reasons for the name (and why OSI's name was actively counterproductive), and pointed out the timeline (the link above), and OSI's response was basically that I'd convinced them to stop trying to convince SPDX to change their existing decision, but that OSI had no mechanism for ever admitting they'd made a mistake: https://lists.spdx.org/pipermail/spdx-legal/2015-December/001575.html
@landley <https://github.com/landley>'s position is also clear: I'd really rather ignore OSI entirely than explain that after zero clause bsd had been in use for years, after it had been merged into android and tizen, and after SPDX had published a decision to approve it, OSI randomly accepted the same license under a different and misleading name because this guy https://github.com/christianbundy said so and OSI didn't do its homework. (Ok, that photo with the caption "this guy" would make an entertaining slide, but entertaining damage control is still damage control.) I'm obviously heavily biased, and would prefer not to trample the original 0BSD <https://web.archive.org/web/20050307174729/http://urchin.earth.li/%7Etwic/The_Amazing_Disappearing_BSD_License.html> with a modified ISC license,
That's basically a blog post. No software ever shipped with that calling itself zero clause BSD (I know, I searched at the time). Toybox shipped with this license in 2013, and I explained the _strategy_ behind the name in 2014: http://lists.landley.net/pipermail/toybox-landley.net/2014-April/003363.html
but when the time comes that we hit 1,000+ repos we'll be happy to stand behind any decision that's made (the same way that we support SPDX in giving us the "0BSD" identifier).
I think this is a good license. I'd like to see more people use it. I think getting the name right is important, and I took the approach I did for specific reasons. That said, if github wants to go with the John the Ripper license instead, go for it. I don't claim to have invented the idea of public domain equivalent licensing. It's apparently an obvious enough idea that somebody else reinvented about half of it years later. Rob
Thanks Rob, I appreciate your post. There's a lot to unpack there, and I'd like to first point out that I absolutely agree with you on the need for an ultimately permissive license. I'd like to think that we're both on the same side of this issue.
I think there are only two points that need to be covered on this specific issue (although you're always welcome to email me for anything tangential): plagiarism and the multiple discovery.
I understand that from your perspective and social circles, the 0BSD is widely known. Unfortunately, I didn't know about the 0BSD, and ended up taking two steps:
I wasn't subscribed to SPDX, and didn't see your emails until they were forwarded to me from the OSI, who explained the situation. I'm sorry that I wasn't aware of your license sooner, my intention wasn't to plagiarize or try to take credit for your work. I have to admit that I was surprised by how personally hostile your emails were, and thought that it would be best to stay out of the discussion between you, the OSI, and SPDX.
The issue of naming authority, admittedly, sucks. I was originally under the impression that the OSI was the de facto naming authority for "open source" licenses, but I wasn't aware that you (and probably others) were unconcerned about OSI approval. I'd heard of SPDX, but I wasn't aware that they tracked licenses that weren't approved by the OSI or FSF. It was very clearly a misunderstanding on my part, and I take full responsibility here.
The problems, from my understanding, seemed to stem from the fact that the OSI wouldn't have approved an ISC-derived license referring to itself as "BSD" (even the OpenBSD project now uses the ISC license), and the fact that you felt that the word "free" was similarly deceiving. For the record, the name was meant to highlight the difference between the FPL and the GPL -- the GPL optimizes for free software whereas the FPL optimizes for a free public. This was meant as a critique of the GPL, as it restricts the freedom of the public in exchange for "free software", not a me-tooism.
It seems that both of us thought to use strategies to promote the license to different demographics: you used "BSD" for an easy explanation, I used "free" to show that it had a leg-up on the FPL. If we strip the branding though, I think that we can agree that it's really a zero-clause ISC license.
I think there are four options:
I'll keep my eyes on this issue, thanks for getting back to me so quickly.
On 03/26/2017 10:45 PM, Christian Bundy wrote: Thanks Rob, I appreciate your post. There's a lot to unpack there, and I'd like to first point out that I absolutely agree with you on the need for an ultimately permissive license. I'd like to think that we're both on the same side of this issue.
I think we are.
