spdx / license-list-XML

This is the repository for the master files that comprise the SPDX License List
Other
355 stars 288 forks source link

New license request: CORE [SPDX-Online-Tools] #2607

Open rastislavcore opened 2 weeks ago

rastislavcore commented 2 weeks ago

1. License Name: CORE License 2. Short identifier: CORE 3. License Author or steward: Blockchain Hub 4. Comments: The CORE License promotes open-source software principles by allowing unrestricted use, modification, and distribution of software, provided that all distributions of the software in source code form, including modifications, remain publicly accessible. It aligns with SPDX principles by being publicly available, widely applicable, and facilitating software freedom and compliance management. 5. License Request Url: http://tools.spdx.org/app/license_requests/406 6. URL(s): https://github.com/bchainhub/core-license/blob/master/LICENSE 7. OSI Status: Not Submitted 8. Example Projects: 8. License Text Diff: https://github.com/spdx/licenseRequestImages/blob/master/d05e6395-2d6d-43c3-bb28-c37f91fbc9aa.png

Note: The license closely matched with the following license ID(s): MIT

swinslow commented 2 weeks ago

Can you please provide links to several projects in the wild (e.g., broader community projects, not just your own personal projects) that have been using this license?

rastislavcore commented 2 weeks ago

Certainly! Here are several FOSS projects actively using this license:

These projects demonstrate the license's utility across various open-source initiatives.

richardfontana commented 1 week ago

It looks like all ~but possibly pigeon~ the listed projects are connected to the issue opener.

Regarding the assertion that these are FOSS/open source projects, that is an interesting question here (relevant because of the SPDX license inclusion criteria). The license is based on the MIT license but replaces the notice preservation paragraph with this clause:

All distribution of the Covered Software in Source Code Form, including any Modifications and/or Contributions must be disclosed and publicly available.

This uses the capitalized terms "Covered Software", "Source Code Form", "Modifications" and "Contributions" without defining them (I wonder whether the license was influenced by certain well known open source licenses that do have these as defined terms?).

Anyway, the truly noteworthy feature here is (as I read this) an attempt to require that all distribution of any sort be "public", i.e. presumably prohibiting merely distributing to one person. I'd assert that this fails traditional community standards for open source (which I would argue must generally permit you to choose your immediate distributees). Perhaps it's open to debate, but that debate hasn't been had anywhere as far as I am aware.

I would say SPDX should not add this license because (a) the license is fundamentally unclear in using several undefined terms, (b) the license appears to only be used by projects associated with the issue opener and thus is not likely to be encountered, and (c) the license is possibly not FOSS for a fairly important (if under-explored) policy reason.