-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The Unlicense is not allowed to be used inside Google, however an equivalent license 0BSD is. #805
Comments
I presume by promote you're referring to listing on https://choosealicense.com/licenses -- it was added there to fill out the spectrum from the strongest copyleft to public domain equivalent -- in the latter category, at the time the only other option was CC0-1.0 which is more problematic for software due to its express non-grant of a patent license. That source quotes me from many years ago saying I like Unlicense, as a movement anyway. 😆 If you follow the reference https://opensource.google/docs/patching/#forbidden at the source as well as https://opensource.google/docs/thirdparty/licenses/#unencumbered it looks like patching is not allowed (at least not without additional process) though use is. This still is not ideal of course, as Google employees are important contributors to open source. There was a robust discussion of Unlicense on the OSI list last year, spanning many months, the result being approval, see https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2020-June/004890.html My weak bias is to update https://choosealicense.com/licenses by replacing Unlicense with MIT-0, which is based on MIT -- far more common and thus more familiar than BSD-* these days, and anyway 0BSD is a derivative of ISC, not BSD-*. Of course they all amount to the same thing, so it isn't super important. 😄 |
I know that there is an ongoing debate whether 0BSD derives from a BSD or the ISC license. In this discussion i favor Rob Landley, creator of the 0BSD license which claims he derived it by changing a BSD license (he should know). But as you say the distinction is irrelevant other than to trigger annoyance in people to involved in the discussion. A short search for "0BSD" vs "MIT-0" on GitHub shows the first one is vastly ( x4 ) more popular. However i would not fight a war over which license to replace the "Unlicense" with (since 0BSD and probably also MIT-0 are OSI approved). I just wanted to raise awareness that 0BSD unlike any other Public Domain equivalent license (including MIT-0) is approved to be contributed under by Google employees. While it is odd that Google is putting their thumb on the scale which of the public domain equivalent licenses wins out, i would prefer for a licenses picker tool to recommend the license which has the least risk of downstream problems. Since Googles thumb is on the scale that license is 0BSD and it would be annoying if people chose another license based on recommendations but later would have to switch project license to accept a patch from an Google employee. I'm not aware of any arguments or fingers on the scale that distinguish 0BSD, MIT-0 and Unlicense, although i personally find the last name confusing in the current legal framework as "unlicensed work" are all rights reserved while "Unlicensed works" are no right reserved. |
There's no debate about the derivation of 0BSD, only what to call it -- and the debate is long over, 0BSD is a fine name, I only brought it up here since you mention derivation -- it's derived from the ISC license used by OpenBSD -- it's derived from the license used by a BSD, not derived from a BSD license. 😄 See https://lists.spdx.org/g/Spdx-legal/message/1287 and also #464 (voluminous). I predict that regardless of what happens in this repo, MIT-0 will be vastly more popular than 0BSD in 20 years (the appropriate timescale to think about license adoption). The rationale (which I agree with) for 0BSD rather than 0ISC or similar was that nobody besides license nerds knows about ISC. Well, nobody besides *nix nerds knows about BSD. And as ISC is to BSD, BSD is to MIT brand/recognition wise. Permissive BSD licenses at one time had a significant head start on adoption relative to MIT, but now are far less popular. The same will play out with 0BSD and MIT-0. Agreed that Unlicense vs common use of "unlicensed" can be confusing. |
A friend pointed me at this thread. There's no "ongoing debate" about where 0BSD comes from, the history is at the bottom of https://landley.net/toybox/license.html . It was derived from the openbsd suggested template license (which was itself derived from ISC, yes), and I got permission from Kirk McKusick to call it a BSD license at Ohio Linuxfest in 2013 (and later went back and got it it in writing ala https://landley.net/toybox/0bsd-mckusick.txt). I've been using that license on toybox for 10 years now, which was merged into Android M as its new command line implementation in December 2014. 0BSD is the result of an explicit marketing strategy. When I switched off of GPL I specifically looked for something I could call a BSD license because "GPL vs BSD" was the original axis upon which license discussions over the past 20 years (often in a Linux vs FreeBSD context), and since there were already "4 clause BSD", "3 clause BSD", and "2 clause BSD", so one more variant called "Zero clause BSD" (analogous to CC0 or Coke Zero) was an easy sell to be rubber stamped by a company's legal department under the same umbrella. Beyond that I looked for the simplest solidly worded license I could start with, and could make the smallest possible change to. I walked 0BSD through the spdx approval process at Samsung's request in June 2015, walked it through an OSI process in November 2018, helped it through the github approval process here (from #464 (comment) through #643) and so on. It didn't "just happen", it was an awful lot of work. (And still is. Maintainership is a constant stream of little spdx/license-list-XML#1174 (comment) issues.) The thing about public domain equivalent licenses is, done right, THEY ARE EQUIVALENT. That's sort of the point. If you would like to use toybox code under the unlicense, what exactly is stopping you? The license on the existing copyrighted code grants sufficient non-conflicting permissions, and does not require you to carry around a specific blob of text describing those permissions (the same way modern copyright law does not require registration or a copyright statement for the copyright to exist). I have nothing against other public domain equivalent licenses, but I promote 0BSD because it was designed to easily to win certification and approval, which it has done. I want MORE code under public domain equivalent licenses, and am saddened that so many people nominally pursuing this goal are their own worst enemy. Saying "oh you should use this other public domain equivalent license" serves no purpose except to muddy the waters. (It's saying "you're doing public domain equivalence WRONG! Betcha didn't know you could do it wrong, did you? I guess you don't understand it as well as you did, better hire some lawyers to ponder and convince you to rethink this decision and wind up using Apache 2.0 instead?" which does not help.) I was going "if you don't like GPL anymore because the FSF killed it, and are thinking something bsd-like instead, try this one" because https://speakerdeck.com/benbalter/open-source-licensing-by-the-numbers?slide=41 was of great concern to me. I talked to the unlicense guys at some length years ago (mostly unarchived but there's the occasional https://twitter.com/landley/status/451667419128270848 to show when), but "I can't use that, it's unlicensed" tends to end most adoption conversations involving it before looking at the license wording. And for years creative commons advertised itself as "not suitable for use on source code" before they even DID CC0 (and then CC0 is way longer and more complicated than it really needs to be so the result is intimidating and makes lawyers worry they've missed a gotcha), WTFPL went out of its way not to be taken seriously, things like the John the Ripper license (https://openwall.info/wiki/john/licensing) made no effort to present themselves as a generic license applicable to more than one project... I remember the first time a Google engineer told me to my face (at linuxconf.au) that CC0 was a terrible license that "took away your rights" and how 0BSD was so much better, and I tried to explain what "public domain equivalent" meant but he was adamant in his position. (Since diplomacy is the art of letting other people have your way, I didn't press too hard but instead agreed that I also think 0BSD is a good license and thanked him for supporting it.) This is why I get very very tired every time somebody starts an "this thing is bad, use this other thing which is equivalent to it and therefore must also be bad" argument that drives people AWAY from public domain equivalent licensing. Just... can we not? Simple, clear marketing message, has achieved success, please take the win. If you'd like more context on this, I gave a talk on "toybox vs busybox" in 2019 that was about half about licensing https://www.youtube.com/watch?v=MkJkyMuBm3g and you can read a long OSI thread at https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-October/003581.html or here's a slightly cleaned up version of the first github thread from 2017 in two parts on my blog: 1) https://landley.net/notes-2017.html#26-03-2017 and 2) https://landley.net/notes-2017.html#27-03-2017 (unfortunately spdx redid its mailing list archive to something worse and https://lists.spdx.org/pipermail/spdx-legal/2015-December/001580.html redirects badly now but you can probably dig it out of archive.org if you try) and those link to a zillion other things like https://www.openwall.com/lists/musl/2016/03/23/11 ... It didn't "just happen". It was (and still is) SO much work. |
I also note https://android.googlesource.com/platform/external/toybox/+/5d35ee244cee3 was applied recently: I have no idea what it means, but it mentions CC0 and Unlicense in android legal plumbing. The trick to understanding the bug numbers is https://landley.net/toybox/faq.html#b_links by the way. |
Also, the Unlicense is INVALID in some countries such as Germany, and has unclear meaning in some other countries, such as Australia. |
(I am not a lawyer and this is not legal advice)
This has been discussed by OSI: https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2020-May/004870.html According to Pamela Chestek, as well as Till Jaeger, the Unlicense contains license language and would therefore be interpreted as a license where public domain is inapplicable. And even if it didn't have such language (which it does) it would still be interpreted as a license. |
thanks @landley for chimming in here and sharing all you work. sorry everyone else for digging into the "thanks" hole, but i'm also thankful for every single other contribution in this thread. ironically, this post will probably break the trend and be mostly useless to everyone! just wanted to say thanks, for now. 😘 |
What is happening when I don't put any license on my project? |
@karam72 if you are the copyright holder of a project (you automatically are if you are the author) then there are certain things only you can do, and are illegal for everyone else without your authorization. A license is that: an authorization. It allows others to do those things, subject to the conditions of the license. So if you don't add a license to your project than all rights are reserved by you and none can use it in ways that would require your permission. |
@karam72 we have a page for that question, though @Aspie96's answer above is more concise. Related to the main topic of this issue, yesterday there was a largish discussion of MIT-0 and other instruments mentioned above. |
just wondering where in the unlicense does it grant patent use |
On 5/8/22 12:51, MrRawes wrote:
I presume by promote you're referring to listing on
https://choosealicense.com/licenses <https://choosealicense.com/licenses> --
it was added there to fill out the spectrum from the strongest copyleft to
public domain equivalent -- in the latter category, at the time the only
other option was CC0-1.0 which is more problematic for software due to its
express non-grant of a patent license.
The advantage of copyleft was that it let you stop thinking about licensing.
Unfortunately, that was a "there can be only one" situation, and once GPLv3 cut
off GPLv2's head the resulting lighting show poisoned the entire space.
The advantage of public domain equivalent licensing is it lets you stop thinking
about licensing because you can relicense AFTER THE FACT. If you want to switch
between CC0, the unlicense, and 0BSD each release, in theory you can. This means
a choice of public domain equivalent license shouldn't be something you can get
wrong, because you can always change it for one of the others later. (If you
can't, it's not a public domain equivalent license.)
This is not true for public domain adjacent licenses such as conventional BSD,
MIT, Apache, ISC, and so on. They all require "copy this specific license text
verbatim in all future works", which make them "sticky". Grab different
functions from different sources and your about->license pulldown can grow to
many pages.
I don't start threads arguing for one public domain equivalent license over
others because it just convinces people that they're NOT equivalent, thus
selecting a public domain equivalent license isn't an improvement over having to
choose between Apache or ISC, and thus they might as well not license their code
at all. People keep starting these threads and cc'ing me on them, and it's very
tiring.
I would much rather that actual "public domain" was the one and only pulldown
choice of its kind, but sadly that's not the legal environment we live in.
That source quotes me from many years ago saying I like Unlicense, as a
movement anyway. laughing
The main problem with "the unlicense" has always been the immediate objection
"We can't ship unlicensed code". The need to clarify "it's unlicensed" doesn't
mean "it's under the unlicense" raises red flags about the legal acumen of the
people who created that license, so it's not a minor hitch you can easily smooth
over after somebody stubs their toe on it. If the license's creators DIDN'T
realize it would cause confusion sufficient to restrict its adoption, what else
did they get wrong?
I spoke to the unlicense people on multiple occasions most of a decade ago, such
as: https://twitter.com/landley/status/451690566498004992
In that thread they raised the objection that if my code is in the public domain
someone could relicense it (um... yes?) and suggested I use CC0. (I described
toybox as "sort of" public domain because the phrase "public domain equivalent
license" hadn't been formalized yet. The relevant wikipedia page was renamed
from "Permissive Free Software license" in 2016, two years after that thread.
There was no agreed-upon proper name for the category before then.)
There was a robust discussion of Unlicense on the OSI list last year,
spanning many months, the result being approval, see
https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2020-June/004890.html
<https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2020-June/004890.html>
My interaction with OSI has been to get them to stop misnaming 0BSD, which I've
had to do multiple times because they keep losing institutional memory and
introducing regressions. I note that https://lwn.net/Articles/893293/ actually
has a BETTER opinion of OSI's competence than I do. That's why my 0BSD
standardization effort (at Samsung's request) was through SPDX in 2015. And last
year ISO standardized the SPDX list, not the OSI list. (ISO 5962:2021 is SPDX
v2.2.1, and yes 0BSD is in it.)
My weak bias is to update https://choosealicense.com/licenses
<https://choosealicense.com/licenses> by replacing Unlicense with MIT-0,
which is based on MIT -- far more common and thus more familiar than BSD-*
these days, and anyway 0BSD is a derivative of ISC, not BSD-*.
MIT-0 was created 5 years after 0BSD (in 2018), and while the license itself
seems fine the entire argument in favor of it was "I prefer this public domain
equivalent license to that public domain equivalent license". Which risks
turning this space into the same kind of argument that BSD vs Apache always was,
so people go back to treating software copyrights the same as software patents
and just opting out of them until the law can change.
https://www.reddit.com/r/programming/comments/arx6rg/the_mit_no_attribution_mit0_license/
0BSD had an explicit strategy behind its name:
https://www.openwall.com/lists/musl/2016/03/23/11
And in addition to being sourced from the OpenBSD suggested template license,
here is Kirk McKusick's permission to call 0BSD a BSD license:
https://landley.net/toybox/0bsd-mckusick.txt
"GPL vs BSD" was the axis of discussion for 20 years
(https://timreview.ca/article/67
https://www.linuxadictos.com/en/software-libre-vs-open-source-es-lo-mismo.html
https://www.quora.com/What-are-the-consumer-differences-between-GPL-and-BSD-licences
https://www.reddit.com/r/linuxquestions/comments/biy57v/why_would_any_software_use_a_bsd_license_over_a/
) and there are already 4 clause, 3 clause, and 2 clause BSD licenses, the
differences between which honestly don't matter to most people. This made it
very easy to get legal department rubber stamps as "a minor variant of the
OpenBSD suggested template license, made by deleting half a sentence".
Note that over half of both the 0BSD and MIT-0 license text is boilerplate
warranty disclaimer (https://lkml.org/lkml/2013/10/6/102) that acts as legally
useless ballast. Such disclaimers predate the microcomputer and thus the
shrinkwrap software industry. They originally existed because bespoke software
development contracts of the 1960s that accidentally took a big iron system
offline with their custom install (there WAS no retail market because there were
only 23 PDP-6 systems and ~700 PDP-10 systems ever built; EVERYTHING was a
custom job) could cost a customer more than they'd paid the vendor to develop
the software (between hardware depreciation and idled employee salary, six
figures of liability could be easy to prove). But those were new custom
development CONTRACTS, not retail software licenses. Microcomputer volume
produced a categorically different software industry: the Atari 2600 sold almost
2 million consoles in its first 3 years, the Vic-20 sold a million units the
year it was introduced, and the IBM PC got 250k preorders before the first unit
shipped. Boxed shrinkwrap software for all of them showed up on store shelves
because the customer base was big enough to support a retail software
development model. The "liability" for a $30 retail purchase (written before you
bought it rather than commissioned) that went into a $300 computer (the prices
for the Vic-20 and its game "omega race"), with no contract signed between the
parties, was not remotely the same legal exposure. The potential issue in that
channel was RETURNS, not lawsuits. But big software vendors applied the same
legal boilerplate to the new market as they had to the old, and the new players
copied the big boys trying to look adult and professional instead of garage
operations. And that's how we got saddled with this legacy stupidity where
people give medical advice on blogs but think their free software licenses need
giant all-caps legal disclaimers. Most web pages are shipping me 6 megabytes of
javascript that runs in my browser window to show me ads I don't want to see and
surreptitiously track my movement between sites, but what I upload to github
needs disclaimers?
0BSD left that in there because "existing license minus half a sentence" was an
explicit design goal, as part of its marketing strategy.
Github has a disproportionate amount of MIT licensing because Github's licensing
tutorial explicitly recommended MIT licensing to people who didn't know what
license to choose. Despite which, the percentage of projects with no license
specified _increased_ during that period. If you move outside of "GPL vs BSD"
into the cloud of BSD-alikes I don't see evidence that MIT is more well known
than BSD? Google primarily recommends Apache 2.0. MacOS/Darwin uses its own
Apple Public Source License (also OSI approved but described as "partial
copyleft" on its wikipedia page). Microsoft has its own MSPL, but authored and
shipped https://github.com/microsoft/tslib as 0BSD. (If you try to see if
Microsoft has shipped anything under the unlicense, googling for "microsoft
unlicense" or "microsoft the unlicense" just finds pages about unlicensed
products and license management tools...)
There's nothing wrong with MIT-0 as a license. My concern isn't "0BSD vs MIT-0",
my concern is "public domain equivalent licensing" vs "leaving the project
without stated license terms". If having five public domain equivalent license
options (0BSD, MIT-0, Unlicense, CC0, WTFPL...) pulls more people AWAY from not
licensing their project, great. If we get starbucks menu paralysis and people
can't find "just a coffee" on the menu and walk out without ordering, it's not a
net win. I honestly don't know what the right thing to do there is.
Of course
they all amount to the same thing, so it isn't super important. smile
I agree that when code ships under a public domain equivalent license, you
should be able to reuse it under ANY license. That's what public domain
equivalent means. Arguing "these licenses are completely fungible but you should
use THIS one instead of that one" is a type of thread I keep getting cc'd on,
but don't tend to start.
We're coming up on 10 years of 0BSD. I like being able to point to
https://github.com/search?q=license%3A0bsd&type=Repositories finding 45k
repositories under 0BSD to indicate "you're safe joining the crowd". The fact
Google and Microsoft have both authored and shipped 0BSD code is also good for
reassuring corporate legal departments.
But if somebody ships code under MIT-0 or CC0, then it's public domain
equivalent and I can use it in toybox. (Other projects can already use toybox
code; even GPL projects like busybox.) Arguing that one public domain equivalent
license is inferior to another public domain equivalent license boils down to
marketing spin. I have explained 0BSD's marketing strategy and why I considered
it an effective way to get corporate adoption (which it has) without sacrificing
individual hobbyist adoption (which seems to be the case).
That said, once the ice is broken and public domain equivalent licensing starts
being used somewhere, the same people tend to gradually become more open to
other public domain equivalent licenses, as long as they are demonstrably fungible.
I've focused on the one that's designed to be good at breaking the ice, but I
admit to significant bias here...
Rob
|
When you promote the Unlicense you should be aware that it's reception in legal circles is not great. Source
Instead i suggest you promote the 0BSD license. Both licenses are public domain equivalent licenses, so they are interchangeable, however licensing ones code under 0BSD makes it easier for companies to use it, as the BSD license family is well understood by software lawyers and 0BSD is an derivative of this license.
The text was updated successfully, but these errors were encountered: