License (was: Re: TODO until python-ldap 2.0.0 final release)

Jens Vagelpohl jens at zope.com
Wed Aug 21 13:50:52 CEST 2002 

just as a data point (this does not imply i want to follow the same route)
, here at zope corp every contributor to our CVS must sign a document that 
allows us to put our ZPL (fully GPL-compatible) license onto anything they 
contribute. only after signing will they get CVS access.

since we operate in commercial space doing custom zope applications this is 
an absolute "must", and a lot of customer contracts now have clauses to the 
effect that they never want to be the target of litigation because of any 
licensing issues in the underlying software. so we have to have very tight 
control over the license, and basically don't allow anything but 
ZPL-licensed software in our repository.

i would suggest that the best way, for sanity's sake, is standardizing on 
a single license and trying to contact contributors to get their agreement.
  every single file in the python-ldap package would carry a short blurb at 
the top(1) that has the explicit "no warantees" assertion and a pointer to 
the main license which is stored in a central file such as LICENSE.txt or 
simply LICENSE (ZPL below, just as an example(2)). having a single license 
for python-ldap would also make python-ldap "usable" for paranoid companies/
individuals who actually read these licenses.

unfortunately i am not sure what the legal situation is about wanting to 
change an existing license on a contribution if the original author cannot 
be contacted anymore...

jens

(1) sample we use at zope corp (obviously this would look a tad different 
for python-ldap)::

"""
##########################################################################
####
#
# Copyright (c) 2001 Zope Corporation and Contributors. All Rights Reserved.
#
# This software is subject to the provisions of the Zope Public License,
# Version 2.0 (ZPL).  A copy of the ZPL should accompany this distribution.
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
# FOR A PARTICULAR PURPOSE
#
##########################################################################
####
"""

(2) the ZPL:

"""
Zope Public License (ZPL) Version 2.0
-----------------------------------------------

This software is Copyright (c) Zope Corporation (tm) and
Contributors. All rights reserved.

This license has been certified as open source. It has also
been designated as GPL compatible by the Free Software
Foundation (FSF).

Redistribution and use in source and binary forms, with or
without modification, are permitted provided that the
following conditions are met:

1. Redistributions in source code must retain the above
    copyright notice, this list of conditions, and the following
    disclaimer.

2. Redistributions in binary form must reproduce the above
    copyright notice, this list of conditions, and the following
    disclaimer in the documentation and/or other materials
    provided with the distribution.

3. The name Zope Corporation (tm) must not be used to
    endorse or promote products derived from this software
    without prior written permission from Zope Corporation.

4. The right to distribute this software or to use it for
    any purpose does not give you the right to use Servicemarks
    (sm) or Trademarks (tm) of Zope Corporation. Use of them is
    covered in a separate agreement (see
    http://www.zope.com/Marks).

5. If any files are modified, you must cause the modified
    files to carry prominent notices stating that you changed
    the files and the date of any change.

Disclaimer

   THIS SOFTWARE IS PROVIDED BY ZOPE CORPORATION ``AS IS''
   AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT
   NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
   AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN
   NO EVENT SHALL ZOPE CORPORATION OR ITS CONTRIBUTORS BE
   LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
   EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
   CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
   OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
   SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
   DAMAGE.


This software consists of contributions made by Zope
Corporation and many individuals on behalf of Zope
Corporation.  Specific attributions are listed in the
accompanying credits file.
"""



On Wednesday, August 21, 2002, at 01:20 , David Leonard wrote:

> hi there python-ldap hackers!
>
> ahh ldap. although i don't do much with LDAP any more, i thought it would
> help i wrote something about the legal situation.
>
> the only necessary legalese to have in the distribution is a NOTICE that 
> the
> software is provided AS IS and is not guranteed from exploding into small
> pieces. that is to cover our arses. this is a MINIMUM necessity in any
> software today. (It's because software engineering is generally of so
> abysmally low quality compared to any other human endeavour ... but that'
> s
> another story!)
>
> as for the LICENCE.. i dunno. it is up to the primary authors of each
> 'contribution' to licence their work. i think the sourceforge project as 
> a
> whole is declared publicly as "GPL" in the SF databases, but any BSD or PD
> licencing on individual files would still be compatible with that, so its
> not a problem to have individual contributions licenced differently.
>
> The LICENSE (sic) file is a bit of a dubious licence .. it's claims public
> domain release (ie destroyed copyright) but it then imposes conditions on
> use (ie acceptance of the disclaimer). i think that would collapse under
> scrutiny.  Well at least there is a disclaimer there  - ie the notice of
> user risk, which is the most important thing.
>
> The LICENSE file also appears to conflict with the explicit licencing in
> some files (gpl). Perhaps it could be changed to be more of a 'default'
> situation.. ie "Unless otherwise specified source files in this 
> distribution
> are licenced for any use subject to acceptance of the following disclaimer,
> and may be otherwise treated as works in the public domain"...
>
> However, I do NOT want to see anyone FORCED into releasing their work or
> fixes into the public domain (although it would be nice). It's the primary
> author's right to restrict their work in any fashion that they desire (this
> ability stems from their natural copyright).
>
> But any contribution with a licence more restrictive than the GPL should 
> not
> be allowed to be committed into the repository! that would be bad.
>
> Why? Because any packaging or distribution of python-ldap would have to
> comply with the strongest of licences. (GPL at the moment). And that 
> wouldnt
> be fair. today, if someone wants to extract the non-GPLd code for their own
> evil corporate frankenstein product, then its up to them to manually go
> through and separate the files from each other.. and maybe even go through
> the CVS commits (which, depending on their relative size may not merit the
> status of a separately licencable 'contrbution'... mmm controversial)
>
> so, if someone wants to clean up the legalese mess, and clarify the
> situation, then go for it. But, adding more lines of text to all the files
> (as suggested) is a bit of overkill, in my opinion.
>
> another track is to ask all authors for permission to vary their licences 
> to
> a common licence... like GPL or BSD... but you couldnt guarantee that
> everyone would agree! (or even be contactable!)
>
> d
> --
> David Leonard
> ----- Original Message -----
> From: "Michael Ströder" <michael at stroeder.com>
> To: "Jens Vagelpohl" <jens at zope.com>
> Cc: "Python Developer List" <python-ldap-dev at lists.sourceforge.net>
> Sent: Tuesday, August 20, 2002 10:50 PM
> Subject: Re: TODO until python-ldap 2.0.0 final release
>
>
>> Jens Vagelpohl wrote:
>>> talking about the common license, is there such a beast yet and
>>> you're just looking for someone to go through every file and
>>> make sure it's in there? or is it more about producing the
>>> legalese gibberish itself? :)
>>
>> Well, a little bit of both.
>>
>> Ciao, Michael.
>>
>>
>>
>>

More information about the python-ldap mailing list