On Fri, Mar 18, 2022 at 9:44 PM Pamela Chestek <pchestek(a)gmail.com> wrote:
Isn't there a much bigger problem, namely "to any person obtaining a copy of
this Software to deal in the Software under the copyrights without restriction ..."
For comparison, the MIT language is: "to any person obtaining a copy of this
software and associated documentation files (the "Software"), to deal in the
Software without restriction, including without limitation ..."
They've added "under the copyrights." I assume the intent was to carve out
the trademarks from the grant, but they've also, I would say, carved out patents. I
would argue that because the license is specifically for copyrights only one can't
imply a license for patents.
Interesting, I had overlooked that but this seems significant. As far
as I can tell from searching, the Overflow license (the license used
here) is the first case of a license that adds "under the copyrights"
to that MIT license language. Though this is speculation, given the
origins of these projects and what I understand to be the approximate
date of launching of the Overflow project it all feels a bit like some
lawyer in the Stanford tech transfer office was trying to "pull a fast
one", as it were. If the Overflow project (or this license) is
actually much older than I am assuming, that would be useful to know
though.
Richard
As to the trademark question, IMHO I tend to agree with Richard that
the license prohibits lawful nominative/referential fair use. The BSD license says
"endorse," which does allow for lawful use (a proper nominative fair use would
not suggest endorsement). "Promote" is a closer call; if I say "LibreOffice
is a fork of OpenOffice" at a time when OpenOffice is more well-known, that might be
considered using "OpenOffice" in a promotional way. But since it travels with
"endorse," there is an argument that they didn't mean to prohibit a lawful
referential use. I don't think that can be said for the Mininet license. I think the
intentions may have been good with the Mininet license, but done in a way that probably
crosses the line.
Pam
On Fri, Mar 18, 2022 at 4:37 PM Richard Fontana <rfontana(a)redhat.com> wrote:
>
> On Fri, Mar 18, 2022 at 4:00 PM Iñaki Ucar <iucar(a)fedoraproject.org> wrote:
> >
> > On Fri, 18 Mar 2022 at 19:50, Richard Fontana <rfontana(a)redhat.com>
wrote:
> > >
> > > On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar <iucar(a)fedoraproject.org>
wrote:
> > > >
> > > > On Fri, 18 Mar 2022 at 17:12, Richard Fontana
<rfontana(a)redhat.com> wrote:
> > > > >
> > > > > On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy
<jlovejoy(a)redhat.com> wrote:
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > This license is closest to MIT, but adds a custom lead-in
(groan) at the beginning and a trademark restriction at the end. The authors should not
refer to is as "BSD", nor "OSI-Approved" as that is a false statement.
They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
> > > > > >
> > > > > > As for being acceptable for Fedora - I'd be curious to
hear Richard's thoughts on the trademark restriction.
> > > > >
> > > > > So the clause in question is this:
> > > > >
> > > > > "The name and trademarks of copyright holder(s) may NOT be
used in
> > > > > advertising or publicity pertaining to the Software or any
derivatives
> > > > > without specific, written prior permission."
> > > > >
> > > > > The license seems to have first appeared in a related project
coming
> > > > > out of Stanford, Openflow. The quoted language seems to me to be
more
> > > > > restrictive (and also ambiguous) than counterpart language in
well
> > > > > known FOSS licenses (e.g. clause 3 of the 3-clause BSD license
[SPDX:
> > > > > BSD-3-Clause]).
> > > > >
> > > > > My initial reaction is that this license is not FOSS and thus is
not
> > > > > ok for Fedora.
> > > >
> > > > But, we have several MIT variants listed with a similar clause about
> > > > "advertising and publicity":
> > > >
https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT
> > >
> > > The one here seems closest to what Fedora calls the "NTP variant"
and
> > > which is an OSI-approved license under the name NTP license:
> > >
https://opensource.org/licenses/NTP (SPDX: NTP).
> > >
> > > The difference is that the mininet license says:
> > >
> > > "The name and trademarks of copyright holder(s) may NOT be used in
> > > advertising or publicity pertaining to the Software or any derivatives
> > > without specific, written prior permission."
> > >
> > > while the NTP counterpart says:
> > >
> > > "and that the name (TrademarkedName) not be used in advertising or
> > > publicity pertaining to distribution of the software without specific,
> > > written prior permission."
