Skip to content
This repository has been archived by the owner on May 27, 2024. It is now read-only.

Alter CC0-1.0 recommendation for uncopyrightable files #62

Open
carmenbianca opened this issue May 8, 2020 · 29 comments · May be fixed by #100
Open

Alter CC0-1.0 recommendation for uncopyrightable files #62

carmenbianca opened this issue May 8, 2020 · 29 comments · May be fixed by #100
Labels
faq FAQ

Comments

@carmenbianca
Copy link
Member

I'd been pondering this a little while. Famously, the CC0-1.0 licence is not approved by the OSI. It's not disapproved either—it exists in a weird uncomfortable state where the OSI says that "yeah if this goes through the approval process we might not approve it", and they mutually agreed that not having it on OSI's list would be better than the OSI explicitly disapproving the licence. Something to do with patents or moral rights.

That's my basic understanding, anyway. I should've looked up the details before posting this.

@Flameeyes mentioned in his blog post that Google won't allow usage of stuff licensed under CC0-1.0, preferring Unlicense. According to another post, Fedora has the opposite recommendation—preferring CC0-1.0 over Unlicense.

So none of that's great.

I think there may be a super simple workaround, though. Instead of exclusively licensing "uncopyrightable" stuff under CC0-1.0, you could dual-license it, so that the recipient can choose which licence they prefer.

That looks like SPDX-License-Identifier: CC0-1.0 OR primary-license-of-project. This way, if a user would love to use the software were it not for CC0-1.0, then there's no problem. They can just pretend that the file is under the primary licence instead.

One problem with this recommendation is that it's not super straightforward. "Just slap CC0-1.0 on uncopyrightable files" is a much simpler recommendation than "slap CC0-1.0 OR your-primary-license on uncopyrightable files, in case some people don't like CC0-1.0".

Of course, you could also forgo CC0-1.0 entirely, but that wouldn't translate intent very well.

@mxmehl
Copy link
Member

mxmehl commented May 8, 2020

Unpopular opinion: we could also allow NONE which just was enabled by the latest SPDX release. But well, that's not really what REUSE wants to procure...

@Flameeyes
Copy link

My personal preference on this is to use MIT rather than either CC0-1.0 or Unlicense, since they are all on the "extremely permissive" side of the equation, and they reduce the friction altogether.

Fedora recommends against Unlicense but it does not seem to disallow it either. It does say that there's MIT variants with rights to sublicense, but does not provide an explicit link there. The MIT license at OSI does say "sublicense" though.

OSI talks about CC0 on the FAQ, and links to unlicense.org, but of course neither of them are on the OSI approved list.

I'm most definitely not a lawyer, which is why I just wanted to avoid this chaos and chose to license config files under MIT and be done with it, but YMMV.

@carmenbianca
Copy link
Member Author

@mxmehl I agree that that's against the stated goals of REUSE.

@Flameeyes There are three or four problems with choosing MIT here:

  1. It doesn't convey intent as well as CC0-1.0 does. A public domain dedication is a very clear communication by the author that they don't care about what happens to the work. An MIT license doesn't communicate this clearly, and still comes with one string attached: To preserve the copyright statement (on an uncopyrighted work…). The 0BSD would be a better option here, which has basically zero strings, but still has its own problems.

  2. The MIT license has this annoying thing where there's a copyright statement inside of the license text. See Better handle licenses that have SPDX templates/variables (e.g. MIT, BSD) #16. This still isn't really resolved, and REUSE currently makes no clear recommendation on how to deal with that.

  3. The MIT license explicitly uses the word "software", which doesn't make sense for tiny configuration files and the like. Apache-2.0 and 0BSD have the same problem.

  4. Potentially politics. The FSF insists on calling the MIT license the "Expat" license, and usually recommends Apache-2.0 over MIT/Expat. The FSFE the FSF isn't, but we do like to be on one line to avoid conflict.

How I wish FOSS licensing wasn't such a mess :(

@Flameeyes
Copy link

To be quite honest, Google also recommends Apache-2.0 over MIT — and indeed for the stuff I released while working there I stuck to Apache-2.0 for config files as well, as nearly anything else would have required a thorough review (which I guess fits your idea of using the project's overall license).

Now if we're trying to align to FSF — FSF also appears to discourage Unlicense over CC0-1.0 but it is considered compatible. The discouragement is also less strongly worded than the WTFPL (which somehow sends people to Apache-2.0 rather than CC0-1.0, but that's a completely separate tangent).

So on a totally pragmatic view of "making the least amount of people unhappy", I would vote for Unlicense as the recommendation (fully aware that my vote is not worth anything in this context :)) — it's not recommended by any of the organizations we're talking about, it is discouraged by pretty much all of them (OSI, FSF, Fedora) but it is not banned by any of them either, whereas CC0-1.0 is banned by Google and strongly worded against by OSI.

Flameeyes added a commit to Flameeyes/Adafruit_CircuitPython_ESP32SPI that referenced this issue May 10, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with ladyada's copyright as per the
   LICENSE file.
 * The favicon.ico file has been tagged with MIT license and the same
   copyright information. I do believe this is incorrect, and would like to
   know what the correct information should be.
 * All configuration files have been tagged with ladyada's copyright and
   Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but
   that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/Adafruit_CircuitPython_TestRepo that referenced this issue May 15, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Kattni Rembor's copyright as per
   the LICENSE file.
 * The favicon.ico file has been tagged with CC-BY-4.0 license as per
   adafruit/circuitpython#2887 (comment)
   and Phillip Torrone's for Adafruit Industries copyright.
 * All configuration files have been tagged with Kattni Rembor's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/Adafruit_CircuitPython_TestRepo that referenced this issue May 15, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Kattni Rembor's copyright as per
   the LICENSE file.
 * The favicon.ico file has been tagged with CC-BY-4.0 license as per
   adafruit/circuitpython#2887 (comment)
   and Phillip Torrone's for Adafruit Industries copyright.
 * All configuration files have been tagged with Kattni Rembor's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/actions-ci-circuitpython-libs that referenced this issue May 15, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Kattni Rembor's copyright as per
   the LICENSE file.
 * All configuration files have been tagged with Kattni Rembor's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/Adafruit_CircuitPython_TestRepo that referenced this issue May 15, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Kattni Rembor's copyright as per
   the LICENSE file.
 * The favicon.ico file has been tagged with CC-BY-4.0 license as per
   adafruit/circuitpython#2887 (comment)
   and Phillip Torrone's for Adafruit Industries copyright.
 * All configuration files have been tagged with Kattni Rembor's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/Adafruit_CircuitPython_TestRepo that referenced this issue May 15, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Kattni Rembor's copyright as per
   the LICENSE file.
 * The favicon.ico file has been tagged with CC-BY-4.0 license as per
   adafruit/circuitpython#2887 (comment)
   and Phillip Torrone's for Adafruit Industries copyright.
 * All configuration files have been tagged with Kattni Rembor's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/Adafruit_CircuitPython_TestRepo that referenced this issue May 15, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Kattni Rembor's copyright as per
   the LICENSE file.
 * The favicon.ico file has been tagged with CC-BY-4.0 license as per
   adafruit/circuitpython#2887 (comment)
   and Phillip Torrone's for Adafruit Industries copyright.
 * All configuration files have been tagged with Kattni Rembor's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/actions-ci-circuitpython-libs that referenced this issue May 15, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Kattni Rembor's copyright as per
   the LICENSE file.
 * All configuration files have been tagged with Kattni Rembor's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
@silverhook
Copy link
Collaborator

silverhook commented May 18, 2020

CC0-1.0 was not approved in OSI, because there was a discussion about it because it explicitly does not cover patents. Then CC0-1.0 got pulled back from the process, so the process actually never finished.

That being said, I don’t think any public domain dedication covers patents. OSI covers this pretty well here:
https://opensource.org/faq#public-domain

@silverhook
Copy link
Collaborator

That being said, I don‘t see an acute need for a change. We suggest to use CC0-1.0, we do not require people to do so. If their project/employer has a different policy, they can always just slap whatever they require it.

The goal of REUSE is to have valid and useful info in all source code, not which licenses must be used.

@mxmehl
Copy link
Member

mxmehl commented May 19, 2020

The goal of REUSE is to have valid and useful info in all source code, not which licenses must be used.

Very right, thank you for the reminder. What about trying to make a short abstract of the different options (CC0-1.0, Unlicense, Apache-2.0/MIT, some-other-public-domainish-SPDX'ed-license) and update the FAQ entry with it, while stating that REUSE does not have a strict policy on that?

Flameeyes added a commit to Flameeyes/Adafruit_CircuitPython_TestRepo that referenced this issue May 19, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Kattni Rembor's copyright as per
   the LICENSE file.
 * The favicon.ico file has been tagged with CC-BY-4.0 license as per
   adafruit/circuitpython#2887 (comment)
   and Phillip Torrone's for Adafruit Industries copyright.
 * All configuration files have been tagged with Kattni Rembor's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
@silverhook
Copy link
Collaborator

What about trying to make a short abstract of the different options (CC0-1.0, Unlicense, Apache-2.0/MIT, some-other-public-domainish-SPDX'ed-license) and update the FAQ entry with it, while stating that REUSE does not have a strict policy on that?

That is one option. If you draft one, I’m happy to review it.

The simpler/lazy option is just to say that CC0-1.0 is one option how to do it, but change that to whatever fits your project/company/personal policy.

Flameeyes added a commit to Flameeyes/cookiecutter-adafruit-circuitpython that referenced this issue May 21, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Scott Shawcroft's copyright as per
   the LICENSE file.
 * The favicon.ico file has been tagged with CC-BY-4.0 license as per
   adafruit/circuitpython#2887 (comment)
   and Phillip Torrone's for Adafruit Industries copyright.
 * All configuration files have been tagged with Scott Shawcroft's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).
 * In the templated library structure, I've added a double copyright line
   for Scott Shawcroft _and_ the authoring person/company as per previous
   template in at least some of the files. Please let me know which others
   need to be tagged. There is some space for the _template_ having MIT
   license while the _generated_ file having Unlicense, or them having
   different copyright altogether.
 * Since all three of the licenses are used in both the repository itself
   and the generated repository in the cookiecutter, they are currently
   duplicated.

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/cookiecutter-adafruit-circuitpython that referenced this issue May 21, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with Scott Shawcroft's copyright as per
   the LICENSE file.
 * The favicon.ico file has been tagged with CC-BY-4.0 license as per
   adafruit/circuitpython#2887 (comment)
   and Phillip Torrone's for Adafruit Industries copyright.
 * All configuration files have been tagged with Scott Shawcroft's copyright
   and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0,
   but that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).
 * In the templated library structure, I've added a double copyright line
   for Scott Shawcroft _and_ the authoring person/company as per previous
   template in at least some of the files. Please let me know which others
   need to be tagged. There is some space for the _template_ having MIT
   license while the _generated_ file having Unlicense, or them having
   different copyright altogether.
 * Since all three of the licenses are used in both the repository itself
   and the generated repository in the cookiecutter, they are currently
   duplicated.

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
Flameeyes added a commit to Flameeyes/Adafruit_CircuitPython_ESP32SPI that referenced this issue May 30, 2020
The REUSE specifications[1] are meant to make it explicit and easier to
apply code licensing information for a project. The provided lint tool
makes it easy to ensure all the content (code and not code) is tagged.

Important notes:

 * All the code (and documentation) that otherwise didn't have an explicit
   license headers have been tagged with ladyada's copyright as per the
   LICENSE file.
 * favicon.ico and CODE_OF_CONDUCT.md have been synced from the
   source-of-truth repositories.
 * All configuration files have been tagged with ladyada's copyright and
   Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but
   that has… side effects. There's some discussion in [3] about the
   recommendation for likely-uncopyrightable files (such as configuration
   files).

[1]: https://reuse.software/
[2]: https://unlicense.org/
[3]: fsfe/reuse-docs#62
@LynnKirby
Copy link

I think there may be a super simple workaround, though. Instead of exclusively licensing "uncopyrightable" stuff under CC0-1.0, you could dual-license it, so that the recipient can choose which licence they prefer.

There are two problems with this:

  1. If it's uncopyrightable, most licenses are void since the terms are explicitly for copyrightable works. For example, if an uncopyrightable work is distributed under GPL-3.0 you can just ignore that and do what you want with the work anyways (so says the FSF).

  2. Including a recommendation like that furthers the misconception that dual licensing with CC0 is possible in the first place. Per the Creative Commons FAQ:

    Please note that CC0 is not a license; it is a public domain dedication. When CC0 is applied to a work, copyright no longer applies to the work in most jurisdictions around the world. Therefore, references to dual licensing arrangements like the one above are inapplicable to CC0.

Ultimately what SPDX expressions people use is up to them but REUSE should avoid recommending things that might be legally problematic.

@mxmehl mxmehl added the faq FAQ label Mar 29, 2021
@silverhook
Copy link
Collaborator

silverhook commented Jul 28, 2022

Do note that lately the consensus between FOSS legal experts seems to have shifted from CC0-1.0 being a preferred license for “non-copyrightable stuff” to one that should best be avoided for code, since (as other CC licenses) it explicitly excludes patents.

Perhaps a better choice would be something like MIT-0, 0BSD or even Unlicense (confusing name though).

https://lists.fedoraproject.org/archives/list/[email protected]/thread/RRYM3CLYJYW64VSQIXY6IF3TCDZGS6LM/
https://www.gnu.org/licenses/license-list.html#CC0

@carmenbianca
Copy link
Member Author

@silverhook I was going to raise that also.

I dislike that all the possible replacement licences explicitly use the word 'software'. But I think it's just a case of picking your poison.

@Flameeyes
Copy link

As I wrote two years ago I'd recommend 0BSD because it's more widely accepted in the industry.

Unlicense is explicitly disallowed in Google's opensource contribution program.

@silverhook
Copy link
Collaborator

I think 0BSD and MIT-0 would probably be our best bets if we’re dealing with software, yes.

It is frustrating that there is no silver bullet, but that’s life…

@carmenbianca
Copy link
Member Author

It is frustrating that there is no silver bullet, but that’s life…

I have an idea. Let's create a new licence!

(+1 for 0BSD)

@richardfontana
Copy link

richardfontana commented Jul 30, 2022

Following the recent Fedora policy change on CC0, I have already seen one case where a package had several (trivial) CC0-covered 'code' files in an attempt to follow REUSE recommendations. If REUSE is going to continue recommending that all files (however trivial or insignificant) bear some sort of copyright and license notice, I suggest that a license other than CC0 be used -- my recommendation would be MIT-0 (MIT No Attribution). 0BSD is OK too :)

@Flameeyes
Copy link

As a data point it doesn't look like Google allows contributions to MIT-0. Maybe that'll change, but 0BSD might still a safer bet if we're going down that route.

@silverhook
Copy link
Collaborator

silverhook commented Aug 3, 2022

Hmmmm, I wonder if it is the time where (at least in the FAQ) we address that different licenses are good for different types of work/content.

Given that so far from different sources I’ve heard of three different preferred licenses (0BSD, MIT-0, Unlicense) by different projects/experts and one of those mentioned as not-allowed (MIT-0, in comment above), it might also make sense to have a quick check of at least what the more important FOSS players prefer or disallow.

So far it seems to me:

  • 0BSD – 1 preference
  • MIT-0 – 1 preference, 1 non-allow(?) (I don’t read it as non-allow, but @Flameeyes may have had some insight I don’t)
  • Unlicense – 1 preference, 1 non-allow (+ 1 “it’s not the best worded”(?))

@Flameeyes
Copy link

To clarify, Google disallowed all of those except 0BSD. Which is why I have been using, and recommending, it.

See the details from https://flameeyes.blog/2020/04/16/making-it-easy-to-contribute-code/ and my difficulty indeed to find a solution that would work, both with REUSE and Google's policies.

@silverhook
Copy link
Collaborator

@Flameeyes are you referring to this section and if so, has it changed?
https://opensource.google/documentation/reference/thirdparty/licenses#unencumbered

@Flameeyes
Copy link

Different lists for licenses allowed to be used versus being able to be contributed to.

Personally I care about the latter, since otherwise I cut myself out from the contributions of Google employees. For that the published list of banned licenses is https://opensource.google/documentation/reference/patching#forbidden

You can see that all public domain dedications except 0BSD are banned from patching. That includes WTFPL and Unlicense.

@silverhook
Copy link
Collaborator

Ah, got it.

But it has to be pointed out that while CC0-1.0 and Unlicense are public domain dedications, 0BSD and MIT-0 are not – they are just very permissive licenses, who don’t care about attribution.

(And yeah, for the record, WTFPL is fun, but please don’t license stuff under it.)

@nemobis
Copy link

nemobis commented Aug 3, 2022

There is no need to change the recommendation about CC-0, which is currently the only license/waiver option for uncopyrightable files (as LynnKirby notes above).

Concerns about trademarks and patents are irrelevant because these are generally about projects, not files. (Or is someone worried about trademarks on .gitignore files?) To address those concerns, it's sufficient to make sure that the project as a whole has a free software license, beyond the CC-0 license used for individual uncopyrightable files. If the entire project is made exclusively of uncopyrightable files, the authors or rightsholders can come up with a copyrightable poem to add to the README and place that under MIT-0, 0BSD or whatever.

Discouraging the CC-0 altogether in software would cause problems and increase legal risk for the reusers of all those software projects which contain uncopyrightable data which might be subject to sui generis database rights.

@silverhook
Copy link
Collaborator

Good point, @nemobis .

The problem remains that if we continue to recommend CC0-1.0 (or Unlicense) – even for files where it totally makes sense –, and the general consensus in the community is that CC0-1.0 (and Unlicense) is not good for certain reasons and as a consequence a lot of policies (even if wrongly) make it really difficult to use or even flat-out forbid using those licenses, that would put REUSE-compliant projects at a real disadvantage.

@nemobis
Copy link

nemobis commented Aug 3, 2022 via email

@silverhook
Copy link
Collaborator

As written in a previous comment it is the FSF and Fedora that have recently publicly shunned CC0-1.0 and the explicitly missing patent license is something that has been a growing concern in the circles of FOSS legal experts. I see the recent moves of FSF and Fedora as more of a symptom of a greater shift that took a long long time, not as the trigger for such shift.

You can even read this in @richardfontana’s original mail to Fedora Legal mailing list:

The reason for the change: Over a long period of time a consensus has
been building in FOSS that licenses that preclude any form of patent
licensing or patent forbearance cannot be considered FOSS. CC0 has a
clause that says: "No trademark or patent rights held by Affirmer are
waived, abandoned, surrendered, licensed or otherwise affected by this
document." (The trademark side of that clause is nonproblematic from a
FOSS licensing norms standpoint.) The regular Creative Commons
licenses have similar clauses.

Google’s concern seems to be about dedications to public domain in general, which can be tricky and have been abused before. But that is not something REUSE needs to concern itself about. The only reason Google’s policy popped up here is that if we’re replacing CC0-1.0 for a different license/public domain dedication, then it’s best to chose one that doesn’t put REUSE-compliant projects in a disadvantage from getting contributions from different individuals and legal entities and we started gathering known policies to see which of the options (0BSD, CC0-1.0, MIT-0, Unlicense, …) is the most widely acceptable.

@nemobis
Copy link

nemobis commented Aug 3, 2022 via email

@LiberalArtist
Copy link

LiberalArtist commented Aug 7, 2022

One thing I wondered is whether Fedora's policy change applies only to packages where CC0-1.0 is the primary license of the package as a whole, or also to packages under some other license—say, Apache-2.0—that have specific files licensed CC0-1.0. From @richardfontana's comment:

Following the recent Fedora policy change on CC0, I have already seen one case where a package had several (trivial) CC0-covered 'code' files in an attempt to follow REUSE recommendations. If REUSE is going to continue recommending that all files (however trivial or insignificant) bear some sort of copyright and license notice, I suggest that a license other than CC0 be used -- my recommendation would be MIT-0 (MIT No Attribution). 0BSD is OK too :)

it sounds like the later. I'm not a lawyer, but the "submission of contributions" clause in Apache-2.0 makes it an especially interesting case. Some projects use that clause to specify that all inbound contributions are e.g. Apache-2.0 AND MIT—i.e. all contributors agree to the patent grant—but the outbound license is Apache-2.0 OR MIT, giving downstream users especially broad compatibility. Would CC0-1.0 OR Apache-2.0 in such a scheme satisfy Fedora's policy?

Moving away from the Fedora specifics, @richardfontana's observation that REUSE recommends "that all files (however trivial or insignificant) bear some sort of copyright and license notice" gets to why I find CC0-1.0 especially relevant for REUSE.

I contribute to a number of projects that don't follow the REUSE recommendations and don't have per-file license headers, but just an overall statement of what license the project is under. If I contribute a file to such a project that I believe is too trivial to be copyrightable, it doesn't bother me to leave that implicit: if I'm right that my contribution really is not copyrightable, people can use it accordingly whether I say so or not.

If I follow the REUSE recommendations, though, I can't leave anything implicit: I must specify the license even for .gitignore files and other things I do not believe are copyrightable. Using CC0-1.0 communicates that view, while also protecting recipients against the possibility that some judge might disagree with me (since I am not a lawyer). I think that's also why Creative Commons recommends, as I understand it, that you use CC0-1.0 rather than the Public Domain Mark for your own work that you believe not to be copyrightable.

If I wrote # SPDX-License-Identifier: GPL-3.0-or-later at the top of my .gitignore files, or even some more permissive license, I would seem to be asserting something I do not believe to be true: I do not believe I have any rights under copyright over .gitignore files that I could license. Moreover, I argue that I ought not to have any rights over .gitignore files, nor over many Makefiles and other files that could be considered code.

@Jayman2000
Copy link
Contributor

One possibility would be to use Jason Self’s Worldwide Public Domain Dedication once its finished. The current draft is a fork of CC0-1.0 that tries to waive both copyright and patent rights. It also removes the part of CC0 that says that trademarks aren’t affected.

As far as I know, the patent thing is the only reason why people, projects and organizations have been discouraging CC0. Are there any other criticisms of CC0 that we would need to consider?

@silverhook
Copy link
Collaborator

Sounds like a nice idea, but I’d really prefer to suggest a more well-established license instead.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
faq FAQ
Projects
None yet
Development

Successfully merging a pull request may close this issue.

9 participants