New license request: CORE [SPDX-Online-Tools]

[rastislavcore]

1. License Name: CORE License 2. Short identifier: CORE 3. License Author or steward: Blockchain Hub 4. Comments: The CORE License promotes open-source software principles by allowing unrestricted use, modification, and distribution of software, provided that all distributions of the software in source code form, including modifications, remain publicly accessible. It aligns with SPDX principles by being publicly available, widely applicable, and facilitating software freedom and compliance management. 5. License Request Url: http://tools.spdx.org/app/license_requests/406 6. URL(s): https://github.com/bchainhub/core-license/blob/master/LICENSE 7. OSI Status: Not Submitted 8. Example Projects: 8. License Text Diff: https://github.com/spdx/licenseRequestImages/blob/master/d05e6395-2d6d-43c3-bb28-c37f91fbc9aa.png

Note: The license closely matched with the following license ID(s): MIT

[swinslow]

Can you please provide links to several projects in the wild (e.g., broader community projects, not just your own personal projects) that have been using this license?

[rastislavcore]

Certainly! Here are several FOSS projects actively using this license:

• https://github.com/DataLayerHost/txms-server
• https://github.com/bchainhub/txms.js
• https://github.com/bchainhub/remark-fediverse-user
• https://github.com/core-laboratories/XmlGoaml
• https://github.com/catchthatrabbit/pool-frontend
• https://github.com/core-coin/pigeon

These projects demonstrate the license's utility across various open-source initiatives.

[richardfontana]

It looks like all ~but possibly pigeon~ the listed projects are connected to the issue opener.

Regarding the assertion that these are FOSS/open source projects, that is an interesting question here (relevant because of the SPDX license inclusion criteria). The license is based on the MIT license but replaces the notice preservation paragraph with this clause:

All distribution of the Covered Software in Source Code Form, including any Modifications and/or Contributions must be disclosed and publicly available.

This uses the capitalized terms "Covered Software", "Source Code Form", "Modifications" and "Contributions" without defining them (I wonder whether the license was influenced by certain well known open source licenses that do have these as defined terms?).

Anyway, the truly noteworthy feature here is (as I read this) an attempt to require that all distribution of any sort be "public", i.e. presumably prohibiting merely distributing to one person. I'd assert that this fails traditional community standards for open source (which I would argue must generally permit you to choose your immediate distributees). Perhaps it's open to debate, but that debate hasn't been had anywhere as far as I am aware.

I would say SPDX should not add this license because (a) the license is fundamentally unclear in using several undefined terms, (b) the license appears to only be used by projects associated with the issue opener and thus is not likely to be encountered, and (c) the license is possibly not FOSS for a fairly important (if under-explored) policy reason.