Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/11/22/gnu-kind-communication-guidelines.html

I have until now avoided making a public statement about my views on the
various interrelated issues regarding the GNU Kind Communication
Guidelines that came up over the last month. However, given
increasing interest in our community on these issues, and the repeated
inquiries that I received privately from major contributors in our
community, I now must state my views publicly. I don’t have much desire to
debate these topics in public, nor do I think such is particularly useful,
but I’ve been asked frequently about these GNU policy statements. I feel,
if for no other reason than efficiency, that I should share them in one
place publicly for easy reference:

• I think
  the GNU
  Kind Communication Guidelines, as a stand-alone document, are useful
  suggestions and helpful to the GNU project and would be helpful, if
  adopted, for any software freedom project.
• However, I think that the GNU Kind Communication
  Guidelines standing alone are inadequate for a project of GNU’s
  size and number of contributors to address the stated problems.
  Traditional Codes of Conduct, particularly those that offer mechanisms
  for complaint resolution when bad behavior occurs, are necessary in Free
  Software projects of GNU’s size. Codes of Conduct are the best mechanism
  known today in our community to ensure welcoming environments for those
  who might be targeted by inappropriate and unprofessional behavior.
• I therefore disagree with
  the meta-material stated in
  the announcement of these Communication Guidelines. First, I
  disagree with the decision to reject any Code of Conduct for the GNU
  project. Second, I believe that diversity is an important goal for
  advancing software freedom and human equality generally. I support all
  Outreachy‘s goals (including their
  political ones) and I work hard to help Outreachy
  succeed as part of my day job. I have publicly supported affirmative
  action since the early 1990s, and continue to support it. I agree with
  “making diversity a goal”; Richard Stallman (RMS), speaking
  on behalf of GNU, states
  that perse disagrees with “making diversity a goal”.
• I also disagree with encouraging GNU project contributors to ignore
  the request of non-binary-gender individuals who ask for the pronouns
  they/them⁰,
  as
  stated
  in RMS’ personal essay linked to from the GNU Kind Communication
  Guidelines. My position is that refusing to use the pronouns
  people ask for is the same unkindness as refusing to call transgender
  people by a name that is not their legal name when they request it. I
  don’t think the grammatical argument that “pronouns are different
  from proper nouns” is compelling enough to warrant unwelcoming
  behavior toward these individuals. The words people use matter. RMS has
  insisted for years that people make a clear distinction between open
  source and free software — for good reason —. I believe that
  how we say things makes a political statement in itself.
• Related to the last point, I am concerned with the conflating of GNU
  project views with RMS’ personal views. RMS seems to have decided
  unilaterally that GNU would take a position that requests for use of
  they/them pronouns need not be honored. I think it is essential that RMS
  keeps per personal views separate from official GNU policy; I have said
  so many times to the FSF Board of Directors in various contexts. It was
  a surprise to me that RMS’ personal view on this issue was referenced as
  part of GNU project guidelines.
• I think
  the GNU
  Kindness Communication Guidelines should apply to all communication from
  the project, including GNU manuals themselves, and I also believe the
  glibc abort() joke should be removed. I don’t believe
  free speech of anyone is impacted if a Free Software project forbids
  certain types of off-topic communication in its official channels.
  Everyone can have their own website and blog to express their personal
  views; they don’t need to do so through project channels.

I have been encouraged many times this year by various prominent community
members to resign from the FSF’s Board of Directors (sometimes over these
issues, and sometimes over other, similar issues). I have also received
many private communications from other prominent community members
(including some GNU contributors) expressing similar concerns to the above,
but these individuals noted that they feel much better about the FSF and
its shepherding of the GNU project because I’m on the FSF Board of
Directors, even though I clearly pointed out to them that my views on these
matters will not necessarily become GNU and/or FSF policy. The argument
that many have made to me is that it’s valuable to have dissenting opinions
in the leadership on these issues, even if those dissenting opinions do not
become FSF and/or GNU policy.

I am swayed by the latter argument, and I have decided to continue as an
FSF Director indefinitely (assuming the other Directors wish me to
continue). However, these recent public positions are far enough out of
alignment with my own views that I feel it necessary to exercise my own
free speech rights here on my personal blog and state my disagreement with
them. I will continue to urge the FSF and GNU to change and/or clarify
these positions. (I also sent this blog post privately to the FSF
Directors 8 days before I posted it, and had also discussed these concerns
in detail with RMS for a month before posting this.)

Governing well means working (and finding common ground) with those you
disagree. We oscillate a bit too much in software freedom communities:
either we air every last disagreement no matter how minor, or (perhaps as
an over-correction to the former) we seek to represent a seemingly perfect
consensus even when one isn’t present. I try to avoid both extremes; so
this is the first time in my many years on the FSF Board of Directors where
I’ve publicly disagreed with an FSF or GNU project policy. FSF and GNU
primarily fight for one principle: equal software freedom for all users and
developers. On other topics, there can easily exist disagreement, and
working through those disagreements together, in my opinion, usually make
the community stronger.

As always, this is my personal blog, and nothing here necessarily reflects
the official views of any organization with which I am affiliated,
including not only the Free Software Foundation and GNU, but also Software
Freedom Conservancy.

Change made on 2019-03-25: Above, the words I am
a supporter of
Outreachy and work hard to help it
succeed as part of my day job. were changed to:
I support all
Outreachy‘s goals (including their
political ones)

⁰
A review of
various
archive.org
links
shows that this particular text was surreptitious changed in the weeks
following my publication of this blog post. I was never contacted nor
consulted to review the original condemnation by the GNU project of
they/them pronouns nor the improvements. This footnote here was added in
2020 long after these incidents, as that’s when I first became aware those
changes were made after the fact. I believe that the change, which evolved
into something more reasonable after a few months of edits (but coming
after I posted this blog) vindicates both my position that the GNU project
should not have initially condemned the use of they/them pronouns for
non-binary individuals, and that it would have been advisable for the GNU
project to seek input from the FSF Board of Directors (which I
was a member of at the time
but am no longer) before setting such policies about diversity and
inclusiveness.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.

Post Syndicated from Bradley M. Kuhn original http://ebb.org/bkuhn/blog/2018/10/16/mongodb-copyleft-drafting.html

[ A similar version
was crossposted
on Conservancy’s blog. ]

More than 15 years ago, Free, Libre, and Open Source Software (FLOSS)
community activists successfully argued that licensing proliferation was a
serious threat to the viability of FLOSS. We convinced companies to end
the era of
“vanity” licenses. Different charities — from the Open Source Initiative (OSI) to
the Free Software Foundation (FSF) to the Apache Software Foundation — all agreed we were better
off with fewer FLOSS licenses. We de-facto instituted what my colleague
Richard Fontana once called the “Rule of Three” —
assuring that any potential FLOSS license should be met with suspicion
unless (a) the OSI declares that it meets their Open Source Definition,
(b) the FSF declares that it meets their Free Software Definition, and (c)
the Debian Project declares that it meets their Debian Free Software
Guidelines. The work for those organizations quelled license proliferation
from radioactive threat to safe background noise. Everyone thought the
problem was solved. Pointless license drafting had become a rare practice,
and updated versions of established licenses were handled with public engagement
and close discussion with the OSI and other license evaluation experts.

Sadly, the age of
license proliferation has returned. It’s harder to stop this time, because
this isn’t merely about corporate vanity licenses. Companies now have complex FLOSS policy
agendas, and those agendas are not to guarantee software
freedom for all. While it is annoying that our community must again confront an
old threat, we are fortunate the problem is not hidden: companies proposing
their own licenses are now straightforward about their new FLOSS licenses’ purposes: to maximize profits.

Open-in-name-only
licenses are now common, but seem like FLOSS licenses only to the most casual of readers.
We’ve succeeded in convincing everyone to “check the OSI license
list before you buy”. We can therefore easily dismiss licenses like Common
Clause merely
by stating they are non-free/non-open-source and urging the community to
avoid them. But, the next stage of tactics have begun, and they are
harder to combat. What happens when for-profit companies promulgate their
own hyper-aggressive (quasi-)copyleft licenses that seek to pursue the key
policy goal of “selling proprietary licenses” over
“defending software freedom”? We’re about to find out,
because, yesterday,
MongoDB declared themselves the arbiter of what “strong copyleft” means.

Understanding MongoDB’s Business Model

To understand the policy threat inherent in MongoDB’s so-called
“Server
Side Public License, Version 1”, one must first understand the
fundamental business model for MongoDB and companies like them. These
companies use copyleft for profit-making rather than freedom-protecting. First, they require full control (either via ©AA or CLA) of
all copyrights in the work, and second, they offer two independent lines of
licensing. Publicly, they provide the software under the strongest
copyleft license available. Privately, the same (or secretly improved)
versions of the software are available under fully proprietary terms. In
theory, this could be
merely selling
exceptions: a benign manner of funding more Free Software code —
giving the proprietary option only to those who request it. In practice
— in all examples that have been even mildly successful (such as
MongoDB and MySQL) — this mechanism serves as a warped proprietary
licensing shake-down: “Gee, it looks like you’re violating the
copyleft license. That’s a shame. I guess you just need to abandon the
copyleft version and buy a proprietary license from us to get yourself out
of this jam, since we don’t plan to reinstate any lost rights and
permissions under the copyleft license.” In other words, this
structure grants exclusive and dictatorial power to a for-profit company as
the arbiter of copyleft compliance. Indeed, we have never seen any of
these companies follow or endorse the Principles of
Community-Oriented GPL Enforcement. While it has made me unpopular with some, I still make no apologies that I have since 2004
consistently criticized this “proprietary relicensing” business
model as “nefarious”, once I started hearing regular reports that MySQL AB (now
Oracle) asserts GPL violations against compliant uses merely to scare
users into becoming “customers”. Other companies,
including MongoDB, have since emulated this activity.

Why Seek Even Stronger Copyleft?

The GNU Affero General Public License (AGPL) has done a wonderful job defending the software freedom of
community-developed projects
like Mastodon
and Mediagoblin.
So, we should answer with skepticism
a solitary
for-profit company coming
forward to claim that “Affero GPL has not resulted in sufficient
legal incentives for some of the largest users of infrastructure software
… to participate in the community. Many open source developers are
struggling with a similar reality”. If the last sentence were on
Wikipedia, I’d edit it to add a Citation Needed tag, as I know
of nomulti-copyright-held or charity-based AGPL’d project
that has “struggled with this reality”. In fact, it’s only a
“reality” for those that engage in proprietary relicensing.
Eliot Horowitz, co-founder of MongoDB and promulgator of their new license, neglects to mention that.

The most glaring problem with this license, which Horowitz admits in his OSI license-review list post, is that there was no community drafting process. Instead, a for-profit company, whose primary goal is to
use copyleft as a weapon against the software-sharing community for the purpose of converting that “community” into paying
customers, published this license as a fait accompli without prior public discussion of the license text.

If this action were an isolated incident by one company, ignoring it is surely the best response. Indeed,
I urged everyone to simply ignore the Commons Clause. Now, we see
a repackaging of the Commons Clause into a copyleft-like box (with reuse of Commons Clause’s text
such as “whose value derives, entirely or substantially, from the functionality of the Software”). Since
both licenses were drafted in secret, we cannot know if the reuse of text was simply because the same lawyer was
employed to write both, or if MongoDB has joined a broader and more significant industry-wide strategy to replace
existing FLOSS licensing with alternatives that favor businesses over individuals.

The Community Creation Process Matters

Admittedly, the history of copyleft has been one of slowly evolving
community-orientation. GPLv1 and GPLv2 were drafted in private, too, by
Richard Stallman and FSF’s (then) law firm lawyer, Jerry Cohen. However, from
the start, the license steward was not Stallman himself, nor the law firm,
but the FSF, a 501(c)(3) charity dedicated to
serve the public good. As such, the FSF made substantial efforts in the
GPLv3 process to reorient the drafting of copyleft licenses as a public
policy and legislative process. Like all legislative processes, GPLv3 was
not ideal — and I was even personally miffed to be relegated to the
oft-ignored “GPLv3 Discussion Committee D” — but the GPLv3 process was
undoubtedly a step forward in FLOSS community license drafting.
Mozilla
Corporation made efforts for community collaboration in redrafting the
MPL, and specifically included the OSI and the FSF (arbiters of the
Open Source Definition and Free Software Definition (respectively)) in
MPL’s drafting deliberations. The modern acceptable standard is a leap rather
than a step forward: a fully public, transparent drafting process with a fully
public draft repository, as the copyleft-next project
has done. I think we should now meet with utmost suspicion any license
that does not use copyleft-next’s approach of “running licensing drafting
as a Free Software project”.

I was admittedly skeptical of that approach at first. What I have seen
six years since Richard Fontana started copyleft-next is that, simply put,
the key people who are impacted most fundamentally by a software
license are mostly likely to be
aware of, and engage in, a process if it is fully public, community-oriented,
and uses community tools, like Git.

Like legislation, the policies outlined in copyleft licenses impact the
general public, so the general public should be welcomed to the
drafting. At Conservancy, we don’t draft our own
licenses⁰, so our contracts with
software developers and agreements with member projects state that the
licenses be both “OSI-approved Open Source” and
“FSF-approved GPL-compatible Free Software”. However, you can
imagine that Conservancy has a serious vested interest in what licenses are
ultimately approved by the OSI and the FSF. Indeed, with so much money
flowing to software developers bound by those licenses, our very charitable
mission could be at stake if OSI and the FSF began approving proprietary
licenses as Open, Free, and/or GPL-compatible. I want to therefore see
license stewards work, as Mozilla did, to make the vetting process easier,
not harder, for these organizations.

A community drafting process allows everyone to vet the license text early and often,
to investigate the community and industry impact of the license, and to probe the license drafter’s intent through the acceptance and rejection of proposed modified text (ideally through a DVCS). With for-profit actors seeking to
gain policy control of fundamental questions such as “what is strong
copyleft?”, we must demand full drafting transparency and frank public
discourse.

The Challenge Licensing Arbiters Face

OSI, FSF, and Debian have a huge challenge before them. Historically, the
FSF was the only organization who sought to push the boundary of strong
copyleft. (Full disclosure: I created the Affero clause while working for
the FSF in 2002, inspired by Henry Poole’s useful and timely demands for a true network
services copyleft.) Yet, the Affero clause was itself controversial. Many complained that it changed the fundamental rules of
copyleft. While “triggered only on distribution, not
modification” was a fundamental rule of the regular GPL, we
as a community — over time and much public debate — decided the Affero clause is a legitimate copyleft, and AGPL was
declared Open Source by OSI
and DFSG-free
by Debian.

That debate was obviously framed by the FSF. The FSF, due
to public pressure, compromised by leaving the AGPL as an indefinite
fork of the GPL (i.e., the FSF did not include the Affero clause in plain GPL. While I
personally lobbied (from GPLv3 Discussion Committee D and elsewhere) for the merger
of AGPL and GPL during the GPLv3 drafting process, I respect the decision
of the FSF, which was informed not by my one voice,
but the voices of the entire community.

Furthermore, the FSF is a charity, chartered to serve the public good
and the advancement of software freedom for users and developers. MongoDB
is a for-profit company, chartered to serve the wallets of its owners.
While MongoDB employees¹ (like those of any other company) should be welcomed on equal footing
to the other unaffiliated individuals, and representatives of companies, charities, and trade-associations to the debate about the
future of copyleft, we should not accept their active framing of that
debate. By submitting this license to OSI for approval without any public
community discussion, and without any discussion whatsoever with the key
charities in the community, is unacceptable. The OSI should now adopt a new requirement for license approval — namely, that licenses without a community-oriented drafting
process should be rejected for the meta-reason of “non-transparent
drafting”, regardless of their actual text. This will have the added
benefit of forcing future license drafters to come to OSI, on their public mailing
lists, before the license is finalized. That will save OSI the painstaking
work of walking back bad license drafts, which has in recent years consumed
much expert time by OSI’s volunteers.

Welcoming All To Public Discussion

Earlier this year, Conservancy announced plans to host and organize
the first annual CopyleftConf.
Conservancy decided to do this because Conservancy seeks to create a truly
neutral,
open, friendly, and
welcoming forum for discussion about the past and future of copyleft as
a strategy for defending software freedom. We had no idea when
Karen and I first mentioned the possibility of running CopyleftConf (during
the Organizers’ Panel at the end of the Legal and Policy DevRoom at FOSDEM
2018 in February 2018) that multiple companies would come forward and seek
to control the microphone on the future of copyleft. Now that MongoDB has
done so, I’m very glad that the conference is already organized and on the
calendar before they did so.

Despite my criticisms of MongoDB, I welcome Eliot Horowitz, Heather Meeker (the law firm lawyer who drafted MongoDB’s new license and the Commons Clause), or anyone else who was involved in the
creation of MongoDB’s new license to submit a talk.
Conservancy will be announcing soon the independent group of copyleft
experts (and critics!) who will make up the Program Committee and will
independently evaluate the submissions. Even if a talk is rejected, I
welcome rejected proposers to attend and speak about their views in the hallway track and
the breakout sessions.

One of the most important principles in copyleft policy that our community
has learned is that commercial, non-commercial, and hobbyist activity³
should have equal footing with regard to rights assured by the copyleft
licenses themselves. There is no debate about that; we all agree that
copyleft codebases become meeting places for hobbyists, companies, charities,
and trade associations to work together toward common goals and in harmony
and software freedom. With this blog post, I call on everyone to continue
on the long road to applying that same principle to the meta-level of how
these licenses are drafted and how
they
are enforced. While we have done some work recently on the latter, not
enough has been done on the former. MongoDB’s actions today give us an
opportunity to begin that work anew.

⁰ While Conservancy does
not draft any main FLOSS license texts, Conservancy does
help
with the drafting of additional permissions upon the request of our
member projects. Note that additional permissions (sometimes called license
exceptions) grant permission to engage in activities that the main license
would otherwise prohibit. As such, by default, additional permissions can
only make a copyleft license weaker, never stronger.

¹
, ³ I originally had
“individual actors” here instead of “hobbyist
activity”, and additionally had expressed poorly the idea of welcoming
individuals representing all types of entities to the discussion. The
miscommunication in my earlier text gave one person the wrong impression that
I believe the rights of companies should be equal to the rights of
individuals. I fundamentally that companies and organizations should not
have rights of personhood and I’ve updated the text in an effort to avoid
such confusions.