I think there are only three points that need to be covered on this specific issue (although you're always welcome to email me for anything tangential): plagiarism and the multiple discovery. I understand that from your perspective and social circles, the 0BSD is widely known. Unfortunately, I didn't know about the 0BSD, and ended up taking two steps: * Start with the ISC license, which was/is very popular * Remove a half-sentence * Submitted it for review
It's an obvious thing to do, as in "it's clearly where the industry needs to go next". If the John The Ripper license had existed at the time (or the various other doing-the-same-thing ones I haven't saved links to), I would have used that (and advocated renaming _that_ 0BSD for the reasons stated last email). But it didn't, and being able to say "Android's shipped this license in a billion devices, it's been part of the base OS image for years now" is itself a powerful argument. I _looked_ for existing licenses when I switched toybox from gpl to bsd back in 2011 (see https://landley.net/notes-2011.html#13-11-2011 and https://landley.net/notes-2011.html#16-12-2011) and there were some great articles about it back when I was doing that research. In 2013 the "universal receiver -> universal donor" trend became quite pronounced, and a lot of people wrote extensive analysis of it, ala: http://lucumr.pocoo.org/2013/7/23/licensing/ http://lu.is/blog/2013/01/27/taking-post-open-source-seriously-as-a-statement-about-copyright-law/ (That second one links to one of Nina Paley's comic strips on the subject, she has a _lot_ more and they're very good: http://mimiandeunice.com/ and yes she's the lady who did "sita sings the blues".) A lot of this analysis applied specifically to github, since they were a good source of data: http://readwrite.com/2013/05/15/open-source-is-old-school-says-the-github-generation#awesm=~oDBVWaLSBrm6QD And github's _reply_, pushing the MIT license, was close but not quite right: http://www.infoworld.com/t/open-source-software/github-ceo-backs-mit-open-source-license-223505 Because they went with public domain _adjacent_ instead of public domain equivalent. Public domain adjacent is "picking sides" and leads to increasing legal clutter, which encourages people to opt out of licensing their code because there isn't a simple fix that lets you stop thinking about licensing. Public domain equivalent collapses together the way the GPL used to: merge CC0 and unlicense.org code and the result can still be distributed under _one_ license (I.E. any of them). I devoted 3 minutes to my 2013 "dear google, please merge toybox" talk (which succeeded!) to licensing issues (starting at the 15 minute 9 second mark): http://www.youtube.com/watch?v=SGmtP5Lg_t0 And followed it up with a talk at Ohio Linuxfest titled "the rise and fall of copyleft", where I tried to lay out my path to the public domain (but ran out of time before I ran out of material): audio: https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3 outline: In 2014 the unlicense.org guys contacted me, and I had a long thread with them, starting with "here's an interview I just gave on the topic" and moving on from there: https://twitter.com/landley/status/451683680520396800 (Which went to email, but wasn't public.) I was hoping they'd act as a clearinghouse for people interested in public domain equivalent licensing, but their marketing strategy had a glaring flaw. (They were going for something like "the uncola", but wound up with "I can't use this code, it's unlicensed, I need something with a license" confusion.) So yes, I've thought about this at great length. In public. And tried to get the word out. I'm just really busy with other stuff and wander away to other topics for 6 months at a time...
I wasn't subscribed to SPDX, and didn't see your emails until they were forwarded to me from the OSI, who explained the situation.
That wasn't your screw-up, that was OSI's screw-up.
I'm sorry that I wasn't aware of your license sooner, my intention wasn't to plagiarize or try to take credit for your work.
I don't care about that. As my Ohio LinuxFest talk said in the section on attribution vs ownership, the internet is very good at sorting that sort of thing out on its own. I cared because: 1) I had a reason for using that name, and the new name directly opposed that reason. 2) I expected this would screw up further adoption because "there's this almost identical license, what's the difference and why are there two of them, let's use this as an excuse to table the motion indefinitely". Isn't #2 basically what github is doing right now (hence this thread)? I missed the earlier parts, but it's not unique: david-a-wheeler/spdx-tutorial#1 Note nobody ever suggests "use the OSI version" and they never will. They say "move of this thing entirely, there's fighting". I tried to argue hard to shut it down at the start because I saw the mess it would make, but OSI has no procedure for admitting (let alone fixing) a mistake. And then the mess happened, and I cycled around to other things that weren't a giant cleanup job.
