Hi,
Is this license [1] acceptable for Fedora and what would be the appropriate identifier for the License field? It seems to me some sort of BSD, and in fact the authors themselves identify it as such in the setup.py file [2], but I'd like to be sure.
[1] https://github.com/mininet/mininet/blob/master/LICENSE [2] https://github.com/mininet/mininet/blob/master/setup.py
Hi,
This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction.
Thanks, Jilayne
On 3/18/22 9:21 AM, Iñaki Ucar wrote:
Hi,
Is this license [1] acceptable for Fedora and what would be the appropriate identifier for the License field? It seems to me some sort of BSD, and in fact the authors themselves identify it as such in the setup.py file [2], but I'd like to be sure.
[1]https://github.com/mininet/mininet/blob/master/LICENSE [2]https://github.com/mininet/mininet/blob/master/setup.py
On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi,
This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction.
So the clause in question is this:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
The license seems to have first appeared in a related project coming out of Stanford, Openflow. The quoted language seems to me to be more restrictive (and also ambiguous) than counterpart language in well known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: BSD-3-Clause]).
My initial reaction is that this license is not FOSS and thus is not ok for Fedora.
Also a pretty good example of how upstream license metadata is untrustworthy.
Richard
Thanks, Jilayne
On 3/18/22 9:21 AM, Iñaki Ucar wrote:
Hi,
Is this license [1] acceptable for Fedora and what would be the appropriate identifier for the License field? It seems to me some sort of BSD, and in fact the authors themselves identify it as such in the setup.py file [2], but I'd like to be sure.
[1] https://github.com/mininet/mininet/blob/master/LICENSE [2] https://github.com/mininet/mininet/blob/master/setup.py
On Fri, 18 Mar 2022 at 17:12, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi,
This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction.
So the clause in question is this:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
The license seems to have first appeared in a related project coming out of Stanford, Openflow. The quoted language seems to me to be more restrictive (and also ambiguous) than counterpart language in well known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: BSD-3-Clause]).
My initial reaction is that this license is not FOSS and thus is not ok for Fedora.
But, we have several MIT variants listed with a similar clause about "advertising and publicity": https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT
Iñaki
Also a pretty good example of how upstream license metadata is untrustworthy.
Richard
Thanks, Jilayne
On 3/18/22 9:21 AM, Iñaki Ucar wrote:
Hi,
Is this license [1] acceptable for Fedora and what would be the appropriate identifier for the License field? It seems to me some sort of BSD, and in fact the authors themselves identify it as such in the setup.py file [2], but I'd like to be sure.
[1] https://github.com/mininet/mininet/blob/master/LICENSE [2] https://github.com/mininet/mininet/blob/master/setup.py
On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 17:12, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi,
This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction.
So the clause in question is this:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
The license seems to have first appeared in a related project coming out of Stanford, Openflow. The quoted language seems to me to be more restrictive (and also ambiguous) than counterpart language in well known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: BSD-3-Clause]).
My initial reaction is that this license is not FOSS and thus is not ok for Fedora.
But, we have several MIT variants listed with a similar clause about "advertising and publicity": https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT
The one here seems closest to what Fedora calls the "NTP variant" and which is an OSI-approved license under the name NTP license: https://opensource.org/licenses/NTP (SPDX: NTP).
The difference is that the mininet license says:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
(where '(TrademarkedName)' is a placeholder). I think "TrademarkedName" may be a questionable choice of placeholder name.
Anyway, one question is whether the differences between the NTP license clause and the corresponding Mininet license clause are significant. One obvious difference is that the "names" you can't use in the Mininet case are left unspecified.
Another issue is that Fedora has had a pragmatic approach to approving old (typically minimalist permissive) licenses that takes into account the age of the license and the software it's historically associated with. I don't think this has been documented and I think it's something we ought to include in the material on standards for Fedora license approval Jilayne and I have been working on. Red Hat has taken the same approach in its review of RHEL package licenses identified through scanning tools. Basically, we are more forgiving with relatively old licenses. We apply higher standards for newer licenses associated with more recent projects, with the dividing line being roughly late 1990s/early 2000s (when the concept of FOSS license standardization began to take root). Some old licenses of this sort still end up being unapproved for Fedora, most famously SunRPC.
The NTP license seems to be *really* old, apparently originating with the University of Delaware in the early 1990s if not earlier. The Mininet/Openflow license as far as I can tell from the quickest research doesn't seem to go back further than ~2012, which is "recent" for purposes of the standard I'm talking about. If anyone has further information on these points it would be helpful. Maybe the Openflow license was actually copied from some much older source -- it certainly looks like it.
