blanket license for Haskell Platform?

older
Re: [Haskell-cafe] ANNOUNCE: Hac...

Eric Y. Kow

25 Oct 2011 25 Oct '11

10:37 a.m.

So I'm combining Haskell software with some non-free/closed source work. I was wondering what sort of effort it would take to organise a blanket license for everything in the Haskell Platform, and whether it would be worthwhile to anybody. Here's my use case: - I am combining my Haskell [:-)] program with some non-free/closed source [:-(] software - My user is concerned that a large number of having a large number of individual licenses even though textually identical modulo author, date, etc would mean a big hassle getting their lawyers and their user's lawyers to sign off on each and every license I feel a bit embarrassed asking this as it's already great and also very convenient that I can just grab this closed source stuff, but suppose we were to decide that putting together some sort of blanket license for the Haskell Platform would be a good idea. How would we go about organising such an effort? I wonder if this is a sort of thing we could tie to the IHG... Thanks, -- Eric Kow http://erickow.com

Attachments:

attachment.sig (application/pgp-signature — 195 bytes)

Show replies by date

Ivan Lazar Miljenovic

25 Oct 25 Oct

10:46 a.m.

On 25 October 2011 21:37, Eric Y. Kow wrote:

...

So I'm combining Haskell software with some non-free/closed source work. I was wondering what sort of effort it would take to organise a blanket license for everything in the Haskell Platform, and whether it would be worthwhile to anybody.

Here's my use case:

- I am combining my Haskell [:-)] program with some non-free/closed source [:-(] software

- My user is concerned that a large number of having a large number of individual licenses even though textually identical modulo author, date, etc would mean a big hassle getting their lawyers and their user's lawyers to sign off on each and every license

Why do their lawyers all need to sign off individually for BSD licenses (which if memory serves all platform libraries have to be licensed under, or some variant thereof)? At most it just means they need to lump them all into one big text file somewhere saying which libraries they used... (then again, IANAL, and don't charge by the hour to consider these complex technical questions :p).

...

I feel a bit embarrassed asking this as it's already great and also very convenient that I can just grab this closed source stuff, but suppose we were to decide that putting together some sort of blanket license for the Haskell Platform would be a good idea. How would we go about organising such an effort?

Well, it would need copyright attribution/agreement of everyone that's ever committed code to any library/application to the Platform (which is why so many large projects want it) to re-license them AFAIK, which may be difficult. -- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com IvanMiljenovic.wordpress.com

Eric Y. Kow

10:58 a.m.

On Tue, Oct 25, 2011 at 21:46:21 +1100, Ivan Lazar Miljenovic wrote:

...

...
- My user is concerned that a large number of having a large number of individual licenses even though textually identical modulo author, date, etc would mean a big hassle getting their lawyers and their user's lawyers to sign off on each and every license

Why do their lawyers all need to sign off individually for BSD licenses (which if memory serves all platform libraries have to be licensed under, or some variant thereof)? At most it just means they need to lump them all into one big text file somewhere saying which libraries they used... (then again, IANAL, and don't charge by the hour to consider these complex technical questions :p).

I find the whole thing baffling myself. I'd thought this would be the sensible thing to do, but I guess when it comes to these licensing things it's not the actual pain that counts, but the perceived potential pain. Know what I mean? It's similar to the "won't touch with a 10ft pole" attitude to the GPL that some entities may take. It's basically a precautionary "la la la; I can't hear you" or a conservative stance which consists of "I don't understand this stuff, so I'm going to do the thing that seems safest to me", which may or may not be a reasonable reaction...

...

Well, it would need copyright attribution/agreement of everyone that's ever committed code to any library/application to the Platform (which is why so many large projects want it) to re-license them AFAIK, which may be difficult.

I could just say it'd be unrealistic. Just trying to be thorough. -- Eric Kow http://erickow.com

Jeremy O'Donoghue

2:42 p.m.

