Possibly add 0BSD license #464
Comments
|
@rqou thanks for reporting this. Could you also file an issue at https://github.com/benbalter/licensee/issues and point out the exact license text you're getting a false indication of ISC for? I tried and didn't get a match against either text in https://spdx.org/licenses/0BSD.html or https://opensource.org/licenses/FPL-1.0.0 It may be that adding 0BSD here is the right solution for licensee, but it may not be as well. On the 1000 repositories criteria...unfortunately we have no way get an exact result, but there's been no need to for licenses cataloged since making the criteria explicit (and maybe before) -- they easily exceed it. https://github.com/search?utf8=%E2%9C%93&q=0bsd+filename%3Alicense&type=Code&ref=searchresults would not find all uses, but only obtains 144 results. Feel free to (anyone) point out better evidence. 0BSD has been mentioned here at least once, by @waldyrious #413 (comment)
|
|
I would love if we could somehow agree (ISC, @landley, SPDX and OSI, and choosealicense.com by extension) in a standard progression for the BSD-style licenses, along the lines described in The Amazing Disappearing BSD License. This would simplify the nomenclature, reinforce the BSD-style license "brand", and clarify the meaning of ISC/0BSD/FPL. I'm not sure what would need to be done to get there, though, or even if that's practical or desirable from a legal standpoint. But even if we only managed to agree on FPL vs. 0BSD for the name of the simplest grant in that progression, it would already be a good outcome. Thoughts? |
|
According to the licensee developers, there is no mis-detection occurring there with the latest version of the code. In order to correctly detect 0BSD, it just has to be added here. |
|
@waldyrious I highly doubt that coordination is going to happen. It also doesn't matter that much. Lots of unconditional licenses might be very slightly confusing, but they present no other problems, in contrast with the far more numerous licenses with various conditions. If the differently named FPL or a BSD-0 ever get added to SPDX and enough adoption, we could add them too. In the meantime, closing this for now. If/when anyone can document that 0BSD is in use for at least 1000 repos here, please re-open or make a pull request adding 0BSD. Thanks! |
|
I hate to bump this after a few months of peace and quiet, but I just wanted to resolve this point:
Nobody on my team (or the OSI's board) had ever heard of the 0BSD when the FPL was being reviewed, so we were all surprised to hear that the 0BSD had skipped OSI approval and jumped straight to SPDX for an identifier. I don't want to rehash all of the issues with the 0BSD, but we're comfortable using the 0BSD identifier on our license, regardless of whether the 0BSD is actually approved by the OSI/FSF. @landley's position is also clear:
I'm obviously heavily biased, and would prefer not to trample the original 0BSD with a modified ISC license, but when the time comes that we hit 1,000+ repos we'll be happy to stand behind any decision that's made (the same way that we support SPDX in giving us the "0BSD" identifier). Thanks for all of your time and effort (and head vs. wall pain) on getting this done The Right Way™, please reach out if there's anything I can help with. |
|
I appear to have missed the earlier round of this...
On 03/23/2017 05:55 PM, Christian Bundy wrote:
I hate to bump this after a few months of peace and quiet, but I just
wanted to resolve this point:
I'm not sure what would need to be done to get there, though, or
even if that's practical or desirable from a legal standpoint. But
even if we only managed to agree on FPL vs. 0BSD for the name of the
simplest grant in that progression, it would already be a good
outcome. Thoughts?
The name "zero clause BSD" was part of a strategy to promote public
domain equivalent licensing
(https://en.wikipedia.org/wiki/Public_domain_equivalent_license) by
coming up with a both corporate friendly and hobbyist friendly version.
This is necessary because post-GPLv3 too many programmers are lumping
software copyrights in with software patents as "too dumb to live" and
opting out of licensing their software at all. I'm trying to offer a
palatable alternative, which requires being aware of and addressing a
lot of issues.
The first problem is that lawyers dislike "public domain", as I
explained here:
http://www.openwall.com/lists/musl/2016/03/23/11
That's a reply to a thread where Google's lawyers asked musl-libc to
remove "public domain" code so musl could be used in chromium OS. I
encountered this personally two months ago at linuxconf.au, where I had
a ten minute argument with a Google developer whose position was that
CC0 was a terrible license because it forces you to "give up your
rights", but that my zero clause BSD was a much better license that he
could use. (I tried to explain that they're equivalent but he literally
wouldn't believe me.)
Laywers like BSD because AT&T and BSDi sued each other and AT&T lost for
violating the terms of a BSD license, thus it's proven to provide
paychecks to laywers. So what I did was take the simplest thing I could
call a BSD license (specifically the OpenBSD suggested template license
at
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=HEAD)
and make a single small change (removing half a sentence). I did this so
I could call the result a BSD license and get that mental "rubber
stamp". There were already 4 clause, 3 clause, and 2 clause BSD
licenses. Zero Clause BSD was both "just another BSD license" and
analogus to the existing CC0.
The reason we need to revive public domain software is the collapse of
copyleft. The GPL was a category killer in copyleft, preventing rivals
like CDDL from gaining any traction and providing a single giant pool of
reusable code under a single license. But there's no such thing as "the
GPL" anymore, because GPLv3 split copyleft into incompatible warring
camps. Now the Linux kernel and samba implement 2 ends of the same
protocol but can't share code, even though both are GPL. A project
that's "GPLv2 or later" couldn't accept code from _either_ source, which
leaves projects like QEMU that want to turn kernel drivers into device
emulations and gdb/binutils processor definitions into processor
emulations stuck because they can't take code from both sources anymore.
This situation sucks, it's only going to get worse with time (agpl,
gpl-next, ubuntu shipping cddl code, maybe GPLv4 someday).
Before this, copyleft was simple and let programmers ignore most of the
legal issues around software licensing. We had a universal receiver
license acting as a terminal node in a directed graph of license
convertibility, and had a simple binary decision: "is this license GPL
compatible or not?" If it is, treat it like the one license we're
familiar with, if not ignore it. And we're done, we don't have to be
lawyers. But with GPLv3, you now have to police all your contributions
because "it's GPL" doesn't mean "my project can use it".
Since GPLv3 split "the GPL", a lot of programmers (and companies)
categorically refuse to get GPL code on them anymore. Android's no GPL
in userspace policy (rewrite of the bluetooth daemon, etc) was a
response to GPLv3 destroying "the GPL". Apple similarly froze xcode on
the last GPLv2 release of gdb and binutils for 5 years while they
sponsored the development of a replacement (clang/llvm), rewrote the smb
server, and did a general "GPL purge" ala
http://meta.ath0.com/2012/02/05/apples-great-gpl-purge/
In the absence of a universal receiver license, the next generation of
programmers is taking one of two approaches:
1) Refusing to license their code. Not through ignorance, but as
Napster-style civil disobedience lumping software copyright in with
software patent as too dumb to live and refusing to participate. The
next generation is waiting for all those old "series of tubes" fogies
issuing DMCA takedowns on youtube AMV's and reaction videos to just
_die_ already, and software licensing is an obvious extension of that.
2) Jumping to the other end of the spectrum looking for a universal
donor license.
I want to ENCOURAGE the second approach, because I can't deploy code
with no license. But the universal donor of copyright licensing is the
public domain, which was the victim of a protracted FUD campaign after
copyright was extended to cover binaries in 1983 by the Apple vs
Franklin ruling
(https://en.wikipedia.org/wiki/Apple_Computer,_Inc._v._Franklin_Computer_Corp.)
and the resulting shrinkwrap software gold rush competed directly with
decades of accumulated public domain software. Commercial interests
tried very hard to convince everyone that public domain software was
poison, so you'd buy their proprietary software, and this got
internalized by people like OSI's lawyer Larry Rosen, who wrote an
article in 2002 comparing releasing code into the public domain to
abandoning trash by the side o the highway. (No really, paragraph 5 of
http://www.linuxjournal.com/article/6225)
To work around the 30-year FUD campaign against public domain software,
people came up with dozens of public domain adjacent licenses (bsd, mit,
isc, apache...), which were _almost_ like public domain equivalent
licenses except that they required you to copy a specific blob of text
into all derived works, and those blobs of text varied from license to
license.
This led to a "stuttering problem" where derived works incorporating
code from multiple sources would concatenate multiple licenses, which
quickly gets ridiculous. The kindle paperwhite's about->license has over
300 pages of license text. Android's toolbox project (the thing toybox
is replacing) had dozens of concatenated copies of the same BSD license:
https://github.com/android/platform_system_core/blob/master/toolbox/NOTICE
When I asked why they said it's because the copygight dates had changed,
and a strict reading of the license meant...
Only public domain equivalent licensing provides equivalent simplicity
to what "the GPL" offered. Fire and forget, you don't have to be a
laywer, because public domain equivalent licensing collapses together.
You can combine code under 0BSD, the unlicense, cc0, wtfpl, or a simple
"public domain" dedication such as libtomcrypt's
(https://github.com/mkj/dropbear/blob/master/libtomcrypt/LICENSE) and
then use any one of those as the resulting license, without stuttering.
With public domain, you don't have to choose a license: you can always
change it later. The "should I choose apache or isc or mit" decision
paralysis drives people to side with napster-style opting out because
it's _not_ universal donor licensing. Add the stuttering problem and it
quickly becomes "this is too complex and fiddly to understand, I'm not
getting it on me".
I looked at existing public domain equivalent licenses before creating
my own, but "the unlicense" (unlicense.org) is confusing "This code is
unlicensed, I can't use it...", Creative Commons Zero is extremely
complicated for what it does and has received a lot of FUD (some of
which is spillover from various "don't use creative commons licenses for
source code, it's not appropriate" campaigns from Eben Moglen and
similar). WTFPL has swearing in the name (which turns out to be an issue
for some people)...
Zero clause BSD is "more BSD than BSD". It's a very simple story I can
tell people to convince them to license their darn code.
This is why I objected so strongly to OSI retroactively renaming this
license. There were _reasons_ for 0BSD to be named what it was. Calling
the license "free" anything implies an affiliation with the Free
Software Foundation putting it on the wrong side of the historical GPL
vs BSD divide. I'm trying to convince people disappointed by the loss of
a universal receiver license to move to universal donor licensing, so
that they don't refuse to license their code at _all_ (which ~80% of
github is doing). OSI muddying that message was incredibly frustrating.
Nobody on my team (or the OSI's board) had ever heard of the 0BSD when
the FPL was being reviewed,
Which surprised me because SPDX had approved it months earlier and OSI
had a policy of keeping itself in sync with SPDX. We discussed it on the
spdx list, and SPDX published their license approvals.
so we were all surprised to hear that the
0BSD had skipped OSI approval and jumped straight to SPDX for an
identifier.
When Android merged toybox, Samsung asked me to submit it to SPDX for
approval (to simplify Samsung's internal processes), so I did. Nobody
ever asked me to submit it to OSI.
At the time I knew that OSI's lawyer wrote the article comparing public
domain to abandoning trash by the side of the highway (linked above) and
that their FAQ disapproved of CC0, the most prominent public domain
equivalent license:
https://opensource.org/faq#cc-zero
And that they had started pushing back against license proliferation
years ago, which at the time meant they'd stopped approving new licenses:
https://opensource.org/proliferation
I don't want to rehash all of the issues
<https://lists.spdx.org/pipermail/spdx-legal/2015-December/001580.html>
with the 0BSD, but we're comfortable using the 0BSD identifier on our
license, regardless of whether the 0BSD is actually approved by the OSI/FSF.
I think the best summary of the issues was actually the timeline I posted:
https://lists.spdx.org/pipermail/spdx-legal/2015-December/001574.html
I'm not the only person to strip down a BSD license into a public domain
equivalent license, the John the Ripper project also did so:
http://www.openwall.com/john/doc/LICENSE.shtml
http://openwall.info/wiki/john/licensing
But they used a different starting point (freebsd's license) and came up
with a differently worded result. If that one had existed at the time,
I'd have used it, but they did that in 2015. (After I relicensed toybox,
before I submitted it to SPDX.)
Yet a license with _exactly_ the same wording as 0BSD was submitted to
OSI under a different name both after SPDX approved it and after Android
shipped it in the M preview.
I'll accept that's all a big coincidence, but OSI failed to do any sort
of due dilligence. OSI had a policy of keeping itself in sync with SPDX.
Months after SPDX had approved the new license they didn't notice SPDX
had already approved this license under a name it had since (having
raised the "but it's ISC" issue during the initial approval process, and
accepted the reference to OpenBSD as justification).
Months later, OSI noticed the conflict, but because OSI has no mechanism
for admitting it made a mistake, they asked SPDX to change the name of
0BSD. I objected, both explaining the reasons for the name (and why
OSI's name was actively counterproductive), and pointed out the timeline
(the link above), and OSI's response was basically that I'd convinced
them to stop trying to convince SPDX to change their existing decision,
but that OSI had no mechanism for ever admitting they'd made a mistake:
https://lists.spdx.org/pipermail/spdx-legal/2015-December/001575.html
@landley <https://github.com/landley>'s position is also clear:
I'd really rather ignore OSI entirely than explain that after zero
clause bsd had been in use for years, after it had been merged into
android and tizen, and after SPDX had published a decision to approve
it, OSI randomly accepted the same license under a different and
misleading name because this guy https://github.com/christianbundy said
so and OSI didn't do its homework. (Ok, that photo with the caption
"this guy" would make an entertaining slide, but entertaining damage
control is still damage control.)
I'm obviously heavily biased, and would prefer not to trample the
original 0BSD
<https://web.archive.org/web/20050307174729/http://urchin.earth.li/%7Etwic/The_Amazing_Disappearing_BSD_License.html>
with a modified ISC license,
That's basically a blog post. No software ever shipped with that calling
itself zero clause BSD (I know, I searched at the time).
Toybox shipped with this license in 2013, and I explained the _strategy_
behind the name in 2014:
http://lists.landley.net/pipermail/toybox-landley.net/2014-April/003363.html
but when the time comes that we hit 1,000+
repos we'll be happy to stand behind any decision that's made (the same
way that we support SPDX in giving us the "0BSD" identifier).
I think this is a good license. I'd like to see more people use it. I
think getting the name right is important, and I took the approach I did
for specific reasons.
That said, if github wants to go with the John the Ripper license
instead, go for it. I don't claim to have invented the idea of public
domain equivalent licensing. It's apparently an obvious enough idea that
somebody else reinvented about half of it years later.
Rob
|
|
Thanks Rob, I appreciate your post. There's a lot to unpack there, and I'd like to first point out that I absolutely agree with you on the need for an ultimately permissive license. I'd like to think that we're both on the same side of this issue. I think there are only two points that need to be covered on this specific issue (although you're always welcome to email me for anything tangential): plagiarism and the multiple discovery. I understand that from your perspective and social circles, the 0BSD is widely known. Unfortunately, I didn't know about the 0BSD, and ended up taking two steps:
I wasn't subscribed to SPDX, and didn't see your emails until they were forwarded to me from the OSI, who explained the situation. I'm sorry that I wasn't aware of your license sooner, my intention wasn't to plagiarize or try to take credit for your work. I have to admit that I was surprised by how personally hostile your emails were, and thought that it would be best to stay out of the discussion between you, the OSI, and SPDX. The issue of naming authority, admittedly, sucks. I was originally under the impression that the OSI was the de facto naming authority for "open source" licenses, but I wasn't aware that you (and probably others) were unconcerned about OSI approval. I'd heard of SPDX, but I wasn't aware that they tracked licenses that weren't approved by the OSI or FSF. It was very clearly a misunderstanding on my part, and I take full responsibility here. The problems, from my understanding, seemed to stem from the fact that the OSI wouldn't have approved an ISC-derived license referring to itself as "BSD" (even the OpenBSD project now uses the ISC license), and the fact that you felt that the word "free" was similarly deceiving. For the record, the name was meant to highlight the difference between the FPL and the GPL -- the GPL optimizes for free software whereas the FPL optimizes for a free public. This was meant as a critique of the GPL, as it restricts the freedom of the public in exchange for "free software", not a me-tooism. It seems that both of us thought to use strategies to promote the license to different demographics: you used "BSD" for an easy explanation, I used "free" to show that it had a leg-up on the FPL. If we strip the branding though, I think that we can agree that it's really a zero-clause ISC license. I think there are four options:
I'll keep my eyes on this issue, thanks for getting back to me so quickly. Cheers, |
|
On 03/26/2017 10:45 PM, Christian Bundy wrote:
Thanks Rob, I appreciate your post. There's a lot to unpack there, and
I'd like to first point out that I absolutely agree with you on the need
for an ultimately permissive license. I'd like to think that we're both
on the same side of this issue.
I think we are.
I think there are only three points that need to be covered on this
specific issue (although you're always welcome to email me for anything
tangential): plagiarism and the multiple discovery.
I understand that from your perspective and social circles, the 0BSD is
widely known. Unfortunately, I didn't know about the 0BSD, and ended up
taking two steps:
* Start with the ISC license, which was/is very popular
* Remove a half-sentence
* Submitted it for review
It's an obvious thing to do, as in "it's clearly where the industry
needs to go next". If the John The Ripper license had existed at the
time (or the various other doing-the-same-thing ones I haven't saved
links to), I would have used that (and advocated renaming _that_ 0BSD
for the reasons stated last email). But it didn't, and being able to say
"Android's shipped this license in a billion devices, it's been part of
the base OS image for years now" is itself a powerful argument.
I _looked_ for existing licenses when I switched toybox from gpl to bsd
back in 2011 (see https://landley.net/notes-2011.html#13-11-2011 and
https://landley.net/notes-2011.html#16-12-2011) and there were some
great articles about it back when I was doing that research.
In 2013 the "universal receiver -> universal donor" trend became quite
pronounced, and a lot of people wrote extensive analysis of it, ala:
http://lucumr.pocoo.org/2013/7/23/licensing/
http://lu.is/blog/2013/01/27/taking-post-open-source-seriously-as-a-statement-about-copyright-law/
(That second one links to one of Nina Paley's comic strips on the
subject, she has a _lot_ more and they're very good:
http://mimiandeunice.com/ and yes she's the lady who did "sita sings the
blues".)
A lot of this analysis applied specifically to github, since they were a
good source of data:
http://readwrite.com/2013/05/15/open-source-is-old-school-says-the-github-generation#awesm=~oDBVWaLSBrm6QD
And github's _reply_, pushing the MIT license, was close but not quite
right:
http://www.infoworld.com/t/open-source-software/github-ceo-backs-mit-open-source-license-223505
Because they went with public domain _adjacent_ instead of public domain
equivalent. Public domain adjacent is "picking sides" and leads to
increasing legal clutter, which encourages people to opt out of
licensing their code because there isn't a simple fix that lets you stop
thinking about licensing. Public domain equivalent collapses together
the way the GPL used to: merge CC0 and unlicense.org code and the result
can still be distributed under _one_ license (I.E. any of them).
I devoted 3 minutes to my 2013 "dear google, please merge toybox" talk
(which succeeded!) to licensing issues (starting at the 15 minute 9
second mark):
http://www.youtube.com/watch?v=SGmtP5Lg_t0
And followed it up with a talk at Ohio Linuxfest titled "the rise and
fall of copyleft", where I tried to lay out my path to the public domain
(but ran out of time before I ran out of material):
audio:
https://archive.org/download/OhioLinuxfest2013/24-Rob_Landley-The_Rise_and_Fall_of_Copyleft.mp3
outline:
In 2014 the unlicense.org guys contacted me, and I had a long thread
with them, starting with "here's an interview I just gave on the topic"
and moving on from there:
https://twitter.com/landley/status/451683680520396800
(Which went to email, but wasn't public.) I was hoping they'd act as a
clearinghouse for people interested in public domain equivalent
licensing, but their marketing strategy had a glaring flaw. (They were
going for something like "the uncola", but wound up with "I can't use
this code, it's unlicensed, I need something with a license" confusion.)