Richard
Iñaki
Also a pretty good example of how upstream license metadata is untrustworthy.
Richard
Thanks, Jilayne
On 3/18/22 9:21 AM, Iñaki Ucar wrote:
Hi,
Is this license [1] acceptable for Fedora and what would be the appropriate identifier for the License field? It seems to me some sort of BSD, and in fact the authors themselves identify it as such in the setup.py file [2], but I'd like to be sure.
[1] https://github.com/mininet/mininet/blob/master/LICENSE [2] https://github.com/mininet/mininet/blob/master/setup.py
-- Iñaki Úcar
On Fri, 18 Mar 2022 at 19:50, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 17:12, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi,
This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction.
So the clause in question is this:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
The license seems to have first appeared in a related project coming out of Stanford, Openflow. The quoted language seems to me to be more restrictive (and also ambiguous) than counterpart language in well known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: BSD-3-Clause]).
My initial reaction is that this license is not FOSS and thus is not ok for Fedora.
But, we have several MIT variants listed with a similar clause about "advertising and publicity": https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT
The one here seems closest to what Fedora calls the "NTP variant" and which is an OSI-approved license under the name NTP license: https://opensource.org/licenses/NTP (SPDX: NTP).
The difference is that the mininet license says:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
(where '(TrademarkedName)' is a placeholder). I think "TrademarkedName" may be a questionable choice of placeholder name.
Anyway, one question is whether the differences between the NTP license clause and the corresponding Mininet license clause are significant. One obvious difference is that the "names" you can't use in the Mininet case are left unspecified.
Unspecified? It's the name of the copyright holders. Similarly, the 3-Clause BSD License says:
"3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission."
which is quite similar. I think this is the reason they identify the license as BSD, I think they are talking about the 3-Clause BSD, where
"The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software."
would account for clauses 1 and 2, I guess?
I'll open an issue in their repo to propose switching to a standard text, but if there's a negative answer, would this be a blocker?
Iñaki
Another issue is that Fedora has had a pragmatic approach to approving old (typically minimalist permissive) licenses that takes into account the age of the license and the software it's historically associated with. I don't think this has been documented and I think it's something we ought to include in the material on standards for Fedora license approval Jilayne and I have been working on. Red Hat has taken the same approach in its review of RHEL package licenses identified through scanning tools. Basically, we are more forgiving with relatively old licenses. We apply higher standards for newer licenses associated with more recent projects, with the dividing line being roughly late 1990s/early 2000s (when the concept of FOSS license standardization began to take root). Some old licenses of this sort still end up being unapproved for Fedora, most famously SunRPC.
The NTP license seems to be *really* old, apparently originating with the University of Delaware in the early 1990s if not earlier. The Mininet/Openflow license as far as I can tell from the quickest research doesn't seem to go back further than ~2012, which is "recent" for purposes of the standard I'm talking about. If anyone has further information on these points it would be helpful. Maybe the Openflow license was actually copied from some much older source -- it certainly looks like it.
Richard
Iñaki
Also a pretty good example of how upstream license metadata is untrustworthy.
Richard
Thanks, Jilayne
On 3/18/22 9:21 AM, Iñaki Ucar wrote:
Hi,
Is this license [1] acceptable for Fedora and what would be the appropriate identifier for the License field? It seems to me some sort of BSD, and in fact the authors themselves identify it as such in the setup.py file [2], but I'd like to be sure.
[1] https://github.com/mininet/mininet/blob/master/LICENSE [2] https://github.com/mininet/mininet/blob/master/setup.py
-- Iñaki Úcar
On Fri, Mar 18, 2022 at 4:00 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 19:50, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 17:12, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy jlovejoy@redhat.com wrote:
Hi,
This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction.
So the clause in question is this:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
The license seems to have first appeared in a related project coming out of Stanford, Openflow. The quoted language seems to me to be more restrictive (and also ambiguous) than counterpart language in well known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: BSD-3-Clause]).
My initial reaction is that this license is not FOSS and thus is not ok for Fedora.
But, we have several MIT variants listed with a similar clause about "advertising and publicity": https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT
The one here seems closest to what Fedora calls the "NTP variant" and which is an OSI-approved license under the name NTP license: https://opensource.org/licenses/NTP (SPDX: NTP).
The difference is that the mininet license says:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
(where '(TrademarkedName)' is a placeholder). I think "TrademarkedName" may be a questionable choice of placeholder name.
