-
Notifications
You must be signed in to change notification settings - Fork 20
Alter CC0-1.0 recommendation for uncopyrightable files #62
Comments
Unpopular opinion: we could also allow NONE which just was enabled by the latest SPDX release. But well, that's not really what REUSE wants to procure... |
My personal preference on this is to use MIT rather than either CC0-1.0 or Unlicense, since they are all on the "extremely permissive" side of the equation, and they reduce the friction altogether. Fedora recommends against Unlicense but it does not seem to disallow it either. It does say that there's MIT variants with rights to sublicense, but does not provide an explicit link there. The MIT license at OSI does say "sublicense" though. OSI talks about CC0 on the FAQ, and links to unlicense.org, but of course neither of them are on the OSI approved list. I'm most definitely not a lawyer, which is why I just wanted to avoid this chaos and chose to license config files under MIT and be done with it, but YMMV. |
@mxmehl I agree that that's against the stated goals of REUSE. @Flameeyes There are three or four problems with choosing MIT here:
How I wish FOSS licensing wasn't such a mess :( |
To be quite honest, Google also recommends Apache-2.0 over MIT — and indeed for the stuff I released while working there I stuck to Apache-2.0 for config files as well, as nearly anything else would have required a thorough review (which I guess fits your idea of using the project's overall license). Now if we're trying to align to FSF — FSF also appears to discourage Unlicense over CC0-1.0 but it is considered compatible. The discouragement is also less strongly worded than the WTFPL (which somehow sends people to Apache-2.0 rather than CC0-1.0, but that's a completely separate tangent). So on a totally pragmatic view of "making the least amount of people unhappy", I would vote for Unlicense as the recommendation (fully aware that my vote is not worth anything in this context :)) — it's not recommended by any of the organizations we're talking about, it is discouraged by pretty much all of them (OSI, FSF, Fedora) but it is not banned by any of them either, whereas CC0-1.0 is banned by Google and strongly worded against by OSI. |
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with ladyada's copyright as per the LICENSE file. * The favicon.ico file has been tagged with MIT license and the same copyright information. I do believe this is incorrect, and would like to know what the correct information should be. * All configuration files have been tagged with ladyada's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Kattni Rembor's copyright as per the LICENSE file. * The favicon.ico file has been tagged with CC-BY-4.0 license as per adafruit/circuitpython#2887 (comment) and Phillip Torrone's for Adafruit Industries copyright. * All configuration files have been tagged with Kattni Rembor's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Kattni Rembor's copyright as per the LICENSE file. * The favicon.ico file has been tagged with CC-BY-4.0 license as per adafruit/circuitpython#2887 (comment) and Phillip Torrone's for Adafruit Industries copyright. * All configuration files have been tagged with Kattni Rembor's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Kattni Rembor's copyright as per the LICENSE file. * All configuration files have been tagged with Kattni Rembor's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Kattni Rembor's copyright as per the LICENSE file. * The favicon.ico file has been tagged with CC-BY-4.0 license as per adafruit/circuitpython#2887 (comment) and Phillip Torrone's for Adafruit Industries copyright. * All configuration files have been tagged with Kattni Rembor's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Kattni Rembor's copyright as per the LICENSE file. * The favicon.ico file has been tagged with CC-BY-4.0 license as per adafruit/circuitpython#2887 (comment) and Phillip Torrone's for Adafruit Industries copyright. * All configuration files have been tagged with Kattni Rembor's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Kattni Rembor's copyright as per the LICENSE file. * The favicon.ico file has been tagged with CC-BY-4.0 license as per adafruit/circuitpython#2887 (comment) and Phillip Torrone's for Adafruit Industries copyright. * All configuration files have been tagged with Kattni Rembor's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Kattni Rembor's copyright as per the LICENSE file. * All configuration files have been tagged with Kattni Rembor's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
CC0-1.0 was not approved in OSI, because there was a discussion about it because it explicitly does not cover patents. Then CC0-1.0 got pulled back from the process, so the process actually never finished. That being said, I don’t think any public domain dedication covers patents. OSI covers this pretty well here: |
That being said, I don‘t see an acute need for a change. We suggest to use CC0-1.0, we do not require people to do so. If their project/employer has a different policy, they can always just slap whatever they require it. The goal of REUSE is to have valid and useful info in all source code, not which licenses must be used. |
Very right, thank you for the reminder. What about trying to make a short abstract of the different options (CC0-1.0, Unlicense, Apache-2.0/MIT, some-other-public-domainish-SPDX'ed-license) and update the FAQ entry with it, while stating that REUSE does not have a strict policy on that? |
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Kattni Rembor's copyright as per the LICENSE file. * The favicon.ico file has been tagged with CC-BY-4.0 license as per adafruit/circuitpython#2887 (comment) and Phillip Torrone's for Adafruit Industries copyright. * All configuration files have been tagged with Kattni Rembor's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
That is one option. If you draft one, I’m happy to review it. The simpler/lazy option is just to say that CC0-1.0 is one option how to do it, but change that to whatever fits your project/company/personal policy. |
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Scott Shawcroft's copyright as per the LICENSE file. * The favicon.ico file has been tagged with CC-BY-4.0 license as per adafruit/circuitpython#2887 (comment) and Phillip Torrone's for Adafruit Industries copyright. * All configuration files have been tagged with Scott Shawcroft's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). * In the templated library structure, I've added a double copyright line for Scott Shawcroft _and_ the authoring person/company as per previous template in at least some of the files. Please let me know which others need to be tagged. There is some space for the _template_ having MIT license while the _generated_ file having Unlicense, or them having different copyright altogether. * Since all three of the licenses are used in both the repository itself and the generated repository in the cookiecutter, they are currently duplicated. [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with Scott Shawcroft's copyright as per the LICENSE file. * The favicon.ico file has been tagged with CC-BY-4.0 license as per adafruit/circuitpython#2887 (comment) and Phillip Torrone's for Adafruit Industries copyright. * All configuration files have been tagged with Scott Shawcroft's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). * In the templated library structure, I've added a double copyright line for Scott Shawcroft _and_ the authoring person/company as per previous template in at least some of the files. Please let me know which others need to be tagged. There is some space for the _template_ having MIT license while the _generated_ file having Unlicense, or them having different copyright altogether. * Since all three of the licenses are used in both the repository itself and the generated repository in the cookiecutter, they are currently duplicated. [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
The REUSE specifications[1] are meant to make it explicit and easier to apply code licensing information for a project. The provided lint tool makes it easy to ensure all the content (code and not code) is tagged. Important notes: * All the code (and documentation) that otherwise didn't have an explicit license headers have been tagged with ladyada's copyright as per the LICENSE file. * favicon.ico and CODE_OF_CONDUCT.md have been synced from the source-of-truth repositories. * All configuration files have been tagged with ladyada's copyright and Unlicense[2]. The current REUSE recommendation is to use CC0-1.0, but that has… side effects. There's some discussion in [3] about the recommendation for likely-uncopyrightable files (such as configuration files). [1]: https://reuse.software/ [2]: https://unlicense.org/ [3]: fsfe/reuse-docs#62
There are two problems with this:
Ultimately what SPDX expressions people use is up to them but REUSE should avoid recommending things that might be legally problematic. |
Do note that lately the consensus between FOSS legal experts seems to have shifted from Perhaps a better choice would be something like https://lists.fedoraproject.org/archives/list/[email protected]/thread/RRYM3CLYJYW64VSQIXY6IF3TCDZGS6LM/ |
@silverhook I was going to raise that also. I dislike that all the possible replacement licences explicitly use the word 'software'. But I think it's just a case of picking your poison. |
As I wrote two years ago I'd recommend 0BSD because it's more widely accepted in the industry. Unlicense is explicitly disallowed in Google's opensource contribution program. |
I think 0BSD and MIT-0 would probably be our best bets if we’re dealing with software, yes. It is frustrating that there is no silver bullet, but that’s life… |
I have an idea. Let's create a new licence! (+1 for 0BSD) |
Following the recent Fedora policy change on CC0, I have already seen one case where a package had several (trivial) CC0-covered 'code' files in an attempt to follow REUSE recommendations. If REUSE is going to continue recommending that all files (however trivial or insignificant) bear some sort of copyright and license notice, I suggest that a license other than CC0 be used -- my recommendation would be MIT-0 (MIT No Attribution). 0BSD is OK too :) |
As a data point it doesn't look like Google allows contributions to MIT-0. Maybe that'll change, but 0BSD might still a safer bet if we're going down that route. |
Hmmmm, I wonder if it is the time where (at least in the FAQ) we address that different licenses are good for different types of work/content. Given that so far from different sources I’ve heard of three different preferred licenses (0BSD, MIT-0, Unlicense) by different projects/experts and one of those mentioned as not-allowed (MIT-0, in comment above), it might also make sense to have a quick check of at least what the more important FOSS players prefer or disallow. So far it seems to me:
|
To clarify, Google disallowed all of those except 0BSD. Which is why I have been using, and recommending, it. See the details from https://flameeyes.blog/2020/04/16/making-it-easy-to-contribute-code/ and my difficulty indeed to find a solution that would work, both with REUSE and Google's policies. |
@Flameeyes are you referring to this section and if so, has it changed? |
Different lists for licenses allowed to be used versus being able to be contributed to. Personally I care about the latter, since otherwise I cut myself out from the contributions of Google employees. For that the published list of banned licenses is https://opensource.google/documentation/reference/patching#forbidden You can see that all public domain dedications except 0BSD are banned from patching. That includes WTFPL and Unlicense. |
Ah, got it. But it has to be pointed out that while CC0-1.0 and Unlicense are public domain dedications, 0BSD and MIT-0 are not – they are just very permissive licenses, who don’t care about attribution. (And yeah, for the record, WTFPL is fun, but please don’t license stuff under it.) |
There is no need to change the recommendation about CC-0, which is currently the only license/waiver option for uncopyrightable files (as LynnKirby notes above). Concerns about trademarks and patents are irrelevant because these are generally about projects, not files. (Or is someone worried about trademarks on .gitignore files?) To address those concerns, it's sufficient to make sure that the project as a whole has a free software license, beyond the CC-0 license used for individual uncopyrightable files. If the entire project is made exclusively of uncopyrightable files, the authors or rightsholders can come up with a copyrightable poem to add to the README and place that under MIT-0, 0BSD or whatever. Discouraging the CC-0 altogether in software would cause problems and increase legal risk for the reusers of all those software projects which contain uncopyrightable data which might be subject to sui generis database rights. |
Good point, @nemobis . The problem remains that if we continue to recommend CC0-1.0 (or Unlicense) – even for files where it totally makes sense –, and the general consensus in the community is that CC0-1.0 (and Unlicense) is not good for certain reasons and as a consequence a lot of policies (even if wrongly) make it really difficult to use or even flat-out forbid using those licenses, that would put REUSE-compliant projects at a real disadvantage. |
First of all, there isn't a "general consensus" on anything of the sort
and Google is certainly not a good source for what is the general
consensus on good licensing practices. (Although their opensource guide
is very useful for factual information!)
Il 03/08/22 19:40, Matija Šuklje ha scritto:
a lot of policies (even if wrongly) make it really difficult to use or even flat-out forbid using those licenses
I have not seen a single policy which would make it hard to use a
project arranged as I described above, let alone "a lot".
The one concrete example of problems with CC-0 is
<https://opensource.google/documentation/reference/patching#forbidden>,
which says "You can't patch projects with any of the following
licenses", stress on *projects*. So the project as a whole needs to be
under another license (e.g. BSD0) and individual files can be under
whatever license compatible with it.
An *extreme* interpretation of the Google policy is that Google
employees can't contribute to a .gitignore file inside a BSD0 project,
if the .gitignore file is marked as being CC-0. This is clearly absurd
and against the intention of the prohibition, which is stated as "Our
general philosophy is that we do not allow patches to projects that
Google cannot use". So the correct solution is for a Google employee to
ask a clarification that there would be no problem in such a case.
|
As written in a previous comment it is the FSF and Fedora that have recently publicly shunned CC0-1.0 and the explicitly missing patent license is something that has been a growing concern in the circles of FOSS legal experts. I see the recent moves of FSF and Fedora as more of a symptom of a greater shift that took a long long time, not as the trigger for such shift. You can even read this in @richardfontana’s original mail to Fedora Legal mailing list:
Google’s concern seems to be about dedications to public domain in general, which can be tricky and have been abused before. But that is not something REUSE needs to concern itself about. The only reason Google’s policy popped up here is that if we’re replacing CC0-1.0 for a different license/public domain dedication, then it’s best to chose one that doesn’t put REUSE-compliant projects in a disadvantage from getting contributions from different individuals and legal entities and we started gathering known policies to see which of the options (0BSD, CC0-1.0, MIT-0, Unlicense, …) is the most widely acceptable. |
Yes I've read that comment by Fontana, and I agree with it. That's not
in contradiction with what I said before.
|
One thing I wondered is whether Fedora's policy change applies only to packages where
it sounds like the later. I'm not a lawyer, but the "submission of contributions" clause in Moving away from the Fedora specifics, @richardfontana's observation that REUSE recommends "that all files (however trivial or insignificant) bear some sort of copyright and license notice" gets to why I find I contribute to a number of projects that don't follow the REUSE recommendations and don't have per-file license headers, but just an overall statement of what license the project is under. If I contribute a file to such a project that I believe is too trivial to be copyrightable, it doesn't bother me to leave that implicit: if I'm right that my contribution really is not copyrightable, people can use it accordingly whether I say so or not. If I follow the REUSE recommendations, though, I can't leave anything implicit: I must specify the license even for If I wrote |
One possibility would be to use Jason Self’s Worldwide Public Domain Dedication once its finished. The current draft is a fork of CC0-1.0 that tries to waive both copyright and patent rights. It also removes the part of CC0 that says that trademarks aren’t affected. As far as I know, the patent thing is the only reason why people, projects and organizations have been discouraging CC0. Are there any other criticisms of CC0 that we would need to consider? |
Sounds like a nice idea, but I’d really prefer to suggest a more well-established license instead. |
I'd been pondering this a little while. Famously, the CC0-1.0 licence is not approved by the OSI. It's not disapproved either—it exists in a weird uncomfortable state where the OSI says that "yeah if this goes through the approval process we might not approve it", and they mutually agreed that not having it on OSI's list would be better than the OSI explicitly disapproving the licence. Something to do with patents or moral rights.
That's my basic understanding, anyway. I should've looked up the details before posting this.
@Flameeyes mentioned in his blog post that Google won't allow usage of stuff licensed under CC0-1.0, preferring Unlicense. According to another post, Fedora has the opposite recommendation—preferring CC0-1.0 over Unlicense.
So none of that's great.
I think there may be a super simple workaround, though. Instead of exclusively licensing "uncopyrightable" stuff under CC0-1.0, you could dual-license it, so that the recipient can choose which licence they prefer.
That looks like
SPDX-License-Identifier: CC0-1.0 OR primary-license-of-project
. This way, if a user would love to use the software were it not for CC0-1.0, then there's no problem. They can just pretend that the file is under the primary licence instead.One problem with this recommendation is that it's not super straightforward. "Just slap CC0-1.0 on uncopyrightable files" is a much simpler recommendation than "slap CC0-1.0 OR your-primary-license on uncopyrightable files, in case some people don't like CC0-1.0".
Of course, you could also forgo CC0-1.0 entirely, but that wouldn't translate intent very well.
The text was updated successfully, but these errors were encountered: