
Bruce Perens quits Open Source Initiative amid row over new crypto license - jrepinc
https://www.theregister.co.uk/2020/01/03/osi_cofounder_resigns/
======
bdowling
I find this line in the CAL problematic:

> You also agree that either the Licensor or a Recipient (as an intended
> third-party beneficiary) may enforce the terms and conditions of this
> License against You via _specific performance_. (emphasis added)

CAL, section 2.3.

This line about specific performance may make this “license” into a legally-
binding contract, because specific performance is a contract remedy. Usually,
if you fail to meet a license condition, you just lose your license, which
might make you liable for infringement (e.g., of copyright). Here, this line
may mean that a court could force a “licensee” to comply with the condition
instead of just paying monetary damages.

~~~
matthewheath
In UK law (I am not familiar with any other legal jurisdictions), that licence
agreement isn't a contract at all — even with that line about specific
performance included — because no consideration (something of value) has been
given by the developer intending to use the software, the licensee.

If such a licence were to be subject to the jurisdiction of UK courts, I don't
think the licensor (or the recipient as a third-party beneficiary) would win.

~~~
bdowling
Re consideration, a promise to do or forego something in the future can be
sufficient consideration to form a binding contract. In fact, most contracts
are an exchange of promises (e.g., any sales contract where goods and payment
will be delivered in the future).

Here, the CAL contains additional language indicating that the author intends
for the CAL to be not just a license, but also an enforceable contract
including the license conditions:

> In order to receive this License, You must agree to its rules. The rules of
> this License are both _obligations of Your agreement with the Licensor_ and
> conditions to your License. You must not do anything with the Work that
> triggers a rule You cannot or will not follow. (emphasis added)

CAL section 2.

~~~
matthewheath
Ah, thank you for clarifying this for me. I'm aware that promise to do or
forego something can be sufficient consideration but clearly I did not read
the CAL sufficiently to identify what the licensee was going to do or forgo.

------
carapace
FWIW...

[https://cr.yp.to/softwarelaw.html](https://cr.yp.to/softwarelaw.html)

> In the United States, once you own a copy of a program, you can back it up,
> compile it, run it, and even modify it as necessary, without permission from
> the copyright holder. See 17 USC 117.

> Once you've legally downloaded a program, you can compile it. You can run
> it. You can modify it. You can distribute your patches for other people to
> use. If you think you need a license from the copyright holder, you've been
> bamboozled by Microsoft. As long as you're not distributing the software,
> you have nothing to worry about.

~~~
bitwize
Also in the United States, you usually do not own a copy of the software you
used, you are merely licensed to use it and are subject to the terms of the
EULA. Most EULAs expressly forbid reverse-engineering, decompilation, or
modification. And yes, they are binding contracts; see _Vernor v. Autodesk_.

~~~
carapace
[https://en.wikipedia.org/wiki/Vernor_v._Autodesk,_Inc](https://en.wikipedia.org/wiki/Vernor_v._Autodesk,_Inc).

IANAL, so I won't comment.

~~~
tzs
HN’s link detection has trouble with URLs that end with a period. Here it is
with that period encoded.

[https://en.wikipedia.org/wiki/Vernor_v._Autodesk,_Inc%2E](https://en.wikipedia.org/wiki/Vernor_v._Autodesk,_Inc%2E)

------
zozbot234
Interesting stuff. I think the CAL proposal shows that one can have all sorts
of reasonable requirements around public performance of one's software, and as
long as basic use cases remain "free" and there's no discrimination by field
of endeavor (e.g. "only cloud companies" must do X, or whatever) or otherwise,
there is a case that the conditions are still FLOSS. I wonder how the FSF
would treat that license.

~~~
yarrel
The FSF would note correctly that the license is burdensome and would declare
it non-free.

This is a license that bakes in a _lot_ of assumptions about who should be
running the code and how. If you can afford to comply with them, you are
probably a corporation.

There's a trend towards two(-or more) tier proprietary software licenses that
formalize the difference between economic exploitation and consumer usage of
software but that still want the cachet of being called "Open Source".

The CAL falls very clearly under this category, for all its apparent good
intentions.

------
eesmith
I have some limited experience with Lindberg, which lead me to the tentative
conclusion that he was more interested in the legal aspects of open source
licenses than the social contract issues of open source and free software.

I also got the feeling he was using rhetorical techniques to change the topic
or blunt a inquiry, rather than as methods to resolve disagreements.

Consider the paragraph 'I don't think that's an appropriate characterization
.. You'll see a lot of people jumping onto any pretext they can find in order
to oppose it.' It starts off implying there are multiple sides to the issue,
which puts you off-guard, then characterizes the opposition in stark black-
and-white terms.

That sets up a sort of false dichotomy by leaving out those people who oppose
it for non-pretextual reasons.

------
jsjohnst
> He believes just three are necessary, AGPLv3, the LGPLv3, and Apache v2.

He being Bruce Perens.

I respectfully disagree, those licenses all have some negative component to
them which make them not applicable in all cases. MIT/BSD do not have those
same negatives (different of their own) and definitely are needed as well
imho. Not saying those three aren’t important, just they shouldn’t be the only
three.

Edit: clarified MIT / BSD are not without their own issues, just not the same
as the other three.

~~~
kibwen
> MIT/BSD do not

MIT/BSD do have some legal drawbacks for certain use cases; see the Boost
license as an example of a reaction to perceived negatives of MIT/BSD. In
particular Boost does not require a copy of the license to be distributed with
a binary. Have you ever shipped a binary containing MIT-licensed code, but
didn't also explicitly ship a copy of the MIT license along with it? If so,
you're technically in violation of the license.

~~~
utopian3
> MIT/BSD do have some legal drawbacks for certain use cases

Sure I think the OP you're replying to isn't implying that MIT/BSD is
insufficient. He/she is saying that the three "AGPLv3, the LGPLv3, and Apache
v2" are insufficient but these five "AGPLv3 + LGPLv3 + Apache2 + MIT + BSD"
would be more sufficient.

~~~
jsjohnst
> but these five "AGPLv3 + LGPLv3 + Apache2 + MIT + BSD" would be more
> sufficient

Correct, I’m saying you need at least all five for something like sufficiency.

The three Bruce points out aren’t enough imho.

------
h2odragon
> "[The debate] has proven contentious enough to prompt OSI co-founder Bruce
> Perens to resign from the organization, for a second time,"

I also recall when he proudly announced he'd GPL'd a copy of the Public Domain
TIGER data files.

~~~
kick
That's good, actually. The public domain doesn't apply everywhere, so a U.S.
citizen licensing a public domain piece under a free software license allows
people in countries with different approaches to the public domain to use it.

~~~
h2odragon
Yes, and Mr Perens is making a valid point here too. In such a way as to be
regrettably easy to dismiss. I watched him instruct Linus Torvalds in how "the
kernel project should be run" in 1998; he wasn't wrong but I'm sure I wasn't
the only one who wanted to smack him rather than hear him out.

I say this in deepest sympathy for the man, I'm similarly non-charming but
much much more repellent.

~~~
lallysingh
He's an anchor holding open source firmly attached to the ground, not letting
immediate passions (in this case, crypto) get us lost.

------
jnwatson
Does anyone care what the opinion of OSI is anymore? If you care enough about
whether an agreement is "open source", you probably care enough to read the
agreement itself and make your own opinion.

~~~
skybrian
I care that "open source" doesn't become a watered-down, meaningless term like
"open" or "agile". Having a well-defined and well-understood meaning is
valuable.

~~~
chrisseaton
They should have picked a term that they could trademark if they wanted to do
this! Rather than reusing an existing term and having to try to persuade
people to use your definition.

~~~
skybrian
This usage is over 20 years old and was uncontroversial for most of that time.
I'm not sure there are many people around who even remember previous usage.

It seems like the problem these days is new people learning it from context
and not knowing there is an official definition that was settled a long time
ago.

~~~
chrisseaton
In what sense is it ‘official’? The trademark office think the term is generic
and didn’t allow the OSI to make any claim on it.

~~~
skybrian
In the sense that there is a standards organization that published a standard
definition. There isn't any legal basis for it, but we should support them.

~~~
chrisseaton
I think official means endorsed by some authority. There’s no authority here
at all - just some private people making up a definition and attaching it to
an existing term.

~~~
dec0dedab0de
authority does not necessarily mean with the threat of violence. It could mean
influence. The OSI are an authority as demonstrated by every major tech
company using their definition of opensource.