Anyway, one question is whether the differences between the NTP license clause and the corresponding Mininet license clause are significant. One obvious difference is that the "names" you can't use in the Mininet case are left unspecified.
Unspecified? It's the name of the copyright holders.
The trademarks are unspecified, but maybe that's not a significant problem.
The way the NTP license is used in practice is that the specific "name" you're not allowed to use is specified in the license notice (University of Delaware in the oldest strata of NTP it seems).
Similarly, the 3-Clause BSD License says:
"3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission."
Yes but I think "use[] to endorse or to promote" is a little more specific than "use[] in advertising or publicity".
I'll open an issue in their repo to propose switching to a standard text, but if there's a negative answer, would this be a blocker?
I don't know. I think it's a difficult case and requires further thought/discussion. I've only thought about this for a couple of hours :-)
I feel that the inclusion of "trademarks" here is what is most distinctive. Assuming Mininet itself is a trademark of the copyright holders, why shouldn't I be able to say truthfully in some publicity statement that my fork of Mininet is based on Mininet (without notionally breaching the license)? This is different from licenses that require me to rename my fork to something else. It's also somewhat different from how the NTP license says I can't use the name "University of Delaware" when advertising my distribution of NTP or a derivative of NTP.
I'd be somewhat curious to find out why Openflow decided to use this license, where they got it from, and how long they were using it.
Iñaki
Another issue is that Fedora has had a pragmatic approach to approving old (typically minimalist permissive) licenses that takes into account the age of the license and the software it's historically associated with. I don't think this has been documented and I think it's something we ought to include in the material on standards for Fedora license approval Jilayne and I have been working on. Red Hat has taken the same approach in its review of RHEL package licenses identified through scanning tools. Basically, we are more forgiving with relatively old licenses. We apply higher standards for newer licenses associated with more recent projects, with the dividing line being roughly late 1990s/early 2000s (when the concept of FOSS license standardization began to take root). Some old licenses of this sort still end up being unapproved for Fedora, most famously SunRPC.
The NTP license seems to be *really* old, apparently originating with the University of Delaware in the early 1990s if not earlier. The Mininet/Openflow license as far as I can tell from the quickest research doesn't seem to go back further than ~2012, which is "recent" for purposes of the standard I'm talking about. If anyone has further information on these points it would be helpful. Maybe the Openflow license was actually copied from some much older source -- it certainly looks like it.
Richard
Iñaki
Also a pretty good example of how upstream license metadata is untrustworthy.
Richard
Thanks, Jilayne
On 3/18/22 9:21 AM, Iñaki Ucar wrote:
Hi,
Is this license [1] acceptable for Fedora and what would be the appropriate identifier for the License field? It seems to me some sort of BSD, and in fact the authors themselves identify it as such in the setup.py file [2], but I'd like to be sure.
[1] https://github.com/mininet/mininet/blob/master/LICENSE [2] https://github.com/mininet/mininet/blob/master/setup.py
-- Iñaki Úcar
-- Iñaki Úcar
--
Isn't there a much bigger problem, namely "to any person obtaining a copy of this Software to deal in the Software* under the copyrights *without restriction ..."
For comparison, the MIT language is: "to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation ..."
They've added "under the copyrights." I assume the intent was to carve out the trademarks from the grant, but they've also, I would say, carved out patents. I would argue that because the license is specifically for copyrights only one can't imply a license for patents.
As to the trademark question, IMHO I tend to agree with Richard that the license prohibits lawful nominative/referential fair use. The BSD license says "endorse," which does allow for lawful use (a proper nominative fair use would not suggest endorsement). "Promote" is a closer call; if I say "LibreOffice is a fork of OpenOffice" at a time when OpenOffice is more well-known, that might be considered using "OpenOffice" in a promotional way. But since it travels with "endorse," there is an argument that they didn't mean to prohibit a lawful referential use. I don't think that can be said for the Mininet license. I think the intentions may have been good with the Mininet license, but done in a way that probably crosses the line.
Pam
On Fri, Mar 18, 2022 at 4:37 PM Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 4:00 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 19:50, Richard Fontana rfontana@redhat.com
wrote:
On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar iucar@fedoraproject.org
wrote:
On Fri, 18 Mar 2022 at 17:12, Richard Fontana rfontana@redhat.com
wrote:
On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy <
jlovejoy@redhat.com> wrote:
Hi,
This license is closest to MIT, but adds a custom lead-in
(groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!)
