Define "maintainers" to prevent privilege escalation

[joe-no-body]

This PR tries to address (or at least illustrate) a potential ambiguity with the term "the maintainer(s)", specifically concerning this line:

A commercial license may be granted freely at the maintainer's discretion.

My concern here is that "the maintainer" isn't defined and isn't clearly differentiated from an ordinary contributor, which introduces some ambiguity that seems exploitable. e.g. I get you to accept my PR, then claim that makes me a maintainer and gives me a right to grant commercial licenses, including to myself or my employer.

I think my wording here is a bit too dense and faux-legalese, but I figure it's a starting point and maybe more helpful than just dropping another open-ended issue into the queue. :slightly_smiling_face:

[1bardesign]

Yeah likely a bit too legalese - unambiguous is good, but the initial RFC version already feels too wordy to me compared to something like zlib or mit or bsd - but a good starting point.

I was more or less intending to lay out a list of maintainers per-project (as well as a list of contributors) to provide proper attribution outside of a full repository context, but it does probably make sense to tie it to the copyright holder. Afaik they're the only person able to dual-license in the case of something like the GPL usually.

Appreciate the involvement, fwiw.

[joe-no-body]

For sure. I'd suggest maybe putting together a list of requirements for what you want to include that can basically evolve into an outline and then the final license text.

Afaik they're the only person able to dual-license in the case of something like the GPL usually.

Yeah, you basically need permission from all copyright holders (including contributors) to do multi-licensing.

[1bardesign]

Merged after some minor adjustment, it's not perfect but it's better than not defining it at all :)