March 2019 License-Review Summary

In March, the License-Review mailing list
saw the retraction of the SSPL from review,
and discussed a set of GPLv3 Additional Terms.

The License-Discuss list
(summarized at )
was far more active.
Among other things,
it discussed Van Lindberg’s upcoming Cryptographic Autonomy License,
and saw extensive discussion about the license review process:
whether the conduct of the list is appropriate,
whether there might be alternatives to using email,
and whether PEP-style summaries would help.


## License Committee Report {#report}

[Richard Fontana][fontana_report] provides the license committee report:

* CFSL v1.4: The review period is over.
Fontana explains why he thinks the license should be rejected.
The OSI board subsequently [rejected][fontana_cfsl] the license.

* SSPL v2: MongoDB withdrew the license from review.

* Twente License: A decision is due 2019-04-05.


## Server Side Public License, Version 2 {#sspl}

[Eliot Horowitz][horowitz_withdrawal]
announces that MongoDB retracts the SSPL from the OSI approval process,
citing a lack of community support as a reason.

[Josh Berkus][berkus_disappointed]
is disappointed in the withdrawal:
“this license poses interesting questions
about how copyleft can be extended (or not)
and how the OSD’s clauses about software packaging
need to change in a SaaS world.”
Berkus thinks the contents of the license were not appropriately considered,
and that too many responses were ad-hominem attacks.

This leads to extensive discussion of the License-Review process
(see the [License-Discuss] summary).


## GPL 3+ with Whonix Additional Terms {#whonix}

[Patrick Schleizer][schleizer_submission]
submits a set of Additional Terms for the GPLv3 for review.
These terms try to improve the limitation and disclaimer of warranty in the GPL
by incorporating language from the doom3 and micropolis licenses.


This submission raises two governance questions:

* Should the OSI review Additional Terms for the GPL?
This is discussed in a separate section below.
* Does it make sense for the OSI to review licenses
that were not first reviewed by a lawyer?
This is discussed on [License-Discuss]
as “the pro-se license constructor”.

[Brendan Hickey][hickey_fsf_interest]
asks whether Schleizer had talked with the FSF about these improvements.
[Patrick Schleizer][schleizer_fsf] links to such a message.

[Schleizer][schleizer_fsf] wonders why the GPL allows indemnification terms
without containing such terms itself.
[Richard Fontana][fontana_indemnification]
mentions this was done solely for Apache 2.0 compatibility,
and links to the GPLv3 rationale documents.

notices that the proposed terms use the word “nonwithstanding”
opposite to its intended effect.

Based on the feedback (see also the separate sections),
[Patrick Schleizer][schleizer_withdrawal]
decides to withdraw the license
but intends to prepare a revised version.


## Should the OSI review GPL Additional Terms? {#gpl-additional-terms}

[Patrick Schleizer][schleizer_not_license]
points out that the GPLv3 Additional Terms mechanism allows
“other non-permissive additional terms” to be removed by the user,
so that no Additional Terms can render the license non-free.
[Richard Fontana][fontana_out_of_scope]
thinks that if these Additional Terms don’t create a new license,
then that is a good argument that such Additional Terms
are out of scope for OSI review.

Bruce Perens argues
that adding terms to a license necessarily creates a new license,
and points at the recent Commons Clause
as an example where simple additions had huge effect.
But [Schleizer][schleizer_modify_vs_additional] points out that
adding Additional Terms is just an exercise of the rights under the GPL,
and shouldn’t be treated as a modification of the license.

[Richard Fontana][fontana_proliferation]
suggests the OSI shouldn’t review Additional Terms,
if only to limit license proliferation.
Fontana notes the Additional Terms have sometimes be misused,
and that review could be valuable for *widely used* Additional Terms.
points out that the OSI did review two sets of GPLv3 Additional Permissions
though they behaved like separate licenses.
One is the LGPLv3.

also suggests that the OSI should defer to the FSF
for review of Additional Restrictions.
Bruce Perens disagrees [[1][perens_fsf],[2][perens_fsf_veto]]:
The OSI shouldn’t give the FSF special status
that would exclude some licenses from a review here,
in particular not any kind of veto power.
However, the OSI should respect the FSF’s authority on the GPL
and not review licenses that contain “GPL” in their name.