FINOS InnerSource Licenses

[chamindra]

Finos Inner Source License

Description of Problem:

The application of inner source within a Financial enterprise requires more clarity in terms of permissible use and clear definitions of boundary particularly with the involvement of 3rd Party vendors and partners. Inner Source can sometimes be mistaken as Open Source causing issues. It would be good to have some clear do and don't when you get your hands on inner source code. The license should also encourage sharing code back in certain scenarios.

If we have a common and popular set of inner source licenses:

1. It would be less of a cost for an organisation to adopt (vs define an organisational license/contract/etc)
2. Popularity similar to Open Source will make developers more comfortable contributing to inner source
3. A shared inner source license would be easier to defend in court
4. We are applying the principle of Open Source to how we define the inner source license, which seems like the right way to do it

Description of Problem

1. Presentation: InnerSource SIG Licenses Working Group 7th November 2022.pdf
2. Video: https://www.youtube.com/watch?v=bQz12Rwzzbk (15min video at recent Inner Source Commons Summit)

[gyehuda]

Do you mean a contribution guide that encourages pro-social organizational behaviors or a legal construction that holds behaviors accountable in court? I ask because I tend to see a contributing document as a guideline document and a license as a legal one. Maybe this goes in a contributing file?

[chamindra]

Not a guideline. I would mean a legal definition similar to GPL, BSD and Apache License is to Open Source. In the Financial inner source world because of legal boundaries there are different set of agreements and terms such as permissive use and attribution that need to be incorporated. However I like the Creative Commons model of taking that legal definition and providing a "human readable" and machine readable versions to complement it. The copyright/license terms are attached to Open Source projects, so we need something similar for Inner Source which we can add to the source code to make it clear as the code is distributed internally and with partners.

[gyehuda]

I infer you are speaking about a situation that differs from typical open source or typical InnerSource. The former is a legal license that applies to all people (i.e. outside of your organization), the latter is a set of socially coordinated behaviors inside a single legal entity (where they can share since they are in one company, they just didn't have the organizational behaviors to enable sharing).

Do you mean to create terms under which a legal entity shares their code with a different legal entity (a partner or consultancy) but wants to specify what the other party can and cannot do with that code? e.g. If I share code with a team at a partner agency I might want to limit or allow them to share with other teams at the same agency, and limit or require them to share changes back. In that scenario, would it be better to specify those behaviors in the statement of work / contract / and NDA that you have with the partner? Or is there a situation where you'd want to attach the conditions to each project since some projects will be licensed more permissively than others?

[chamindra]

I believe there is a need and strong mutually benifical value that can be created by having a baseline set of licenses for inner source in the Financial domain. I would prefer to discuss the details however in a sub-committee meeting as discussed in the last inner source working group meeting.

[mcleo-d]

Please find below the OSS licenses page on Open Source Readiness that could compliment this work ...

https://osr.finos.org/docs/osr-resources/oslc-licenses

[chamindra]

Please note for those who are following this

I believe there is a need and strong mutually benifical value that can be created by having a baseline set of licenses for inner source in the Financial domain. I would prefer to discuss the details however in a sub-committee meeting as discussed in the last inner source working group meeting.

For those following this thread, we now have a working group to discuss Inner Source licenses and CLAs. It happens every two weeks on Monday 4pm BST. You are welcome to join.

Minutes of the first kickoff meeting are here https://github.com/finos/InnerSource/issues/72

[chamindra]

Next Inner Source License working group meeting is planned for 21 NOV 2022 https://github.com/finos/InnerSource/issues/76

[chamindra]

Updated 15min video of problem statement for more clarity on the goals of this work https://youtu.be/pDG_CqvTWrE

[chamindra]

As mentioned in the Inner Source summit we are looking for people to contribute in the following areas

• Provide prior work done in this area in the form of org specific inner source licenses or contracts obfuscated if needed here -> https://github.com/finos/InnerSource/issues/75
• Participate in working group meeting to help define the key terms and clauses of the license. Next one is on Monday -> https://github.com/finos/InnerSource/issues/80
• Review draft licenses with your OSPO
• Contribute to drafting the (legal) license clauses
• Code contribution to the Inner Source license generator