New license request: HPND-us-export [SPDX-Online-Tools]

[dcantrell]

1. License Name: MIT with US Government export control warning 2. Short identifier: MIT-us-export 3. License Author or steward: Unknown 4. Comments: This license text is from the Kermit Project (https://kermitproject.org/). Kermit began life at Columbia University roughly 41 years ago and went through various phases before becoming a fully open source project in 2011. C-Kermit has been a standard open source communications tool for a long time and while it is still legacy, it used in a lot of government and manufacturing applications.

C-Kermit itself contains individual files licensed under different BSD licenses or MIT licenses, but the collective work is BSD licensed per the author. This license is an MIT license that includes a cautionary export control notice which I have never seen before.

Note, there is no public version control repo. The license in this submission comes from the comments at the top of ckuat2.h in the C-Kermit source code. 5. License Request Url: http://tools.spdx.org/app/license_requests/186 6. URL(s): https://www.kermitproject.org/ck90.html#source 7. OSI Status: Unknown 8. Example Projects: https://kermitproject.org/

[jlovejoy]

This is allowed for Fedora - https://gitlab.com/fedora/legal/fedora-license-data/-/issues/97 Given it's very similar to MIT and the export section I'd characterize as "informative" in that it states, "may require" an export license, I don't see that as adding anything restrictive.

+1 to add

[bsdimp]

+1 for inclusion. Telling someone to comply with the law likely doesn't materially change the license, but I'll leave those with legal degrees to say that for sure. If it isn't legally different, then I'd support including it as an optional element via markup.

c-kermit is still widely distributed in several open source systems (FreeBSD, NetBSD and OpenBSD all have binary packages for this).

The KERMIT project is still ongoing, and Frank da Cruz just did a beta release in the last month. Perhaps he'd be willing regularize things in the long run...

[swinslow]

Also +1 to add. Notwithstanding the export language here, agree that this is still certainly at least an "open source-ish" license, and its inclusion in Kermit tools and Fedora meet the "substantial use" factor. A couple quick searches also show this license language popping up in a variety of third-party projects and products.

[jlovejoy]

is everyone good with the name and short id that @dcantrell suggested? I think the descriptive name is fine.

maybe we should capitalize US so it doesn't look like "us" the word?

MIT-US-export or MIT-export-US

or do we even need the US part??

[swinslow]

I'd say MIT-export-US. Even though license IDs are case-insensitive, using a capitalized US for the entry on the list fits better with e.g. what we've used for Creative Commons localizations.

[jlovejoy]

edited by @swinslow 2022-12-25, see updated details in comments below

License Inclusion Decision

Decision:

• [x] approved
• [ ] not approved

License full name

MIT with US Government export control warning

Short ID

MIT-export-US

XML markup

none

[jlovejoy]

@dcantrell - this is ready to go, can you make the PR with the XML and text files? https://github.com/spdx/license-list-XML/blob/main/DOCS/xml-fields.md should be helpful :)

[richardfontana]

I just noticed the following similar license:

Copyright (C) 2004, 2005, 2006 by the Massachusetts Institute of Technology.
All rights reserved.

    Export of this software from the United States of America may
    require a specific license from the United States Government.
    It is the responsibility of any person or organization contemplating
    export to obtain such a license before exporting.

  WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  distribute this software and its documentation for any purpose and
  without fee is hereby granted, provided that the above copyright
  notice appear in all copies and that both that copyright notice and
  this permission notice appear in supporting documentation, and that
  the name of M.I.T. not be used in advertising or publicity pertaining
  to distribution of the software without specific, written prior
  permission.  Furthermore if you modify this software you must label
  your software as modified software and not distribute it in such a
  fashion that it might be confused with the original M.I.T. software.
  M.I.T. makes no representations about the suitability of
  this software for any purpose.  It is provided "as is" without express
  or implied warranty.

This seems to differ in adding the sentence Furthermore if you modify this software you must label your software as modified software and not distribute it in such a fashion that it might be confused with the original M.I.T. software. Should that variant be submitted as a separate license? I believe it covers at least some source files in the Fedora krb5 package.

[jlovejoy]

@richardfontana - ugh, yes, that would be a different license

[swinslow]

So, apologies all for raising this after the earlier approval, but wanted to raise one thing I just realized regarding the ID and name. (Still +1 to adding this license, just possibly with a different name and ID.)

Although this license text mentions M.I.T. the institution, this isn't really an "MIT" license in the way that SPDX generally refers to the MIT license. This is actually essentially a perfect match with HPND, given its optional parts, and with the added export language that was originally flagged.

Given that, I'd suggest the following instead for the name and ID:

• ID: HPND-export-US
• Name: HPND with US Government export control warning

@jlovejoy and others, are you okay with this change? If so, I'm happy to quickly make and submit the PR to add this.

[richardfontana]

@swinslow good idea, this occurred to me too that "MIT" might be undesirable in the name.

I will hold off on submitting a possible "HPND-export-US-label" for now at @jlovejoy's request :smile: There may be a couple of other licenses related to this particular variety, which I'm seeing in the rather complex krb5 package.

[swinslow]

Updated license decision:

License Inclusion Decision

Decision:

• [x] approved
• [ ] not approved

License full name

HPND with US Government export control warning

Short ID

HPND-export-US

XML markup

none

I'll prepare the XML files, thanks all!