I have to admit that I was surprised by how personally hostile your emails were, and thought that it would be best to stay out of the discussion between you, the OSI, and SPDX.
Sorry, I wasn't mad at you, I was mad at OSI. They have a policy of keeping themselves in sync with SPDX, didn't do so, and then asked SPDX to retroactively change a decision that predated your submission with the rationale "we screwed up so you need to change to match our screw-up". I am a bit annoyed you were playing with matches, but you meant well.
The issue of naming authority, admittedly, sucks. I was originally under the impression that the OSI was the de facto naming authority for "open source" licenses,
In 1998, sure. In 2016? Not so much. About halfway through here I listed why: https://lists.spdx.org/pipermail/spdx-legal/2015-December/001600.html As I said, no corporation mentioned OSI to me. They mentioned SPDX. OSI seems to have revived its license efforts (recently) because other organiations were moving on without them, and as Clay Shirky explained in his "institutions vs collaboration" TED talk, the #1 goal of any organization is to perpetuate itself: https://www.youtube.com/watch?v=sPQViNNOAkw
but I wasn't aware that you (and probably others) were unconcerned about OSI approval.
About 1/3 of the email I linked to above (the middle part) links to a few of the reasons OSI lost momentum. It is not a complete list.
I'd heard of SPDX, but I wasn't aware that they tracked licenses that weren't approved by the OSI or FSF. It was very clearly a misunderstanding on my part, and I take full responsibility here.
You're not alone, OSI is intentionally pretending it's still as relevant as it was 15 years ago, in an attempt to rebuild itself. Maybe the various standards bodies will eventually harmonize the way ANSI and ISO approved the same C standard, and the way Posix-2008 is also SUSv4 (IEEE and The Open Group, although as far as I can tell the Austin Group isn't really related to either anymore). But alas, it hasn't happened yet. And until it does (which would render OSI irrelevant again because it would just be rubber stamping SPDX's decisions), OSI is jamming the gears by disagreeing.
The problems, from my understanding, seemed to stem from the fact that the OSI wouldn't have approved an ISC-derived license referring to itself as "BSD" (even the OpenBSD project now uses the ISC license),
This objection was raised during SPDX approval, and I answered it: https://lists.spdx.org/pipermail/spdx-legal/2015-June/001456.html
and the fact that you felt that the word "free" was similarly deceiving. For the record, the name was meant to highlight the difference between the FPL and the GPL -- the GPL optimizes for free /software/ whereas the FPL optimizes for a free /public/.
Arguing about the meaning of "free" is something the FSF does. The name "open source" was invented so people could stop calling things "free". Ever since, the FSF has insisted on calling it "Free Software" and objected to the name "Open Source". https://www.gnu.org/philosophy/free-software-for-freedom.en.html That's why this word is polarizing, and your name is on the wrong side of it.
This was meant as a critique of the GPL, as it restricts the freedom of the public in exchange for "free software", not a me-tooism.
Here is archive.org's oldest snapshot of the above page, from February 1999: http://web.archive.org/web/19990224071744/http://www.gnu.org/philosophy/free-software-for-freedom.html For almost 20 years the FSF has been training people not to listen to your argument, but to hear "free" and think you mean FSF/copyleft. You're trying to use The Ring against Sauron. It's bad marketing and won't work.
It seems that both of us thought to use strategies to promote the license to different demographics: you used "BSD" for an easy explanation, I used "free" to show that it had a leg-up on the FPL. If we strip the branding though, I think that we can agree that it's /really/ a zero-clause ISC license.
Nobody who isn't already a license geek knows what ISC is. It has zero marketing heft. OpenBSD didn't even bother to mention ISC in the first half of https://www.openbsd.org/policy.html The name ISC is so irrelevant that the SPDX objection I answered above misidentified it as an MIT license. You're not arguing that it be called ISC, you're _objecting_ to saying that the license OpenBSD uses is a BSD license. (Is there a similar objection to GPLv3 not containing most of the text of GPLv2? Or are you saying OpenBSD isn't a BSD?)
I think there are four options: * 0BSD: Follows primacy and SPDX short identifier, easier to explain to others as "more BSD than BSD", but isn't really derived from the BSD license family.
