search

spdx / license-list-XML

This is the repository for the master files that comprise the SPDX License List
Other
336 stars 264 forks source link

New license request: FSL-1.1-Apache-2.0 [SPDX-Online-Tools] #2459

Open chadwhitacre opened 2 months ago

chadwhitacre commented 2 months ago

1. License Name: Functional Source License v1.1 (Apache 2.0 Future License) 2. Short identifier: FSL-1.1-Apache-2.0 3. License Author or steward: Functional Software, Inc. dba Sentry 4. Comments: Functional Source License is a new license stewarded by Sentry (Functional Software is our legal name). It is in the lineage of the Business Source License (BUSL-1.1), but without the parameterization of BUSL. There is a fixed usage restriction (Competing Use), a fixed time period (two years), and only two possible future licenses (Apache 2.0 or MIT).

Looking at the definitive factors for inclusion:

A. FSL-1.1-Apache-2.0 does not match another license already on the SPDX License List as per the SPDX matching guidelines.

B. FSL-1.1-Apache-2.0 is not an OSI-approved license.

C. FSL-1.1-Apache-2.0 does not apply only to executables; it provides for the availability of the source code.

D. FSL-1.1-Apache-2.0 has identifiable and stable text; it is not in the midst of drafting.

E. The FSL-1.1-Apache-2.0 steward is committed to not modifying after addition to the list and to versioning new versions in the future. 5. License Request Url: http://tools.spdx.org/app/license_requests/366 6. URL(s): https://fsl.software/FSL-1.1-Apache-2.0.template.md 7. OSI Status: Not Submitted 8. Example Projects: https://github.com/codecov/self-hosted?tab=License-1-ov-file#readme, https://github.com/get-convex/convex-backend?tab=License-1-ov-file#readme, https://github.com/getsentry/self-hosted?tab=License-1-ov-file#readme

chadwhitacre commented 2 months ago

See https://github.com/spdx/license-list-xml/issues/2458 for the MIT variant. Perhaps we can consolidate our conversation over on that ticket since they are equivalent except for the future license?

karsten-klein commented 2 months ago

This is license proliferation at its best.

For the time being a -1 from my side. This appears to me as a bad practice without perceivable justification other than a commercial use restriction that must be managed by the consumer.

An interesting question: Does it also mean that I cannot commercially use a new security patch on a two year old library, before the patch itself is two years old?

I think this license is in severe conflict with economic operation of software and upcoming regulation.

karsten-klein commented 2 months ago

{metæffekt} Universe canonical name: Functional Source License 1.1 (Apache-2.0) short name: Functional-Source-1.1-Apache-2.0 markers: Linked License Marker, Non-commercial Marker, Patent Information Marker category: Functional Source OSI status: none

Comment The license was introduced to the universe to be able to raise a compliance risk when identified. Still -1 for SPDX inclusion.

chadwhitacre commented 2 months ago

I've responded at https://github.com/spdx/license-list-XML/issues/2458#issuecomment-2085198131.

karsten-klein commented 2 months ago

@swinslow: with respect to your email on the legal mailing list. Please - in the effort to identify a name/id - also consider that there are already different versions in the wild:

image image

The proposed id scheme here and in #2458 are in alignment with the ScanCode Id scheme (while ScanCode applies a all-lower-case policy). In the metaeffekt universe we hesitated from using FSL as short id, since the 'F' prefix is lightheartedly interpreted as "free".