A Licensing Issue

[davidbannon]

Hi TK, we had some discussion some time ago about licensing. Its now come to a head for me. My application uses KControls and I have been asked to get a copy of it, tomboy-ng notes, into Debian and Debian is very strict about licensing issues. The nature of KControls and the standard Debian SRC package leads me to a model that I need to ask their legal people about. It would help a lot if you could indicate that this is how you envisage your code being used.

My model takes my code ( https://github.com/tomboy-notes/tomboy-ng ) adds the kmemo parts in a separate directory, retaining all your copyright and licensing information and bundles that into a Debian SRC package.

While almost all end users will only ever see the compiled binary, your source code will be there, in the Debian repository for anyone who actively looks for it. The copyright file associated with both binary and SRC tomboy-ng packages reproduces your licensing statement.

Does that seem acceptable to you ?

Davo

[kryslt]

It is acceptable, thank you for asking.

[davidbannon]

Hello again. Sorry I have had to reopen this issue but I do need to.

TK, the debian people are still not happy with the license provided with KControls. I am in discussion with them and they keep asking why you have not used an existing, well know license. Is there any chance you might be willing to release this code under another license ?

The discussion keeps coming around to you not giving explicit permission to change or distribute the code, while you did remove the content that explicitly prevented it, you did not say it was OK to do so. I have comments from TF such as -

I see an additional problem with the license: Beside being implicit only on modifcations, it is the same way implicit when it comes to distribution. Making those explicit permission would help; Especially distribution, because without, you can not even go to non-free.*

It would really help the case if upstream switches to some well-known license.

From a DH - Second of all, nobody seems to have explained why they aren't using a standard license. They removed the clause about modifications, but the new license still doesn't clarify whether modifications are allowed or not. Very confusing.

And from PW -

Personally I would be fairly uncomfortable with relying on such a license.

David

[coldtobi]

Let me briefly chime in… I was interacting on the debian-legal thread about this topic…

@kryslt it would be very helpful if you could confirm that your interpreation of you license also expliclitly allows modification and distribution.

Custom licenses are always problematic, because of the know reasons (wetted by layers*, compatiblities with other licenses, license proliferation…), so may I suggest that you look into some standard licensing and either change it towards or possible just dual-license it? Looking at the license you have currently, may I suggest you look into BSD-3-clause? (https://choosealicense.com/licenses/bsd-3-clause-clear/) (If this is OK for you, I'd be very happy to provide an PR to change the license headers.)

You write in your README that all files without notice are public domain. Please note that PublicDomain is not a thing world wide. For example, here in Germany, a author cannot legally waive its own copyright, so would you mind to change this sentence to "If there is none, the code is licensed under CC0."? (https://choosealicense.com/licenses/cc0-1.0/ ) It's the PublicDomain equivalent, but written to be legally ok worldwide.

(There is a nice chart at https://choosealicense.com/appendix/ I find very helpful)

* IANAL, but I think your liability clause is too short and "forgets" some case… See the BSD-3

Thanks for considering! And sorry for possibly annoying you. License stuff is unfortunatly boring, but required. We'd like to see your work in Debian through tomboy-ng, but the license could be a blocking point. I hope you can help untangling it…

Cheers. tobi (with his Debian Developer hat on)

[aguador]

As someone who has welcomed the tomboy-ng project and contributed to translations, I also have concerns. My distro, Mageia, maintains very strict policies on licensing and from interacting with devs and packagers, the questions raised here may result in it being rejected from the respositories. Furthermore, Mageia's policies on licensing and strictly building from source are the primary reasons for using it. With the original Tomboy dead in the distro, it would be loss not to be able to package it for the respositories because of the licensing questions.

[kryslt]

This must be fixed, see #29.

[davidbannon]

Wow, that is very good news indeed.

Dual licensing is relatively easy, you can add another license and say something like - Licensed under Blah, Blah, or, at your choice, Blar, Blar.

You have to decide what that second (or replacement) license is but I know you are pushed for time so I can generate a pull request if you like. Do you want a strict Open Source license that requires any changes to be published ? That would put eg commercial users off but they could then use the existing license (or negotiate with you directly).

TK, Tobias suggested the BSD-3-clearclause, it allows redistribution and modification but requires absolute retention of your original copyright notice. That means anything with any content from KControls must always, in the future still be stamped, eg, Copyright (c) 2020 Tomas Krystal All rights reserved. ...... ......

The BSD one is beautifully short and IMHO preferable in that you name is permanent associated with the code. I think I will move tomboy-ng over to that license as I have recently had my code cloned and my name swept aside completely, quite legal with GPL but not BSD.

Please let me know if you want a pull request to replace/add that or another license of your choice.

Davo

[davidbannon]

Hmm, just reviewed you existing license TK, on reflection I don't believe it contributes anything that is not already in the BSD-3-clause? (https://choosealicense.com/licenses/bsd-3-clause-clear/) one. So, rather than dual licensing, keep it simple, save some bytes and just replace it with BSD one is my recommendation.

Tobias might be able to advise on advantages of pasting it in full into each and every file compared to something like -

Copyright (c) 2020 Tomas Krystal Licensed under the The Clear BSD License, see associated License.txt file.

That would make the repository a touch smaller and make any further changes you choose to make easier. But Tobias may tell us that having a complete copy in each file is the correct way ....

I note your existing copyright statements are not dated. I have been advised that at least here in Australia, a copyright statement without a date is questionable. So, be good to fix that too.

Davo

[pabs3]

@davidbannon FTR, the GPL does not allow removal of copyright notices, so probably what you had happen with your name removed is not legal.

[aguador]

I note your existing copyright statements are not dated. I have been advised that at least here in Australia, a copyright statement without a date is questionable. So, be good to fix that too.

I recall being told many years ago in the US that a copyright statement requires three elements: the copyright symbol, the name of the copyright holder and the year (essential because copyrights are not forever!). I suspect that is an international standard.

BTW, as you will see from other software, the copyright years on code are extended each time you update the it, so, as an example, the license on version 0.24.2 of the Enlightenment DE (whose core code uses a BSD 2-clause license) shows the dates 2000-2020 reflecting the copyright of the first and last releases.

[coldtobi]

(Fat Disclaimer: IANAL. Below are only my opinions, this is not legal advice)

On Mon, Oct 12, 2020 at 05:12:42PM -0700, davidbannon wrote:

Hmm, just reviewed you existing license TK, on reflection I don't believe it contributes anything that is not already in the BSD-3-clause? (https://choosealicense.com/licenses/bsd-3-clause-clear/) one. So, rather than dual licensing, keep it simple, save some bytes and just replace it with BSD one is my recommendation.

Tobias might be able to advise on advantages of pasting it in full into each and every file compared to something like -

Copyright (c) 2020 Tomas Krystal Licensed under the The Clear BSD License, see associated License.txt file.

It's certainly possible, not best practice: One downside of this approach is that if a file is used in isolation in another project, the licensing information will be easily lost.

[1] has the suggestion to mitigate this by saying for example "The KControl project is licensed under the The Clear BSD License, see associated https://github.com/kryslt/KControls/blob/master/License.txt for details."

I'm not sure if "Clear BSD License" will be unambigious. Probably better would be to have the SPDX identifier instead: "BSD 3-Clause Clear License".

Another approach: Another suggestion of [1] (anchor #centralizing-license-notices):

This file is part of Foo Project. It is subject to the license terms in the LICENSE file found in the top-level directory of this distribution and at http://www.example.org/foo/license.html. No part of Foo Project, including this file, may be copied, modified, propagated, or distributed except according to the terms contained in the LICENSE file.

quoting their rationale from [1] at anchor #centralizing-license-notices:

As long as the license at that URL is maintained, this notice directs anyone with a copy of the file (even if it has been separated from the rest of the code) to the project’s license information as reliably as a file-scope notice, but it also has two advantages: it means that changes to the LICENSE file propagate without a cross-file find-and-replace, and it’s much shorter than typical license notices. While brevity may not be essential for compiled languages, which discard comments (including notices) in compilation, it can be important for Javascript libraries and other interpreted code.

(ACtually, I like this and I would do that too for my projects…)

I note your existing copyright statements are not dated. I have been advised that at least here in Australia, a copyright statement without a date is questionable. So, be good to fix that too.

(Disclaimer: And I do not know how it works in Australia.)

In my jurisdications the year is not important, you have copyright protection even without it. Ok, it makes the evaluation harder when it acutally expires, but I guess that is not a too big concern for actively maintained software projects.

However, if you state a year, I think it must be correct in the sense that it must also cover the lifespan of the file in question.

The best article I could find about these topics:

[1] http://softwarefreedom.org/resources/2012/ManagingCopyrightInformation.html

-- tobi

[pabs3]

And here is the canonical blog post on per-file licensing info:

http://lu.is/blog/2012/03/17/on-the-importance-of-per-file-license-information/

-- bye, pabs

https://bonedaddy.net/pabs3/

[kryslt]

Damn it, I don't get notified about comments, just new issues.

Ok, reopening this issue again myself. If I understand you well, the best option will be to replace existing unclear and confusing licensing with a standard license and use this one for the entire package.

I am fine with the proposed license https://choosealicense.com/licenses/bsd-3-clause-clear/. (In fact, there are more similar on that web site that might apply as well, but no time to study them all and this license is good.) I found this link which is source of it (I suppose): https://spdx.org/licenses/BSD-3-Clause-Clear.html.

Proposed steps: a) Change every source header: Existing status:

{ @abstract(This unit contains progress bar controls.)
  @author(Tomas Krysl)

  Copyright (c) Tomas Krysl<BR><BR>

  <B>License:</B><BR>
  This code is distributed as a freeware. You are free to use it as part
  of your application for any purpose including freeware, commercial and
  shareware applications. The origin of this source code must not be
  misrepresented; you must not claim your authorship. All redistributions
  of the original or modified source code must retain the original copyright
  notice. The Author accepts no liability for any damage that may result
  from using this code.
}

New status:

{ @abstract(This unit contains progress bar controls.)
  @author(Tomas Krysl)

  Copyright (c) 2020 Tomas Krysl<BR><BR>

  <B>License:</B><BR>
  This code is licensed under BSD 3-Clause Clear License, see file License.txt or https://spdx.org/licenses/BSD-3-Clause-Clear.html.
}

b)Add such header into every source file (.pas, .dpr, *.lpr) except for the demos (too many files to modify - not even all Lazarus sources have such copyright notice in its header...). c)Create License.txt file, copy license text to it and place it to the root. d)Replace licensing info in readme.md: Existing status:

License information for each source file can be found in it's header. If there is none, the code is public domain.

New status:

This code is licensed under BSD 3-Clause Clear License, see file License.txt or https://spdx.org/licenses/BSD-3-Clause-Clear.html.

Please review and if OK, I will change that.

[davidbannon]

TK, sorry you have not been in the loop, my fault, I started posting to a closed ticket !

I am very happy with proposed changes but maybe we give Tobias a chance to comment, he is the one we need convince !
I am sure I have more free time than you, happy to generate a pull request (all rights assigned to you) if that makes it easier. Davo

[coldtobi]

Am 15. Oktober 2020 01:11:28 MESZ schrieb davidbannon notifications@github.com:

TK, sorry you have not been in the loop, my fault, I started posting to a closed ticket !

I am very happy with proposed changes but maybe we give Tobias a chance to comment, he is the one we need convince !
I am sure I have more free time than you, happy to generate a pull request (all rights assigned to you) if that makes it easier. Davo

hehe, there's no need to convince me, i'm merley sharing experience and those might be opinions :)

If you are here for those: LGTM.

[kryslt]

Ok then, thank you. I will proceed as proposed and close this.