CC0 has been listed by Fedora as a 'good' license for code and content (corresponding to allowed and allowed-content under the new system). We plan to classify CC0 as allowed-content only, so that CC0 would no longer be allowed for code. This is a fairly unusual change and may have an impact on a nontrivial number of Fedora packages (that is not clear to me right now), and we may grant a carveout for existing packages that include CC0-covered code. While we are moving towards a process in which license approvals are going to be done primarily through the Fedora license data repository on gitlab.com, I wanted to note this on the mailing list because of the significance of the change.
The reason for the change: Over a long period of time a consensus has been building in FOSS that licenses that preclude any form of patent licensing or patent forbearance cannot be considered FOSS. CC0 has a clause that says: "No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document." (The trademark side of that clause is nonproblematic from a FOSS licensing norms standpoint.) The regular Creative Commons licenses have similar clauses.
A few months ago we approved ODbL as a content license; this license contained its own "no patent license" clause. Up till this time, the official informal policy of Fedora has been that 'content' licenses must meet the standards for 'code' licenses except that they can prohibit modification. The new Fedora legal documentation on the license approval categories will note that allowed-content licenses can also have a no-patent-license clause. In a FOSS development and distribution context, the absence of patent licensing for non-software material is of significantly less concern than the software case.
Feel free to ask any questions or make any comments about this!
Richard
On 23. 07. 22 3:36, Richard Fontana wrote:
Feel free to ask any questions or make any comments about this!
Hey Richard,
if I maintain a small piece of software upstream that was licensed as CC0, what are Fedora's recommendation for an alternative? 0BSD?
Thanks,
On Sat, Jul 23, 2022 at 4:04 PM Miro Hrončok mhroncok@redhat.com wrote:
On 23. 07. 22 3:36, Richard Fontana wrote:
Feel free to ask any questions or make any comments about this!
Hey Richard,
if I maintain a small piece of software upstream that was licensed as CC0, what are Fedora's recommendation for an alternative? 0BSD?
I don't know if Fedora has an opinion on this but in a Red Hat context, years ago I used to recommend CC0 for certain kinds of things. These days in similar situations (Involving code, at least) I have typically been recommending MIT No Attribution (SPDX: MIT-0) https://opensource.org/licenses/MIT-0
As the name suggests, it's the MIT license but with the notice preservation requirement removed. Very similar conceptually to Zero-Clause BSD (SPDX: 0BSD), which I would be less inclined to recommend primarily because I don't like the name, since it's actually based on the ISC license. :-)
Richard
On 23. 07. 22 22:24, Richard Fontana wrote:
On Sat, Jul 23, 2022 at 4:04 PM Miro Hrončok mhroncok@redhat.com wrote:
On 23. 07. 22 3:36, Richard Fontana wrote:
Feel free to ask any questions or make any comments about this!
Hey Richard,
if I maintain a small piece of software upstream that was licensed as CC0, what are Fedora's recommendation for an alternative? 0BSD?
I don't know if Fedora has an opinion on this but in a Red Hat context, years ago I used to recommend CC0 for certain kinds of things. These days in similar situations (Involving code, at least) I have typically been recommending MIT No Attribution (SPDX: MIT-0) https://opensource.org/licenses/MIT-0
As the name suggests, it's the MIT license but with the notice preservation requirement removed. Very similar conceptually to Zero-Clause BSD (SPDX: 0BSD), which I would be less inclined to recommend primarily because I don't like the name, since it's actually based on the ISC license. :-)
Thanks.
CC0 has been listed by Fedora as a 'good' license for code and content (corresponding to allowed and allowed-content under the new system). We plan to classify CC0 as allowed-content only, so that CC0 would no longer be allowed for code. This is a fairly unusual change and may have an impact on a nontrivial number of Fedora packages (that is not clear to me right now), and we may grant a carveout for existing packages that include CC0-covered code. While we are moving towards a process in which license approvals are going to be done primarily through the Fedora license data repository on gitlab.com, I wanted to note this on the mailing list because of the significance of the change.
Hi!
I was made aware of this change just today.
Given that this is a "significant" change, would it be possible to announce this more widely / publicly than the rather obscure "legal" mailing list?
We already have a not insignificant number of packages in Fedora that are licensed CC0. For example, it's not really a "popular" license for Rust projects, but we have 22 of them that are licensed CC0:
https://sourcegraph.com/search?q=context:global+r:src.fedoraproject.org+file...
Should we attempt to inform upstream projects that their code is, going forward, not going to be considered "FOSS" unless they relicense? What will happen if a project that we have in Fedora today grows a dependency on something that's still CC0-licensed? Will that block us from updating that software until the affected project is re-licensed? Who will convince projects that this is necessary? Where is publicly visible announcement that they could be pointed to? (And no, a mailing list post doesn't count.)
As it is, I consider this change a serious roadblock for getting up-to-date software (including security fixes) to users.
Fabio
On Fri, Aug 5, 2022 at 6:02 PM Fabio Valentini decathorpe@gmail.com wrote:
CC0 has been listed by Fedora as a 'good' license for code and content (corresponding to allowed and allowed-content under the new system). We plan to classify CC0 as allowed-content only, so that CC0 would no longer be allowed for code. This is a fairly unusual change and may have an impact on a nontrivial number of Fedora packages (that is not clear to me right now), and we may grant a carveout for existing packages that include CC0-covered code. While we are moving towards a process in which license approvals are going to be done primarily through the Fedora license data repository on gitlab.com, I wanted to note this on the mailing list because of the significance of the change.
Hi!
I was made aware of this change just today.
Given that this is a "significant" change, would it be possible to announce this more widely / publicly than the rather obscure "legal" mailing list?
I've now re-posted to the devel list (though reading further I guess you were suggesting something more widely viewable than that). The story was actually picked up by the tech press, rather to my surprise so I'm not sure how to give it more publicity at this point :)
We already have a not insignificant number of packages in Fedora that are licensed CC0. For example, it's not really a "popular" license for Rust projects, but we have 22 of them that are licensed CC0:
https://sourcegraph.com/search?q=context:global+r:src.fedoraproject.org+file...
Should we attempt to inform upstream projects that their code is, going forward, not going to be considered "FOSS" unless they relicense?
What will happen if a project that we have in Fedora today grows a dependency on something that's still CC0-licensed? Will that block us from updating that software until the affected project is re-licensed? Who will convince projects that this is necessary? Where is publicly visible announcement that they could be pointed to? (And no, a mailing list post doesn't count.)
The intent is for this change not to cause significant hardship or disruption for Fedora contributors and users. We will probably need to grant some time-based or case-specific exceptions. I think though that we should avoid allowing any new packages with CC0-covered code.
Richard
As it is, I consider this change a serious roadblock for getting up-to-date software (including security fixes) to users.
On Sat, Aug 6, 2022 at 12:23 AM Richard Fontana rfontana@redhat.com wrote:
The intent is for this change not to cause significant hardship or disruption for Fedora contributors and users. We will probably need to grant some time-based or case-specific exceptions. I think though that we should avoid allowing any new packages with CC0-covered code.
I suspect (although we will not actually know for some time) that upstreams that used CC0 will be willing to (at least) consider a change of license once the concerns in the greater FOSS community are communicated to them.
Realistically, we may also want to continue to allow CC0 covered code for a short period of time for new packages that are just getting into Fedora until some percolating has happened in those upstream communities (with the requirement that the packager inform the upstream about the need for a license change moving forward, and the removal after some period of time?). The question, therefore, is time-frame for no more new pacakges (F38?) and when existing packages (without an approved exception) must be removed (F41?). Those are, of course, totally made up targets, but we need some straw dates to see what the push-back will be in the real world.