As for being acceptable for Fedora - I'd be curious to hear
Richard's thoughts on the trademark restriction.
So the clause in question is this:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any
derivatives
without specific, written prior permission."
The license seems to have first appeared in a related project
coming
out of Stanford, Openflow. The quoted language seems to me to be
more
restrictive (and also ambiguous) than counterpart language in well known FOSS licenses (e.g. clause 3 of the 3-clause BSD license
[SPDX:
BSD-3-Clause]).
My initial reaction is that this license is not FOSS and thus is
not
ok for Fedora.
But, we have several MIT variants listed with a similar clause about "advertising and publicity": https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT
The one here seems closest to what Fedora calls the "NTP variant" and which is an OSI-approved license under the name NTP license: https://opensource.org/licenses/NTP (SPDX: NTP).
The difference is that the mininet license says:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
(where '(TrademarkedName)' is a placeholder). I think "TrademarkedName" may be a questionable choice of placeholder name.
Anyway, one question is whether the differences between the NTP license clause and the corresponding Mininet license clause are significant. One obvious difference is that the "names" you can't use in the Mininet case are left unspecified.
Unspecified? It's the name of the copyright holders.
The trademarks are unspecified, but maybe that's not a significant problem.
The way the NTP license is used in practice is that the specific "name" you're not allowed to use is specified in the license notice (University of Delaware in the oldest strata of NTP it seems).
Similarly, the 3-Clause BSD License says:
"3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission."
Yes but I think "use[] to endorse or to promote" is a little more specific than "use[] in advertising or publicity".
I'll open an issue in their repo to propose switching to a standard text, but if there's a negative answer, would this be a blocker?
I don't know. I think it's a difficult case and requires further thought/discussion. I've only thought about this for a couple of hours :-)
I feel that the inclusion of "trademarks" here is what is most distinctive. Assuming Mininet itself is a trademark of the copyright holders, why shouldn't I be able to say truthfully in some publicity statement that my fork of Mininet is based on Mininet (without notionally breaching the license)? This is different from licenses that require me to rename my fork to something else. It's also somewhat different from how the NTP license says I can't use the name "University of Delaware" when advertising my distribution of NTP or a derivative of NTP.
I'd be somewhat curious to find out why Openflow decided to use this license, where they got it from, and how long they were using it.
Iñaki
Another issue is that Fedora has had a pragmatic approach to approving old (typically minimalist permissive) licenses that takes into account the age of the license and the software it's historically associated with. I don't think this has been documented and I think it's something we ought to include in the material on standards for Fedora license approval Jilayne and I have been working on. Red Hat has taken the same approach in its review of RHEL package licenses identified through scanning tools. Basically, we are more forgiving with relatively old licenses. We apply higher standards for newer licenses associated with more recent projects, with the dividing line being roughly late 1990s/early 2000s (when the concept of FOSS license standardization began to take root). Some old licenses of this sort still end up being unapproved for Fedora, most famously SunRPC.
The NTP license seems to be *really* old, apparently originating with the University of Delaware in the early 1990s if not earlier. The Mininet/Openflow license as far as I can tell from the quickest research doesn't seem to go back further than ~2012, which is "recent" for purposes of the standard I'm talking about. If anyone has further information on these points it would be helpful. Maybe the Openflow license was actually copied from some much older source -- it certainly looks like it.
Richard
Iñaki
Also a pretty good example of how upstream license metadata is
untrustworthy.
Richard
Thanks, Jilayne
On 3/18/22 9:21 AM, Iñaki Ucar wrote:
Hi,
Is this license [1] acceptable for Fedora and what would be the appropriate identifier for the License field? It seems to me
some sort
of BSD, and in fact the authors themselves identify it as such
in the
setup.py file [2], but I'd like to be sure.
[1] https://github.com/mininet/mininet/blob/master/LICENSE [2] https://github.com/mininet/mininet/blob/master/setup.py
-- Iñaki Úcar
-- Iñaki Úcar
-- _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On Fri, Mar 18, 2022 at 9:44 PM Pamela Chestek pchestek@gmail.com wrote:
Isn't there a much bigger problem, namely "to any person obtaining a copy of this Software to deal in the Software under the copyrights without restriction ..."
For comparison, the MIT language is: "to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation ..."
They've added "under the copyrights." I assume the intent was to carve out the trademarks from the grant, but they've also, I would say, carved out patents. I would argue that because the license is specifically for copyrights only one can't imply a license for patents.