You said last message that you were ok with calling it 0BSD. That would resolve this issue. It's the OpenBSD suggested template license. OpenBSD itself describes it (in the above linked page) by saying "The ISC copyright is functionally equivalent to a two-term BSD copyright with language removed that is made unnecessary by the Berne convention." I then removed a little _more_ text, but I removed far less text than the John The Ripper guys did at http://openwall.info/wiki/john/licensing . Would you say that calling the John The Ripper license a stripped down FreeBSD license is inaccurate? I removed less because my _goal_ was to have a minimum delta from an existing widely-used license (to make laywers happy) resulting in a simple license easy for non-lawyers to read. (I looked at dozens of starting points for my new license. I really wanted to find somebody else who had already done this, but couldn't, so I went with the simplest thing calling itself a BSD license, and that was the OpenBSD suggested template license.)
* FPL: OSI approved "open source" and (in my experience), easy to pivot the discussion with GPL advocates from optimizing for free humans rather than free software, but the word "free" may confuse some.
No, the term "open source" predated OSI. Eric Raymond created OSI because he believed that charismatic movements (led by a single leader with a strong personality) wouldn't outlive said leader, and he was trying to make an organization that would outlast his participation. (He was also, circa 2001 when I first started hanging out with him, very worried that he'd ossify into a loon the way his friend Richard Stallman had. Eric and Richard hung out at science fiction conventions in the 1980's, but as Richard got older he got more and more extreme and fixed in his ways, and Eric was terrified this would happen to him. Alas, he went crazy along a different axis than RMS had so didn't manage to defend against it.) For context, I crashed on the couch in Eric's basement for 4 months in 2003 while "editing" the Art of Unix Programming from 9 chapters to 20. That's why paragraph 2 of the author's acknowledgements says he almost made me a co-author: http://www.catb.org/esr/writings/taoup/html/pr01s06.html And we went on to co-author lots of stuff: http://www.catb.org/~esr/hackerlore/sco-vs-ibm.html http://www.catb.org/esr/halloween/halloween9.html http://catb.org/esr/writings/world-domination/world-domination-201.html And so on... We stopped being able to work well together around 2008, and stopped talking to each other at all after I tweeted this at him in 2011: https://twitter.com/landley/status/33179400488878080 And since then he's just plain lost it: http://www.linux-magazine.com/Online/Blogs/Off-the-Beat-Bruce-Byfield-s-Blog/The-Decline-and-Fall-of-Eric-S.-Raymond But that previous relationship from before he went crazy means I know a lot more behind-the-scenes stuff about OSI than is necessarily public. And some _is_ public but people just forget it. For example, when Eric founed OSI he partnered with Bruce Perens, who was already a toxic loon. When RMS decided that losing the spotlight was unacceptable Bruce flounced from OSI back to the FSF, directly undermining OSI's core message: https://news.slashdot.org/story/99/02/18/0927202/bruce-perens-resigns-from-osi Then when GPLv3 was happening he begged to be let back in just long enough to neuter OSI's objections go GPLv3, and soon after that passed Bruce got thrown out again and of course made a big stink and pointed the finger at everybody else: https://lwn.net/Articles/274694/ And so on. As far as I can tell, the current board of OSI is a complete reboot, creating a new organization on the bones of the old, presumably started sometime after this: https://opensource.org/node/608 In OSI's absence, organizations like SPDX arose to fill the gap. It wasn't remotely the only one, Buildroot has its own tracking: https://buildroot.org/downloads/manual/manual.html#legal-info And Yocto and Tizen have theirs: https://www.yoctoproject.org/blogs/khem/2014/suppliment-common-licenses-yocto-project And of course there's: https://www.linuxfoundation.org/offerings/open-source-compliance http://www.fosspatents.com/2013/05/software-freedom-law-center-effectively.html http://www.groklaw.net/articlebasic.php?story=20060316052623594 Red Hat and Google have their own set of approved licenses... And, of course, github itself. Licenses listed/recognized by github are far more prominent than ones that aren't. (Hence this email thread.) SPDX doesn't make value judgements about licenses, their job is to come up with a list of the licenses in use. Consistently NAMING said licenses is core to SPDX's mission. (I wanted BSD0 as the short version, but SPDX previously had 4BSD 3BSD and 2BSD so wanted to use 0BSD as the short identifier. So 0BSD it is.) As I said: Samsung asked me to submit 0BSD to SPDX. The google guys agreed that was a good idea. None of them have ever mentioned OSI to me, and really don't seem to care what they think.
