Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The Unlicense is not allowed to be used inside Google, however an equivalent license 0BSD is. #805

Open
freemin7 opened this issue Feb 18, 2021 · 13 comments

Comments

@freemin7
Copy link

When you promote the Unlicense you should be aware that it's reception in legal circles is not great. Source

Google does not allow contributions to projects under public domain equivalent licenses like the Unlicense (and CC0), while allowing contributions to 0BSD licensed and US government PD projects.[13]

Instead i suggest you promote the 0BSD license. Both licenses are public domain equivalent licenses, so they are interchangeable, however licensing ones code under 0BSD makes it easier for companies to use it, as the BSD license family is well understood by software lawyers and 0BSD is an derivative of this license.

@mlinksva
Copy link
Contributor

I presume by promote you're referring to listing on https://choosealicense.com/licenses -- it was added there to fill out the spectrum from the strongest copyleft to public domain equivalent -- in the latter category, at the time the only other option was CC0-1.0 which is more problematic for software due to its express non-grant of a patent license.

That source quotes me from many years ago saying I like Unlicense, as a movement anyway. 😆

If you follow the reference https://opensource.google/docs/patching/#forbidden at the source as well as https://opensource.google/docs/thirdparty/licenses/#unencumbered it looks like patching is not allowed (at least not without additional process) though use is. This still is not ideal of course, as Google employees are important contributors to open source.

There was a robust discussion of Unlicense on the OSI list last year, spanning many months, the result being approval, see https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2020-June/004890.html

My weak bias is to update https://choosealicense.com/licenses by replacing Unlicense with MIT-0, which is based on MIT -- far more common and thus more familiar than BSD-* these days, and anyway 0BSD is a derivative of ISC, not BSD-*. Of course they all amount to the same thing, so it isn't super important. 😄

@freemin7
Copy link
Author

freemin7 commented Mar 12, 2021

I know that there is an ongoing debate whether 0BSD derives from a BSD or the ISC license. In this discussion i favor Rob Landley, creator of the 0BSD license which claims he derived it by changing a BSD license (he should know). But as you say the distinction is irrelevant other than to trigger annoyance in people to involved in the discussion.

A short search for "0BSD" vs "MIT-0" on GitHub shows the first one is vastly ( x4 ) more popular. However i would not fight a war over which license to replace the "Unlicense" with (since 0BSD and probably also MIT-0 are OSI approved).

I just wanted to raise awareness that 0BSD unlike any other Public Domain equivalent license (including MIT-0) is approved to be contributed under by Google employees. While it is odd that Google is putting their thumb on the scale which of the public domain equivalent licenses wins out, i would prefer for a licenses picker tool to recommend the license which has the least risk of downstream problems. Since Googles thumb is on the scale that license is 0BSD and it would be annoying if people chose another license based on recommendations but later would have to switch project license to accept a patch from an Google employee.

I'm not aware of any arguments or fingers on the scale that distinguish 0BSD, MIT-0 and Unlicense, although i personally find the last name confusing in the current legal framework as "unlicensed work" are all rights reserved while "Unlicensed works" are no right reserved.

@mlinksva
Copy link
Contributor

mlinksva commented Mar 13, 2021

There's no debate about the derivation of 0BSD, only what to call it -- and the debate is long over, 0BSD is a fine name, I only brought it up here since you mention derivation -- it's derived from the ISC license used by OpenBSD -- it's derived from the license used by a BSD, not derived from a BSD license. 😄 See https://lists.spdx.org/g/Spdx-legal/message/1287 and also #464 (voluminous).

I predict that regardless of what happens in this repo, MIT-0 will be vastly more popular than 0BSD in 20 years (the appropriate timescale to think about license adoption). The rationale (which I agree with) for 0BSD rather than 0ISC or similar was that nobody besides license nerds knows about ISC. Well, nobody besides *nix nerds knows about BSD. And as ISC is to BSD, BSD is to MIT brand/recognition wise. Permissive BSD licenses at one time had a significant head start on adoption relative to MIT, but now are far less popular. The same will play out with 0BSD and MIT-0.