Interesting, I had overlooked that but this seems significant. As far as I can tell from searching, the Overflow license (the license used here) is the first case of a license that adds "under the copyrights" to that MIT license language. Though this is speculation, given the origins of these projects and what I understand to be the approximate date of launching of the Overflow project it all feels a bit like some lawyer in the Stanford tech transfer office was trying to "pull a fast one", as it were. If the Overflow project (or this license) is actually much older than I am assuming, that would be useful to know though.
Richard
As to the trademark question, IMHO I tend to agree with Richard that the license prohibits lawful nominative/referential fair use. The BSD license says "endorse," which does allow for lawful use (a proper nominative fair use would not suggest endorsement). "Promote" is a closer call; if I say "LibreOffice is a fork of OpenOffice" at a time when OpenOffice is more well-known, that might be considered using "OpenOffice" in a promotional way. But since it travels with "endorse," there is an argument that they didn't mean to prohibit a lawful referential use. I don't think that can be said for the Mininet license. I think the intentions may have been good with the Mininet license, but done in a way that probably crosses the line.
Pam
On Fri, Mar 18, 2022 at 4:37 PM Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 4:00 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 19:50, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 17:12, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy jlovejoy@redhat.com wrote: > > Hi, > > This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!) > > As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction.
So the clause in question is this:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
The license seems to have first appeared in a related project coming out of Stanford, Openflow. The quoted language seems to me to be more restrictive (and also ambiguous) than counterpart language in well known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: BSD-3-Clause]).
My initial reaction is that this license is not FOSS and thus is not ok for Fedora.
But, we have several MIT variants listed with a similar clause about "advertising and publicity": https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT
The one here seems closest to what Fedora calls the "NTP variant" and which is an OSI-approved license under the name NTP license: https://opensource.org/licenses/NTP (SPDX: NTP).
The difference is that the mininet license says:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
(where '(TrademarkedName)' is a placeholder). I think "TrademarkedName" may be a questionable choice of placeholder name.
Anyway, one question is whether the differences between the NTP license clause and the corresponding Mininet license clause are significant. One obvious difference is that the "names" you can't use in the Mininet case are left unspecified.
Unspecified? It's the name of the copyright holders.
The trademarks are unspecified, but maybe that's not a significant problem.
The way the NTP license is used in practice is that the specific "name" you're not allowed to use is specified in the license notice (University of Delaware in the oldest strata of NTP it seems).
Similarly, the 3-Clause BSD License says:
"3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission."
Yes but I think "use[] to endorse or to promote" is a little more specific than "use[] in advertising or publicity".
I'll open an issue in their repo to propose switching to a standard text, but if there's a negative answer, would this be a blocker?
I don't know. I think it's a difficult case and requires further thought/discussion. I've only thought about this for a couple of hours :-)
I feel that the inclusion of "trademarks" here is what is most distinctive. Assuming Mininet itself is a trademark of the copyright holders, why shouldn't I be able to say truthfully in some publicity statement that my fork of Mininet is based on Mininet (without notionally breaching the license)? This is different from licenses that require me to rename my fork to something else. It's also somewhat different from how the NTP license says I can't use the name "University of Delaware" when advertising my distribution of NTP or a derivative of NTP.
I'd be somewhat curious to find out why Openflow decided to use this license, where they got it from, and how long they were using it.
Iñaki
Another issue is that Fedora has had a pragmatic approach to approving old (typically minimalist permissive) licenses that takes into account the age of the license and the software it's historically associated with. I don't think this has been documented and I think it's something we ought to include in the material on standards for Fedora license approval Jilayne and I have been working on. Red Hat has taken the same approach in its review of RHEL package licenses identified through scanning tools. Basically, we are more forgiving with relatively old licenses. We apply higher standards for newer licenses associated with more recent projects, with the dividing line being roughly late 1990s/early 2000s (when the concept of FOSS license standardization began to take root). Some old licenses of this sort still end up being unapproved for Fedora, most famously SunRPC.
The NTP license seems to be *really* old, apparently originating with the University of Delaware in the early 1990s if not earlier. The Mininet/Openflow license as far as I can tell from the quickest research doesn't seem to go back further than ~2012, which is "recent" for purposes of the standard I'm talking about. If anyone has further information on these points it would be helpful. Maybe the Openflow license was actually copied from some much older source -- it certainly looks like it.
Richard
Iñaki
Also a pretty good example of how upstream license metadata is untrustworthy.
