1. 12

  2. 1

    A couple of questions:

    1) Would moving to the AL make sharing with LibreSSL easier?
    2) Why the CLA? Seems like a pointless addition to me that was more than likely brought on by the lawyers backing the CII as opposed to the actual developers.

    1. 7
      1. No. Apache 2 license is unacceptable in OpenBSD.
      1. 4

        Can you explain why is that? I’ve never understood where the Apache differs from BSD/MIT and why people use it.

        The OpenBSD website only mentions “additional restrictions” but all I’ve seen is that the Apache 2 has the Patent grant clause, which looks like the opposite of a restriction.

        1. 9
          1. Too many words. Just look at it: http://www.apache.org/licenses/LICENSE-2.0

          2. Contains the word patent.

          The OpenBSD policy, in short, has been that by default copyright law imposes too many restrictions. Therefore, the purpose of the license is to remove those restrictions, so that users can copy the software and so forth. It takes very few words to do that. More words generally means the license is asking for something back, moving it more in the direction of a contract.

          1. 4

            Objection 1 is really weird. It’s like saying Mozart has too many notes.

            Simplicity should not be a goal above all else. Not everything can or should be completely simplified.

            It’s kind of weird that Apache v1 was tolerable to Theo but v2 got too long so he banned it from OpenBSD. The extra wording in v2 was in place to fix a lot of bad and ambiguous situations in v2. It was a good thing to have more words. Those were bugfixes.

            1. 2

              Free software licensing is pretty simple. “Copyright law says you can’t do these things. I say you can.”

              I’m not sure what’s ambiguous about Apache 1. Certainly I can read it and determine what I’m allowed to do and what I’m required to do in much less time than v2.

              1. 2

                For me it depends on where the software is coming from. If it’s software written by a big company, nowadays it’s very common that they file both copyright and patents for everything. Therefore I don’t feel like I know what I’m allowed to do with their software unless they grant both rights. It doesn’t have to be very complex: just tell me that, although you hold both copyright on the software, and patent rights covering the software’s operation, you grant me a royalty-free perpetual right to use both.

                If it comes from someone who is unlikely to have also patented the techniques being used by the software, then a plain MIT/BSD/ALv1 is fine with me.

                1. 1

                  Except, software licensing isn’t necessarily that simple. Like it or not patent law also affects the ability to share and use software, and ignoring it doesn’t change that.

                  1. 1

                    Well, it really is. Newly written software is by default copyrighted but not patented.

                    Also, licenses like Apache 2 do a poor job of solving the problem. You write some patented C library for linked lists. You tell me I can use it under Apache 2. But my project is in scala. So I implement my own linked lists, except oops, now it’s not the Apache licensed code anymore. If you’re going to give me a patent grant, give me a patent grant. Don’t tie it to a particular implementation.

                    1. 1

                      I’m not saying the ALv2 is perfect by any means. But the patent issue is real. And yeah, sure, if I write something from scratch and don’t file for any patents, then yeah, I could just license it to you based on copyright. But corporations often do have patents that cover stuff they open source, and dealing with that one way or another is something that has to be dealt with.

                      Again, not to say the AL is the be all / end all. Just pointing out that some of the additional languages in these license does serve a purpose.

          2. 3

            When I first read the post I immediately thought of OpenBSD. With this move, forking LibreSSL when you guys did seems like an even better move than it has already proven to be!

          3. 3

            The CLA is especially strange in light of them getting advice from SFLC. bkuhn of Software Conservancy doesn’t think we need CLAs. I usually find his opinions to be in agreement with the SFLC.