Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New license request: BlueOak-1.0.0 [SPDX-Online-Tools] #800

Open
kemitchell opened this Issue Mar 8, 2019 · 18 comments

Comments

Projects
None yet
8 participants
@kemitchell
Copy link
Member

kemitchell commented Mar 8, 2019

1. License Name: Blue Oak Model License 1.0.0
2. Short identifier: BlueOak-1.0.0
3. URL: https://blueoakcouncil.org/license/1.0.0
4. OSI Status: Not Submitted

@jlovejoy

This comment has been minimized.

Copy link
Contributor

jlovejoy commented Mar 9, 2019

(from email Kyle sent to list)
Aside: All other licenses on our published permissive license list,
https://blueoakcouncil.org/list, are currently specified by SPDX ID.

Explanation:

The Blue Oak Model License 1.0.0 advances the state of the art of
permissive public software licensing by unique combination of old and
new techniques. To name but a few highlights, Blue Oak:

  • uses plain English, not legalese, written by a committee of open
    licensing lawyer-specialists
  • explicitly addresses both copyright and patent
  • removes uncertainty about the legal characterization of its terms
  • covers all relevant contributor patents, without scope limitation or
    defensive termination
  • includes a cure provision for attribution violations
  • explicitly states that contributors cannot revoke their grants
  • expresses the expectation that all contributors will license on the
    same terms

Both the Blue Oak Model License and its steward, Blue Oak Council, were
announced this week. We expect adoption in meaningful projects, now
that the license has been made public. If need by, I will be happy to
follow up with links to a couple examples, as they appear.

For more information on the license's features and history, see:

https://blueoakcouncil.org/2019/03/06/model.html

@DennisClark

This comment has been minimized.

Copy link
Collaborator

DennisClark commented Mar 10, 2019

Looks good to me. A few comments:

  1. It's always nice to see a Version Number on a new license request, which gives one confidence that the license text is stable.
  2. It's also very nice to see warranty disclaimer text in mixed case rather than all upper case; I hope that is an ongoing trend.
  3. It's remarkably easy to read and understand.

So even though it's apparently not yet an OSI license, and at this point adoption is still pending in actual projects, I give it an early approval.

@kemitchell

This comment has been minimized.

Copy link
Member Author

kemitchell commented Mar 10, 2019

@DennisClark thank you!

It's always nice to see a Version Number on a new license request, which gives one confidence that the license text is stable.

The license was both revised and vetted collaboratively, by a team of experts, and not just once. We are actively pushing for adoption of 1.0.0, as submitted.

That being said, we are very open to new conversations about design and implementation. We versioned from the get-go precisely out of respect for the value of open collaboration, and did our initial work in private only to ensure we'd offer something worthy of close consideration.

Though it's not exactly germane to the listing process, I'd beg point to remind that this being a (highly) permissive license, there's much less incremental cost to new versions.

@silverhook

This comment has been minimized.

Copy link
Collaborator

silverhook commented Mar 11, 2019

Look good to me. Is there any use of it already recorded in the wild?

I have two small concerns content-wise, but these are not in any way counter its SPDX inclusion:

In order to receive this license, you must agree to its rules.

Click-wrap, tacit agreement, concludent actions?

Each contributor licenses you […] any patent claims they can […] become able to license.

… seems extremely broad. The way this reads to me, it might even patents that I don’t own, but could buy (an appropriate license to) in the future. Does this put the onus on the contributors to actually acquire the patents as soon as they can? I can’t see how that could work (or indeed help).

@kemitchell

This comment has been minimized.

Copy link
Member Author

kemitchell commented Mar 11, 2019

@silverhook thanks for your comments. Please forgive me if I back up and ask a meta question, to make sure we respect the SPDX process and contributors' expectations.

@jlovejoy is this an appropriate place to dive into details of specific terms, along the lines of @silverhook's? Or should we constrain ourselves to questions about whether the license terms range so far afield that they take the license out of SPDX' scope?

@bradrydzewski

This comment has been minimized.

Copy link

bradrydzewski commented Mar 11, 2019

and at this point adoption is still pending in actual projects, I give it an early approval.
Is there any use of it already recorded in the wild?

I have started introducing the license in some of my smaller projects https://github.com/drone/drone-gc

@silverhook

This comment has been minimized.

Copy link
Collaborator

silverhook commented Mar 12, 2019

@kemitchell, regarding the patent clause and agreement questions, you are correct that they are a bit off-topic for the SPDX approval procedure. I withdraw those two questions and will pose them on a more suitable forum.

Regarding the wide-enough spread use of a license, it at least used to be requirement. I have to admit, I don’t recall if it is formalised anywhere.

@vazub

This comment has been minimized.

Copy link

vazub commented Mar 17, 2019

Just for adoption visibility, I've also started using the license for my own projects, the first one to be found here - https://github.com/vazub/lbxtract-red

@jlovejoy

This comment has been minimized.

Copy link
Contributor

jlovejoy commented Mar 22, 2019

I'm fine with adding this, even if it hasn't been widely adopted yet, as it seems likely to get some use and having an identifier from the get-go is helpful to that end.

Somewhat separately and slightly off topic in terms of SPDX approval (and note, this is not an inviting a need to respond, per se) I crinkle a bit at "vetted collaboratively, by a team of experts" + "did our initial work in private" in light of the more common open source license development process of open collaboration; as well as questioning the need for another permissive license.
But, as stated at the start, this is not the typical domain of SPDX in terms of review.

@swinslow

This comment has been minimized.

Copy link
Collaborator

swinslow commented Apr 4, 2019

I'd agree with adding also. I think it checks the boxes for inclusion, and appears to have evidence of uptake in the community. (Full disclosure, I've used it myself for a random small project...)

@swinslow

This comment has been minimized.

Copy link
Collaborator

swinslow commented Apr 4, 2019

Given the approvals on this issue, and no opposition in the thread, and that #829 is submitted and passing (thanks @kemitchell!) -- I am inclined to go ahead and give this the thumbs-up.

@jlovejoy, any concerns? Do you see a reason this needs to be held for discussion on the next legal team call? If not, I can go ahead and merge.

@kemitchell

This comment has been minimized.

Copy link
Member Author

kemitchell commented Apr 4, 2019

Full disclosure, I've used it myself for a random small project...

Perhaps I should mention that I have, too.

@swinslow

This comment has been minimized.

Copy link
Collaborator

swinslow commented Apr 4, 2019

(@kemitchell I'm not shocked, you did kind of co-write it) =)

@Conan-Kudo

This comment has been minimized.

Copy link

Conan-Kudo commented Apr 10, 2019

I'd really rather be more comfortable with this being OSI reviewed first. Aside from my own misgivings about the license itself (arguably, I think it's dangerously too permissive...), I would rather not see SPDX add new licenses that aren't OSI approved, especially when they have no significant users to warrant an exception.

@kemitchell

This comment has been minimized.

Copy link
Member Author

kemitchell commented Apr 10, 2019

@Conan-Kudo, @jlovejoy can speak to SPDX' criteria and history more authoritatively than I. But I will point out that SPDX has identified many licenses that OSI has not approved, including licenses that nobody expects they would, as well as licenses extending beyond even Blue Oak's permissivity, such as Fair, WTFPL, 0BSD, and MIT-0, that extend into what the Council considers dubious legal territory.

Blue Oak Council has no current plans to submit its license to OSI, though we won't object if someone else does.

@Conan-Kudo

This comment has been minimized.

Copy link

Conan-Kudo commented Apr 10, 2019

@kemitchell Just because they've done arguably bad things in the past doesn't give them license to keep doing it in the future (heh, pun!). If the Blue Oak Council has no intent to have it peer-reviewed by OSI, then that is enough for me to say that it should not be recognized by SPDX either. OSI's job is to provide a clear list of licenses that follow principles consistent with OSD, DFSG, et al, while SPDX's job is to identify those licenses in a way that can be easily checked and referenced.

@swinslow

This comment has been minimized.

Copy link
Collaborator

swinslow commented Apr 10, 2019

The SPDX legal team does not require OSI approval before adding licenses. If OSI does approve a license, it can be noted with a flag in the XML entry for the license (same for licenses determined by FSF to be free / libre; this can be seen in the right-hand columns at https://spdx.org/licenses).

The SPDX License Inclusion Principles can be found at https://spdx.org/spdx-license-list/license-list-overview (this document also provides an overview of the purpose of the SPDX license list)

@swinslow

This comment has been minimized.

Copy link
Collaborator

swinslow commented Apr 18, 2019

Discussed on 2019-04-18 Legal Team call, agreed that this should be added.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.