Richard
> > Thanks, > Jilayne > > On 3/18/22 9:21 AM, Iñaki Ucar wrote: > > Hi, > > Is this license [1] acceptable for Fedora and what would be the > appropriate identifier for the License field? It seems to me some sort > of BSD, and in fact the authors themselves identify it as such in the > setup.py file [2], but I'd like to be sure. > > [1] https://github.com/mininet/mininet/blob/master/LICENSE > [2] https://github.com/mininet/mininet/blob/master/setup.py
-- Iñaki Úcar
-- Iñaki Úcar
-- _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On Mon, 21 Mar 2022 at 18:10, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 9:44 PM Pamela Chestek pchestek@gmail.com wrote:
Isn't there a much bigger problem, namely "to any person obtaining a copy of this Software to deal in the Software under the copyrights without restriction ..."
For comparison, the MIT language is: "to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation ..."
They've added "under the copyrights." I assume the intent was to carve out the trademarks from the grant, but they've also, I would say, carved out patents. I would argue that because the license is specifically for copyrights only one can't imply a license for patents.
Interesting, I had overlooked that but this seems significant. As far as I can tell from searching, the Overflow license (the license used here) is the first case of a license that adds "under the copyrights" to that MIT license language. Though this is speculation, given the origins of these projects and what I understand to be the approximate date of launching of the Overflow project it all feels a bit like some lawyer in the Stanford tech transfer office was trying to "pull a fast one", as it were. If the Overflow project (or this license) is actually much older than I am assuming, that would be useful to know though.
Here I'm a bit lost, and I don't understand the implications. But the OpenFlow license is present in Open vSwitch, which is supported by RedHat as part of its virtualization technologies.
As to the trademark question, IMHO I tend to agree with Richard that the license prohibits lawful nominative/referential fair use. The BSD license says "endorse," which does allow for lawful use (a proper nominative fair use would not suggest endorsement). "Promote" is a closer call; if I say "LibreOffice is a fork of OpenOffice" at a time when OpenOffice is more well-known, that might be considered using "OpenOffice" in a promotional way. But since it travels with "endorse," there is an argument that they didn't mean to prohibit a lawful referential use. I don't think that can be said for the Mininet license. I think the intentions may have been good with the Mininet license, but done in a way that probably crosses the line.
As for this clause, I found that the W3C license (which is listed as a good license for Fedora) contains an almost identical one: https://www.w3.org/Consortium/Legal/2002/copyright-software-20021231.
Iñaki
Pam
On Fri, Mar 18, 2022 at 4:37 PM Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 4:00 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 19:50, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 18 Mar 2022 at 17:12, Richard Fontana rfontana@redhat.com wrote: > > On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy jlovejoy@redhat.com wrote: > > > > Hi, > > > > This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!) > > > > As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction. > > So the clause in question is this: > > "The name and trademarks of copyright holder(s) may NOT be used in > advertising or publicity pertaining to the Software or any derivatives > without specific, written prior permission." > > The license seems to have first appeared in a related project coming > out of Stanford, Openflow. The quoted language seems to me to be more > restrictive (and also ambiguous) than counterpart language in well > known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: > BSD-3-Clause]). > > My initial reaction is that this license is not FOSS and thus is not > ok for Fedora.
But, we have several MIT variants listed with a similar clause about "advertising and publicity": https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT
The one here seems closest to what Fedora calls the "NTP variant" and which is an OSI-approved license under the name NTP license: https://opensource.org/licenses/NTP (SPDX: NTP).
The difference is that the mininet license says:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
(where '(TrademarkedName)' is a placeholder). I think "TrademarkedName" may be a questionable choice of placeholder name.
Anyway, one question is whether the differences between the NTP license clause and the corresponding Mininet license clause are significant. One obvious difference is that the "names" you can't use in the Mininet case are left unspecified.
Unspecified? It's the name of the copyright holders.
The trademarks are unspecified, but maybe that's not a significant problem.
The way the NTP license is used in practice is that the specific "name" you're not allowed to use is specified in the license notice (University of Delaware in the oldest strata of NTP it seems).
Similarly, the 3-Clause BSD License says:
"3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission."
Yes but I think "use[] to endorse or to promote" is a little more specific than "use[] in advertising or publicity".
I'll open an issue in their repo to propose switching to a standard text, but if there's a negative answer, would this be a blocker?
I don't know. I think it's a difficult case and requires further thought/discussion. I've only thought about this for a couple of hours :-)
I feel that the inclusion of "trademarks" here is what is most distinctive. Assuming Mininet itself is a trademark of the copyright holders, why shouldn't I be able to say truthfully in some publicity statement that my fork of Mininet is based on Mininet (without notionally breaching the license)? This is different from licenses that require me to rename my fork to something else. It's also somewhat different from how the NTP license says I can't use the name "University of Delaware" when advertising my distribution of NTP or a derivative of NTP.
I'd be somewhat curious to find out why Openflow decided to use this license, where they got it from, and how long they were using it.
Iñaki
Another issue is that Fedora has had a pragmatic approach to approving old (typically minimalist permissive) licenses that takes into account the age of the license and the software it's historically associated with. I don't think this has been documented and I think it's something we ought to include in the material on standards for Fedora license approval Jilayne and I have been working on. Red Hat has taken the same approach in its review of RHEL package licenses identified through scanning tools. Basically, we are more forgiving with relatively old licenses. We apply higher standards for newer licenses associated with more recent projects, with the dividing line being roughly late 1990s/early 2000s (when the concept of FOSS license standardization began to take root). Some old licenses of this sort still end up being unapproved for Fedora, most famously SunRPC.
The NTP license seems to be *really* old, apparently originating with the University of Delaware in the early 1990s if not earlier. The Mininet/Openflow license as far as I can tell from the quickest research doesn't seem to go back further than ~2012, which is "recent" for purposes of the standard I'm talking about. If anyone has further information on these points it would be helpful. Maybe the Openflow license was actually copied from some much older source -- it certainly looks like it.
Richard
Iñaki
> Also a pretty good example of how upstream license metadata is untrustworthy. > > Richard > > > > > Thanks, > > Jilayne > > > > On 3/18/22 9:21 AM, Iñaki Ucar wrote: > > > > Hi, > > > > Is this license [1] acceptable for Fedora and what would be the > > appropriate identifier for the License field? It seems to me some sort > > of BSD, and in fact the authors themselves identify it as such in the > > setup.py file [2], but I'd like to be sure. > > > > [1] https://github.com/mininet/mininet/blob/master/LICENSE > > [2] https://github.com/mininet/mininet/blob/master/setup.py >
-- Iñaki Úcar
-- Iñaki Úcar
-- _______________________________________________ legal mailing list -- legal@lists.fedoraproject.org To unsubscribe send an email to legal-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On Mon, Mar 21, 2022 at 2:06 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Mon, 21 Mar 2022 at 18:10, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 9:44 PM Pamela Chestek pchestek@gmail.com wrote:
As to the trademark question, IMHO I tend to agree with Richard that the license prohibits lawful nominative/referential fair use. The BSD license says "endorse," which does allow for lawful use (a proper nominative fair use would not suggest endorsement). "Promote" is a closer call; if I say "LibreOffice is a fork of OpenOffice" at a time when OpenOffice is more well-known, that might be considered using "OpenOffice" in a promotional way. But since it travels with "endorse," there is an argument that they didn't mean to prohibit a lawful referential use. I don't think that can be said for the Mininet license. I think the intentions may have been good with the Mininet license, but done in a way that probably crosses the line.
As for this clause, I found that the W3C license (which is listed as a good license for Fedora) contains an almost identical one: https://www.w3.org/Consortium/Legal/2002/copyright-software-20021231.
Indeed, thanks, that is definitely worth considering when assessing this license.
Richard
On Mon, 21 Mar 2022 at 19:29, Richard Fontana rfontana@redhat.com wrote:
On Mon, Mar 21, 2022 at 2:06 PM Iñaki Ucar iucar@fedoraproject.org wrote:
On Mon, 21 Mar 2022 at 18:10, Richard Fontana rfontana@redhat.com wrote:
On Fri, Mar 18, 2022 at 9:44 PM Pamela Chestek pchestek@gmail.com wrote:
As to the trademark question, IMHO I tend to agree with Richard that the license prohibits lawful nominative/referential fair use. The BSD license says "endorse," which does allow for lawful use (a proper nominative fair use would not suggest endorsement). "Promote" is a closer call; if I say "LibreOffice is a fork of OpenOffice" at a time when OpenOffice is more well-known, that might be considered using "OpenOffice" in a promotional way. But since it travels with "endorse," there is an argument that they didn't mean to prohibit a lawful referential use. I don't think that can be said for the Mininet license. I think the intentions may have been good with the Mininet license, but done in a way that probably crosses the line.
As for this clause, I found that the W3C license (which is listed as a good license for Fedora) contains an almost identical one: https://www.w3.org/Consortium/Legal/2002/copyright-software-20021231.