Agreed that Unlicense vs common use of "unlicensed" can be confusing.

@landley
Copy link

landley commented Mar 15, 2021

A friend pointed me at this thread.

There's no "ongoing debate" about where 0BSD comes from, the history is at the bottom of https://landley.net/toybox/license.html . It was derived from the openbsd suggested template license (which was itself derived from ISC, yes), and I got permission from Kirk McKusick to call it a BSD license at Ohio Linuxfest in 2013 (and later went back and got it it in writing ala https://landley.net/toybox/0bsd-mckusick.txt). I've been using that license on toybox for 10 years now, which was merged into Android M as its new command line implementation in December 2014.

0BSD is the result of an explicit marketing strategy. When I switched off of GPL I specifically looked for something I could call a BSD license because "GPL vs BSD" was the original axis upon which license discussions over the past 20 years (often in a Linux vs FreeBSD context), and since there were already "4 clause BSD", "3 clause BSD", and "2 clause BSD", so one more variant called "Zero clause BSD" (analogous to CC0 or Coke Zero) was an easy sell to be rubber stamped by a company's legal department under the same umbrella. Beyond that I looked for the simplest solidly worded license I could start with, and could make the smallest possible change to.

I walked 0BSD through the spdx approval process at Samsung's request in June 2015, walked it through an OSI process in November 2018, helped it through the github approval process here (from #464 (comment) through #643) and so on. It didn't "just happen", it was an awful lot of work. (And still is. Maintainership is a constant stream of little spdx/license-list-XML#1174 (comment) issues.)

The thing about public domain equivalent licenses is, done right, THEY ARE EQUIVALENT. That's sort of the point. If you would like to use toybox code under the unlicense, what exactly is stopping you? The license on the existing copyrighted code grants sufficient non-conflicting permissions, and does not require you to carry around a specific blob of text describing those permissions (the same way modern copyright law does not require registration or a copyright statement for the copyright to exist).

I have nothing against other public domain equivalent licenses, but I promote 0BSD because it was designed to easily to win certification and approval, which it has done. I want MORE code under public domain equivalent licenses, and am saddened that so many people nominally pursuing this goal are their own worst enemy. Saying "oh you should use this other public domain equivalent license" serves no purpose except to muddy the waters. (It's saying "you're doing public domain equivalence WRONG! Betcha didn't know you could do it wrong, did you? I guess you don't understand it as well as you did, better hire some lawyers to ponder and convince you to rethink this decision and wind up using Apache 2.0 instead?" which does not help.) I was going "if you don't like GPL anymore because the FSF killed it, and are thinking something bsd-like instead, try this one" because https://speakerdeck.com/benbalter/open-source-licensing-by-the-numbers?slide=41 was of great concern to me.

I talked to the unlicense guys at some length years ago (mostly unarchived but there's the occasional https://twitter.com/landley/status/451667419128270848 to show when), but "I can't use that, it's unlicensed" tends to end most adoption conversations involving it before looking at the license wording. And for years creative commons advertised itself as "not suitable for use on source code" before they even DID CC0 (and then CC0 is way longer and more complicated than it really needs to be so the result is intimidating and makes lawyers worry they've missed a gotcha), WTFPL went out of its way not to be taken seriously, things like the John the Ripper license (https://openwall.info/wiki/john/licensing) made no effort to present themselves as a generic license applicable to more than one project...

I remember the first time a Google engineer told me to my face (at linuxconf.au) that CC0 was a terrible license that "took away your rights" and how 0BSD was so much better, and I tried to explain what "public domain equivalent" meant but he was adamant in his position. (Since diplomacy is the art of letting other people have your way, I didn't press too hard but instead agreed that I also think 0BSD is a good license and thanked him for supporting it.) This is why I get very very tired every time somebody starts an "this thing is bad, use this other thing which is equivalent to it and therefore must also be bad" argument that drives people AWAY from public domain equivalent licensing. Just... can we not? Simple, clear marketing message, has achieved success, please take the win.

If you'd like more context on this, I gave a talk on "toybox vs busybox" in 2019 that was about half about licensing https://www.youtube.com/watch?v=MkJkyMuBm3g and you can read a long OSI thread at https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-October/003581.html or here's a slightly cleaned up version of the first github thread from 2017 in two parts on my blog: 1) https://landley.net/notes-2017.html#26-03-2017 and 2) https://landley.net/notes-2017.html#27-03-2017 (unfortunately spdx redid its mailing list archive to something worse and https://lists.spdx.org/pipermail/spdx-legal/2015-December/001580.html redirects badly now but you can probably dig it out of archive.org if you try) and those link to a zillion other things like https://www.openwall.com/lists/musl/2016/03/23/11 ...

It didn't "just happen". It was (and still is) SO much work.

@landley
Copy link

landley commented Mar 18, 2021

I also note https://android.googlesource.com/platform/external/toybox/+/5d35ee244cee3 was applied recently: I have no idea what it means, but it mentions CC0 and Unlicense in android legal plumbing.

The trick to understanding the bug numbers is https://landley.net/toybox/faq.html#b_links by the way.

@ergpopler
Copy link

Also, the Unlicense is INVALID in some countries such as Germany, and has unclear meaning in some other countries, such as Australia.

@Aspie96
Copy link

Aspie96 commented Jun 13, 2021

(I am not a lawyer and this is not legal advice)

Also, the Unlicense is INVALID in some countries such as Germany, and has unclear meaning in some other countries, such as Australia.

This has been discussed by OSI: https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2020-May/004870.html

According to Pamela Chestek, as well as Till Jaeger, the Unlicense contains license language and would therefore be interpreted as a license where public domain is inapplicable. And even if it didn't have such language (which it does) it would still be interpreted as a license.

@cauerego
Copy link

cauerego commented Jul 6, 2021

thanks @landley for chimming in here and sharing all you work.

sorry everyone else for digging into the "thanks" hole, but i'm also thankful for every single other contribution in this thread.

ironically, this post will probably break the trend and be mostly useless to everyone!

just wanted to say thanks, for now. 😘

@karam72
Copy link

karam72 commented Apr 1, 2022

What is happening when I don't put any license on my project?

@Aspie96
Copy link

Aspie96 commented Apr 1, 2022

@karam72 if you are the copyright holder of a project (you automatically are if you are the author) then there are certain things only you can do, and are illegal for everyone else without your authorization.

A license is that: an authorization. It allows others to do those things, subject to the conditions of the license.

So if you don't add a license to your project than all rights are reserved by you and none can use it in ways that would require your permission.

@mlinksva
Copy link
Contributor

mlinksva commented Apr 2, 2022

@karam72 we have a page for that question, though @Aspie96's answer above is more concise.

Related to the main topic of this issue, yesterday there was a largish discussion of MIT-0 and other instruments mentioned above.

@MrRawes
Copy link

MrRawes commented May 8, 2022

I presume by promote you're referring to listing on https://choosealicense.com/licenses -- it was added there to fill out the spectrum from the strongest copyleft to public domain equivalent -- in the latter category, at the time the only other option was CC0-1.0 which is more problematic for software due to its express non-grant of a patent license.

That source quotes me from many years ago saying I like Unlicense, as a movement anyway. laughing

If you follow the reference https://opensource.google/docs/patching/#forbidden at the source as well as https://opensource.google/docs/thirdparty/licenses/#unencumbered it looks like patching is not allowed (at least not without additional process) though use is. This still is not ideal of course, as Google employees are important contributors to open source.

There was a robust discussion of Unlicense on the OSI list last year, spanning many months, the result being approval, see https://lists.opensource.org/pipermail/license-review_lists.opensource.org/2020-June/004890.html

My weak bias is to update https://choosealicense.com/licenses by replacing Unlicense with MIT-0, which is based on MIT -- far more common and thus more familiar than BSD-* these days, and anyway 0BSD is a derivative of ISC, not BSD-*. Of course they all amount to the same thing, so it isn't super important. smile

just wondering where in the unlicense does it grant patent use

@landley
Copy link

landley commented May 9, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

10 participants