* Something else: I really don't know whether orchestrating a compromise between the OSI and SPDX is even worth it (or whether this is insulting to even suggest), but at this point the politics surrounding these names seems to be suffocating this license. I'd be comfortable settling on something more neutral and unopinionated like "0ISC", but I think this is really in your hands.
I talked to several people at linuxconf.au in January (Richard Fontana witnessed my CC0 vs 0BSD argument with the Google guy, I buried the hatchet over lunch with Bradley Kuhn, etc) and they suggested I re-raise the issue with OSI to give them the opportunity to _create_ a procedure for backing out a previous mistake. It's on my todo list. (I also saw the Open Invention Network lady again and she reminded me to submit Toybox to OIN. My old Aboriginal Linux project is already a member, but I should get toybox explicitly listed. Haven't yet. Been busy with several other projects and travel...)
* Nothing. This seems to be current course of action, as this drama is a total pain for anyone even tangentially involved.
Yes. OSI's insistence on maintaining its mistake has derailed my plan to promote public domain equivalent licensing.
If dealing with this license continues to be this painful, I don't think it well ever get any sort of mainstream support.
It was getting some momentum before OSI wet the bed. Since then even I haven't bothered to push it much because I don't find dealing with OSI fun, and definitively shouting them down is a time sink. That said, it's still on the todo list. But turning Android into a self-hosting development environment (so having an android phone is sufficient for being a full-fledged Android system developer, and the PC can go the way of minicomputers and mainframes up into the lucrative but boring big iron server space) is higher on the todo list, which isn't just toybox but http://github.com/landley/mkroot and so on (dismantling AOSP and rebuilding it along modular lines, etc). Heck, just turning Android's NDK into something usable is higher on my todo list: http://lists.landley.net/pipermail/toybox-landley.net/2016-December/008767.html
As we're on the same team, I'd really rather not have that happen.
0BSD is shipping on every Android device since Marshmallow. I have a todo item to promote it more but haven't cycled around to that yet because I'm trying to finish http://landley.net/aboriginal/about.html#selfhost and my $DAYJOB is doing https://j-core.org which involves a lot of travel (6 trips to tokyo so far). And yes, I intend to talk to Jeff about switching j-core's VHDL to 0BSD. (It's on the todo list.) If so it will be called Zero Clause BSD there too, and I won't even have to change the web page that links to it. But the best thing I can do to cement 0BSD's position is get Toybox to its 1.0 release before Android "P". (I missed "O" because the last 6 months have been nuts.) I've got the Android Bionic and Toolbox maintainer posting his own roadmap for replacing what's left of toolbox with toybox: http://lists.landley.net/pipermail/toybox-landley.net/2016-June/008484.html And my own roadmap of what needs to happen to build linux from scratch under android (AOSP has some more todo items such as a git downloader): https://landley.net/toybox/roadmap.html I'd love to get back to that, but today I need to convert the j-core GPS signal tracking routines from cartesian to polar coordinates (I'm trying to convince the hardware guys to make this change in the correlators and they want to see how expensive doing it in software is first). Then I should probably pack for my upcoming trip to San Diego... Rob
On 07/18/2018 11:58 AM, Mike Linksvayer wrote: I just happened to notice there's also an MIT-0/MIT No Attribution also independently published at least twice, in 2010 and more recently, various background links in spdx/license-list-XML#632 <spdx/license-list-XML#632>.
Cool. The "John the Ripper" project from Openwall has a similarly cut down FreeBSD variant, and they refer to an earlier project in their wiki. http://openwall.info/wiki/john/licensing The concept is quite straightforward. I detailed my reasons for using the variant I did (conforms to corporate expectations to navigate approval process more easily), but all of these (and wtfpl and cc0 and unlicense.org and so on) are functionally equivalent. Rob
The naming confusion has been cleared up, it's now consistently "Zero Clause BSD" (SPDX short identifier 0BSD).