IANAL, but I'll bite, since I have needed to live with this for quite some time now. Obviously readers are directed to take independent legal advice before they do anything for themselves, and all of the other standard disclaimers. On 25 October 2011 11:58, Eric Y. Kow wrote:

...

On Tue, Oct 25, 2011 at 21:46:21 +1100, Ivan Lazar Miljenovic wrote:

...
...
- My user is concerned that a large number of having a large number of individual licenses even though textually identical modulo author, date, etc would mean a big hassle getting their lawyers and their user's lawyers to sign off on each and every license

Why do their lawyers all need to sign off individually for BSD licenses (which if memory serves all platform libraries have to be licensed under, or some variant thereof)? At most it just means they need to lump them all into one big text file somewhere saying which libraries they used... (then again, IANAL, and don't charge by the hour to consider these complex technical questions :p).

The first thing to say is that this is actually a very responsible attitude on the client's part. When legal review is conducted it is not just the license which needs to be checked: 1. What implications does this license carry for my business model. BSD is considered benign in this respect. GPL and LGPL work for some models but not others. 2. Does the purported copyright holder actually have the right to issue the software under the given license. The second is much more time consuming. It is straightforward to do this if the software in question was written by one person, but when contributions come from multiple people it becomes more difficult. For example if a project receives a contribution which the contributor did on company time, they may not even have the right to make that contribution (because the employer paid for, and hence owns it). There have similarly been cases where a developer has taken code from, say, a GPL project and imported it into their own differently licensed project. This second case is particularly difficult, as there *may* be cases when it is acceptable (e.g. under fair use in some jurisdictions) to extract small portions of a work and re-use them, but in most cases the developer simply does not have the right to make the contribution. There are sub-cases of these, for example where one developer has removed the copyright notices placed by the original author, even though licensing has been kept the same. This is legal (if ethically dubious) in some jurisdictions and illegal in others. A related issue: can a project *prove* that contributors have all formally licensed their code contributions under the same license? As far as the law is concerned, you really need this in writing, or something very close to it (e.g. e-mail with full header information). Personally I think we should give praise and recognition to anyone who thoroughly checks and complies with the license attached to a piece of code as they are taking care to respect the wishes of the author. I get much more fired up about those who simply break licenses and hope they don't get caught.

...

I find the whole thing baffling myself. I'd thought this would be the sensible thing to do, but I guess when it comes to these licensing things it's not the actual pain that counts, but the perceived potential pain. Know what I mean?

It's similar to the "won't touch with a 10ft pole" attitude to the GPL that some entities may take. It's basically a precautionary "la la la; I can't hear you" or a conservative stance which consists of "I don't understand this stuff, so I'm going to do the thing that seems safest to me", which may or may not be a reasonable reaction...

I am not sure that anyone 'understands' the GPL with real certainty [1]. Key questions: when does a work fall into the category of 'derived' under the GPL and when does it not do so? If I make money from licensing Intellectual Property, what are the consequences of code which grants an implicit patent license? Neither of these clauses of the GPL has been properly tested in a significant legal jurisdiction (and anyway, a Code Napoleon style jurisdiction might take a different stance than under UK/US style Common Law).

...

Well, it would need copyright attribution/agreement of everyone that's ever committed code to any library/application to the Platform (which is why so many large projects want it) to re-license them AFAIK, which may be difficult.

I could just say it'd be unrealistic. Just trying to be thorough.

...

It may be unrealistic, but it would actually be a very good idea - although completely unnecessary if we wish to continue to avoid success at all costs :-) [1] This a strength of the GPL. It was developed to achieve a specific political goal, and has been hugely successful in doing so.

Conrad Parker

11:40 p.m.

Isn't the question just about packages included in the Haskell Platform, for which "The current set of [acceptable] licenses is just the BSD3 license": http://trac.haskell.org/haskell-platform/wiki/AddingPackages#Interimlicensep... http://trac.haskell.org/haskell-platform/ticket/85 It might be reassuring to companies that want to depend on the platform if the policy was moved from Interim to Official; at least that would mean there would be community pressure not to relicense anything in the platform from BSD3 to (say) GPL. Conrad. On 25 October 2011 22:42, Jeremy O'Donoghue wrote:

...

IANAL, but I'll bite, since I have needed to live with this for quite some time now. Obviously readers are directed to take independent legal advice before they do anything for themselves, and all of the other standard disclaimers.

On 25 October 2011 11:58, Eric Y. Kow wrote:

...
On Tue, Oct 25, 2011 at 21:46:21 +1100, Ivan Lazar Miljenovic wrote:

...
...
- My user is concerned that a large number of having a large number of individual licenses even though textually identical modulo author, date, etc would mean a big hassle getting their lawyers and their user's lawyers to sign off on each and every license

Why do their lawyers all need to sign off individually for BSD licenses (which if memory serves all platform libraries have to be licensed under, or some variant thereof)? At most it just means they need to lump them all into one big text file somewhere saying which libraries they used... (then again, IANAL, and don't charge by the hour to consider these complex technical questions :p).

The first thing to say is that this is actually a very responsible attitude on the client's part. When legal review is conducted it is not just the license which needs to be checked:

What implications does this license carry for my business model. BSD is considered benign in this respect. GPL and LGPL work for some models but not others. Does the purported copyright holder actually have the right to issue the software under the given license.

The second is much more time consuming. It is straightforward to do this if the software in question was written by one person, but when contributions come from multiple people it becomes more difficult. For example if a project receives a contribution which the contributor did on company time, they may not even have the right to make that contribution (because the employer paid for, and hence owns it). There have similarly been cases where a developer has taken code from, say, a GPL project and imported it into their own differently licensed project.

This second case is particularly difficult, as there *may* be cases when it is acceptable (e.g. under fair use in some jurisdictions) to extract small portions of a work and re-use them, but in most cases the developer simply does not have the right to make the contribution. There are sub-cases of these, for example where one developer has removed the copyright notices placed by the original author, even though licensing has been kept the same. This is legal (if ethically dubious) in some jurisdictions and illegal in others.

A related issue: can a project *prove* that contributors have all formally licensed their code contributions under the same license? As far as the law is concerned, you really need this in writing, or something very close to it (e.g. e-mail with full header information).

Personally I think we should give praise and recognition to anyone who thoroughly checks and complies with the license attached to a piece of code as they are taking care to respect the wishes of the author. I get much more fired up about those who simply break licenses and hope they don't get caught.

...
I find the whole thing baffling myself. I'd thought this would be the sensible thing to do, but I guess when it comes to these licensing things it's not the actual pain that counts, but the perceived potential pain. Know what I mean?

It's similar to the "won't touch with a 10ft pole" attitude to the GPL that some entities may take. It's basically a precautionary "la la la; I can't hear you" or a conservative stance which consists of "I don't understand this stuff, so I'm going to do the thing that seems safest to me", which may or may not be a reasonable reaction...

I am not sure that anyone 'understands' the GPL with real certainty [1]. Key questions: when does a work fall into the category of 'derived' under the GPL and when does it not do so? If I make money from licensing Intellectual Property, what are the consequences of code which grants an implicit patent license? Neither of these clauses of the GPL has been properly tested in a significant legal jurisdiction (and anyway, a Code Napoleon style jurisdiction might take a different stance than under UK/US style Common Law).

...
Well, it would need copyright attribution/agreement of everyone that's ever committed code to any library/application to the Platform (which is why so many large projects want it) to re-license them AFAIK, which may be difficult.

...
I could just say it'd be unrealistic. Just trying to be thorough.

It may be unrealistic, but it would actually be a very good idea - although completely unnecessary if we wish to continue to avoid success at all costs :-)

[1] This a strength of the GPL. It was developed to achieve a specific political goal, and has been hugely successful in doing so.

_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe

Antti-Juhani Kaijanaho

10:51 a.m.

On Tue, Oct 25, 2011 at 06:37:49AM -0400, Eric Y. Kow wrote:

...

- My user is concerned that a large number of having a large number of individual licenses even though textually identical modulo author, date, etc would mean a big hassle getting their lawyers and their user's lawyers to sign off on each and every license

Sounds like you need a single copyright holder, not a blanket license (whatever that means). That means arranging copyright transfers (in the FSF/GNU style) and getting every contributor whose code survives in the Platform to sign off on it. In other words, it's a major undertaking and by no means assured to succeed. -- Antti-Juhani Kaijanaho, Jyväskylä, Finland http://antti-juhani.kaijanaho.fi/newblog/ http://www.flickr.com/photos/antti-juhani/

Alan Jeffrey

2:10 p.m.

One possible solution (which would avoid a blanket license) would be to have a tool generate SPDX (http://spdx.org/ and http://www.linuxfoundation.org/collaborate/workgroups/spdx) metadata from cabal metadata. SPDX (software package data exchange) is a format for machine-readable descriptions of software licensing, developed by the Linux Foundation. SPDX is intended to solve exactly the problem you're having: providing a summary of all of the licenses required for using a large heterogeneous collection of software with sprawling dependencies. A. On 10/25/2011 05:37 AM, Eric Y. Kow wrote:

...

So I'm combining Haskell software with some non-free/closed source work. I was wondering what sort of effort it would take to organise a blanket license for everything in the Haskell Platform, and whether it would be worthwhile to anybody.

Here's my use case:

- I am combining my Haskell [:-)] program with some non-free/closed source [:-(] software

- My user is concerned that a large number of having a large number of individual licenses even though textually identical modulo author, date, etc would mean a big hassle getting their lawyers and their user's lawyers to sign off on each and every license

I feel a bit embarrassed asking this as it's already great and also very convenient that I can just grab this closed source stuff, but suppose we were to decide that putting together some sort of blanket license for the Haskell Platform would be a good idea. How would we go about organising such an effort?

I wonder if this is a sort of thing we could tie to the IHG...

Thanks,

Yitzchak Gale

4:39 p.m.

Eric Y. Kow wrote:

...

So I'm combining Haskell software with some non-free/closed source work. I was wondering what sort of effort it would take to organise a blanket license for everything in the Haskell Platform, and whether it would be worthwhile to anybody... - My user is concerned that a large number of having a large number of individual licenses even though textually identical modulo author, date, etc would mean a big hassle getting their lawyers and their user's lawyers to sign off on each and every license

I agree that this is an important issue. I think we should focus on the primary requirement that Haskell software written for a commercial environment should not create usability issues from a legal perspective. If we clarify that question carefully, then as an important FOSS community we might be able to send the question to the EFF and get some guidance about how best to proceed. SPDX sounds interesting; I'd like to hear more about it. Besides that, it may not be as impractical as you think to have mass license assignment and/or copyright assignment as a medium-term goal for the platform. There has been talk about the Haskell community joining the Software Freedom Conservancy (as Darcs did). If that happens, it will give us a solid legal foundation for assigning assets such as these to the community as a non-profit organization. (Although I haven't heard anything recently, and Yale U. is still the registrant of the haskell.org domain.)

...

I wonder if this is a sort of thing we could tie to the IHG...

It would be great if the IHG could help push this effort. Thanks, Yitz

5010

Age (days ago)

5010

Last active (days ago)

List overview

Download

7 comments

7 participants

participants (7)

Alan Jeffrey
Antti-Juhani Kaijanaho
Conrad Parker
Eric Y. Kow
Ivan Lazar Miljenovic
Jeremy O'Donoghue
Yitzchak Gale