Indeed, thanks, that is definitely worth considering when assessing this license.
And, if it's useful in any way, I found this thread too: https://mailman.stanford.edu/pipermail/mininet-discuss/2014-August/004879.ht.... And it's part of Debian: https://salsa.debian.org/debian/mininet
On Fri, Mar 18, 2022 at 02:50:28PM -0400, Richard Fontana wrote:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
I can definitely see a practical concern here. In the second case, (TrademarkedName) is usually the organization — for example, the WordNet variant says
"The name of Princeton University or Princeton may not be used in advertising or publicity pertaining to distribution of the software and/or database."
That's easy to follow. On the other hand, it's very common for us to use the name of a piece of software in Fedora Linux release announcements. Like, "This release now includes WordNet 3.0", or whatever.
On Fri, 25 Mar 2022 at 20:52, Matthew Miller mattdm@fedoraproject.org wrote:
On Fri, Mar 18, 2022 at 02:50:28PM -0400, Richard Fontana wrote:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
I can definitely see a practical concern here. In the second case, (TrademarkedName) is usually the organization — for example, the WordNet variant says
"The name of Princeton University or Princeton may not be used in advertising or publicity pertaining to distribution of the software and/or database."
That's easy to follow. On the other hand, it's very common for us to use the name of a piece of software in Fedora Linux release announcements. Like, "This release now includes WordNet 3.0", or whatever.
But, again the last clause in the OpenFlow license is exactly the same as in the W3C license, which is OSI-approved. So my understanding is that the fundamental part to assess here is the "under the copyrights" addendum compared to a standard MIT license.
Any ETA on the assessment of this license? Thanks in advance.
Iñaki
On Fri, 1 Apr 2022 at 15:47, Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 25 Mar 2022 at 20:52, Matthew Miller mattdm@fedoraproject.org wrote:
On Fri, Mar 18, 2022 at 02:50:28PM -0400, Richard Fontana wrote:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
I can definitely see a practical concern here. In the second case, (TrademarkedName) is usually the organization — for example, the WordNet variant says
"The name of Princeton University or Princeton may not be used in advertising or publicity pertaining to distribution of the software and/or database."
That's easy to follow. On the other hand, it's very common for us to use the name of a piece of software in Fedora Linux release announcements. Like, "This release now includes WordNet 3.0", or whatever.
But, again the last clause in the OpenFlow license is exactly the same as in the W3C license, which is OSI-approved. So my understanding is that the fundamental part to assess here is the "under the copyrights" addendum compared to a standard MIT license.
-- Iñaki Úcar
On Mon, Apr 4, 2022 at 12:11 PM Iñaki Ucar iucar@fedoraproject.org wrote:
Any ETA on the assessment of this license? Thanks in advance.
No, we're still thinking about it. It's a difficult problem.
"But, again the last clause in the OpenFlow license is exactly the same as in the W3C license, which is OSI-approved. So my understanding is that the fundamental part to assess here is the "under the copyrights" addendum compared to a standard MIT license."
The fact that the W3C license has been Fedora-approved is more relevant (Fedora does not always agree with OSI determinations). But standards for license approval are always evolving (slowly). It's not clear that just because some language was considered okay in W3C a long time ago we should continue to tolerate it in licenses published or considered more recently.
Richard
On Fri, 1 Apr 2022 at 15:47, Iñaki Ucar iucar@fedoraproject.org wrote:
On Fri, 25 Mar 2022 at 20:52, Matthew Miller mattdm@fedoraproject.org wrote:
On Fri, Mar 18, 2022 at 02:50:28PM -0400, Richard Fontana wrote:
"The name and trademarks of copyright holder(s) may NOT be used in advertising or publicity pertaining to the Software or any derivatives without specific, written prior permission."
while the NTP counterpart says:
"and that the name (TrademarkedName) not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission."
I can definitely see a practical concern here. In the second case, (TrademarkedName) is usually the organization — for example, the WordNet variant says
"The name of Princeton University or Princeton may not be used in advertising or publicity pertaining to distribution of the software and/or database."
That's easy to follow. On the other hand, it's very common for us to use the name of a piece of software in Fedora Linux release announcements. Like, "This release now includes WordNet 3.0", or whatever.
But, again the last clause in the OpenFlow license is exactly the same as in the W3C license, which is OSI-approved. So my understanding is that the fundamental part to assess here is the "under the copyrights" addendum compared to a standard MIT license.
-- Iñaki Úcar
-- Iñaki Úcar