@landley Could you please help me drive this home by updating this page with the official title per the referenced link? I think the WTFPL does a good job making the title clear by italicizing it on the about page.
I've also opened a bug against NPM after having checked it throws a
Please don't ask SPDX to change, they approved the license first. OSI made a mistake and I lobbied OSI to undo that mistake, largely by arguing that SPDX approval came first. (After I'd been using it for years, of course.) If OSI didn't manage to quite undo their mistake completely... who cares?
I've been using the zero clause bsd name for years. "Zero Clause BSD", "BSD Zero Clause", and "0BSD" are trivial differences. Please don't reopen that can of worms.
I don't understand why Github would want to participate in politics here... I see 0BSD and WTFPL quite regularly. They just aren't recognized which requires me to dig into the LICENSE file. Why would they want to get into politics?
Oh right!!! - Microsoft owns Github - They only like MIT and Apache 2.0
I think I'm going to switch some of my projects to 0BSD - I urge anyone and everyone interested in licensing to listen to Rob's talk on the failure of Copyleft. Very good history lesson!!!
Those who don't learn from history will be bound to repeat it...
@frink there isn't any politics here. WTFPL is recognized, see https://github.com/search?utf8=✓&q=license%3Awtfpl&ref=simplesearch
0BSD will be eventually when a new version of licensee is released and deployed.
It's been up on https://choosealicense.com/licenses/0bsd/ with toybox as an example for months now, but I'm not sure what github recognizing the license means exactly. I had to do landley/toybox@b31192f because I was told the title line saying it's 0bsd confused github's license recognizer, but there's nothing on the https://github.com/landley/toybox page that says "0bsd", and no "recognized as" annotation on the license itself. (But then there isn't for https://github.com/torvalds/linux either, so...)
shrug Maybe it's done now? It's hard to tell, I thought there would be a visible difference between "recognized" and "not recognized" in the github UI but now I'm not sure...
Ah, I see. A recognized repo will name the license in that link. https://github.com/torvalds/linux and https://github.com/tytso/e2fsprogs aren't recognized, and neither were the first 13 repos that came up in github.com/explore, but the 14th (https://github.com/go-debos/debos) is recognized.
So that's what it looks like.
@landley - Yes. That's my beef. Doesn't show up properly...
It doesn't seem like choosealicense.com and github.com are not in sync with one another. Don't know what the cause is... Could be politics. Could be oversight. Could be a lot of things... Just dunno...
If I start a new project here and click to add a licence, Github bolds Apache 2.0, GPL 3.0, and MIT... Then followed by the BSD 2-Clause and BSD 3-Clause then several GPL variants MPL 2.0 and finally the Unlicense - which is the only listed PDE (public domain equivalent) license.
@mlinksva - FWIW - Neither WTFPL or 0BSD are available in the choose a license template dropdown on Github. I also find it interesting that only GPL3 and the two Microsoft-approved licenses are the only ones bold. Don't know what that is about. It's probably impossible to provide such a list without some politics since even the order itself is suggestive. I'm fine with all that. But 0BSD and WTFPL should be listed...
PDE licenses need more respect from Github than they have received - that's all I'm saying...
I can tell you exactly what the causes are.
Why 0BSD is currently not yet detected on github.com: (1) Licenses get added here, (2) then vendored in licensee, (3) then a new release of licensee is cut, (4) then licensee version is upgraded for github.com. We're presently at (3). You can watch for new releases at https://github.com/licensee/licensee if you want to be alerted when (3) is done. When (4) is done https://api.github.com/licenses/0bsd will return info about the license rather than not found.
Why WTFPL is not in the license chooser template at github.com: Note WTFPL is known and can be detected, see https://api.github.com/licenses/wtfpl and https://github.com/search?utf8=%E2%9C%93&q=license%3Awtfpl&ref=simplesearch but the chooser only displays a handful of licenses, I believe those with
If you wish to use 0BSD or WTFPL (I really don't know why you'd want to use the latter, but whatever) or any other license, including non-open source ones, you can do that, put their text in a LICENSE file.
Since this isn't about what can be done in this repo and I don't think there is any more info to be added I'm going to lock this conversation. Thanks for raising your concerns!
For existing repos one can https://support.github.com/contact and ask for re-detection.