So yes, I've thought about this at great length. In public. And tried to
get the word out. I'm just really busy with other stuff and wander away
to other topics for 6 months at a time...
I wasn't subscribed to SPDX, and didn't see your emails until they were
forwarded to me from the OSI, who explained the situation.
That wasn't your screw-up, that was OSI's screw-up.
I'm sorry
that I wasn't aware of your license sooner, my intention wasn't to
plagiarize or try to take credit for your work.
I don't care about that. As my Ohio LinuxFest talk said in the section
on attribution vs ownership, the internet is very good at sorting that
sort of thing out on its own.
I cared because:
1) I had a reason for using that name, and the new name directly opposed
that reason.
2) I expected this would screw up further adoption because "there's this
almost identical license, what's the difference and why are there two of
them, let's use this as an excuse to table the motion indefinitely".
Isn't #2 basically what github is doing right now (hence this thread)? I
missed the earlier parts, but it's not unique:
david-a-wheeler/spdx-tutorial#1
Note nobody ever suggests "use the OSI version" and they never will.
They say "move of this thing entirely, there's fighting".
I tried to argue hard to shut it down at the start because I saw the
mess it would make, but OSI has no procedure for admitting (let alone
fixing) a mistake. And then the mess happened, and I cycled around to
other things that weren't a giant cleanup job.
I have to admit that I
was surprised by how personally hostile your emails were, and thought
that it would be best to stay out of the discussion between you, the
OSI, and SPDX.
Sorry, I wasn't mad at you, I was mad at OSI. They have a policy of
keeping themselves in sync with SPDX, didn't do so, and then asked SPDX
to retroactively change a decision that predated your submission with
the rationale "we screwed up so you need to change to match our screw-up".
I am a bit annoyed you were playing with matches, but you meant well.
The issue of naming authority, admittedly, sucks. I was originally under
the impression that the OSI was the de facto naming authority for "open
source" licenses,
In 1998, sure. In 2016? Not so much. About halfway through here I listed
why:
https://lists.spdx.org/pipermail/spdx-legal/2015-December/001600.html
As I said, no corporation mentioned OSI to me. They mentioned SPDX. OSI
seems to have revived its license efforts (recently) because other
organiations were moving on without them, and as Clay Shirky explained
in his "institutions vs collaboration" TED talk, the #1 goal of any
organization is to perpetuate itself:
https://www.youtube.com/watch?v=sPQViNNOAkw
but I wasn't aware that you (and probably others) were
unconcerned about OSI approval.
About 1/3 of the email I linked to above (the middle part) links to a
few of the reasons OSI lost momentum. It is not a complete list.
I'd heard of SPDX, but I wasn't aware
that they tracked licenses that weren't approved by the OSI or FSF. It
was very clearly a misunderstanding on my part, and I take full
responsibility here.
You're not alone, OSI is intentionally pretending it's still as relevant
as it was 15 years ago, in an attempt to rebuild itself.
Maybe the various standards bodies will eventually harmonize the way
ANSI and ISO approved the same C standard, and the way Posix-2008 is
also SUSv4 (IEEE and The Open Group, although as far as I can tell the
Austin Group isn't really related to either anymore).
But alas, it hasn't happened yet. And until it does (which would render
OSI irrelevant again because it would just be rubber stamping SPDX's
decisions), OSI is jamming the gears by disagreeing.
The problems, from my understanding, seemed to stem from the fact that
the OSI wouldn't have approved an ISC-derived license referring to
itself as "BSD" (even the OpenBSD project now uses the ISC license),
This objection was raised during SPDX approval, and I answered it:
https://lists.spdx.org/pipermail/spdx-legal/2015-June/001456.html
and
the fact that you felt that the word "free" was similarly deceiving. For
the record, the name was meant to highlight the difference between the
FPL and the GPL -- the GPL optimizes for free /software/ whereas the FPL
optimizes for a free /public/.
Arguing about the meaning of "free" is something the FSF does. The name
"open source" was invented so people could stop calling things "free".
Ever since, the FSF has insisted on calling it "Free Software" and
objected to the name "Open Source".
https://www.gnu.org/philosophy/free-software-for-freedom.en.html
That's why this word is polarizing, and your name is on the wrong side
of it.
This was meant as a critique of the GPL,
as it restricts the freedom of the public in exchange for "free
software", not a me-tooism.
Here is archive.org's oldest snapshot of the above page, from February 1999:
http://web.archive.org/web/19990224071744/http://www.gnu.org/philosophy/free-software-for-freedom.html
For almost 20 years the FSF has been training people not to listen to
your argument, but to hear "free" and think you mean FSF/copyleft.
You're trying to use The Ring against Sauron. It's bad marketing and
won't work.