> > >
> > > (where '(TrademarkedName)' is a placeholder). I think
> > > "TrademarkedName" may be a questionable choice of placeholder
name.
> > >
> > > Anyway, one question is whether the differences between the NTP
> > > license clause and the corresponding Mininet license clause are
> > > significant. One obvious difference is that the "names" you
can't use
> > > in the Mininet case are left unspecified.
> >
> > Unspecified? It's the name of the copyright holders.
>
> The trademarks are unspecified, but maybe that's not a significant problem.
>
> The way the NTP license is used in practice is that the specific
> "name" you're not allowed to use is specified in the license notice
> (University of Delaware in the oldest strata of NTP it seems).
>
> > Similarly, the
> > 3-Clause BSD License says:
> >
> > "3. Neither the name of the copyright holder nor the names of its
> > contributors may be used to endorse or promote products derived from
> > this software without specific prior written permission."
>
> Yes but I think "use[] to endorse or to promote" is a little more
> specific than "use[] in advertising or publicity".
>
> > I'll open an issue in their repo to propose switching to a standard
> > text, but if there's a negative answer, would this be a blocker?
>
> I don't know. I think it's a difficult case and requires further
> thought/discussion. I've only thought about this for a couple of hours
> :-)
>
> I feel that the inclusion of "trademarks" here is what is most
> distinctive. Assuming Mininet itself is a trademark of the copyright
> holders, why shouldn't I be able to say truthfully in some publicity
> statement that my fork of Mininet is based on Mininet (without
> notionally breaching the license)? This is different from licenses
> that require me to rename my fork to something else. It's also
> somewhat different from how the NTP license says I can't use the name
> "University of Delaware" when advertising my distribution of NTP or a
> derivative of NTP.
>
> I'd be somewhat curious to find out why Openflow decided to use this
> license, where they got it from, and how long they were using it.
>
> >
> > Iñaki
> >
> > > Another issue is that Fedora has had a pragmatic approach to approving
> > > old (typically minimalist permissive) licenses that takes into account
> > > the age of the license and the software it's historically associated
> > > with. I don't think this has been documented and I think it's
> > > something we ought to include in the material on standards for Fedora
> > > license approval Jilayne and I have been working on. Red Hat has taken
> > > the same approach in its review of RHEL package licenses identified
> > > through scanning tools. Basically, we are more forgiving with
> > > relatively old licenses. We apply higher standards for newer licenses
> > > associated with more recent projects, with the dividing line being
> > > roughly late 1990s/early 2000s (when the concept of FOSS license
> > > standardization began to take root). Some old licenses of this sort
> > > still end up being unapproved for Fedora, most famously SunRPC.
> > >
> > > The NTP license seems to be *really* old, apparently originating with
> > > the University of Delaware in the early 1990s if not earlier. The
> > > Mininet/Openflow license as far as I can tell from the quickest
> > > research doesn't seem to go back further than ~2012, which is
"recent"
> > > for purposes of the standard I'm talking about. If anyone has further
> > > information on these points it would be helpful. Maybe the Openflow
> > > license was actually copied from some much older source -- it
> > > certainly looks like it.
> > >
> > > Richard
> > >
> > > >
> > > > Iñaki
> > > >
> > > > > Also a pretty good example of how upstream license metadata is
untrustworthy.
> > > > >
> > > > > Richard
> > > > >
> > > > > >
> > > > > > Thanks,
> > > > > > Jilayne
> > > > > >
> > > > > > On 3/18/22 9:21 AM, Iñaki Ucar wrote:
> > > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Is this license [1] acceptable for Fedora and what would be
the
> > > > > > appropriate identifier for the License field? It seems to me
some sort
> > > > > > of BSD, and in fact the authors themselves identify it as
such in the
> > > > > > setup.py file [2], but I'd like to be sure.
> > > > > >
> > > > > > [1]
https://github.com/mininet/mininet/blob/master/LICENSE
> > > > > > [2]
https://github.com/mininet/mininet/blob/master/setup.py
> > > > >
> > > >
> > > >
> > > > --
> > > > Iñaki Úcar
> > > >
> > >
> >
> >
> > --
> > Iñaki Úcar
> >
>
>
> --
> _______________________________________________
> legal mailing list -- legal(a)lists.fedoraproject.org
> To unsubscribe send an email to legal-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure