jeremiah
commented
4 years ago I think this is a good idea. It also points to the identified licenses as the single source of authority as opposed to "reasonable efforts" which is open to interpretation.
Closed HansMKern closed 1 year ago
jeremiah
commented
4 years ago I think this is a good idea. It also points to the identified licenses as the single source of authority as opposed to "reasonable efforts" which is open to interpretation.
davidru
commented
4 years ago I have a question about the proposal. Section 3.4.1 states that "a process shall exist for creating the set of compliance artifacts for the supplied software." The verification materials, in turn, requires documentation of those processes. The rationale then notes that the purpose of this section is to "To ensure reasonable commercial efforts have been instituted in the preparation of the compliance artifacts that accompany the supplied software, as required by the identified licenses.”
If I'm reading this correctly, this section is focused on the processes that are in place to produce compliance artifacts.
The proposal for a new rationale seems, however, instead seem to be focused on the results of the process. Was that the intent?
MarkGisi
commented
4 years ago David, you reading is correct. The spec is focused on a "Program" which is comprised of processes.
shanecoughlan
commented
1 year ago Decision on 2022-12-06 call to remove the word "commercial" on 3.0 spec here: https://github.com/OpenChain-Project/License-Compliance-Specification/blob/master/Official/en/3.0/openchain-license-compliance-3.0.md
§3.4.1 Compliance Artifacts -- Rationale:
There should be no reference to a “reasonable efforts” standard in respect of fulfillment of an OSS license, because the law applies “strict liability”.
Generally and probably world wide, copyright law forbids copying, modifying and distributing of copyrighted works, if and insofar there is no grant of such a right by the author/copyright holder. And in respect of Open Source Software, this right is granted under conditions – the OSS License. If the OSS License is not fulfilled, there is no such permission, thus an infringement of copyright. Whether or not an OSS license is fulfilled depends on a strict standard of care (because it is a grant “in rem”, not a mere contract between parties). So the answer can only be “yes, OSS license fulfilled” or “no, OSS license not fulfilled”. There is no grey zone like “yes, if reasonable efforts were made to fulfill the OSS license”. We should avoid any language, even in a rationale, which could give the impression of accepting a standard of care which is not in line with the law.
Suggestion for a new rationale: “To ensure the compliance artifacts that accompany the supplied software have been provided and prepared, as required by the identified licenses”