It seems that both of us thought to use strategies to promote the
license to different demographics: you used "BSD" for an easy
explanation, I used "free" to show that it had a leg-up on the FPL. If
we strip the branding though, I think that we can agree that it's
/really/ a zero-clause ISC license.
Nobody who isn't already a license geek knows what ISC is. It has zero
marketing heft. OpenBSD didn't even bother to mention ISC in the first
half of https://www.openbsd.org/policy.html
The name ISC is so irrelevant that the SPDX objection I answered above
misidentified it as an MIT license. You're not arguing that it be called
ISC, you're _objecting_ to saying that the license OpenBSD uses is a BSD
license. (Is there a similar objection to GPLv3 not containing most of
the text of GPLv2? Or are you saying OpenBSD isn't a BSD?)
I think there are four options:
* 0BSD: Follows primacy and SPDX short identifier, easier to explain
to others as "more BSD than BSD", but isn't really derived from the
BSD license family.
You said last message that you were ok with calling it 0BSD. That would
resolve this issue.
It's the OpenBSD suggested template license. OpenBSD itself describes it
(in the above linked page) by saying "The ISC copyright is functionally
equivalent to a two-term BSD copyright with language removed that is
made unnecessary by the Berne convention."
I then removed a little _more_ text, but I removed far less text than
the John The Ripper guys did at http://openwall.info/wiki/john/licensing
. Would you say that calling the John The Ripper license a stripped down
FreeBSD license is inaccurate?
I removed less because my _goal_ was to have a minimum delta from an
existing widely-used license (to make laywers happy) resulting in a
simple license easy for non-lawyers to read. (I looked at dozens of
starting points for my new license. I really wanted to find somebody
else who had already done this, but couldn't, so I went with the
simplest thing calling itself a BSD license, and that was the OpenBSD
suggested template license.)
* FPL: OSI approved "open source" and (in my experience), easy to
pivot the discussion with GPL advocates from optimizing for free
humans rather than free software, but the word "free" may confuse some.
No, the term "open source" predated OSI. Eric Raymond created OSI
because he believed that charismatic movements (led by a single leader
with a strong personality) wouldn't outlive said leader, and he was
trying to make an organization that would outlast his participation.
(He was also, circa 2001 when I first started hanging out with him, very
worried that he'd ossify into a loon the way his friend Richard Stallman
had. Eric and Richard hung out at science fiction conventions in the
1980's, but as Richard got older he got more and more extreme and fixed
in his ways, and Eric was terrified this would happen to him. Alas, he
went crazy along a different axis than RMS had so didn't manage to
defend against it.)
For context, I crashed on the couch in Eric's basement for 4 months in
2003 while "editing" the Art of Unix Programming from 9 chapters to 20.
That's why paragraph 2 of the author's acknowledgements says he almost
made me a co-author:
http://www.catb.org/esr/writings/taoup/html/pr01s06.html
And we went on to co-author lots of stuff:
http://www.catb.org/~esr/hackerlore/sco-vs-ibm.html
http://www.catb.org/esr/halloween/halloween9.html
http://catb.org/esr/writings/world-domination/world-domination-201.html
And so on... We stopped being able to work well together around 2008,
and stopped talking to each other at all after I tweeted this at him in
2011:
https://twitter.com/landley/status/33179400488878080
And since then he's just plain lost it:
http://www.linux-magazine.com/Online/Blogs/Off-the-Beat-Bruce-Byfield-s-Blog/The-Decline-and-Fall-of-Eric-S.-Raymond
But that previous relationship from before he went crazy means I know a
lot more behind-the-scenes stuff about OSI than is necessarily public.
And some _is_ public but people just forget it. For example, when Eric
founed OSI he partnered with Bruce Perens, who was already a toxic loon.
When RMS decided that losing the spotlight was unacceptable Bruce
flounced from OSI back to the FSF, directly undermining OSI's core
message:
https://news.slashdot.org/story/99/02/18/0927202/bruce-perens-resigns-from-osi
Then when GPLv3 was happening he begged to be let back in just long
enough to neuter OSI's objections go GPLv3, and soon after that passed
Bruce got thrown out again and of course made a big stink and pointed
the finger at everybody else: https://lwn.net/Articles/274694/
And so on. As far as I can tell, the current board of OSI is a complete
reboot, creating a new organization on the bones of the old, presumably
started sometime after this:
https://opensource.org/node/608
In OSI's absence, organizations like SPDX arose to fill the gap. It
wasn't remotely the only one, Buildroot has its own tracking:
https://buildroot.org/downloads/manual/manual.html#legal-info
And Yocto and Tizen have theirs:
https://www.yoctoproject.org/blogs/khem/2014/suppliment-common-licenses-yocto-project
And of course there's:
https://www.linuxfoundation.org/offerings/open-source-compliance
http://www.fosspatents.com/2013/05/software-freedom-law-center-effectively.html
http://www.groklaw.net/articlebasic.php?story=20060316052623594
Red Hat and Google have their own set of approved licenses... And, of
course, github itself. Licenses listed/recognized by github are far more
prominent than ones that aren't. (Hence this email thread.)
SPDX doesn't make value judgements about licenses, their job is to come
up with a list of the licenses in use. Consistently NAMING said licenses
is core to SPDX's mission. (I wanted BSD0 as the short version, but SPDX
previously had 4BSD 3BSD and 2BSD so wanted to use 0BSD as the short
identifier. So 0BSD it is.)
As I said: Samsung asked me to submit 0BSD to SPDX. The google guys
agreed that was a good idea. None of them have ever mentioned OSI to me,
and really don't seem to care what they think.
* Something else: I really don't know whether orchestrating a
compromise between the OSI and SPDX is even worth it (or whether
this is insulting to even suggest), but at this point the politics
surrounding these names seems to be suffocating this license. I'd be
comfortable settling on something more neutral and unopinionated
like "0ISC", but I think this is really in your hands.
I talked to several people at linuxconf.au in January (Richard Fontana
witnessed my CC0 vs 0BSD argument with the Google guy, I buried the
hatchet over lunch with Bradley Kuhn, etc) and they suggested I re-raise
the issue with OSI to give them the opportunity to _create_ a procedure
for backing out a previous mistake.
It's on my todo list. (I also saw the Open Invention Network lady again
and she reminded me to submit Toybox to OIN. My old Aboriginal Linux
project is already a member, but I should get toybox explicitly listed.
Haven't yet. Been busy with several other projects and travel...)
* Nothing. This seems to be current course of action, as this drama is
a total pain for anyone even tangentially involved.
Yes. OSI's insistence on maintaining its mistake has derailed my plan to
promote public domain equivalent licensing.
If dealing with
this license continues to be this painful, I don't think it well
ever get any sort of mainstream support.
It was getting some momentum before OSI wet the bed. Since then even I
haven't bothered to push it much because I don't find dealing with OSI
fun, and definitively shouting them down is a time sink.
That said, it's still on the todo list. But turning Android into a
self-hosting development environment (so having an android phone is
sufficient for being a full-fledged Android system developer, and the PC
can go the way of minicomputers and mainframes up into the lucrative but
boring big iron server space) is higher on the todo list, which isn't
just toybox but http://github.com/landley/mkroot and so on (dismantling
AOSP and rebuilding it along modular lines, etc).
Heck, just turning Android's NDK into something usable is higher on my
todo list:
http://lists.landley.net/pipermail/toybox-landley.net/2016-December/008767.html
As we're on the same team,
I'd really rather not have that happen.
0BSD is shipping on every Android device since Marshmallow. I have a
todo item to promote it more but haven't cycled around to that yet
because I'm trying to finish
http://landley.net/aboriginal/about.html#selfhost and my $DAYJOB is
doing https://j-core.org which involves a lot of travel (6 trips to
tokyo so far).
And yes, I intend to talk to Jeff about switching j-core's VHDL to 0BSD.
(It's on the todo list.) If so it will be called Zero Clause BSD there
too, and I won't even have to change the web page that links to it.
But the best thing I can do to cement 0BSD's position is get Toybox to
its 1.0 release before Android "P". (I missed "O" because the last 6
months have been nuts.) I've got the Android Bionic and Toolbox
maintainer posting his own roadmap for replacing what's left of toolbox
with toybox:
http://lists.landley.net/pipermail/toybox-landley.net/2016-June/008484.html
And my own roadmap of what needs to happen to build linux from scratch
under android (AOSP has some more todo items such as a git downloader):
https://landley.net/toybox/roadmap.html
I'd love to get back to that, but today I need to convert the j-core GPS
signal tracking routines from cartesian to polar coordinates (I'm trying
to convince the hardware guys to make this change in the correlators and
they want to see how expensive doing it in software is first). Then I
should probably pack for my upcoming trip to San Diego...
Rob
|
|
I just happened to notice there's also an MIT-0/MIT No Attribution also independently published at least twice, in 2010 and more recently, various background links in spdx/license-list-XML#632. |
|
On 07/18/2018 11:58 AM, Mike Linksvayer wrote:
I just happened to notice there's also an MIT-0/MIT No Attribution also
independently published at least twice, in 2010 and more recently, various
background links in spdx/license-list-XML#632
<spdx/license-list-XML#632>.
Cool. The "John the Ripper" project from Openwall has a similarly cut down
FreeBSD variant, and they refer to an earlier project in their wiki.
http://openwall.info/wiki/john/licensing
The concept is quite straightforward. I detailed my reasons for using the
variant I did (conforms to corporate expectations to navigate approval process
more easily), but all of these (and wtfpl and cc0 and unlicense.org and so on)
are functionally equivalent.
Rob
|
|
The naming confusion has been cleared up, it's now consistently "Zero Clause BSD" (SPDX short identifier 0BSD). http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-November/003830.html |
|
@landley Could you please help me drive this home by updating this page with the official title per the referenced link? I think the WTFPL does a good job making the title clear by italicizing it on the about page. I sent up a pull to have the name changed on the SPDX license list, which is where this repo pulls its titles from according to @mlinksva. I have also submitted an issue against this repo as the 0BSD does not appear in the appendix which—if as @mlinksva says is true—this license needs to be added to the Appendix as shown here:
I've also opened a bug against NPM after having checked it throws a |
|
Please don't ask SPDX to change, they approved the license first. OSI made a mistake and I lobbied OSI to undo that mistake, largely by arguing that SPDX approval came first. (After I'd been using it for years, of course.) If OSI didn't manage to quite undo their mistake completely... who cares? I've been using the zero clause bsd name for years. "Zero Clause BSD", "BSD Zero Clause", and "0BSD" are trivial differences. Please don't reopen that can of worms. |
|
Sorry, there's been so much arguing about the name in the past, I may be a bit gun shy now it's resolved. :) |
|
I don't understand why Github would want to participate in politics here... I see 0BSD and WTFPL quite regularly. They just aren't recognized which requires me to dig into the LICENSE file. Why would they want to get into politics? Oh right!!! - Microsoft owns Github - They only like MIT and Apache 2.0 I think I'm going to switch some of my projects to 0BSD - I urge anyone and everyone interested in licensing to listen to Rob's talk on the failure of Copyleft. Very good history lesson!!! Those who don't learn from history will be bound to repeat it... |
|
@frink there isn't any politics here. WTFPL is recognized, see https://github.com/search?utf8=✓&q=license%3Awtfpl&ref=simplesearch 0BSD will be eventually when a new version of licensee is released and deployed. |
|
It's been up on https://choosealicense.com/licenses/0bsd/ with toybox as an example for months now, but I'm not sure what github recognizing the license means exactly. I had to do landley/toybox@b31192f because I was told the title line saying it's 0bsd confused github's license recognizer, but there's nothing on the https://github.com/landley/toybox page that says "0bsd", and no "recognized as" annotation on the license itself. (But then there isn't for https://github.com/torvalds/linux either, so...) shrug Maybe it's done now? It's hard to tell, I thought there would be a visible difference between "recognized" and "not recognized" in the github UI but now I'm not sure... |
|
Ah, I see. A recognized repo will name the license in that link. https://github.com/torvalds/linux and https://github.com/tytso/e2fsprogs aren't recognized, and neither were the first 13 repos that came up in github.com/explore, but the 14th (https://github.com/go-debos/debos) is recognized. So that's what it looks like. |
|
@landley - Yes. That's my beef. Doesn't show up properly... It doesn't seem like choosealicense.com and github.com are not in sync with one another. Don't know what the cause is... Could be politics. Could be oversight. Could be a lot of things... Just dunno... If I start a new project here and click to add a licence, Github bolds Apache 2.0, GPL 3.0, and MIT... Then followed by the BSD 2-Clause and BSD 3-Clause then several GPL variants MPL 2.0 and finally the Unlicense - which is the only listed PDE (public domain equivalent) license. @mlinksva - FWIW - Neither WTFPL or 0BSD are available in the choose a license template dropdown on Github. I also find it interesting that only GPL3 and the two Microsoft-approved licenses are the only ones bold. Don't know what that is about. It's probably impossible to provide such a list without some politics since even the order itself is suggestive. I'm fine with all that. But 0BSD and WTFPL should be listed... PDE licenses need more respect from Github than they have received - that's all I'm saying... |
I can tell you exactly what the causes are. Why 0BSD is currently not yet detected on github.com: (1) Licenses get added here, (2) then vendored in licensee, (3) then a new release of licensee is cut, (4) then licensee version is upgraded for github.com. We're presently at (3). You can watch for new releases at https://github.com/licensee/licensee if you want to be alerted when (3) is done. When (4) is done https://api.github.com/licenses/0bsd will return info about the license rather than not found. Why WTFPL is not in the license chooser template at github.com: Note WTFPL is known and can be detected, see https://api.github.com/licenses/wtfpl and https://github.com/search?utf8=%E2%9C%93&q=license%3Awtfpl&ref=simplesearch but the chooser only displays a handful of licenses, I believe those with If you wish to use 0BSD or WTFPL (I really don't know why you'd want to use the latter, but whatever) or any other license, including non-open source ones, you can do that, put their text in a LICENSE file. Since this isn't about what can be done in this repo and I don't think there is any more info to be added I'm going to lock this conversation. Thanks for raising your concerns! |
|
FYI https://api.github.com/licenses/0bsd and https://github.com/search?utf8=%E2%9C%93&q=license%3A0bsd&ref=simplesearch now work. For existing repos one can https://support.github.com/contact and ask for re-detection. |
I would like to see the 0BSD license cataloged in the appendix. Without it, the downstream Licensee project mis-detects 0BSD as the ISC license. The 0BSD license is basically the ISC license without requiring a copyright notice.
The 0BSD license meets criteria 1 and 2 for adding a license according to the CONTRIBUTING.md, but I'm not sure if it meets criteria 3 (at least 1000 repositories). It is difficult to verify if criteria 3 is met because 0BSD contains more or less a strict subset of the words present in the ISC license, so I was unable to construct a search query that matches only 0BSD but not ISC.
The text was updated successfully, but these errors were encountered: