Amending RFC40 to remove custom 0BSD license
Yo, Today I noticed that the "License package sources" RFC contained an amended 0BSD license that added a two paragraph exception for patch files and other auxiliary files. The purpose of this change is to ensure the license is not covering other files in the repository that the author can't license from the upstream. See: https://rfc.archlinux.page/0040-license-package-sources/ While this is a practical problem that needs to be solved, we should not be doing that through additional text in a FSF- and OSI approved license. This essentially makes it a custom license that is not really going to detected as 0BSD from external sources, and runs against the original goal of removing legal uncertainty. As the change, and by extension the problem itself, is not mentioned in the text it came as a surprise to me that it was done. What I think is more proper is to remove these two lines from the proposed license file, and move this to a separate RFC that would cover a use of the REUSE specification, or SPDX license identifiers. This would serve the same purpose as the Debian `copyright` files, while also being standardized. I have written a proposed amendment to the text that I hope people find okay. https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/49 *Please note that any licenses already added to the repository needs to be amended.* My goal is to write up a RFC for the REUSE/SPDX part of this before the current 3 month timeline where we'll start adding licenses to ensure we don't prolong the process. If people are curious how this would look like, I annotated the `usd` package as an example. https://gitlab.archlinux.org/foxboron/usd/-/tree/morten/reuse See the spec for more details: https://reuse.software/spec-3.2/ Cheers! -- Morten Linderud PGP: 9C02FF419FECBE16 signature.asc Description: PGP signature
Re: Amending RFC40 to remove custom 0BSD license
On 03.01.25 21:07, Morten Linderud wrote: Yo, Today I noticed that the "License package sources" RFC contained an amended 0BSD license that added a two paragraph exception for patch files and other auxiliary files. The purpose of this change is to ensure the license is not covering other files in the repository that the author can't license from the upstream. See: https://rfc.archlinux.page/0040-license-package-sources/ While this is a practical problem that needs to be solved, we should not be doing that through additional text in a FSF- and OSI approved license. This essentially makes it a custom license that is not really going to detected as 0BSD from external sources, and runs against the original goal of removing legal uncertainty. As the change, and by extension the problem itself, is not mentioned in the text it came as a surprise to me that it was done. What I think is more proper is to remove these two lines from the proposed license file, and move this to a separate RFC that would cover a use of the REUSE specification, or SPDX license identifiers. This would serve the same purpose as the Debian `copyright` files, while also being standardized. I have written a proposed amendment to the text that I hope people find okay. https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/49 *Please note that any licenses already added to the repository needs to be amended.* My goal is to write up a RFC for the REUSE/SPDX part of this before the current 3 month timeline where we'll start adding licenses to ensure we don't prolong the process. If people are curious how this would look like, I annotated the `usd` package as an example. https://gitlab.archlinux.org/foxboron/usd/-/tree/morten/reuse See the spec for more details: https://reuse.software/spec-3.2/ Cheers! As per the discussion on IRC, I think this suggestion makes sense. I agree that the custom 0BSD change should have been called out in the RFC. I'm ok with changing the RFC text since it's kind of an implementation detail to make sure we are in line with the original intent of the RFC. However, we need to make sure people are on-board with this as not a trivial RFC change and I don't think we've done this before. Thanks for doing the mockup on usd, really helps to visualize how this would look. OpenPGP_signature.asc Description: OpenPGP digital signature
Re: Amending RFC40 to remove custom 0BSD license
On January 3, 2025 3:00:06 PM CST, Sven-Hendrik Haase wrote: >On 03.01.25 21:07, Morten Linderud wrote: >> Yo, >> >> Today I noticed that the "License package sources" RFC contained an amended >> 0BSD >> license that added a two paragraph exception for patch files and other >> auxiliary >> files. The purpose of this change is to ensure the license is not covering >> other >> files in the repository that the author can't license from the upstream. >> >> See: https://rfc.archlinux.page/0040-license-package-sources/ >> >> While this is a practical problem that needs to be solved, we should not be >> doing that through additional text in a FSF- and OSI approved license. This >> essentially makes it a custom license that is not really going to detected as >> 0BSD from external sources, and runs against the original goal of removing >> legal >> uncertainty. >> >> As the change, and by extension the problem itself, is not mentioned in the >> text >> it came as a surprise to me that it was done. >> >> What I think is more proper is to remove these two lines from the proposed >> license file, and move this to a separate RFC that would cover a use of the >> REUSE specification, or SPDX license identifiers. This would serve the same >> purpose as the Debian `copyright` files, while also being standardized. >> >> I have written a proposed amendment to the text that I hope people find okay. >> >> https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/49 >> >> >> *Please note that any licenses already added to the repository needs to be >> amended.* >> >> >> My goal is to write up a RFC for the REUSE/SPDX part of this before the >> current >> 3 month timeline where we'll start adding licenses to ensure we don't prolong >> the process. >> >> If people are curious how this would look like, I annotated the `usd` >> package as >> an example. >> >> https://gitlab.archlinux.org/foxboron/usd/-/tree/morten/reuse >> >> See the spec for more details: https://reuse.software/spec-3.2/ >> >> Cheers! >> > >As per the discussion on IRC, I think this suggestion makes sense. I agree >that the custom 0BSD change should have been called out in the RFC. > >I'm ok with changing the RFC text since it's kind of an implementation detail >to make sure we are in line with the original intent of the RFC. However, we >need to make sure people are on-board with this as not a trivial RFC change >and I don't think we've done this before. > >Thanks for doing the mockup on usd, really helps to visualize how this would >look. I second this. The usd mockup looks good as well. Campbell
Re: Amending RFC40 to remove custom 0BSD license
On 03.01.25 at 21:07 (UTC+0100), Morten Linderud wrote: > Yo, > > Today I noticed that the "License package sources" RFC contained an amended > 0BSD > license that added a two paragraph exception for patch files and other > auxiliary > files. The purpose of this change is to ensure the license is not covering > other > files in the repository that the author can't license from the upstream. > > See: https://rfc.archlinux.page/0040-license-package-sources/ > > While this is a practical problem that needs to be solved, we should not be > doing that through additional text in a FSF- and OSI approved license. This > essentially makes it a custom license that is not really going to detected as > 0BSD from external sources, and runs against the original goal of removing > legal > uncertainty. > > As the change, and by extension the problem itself, is not mentioned in the > text > it came as a surprise to me that it was done. > > What I think is more proper is to remove these two lines from the proposed > license file, and move this to a separate RFC that would cover a use of the > REUSE specification, or SPDX license identifiers. This would serve the same > purpose as the Debian `copyright` files, while also being standardized. > > I have written a proposed amendment to the text that I hope people find okay. > > https://gitlab.archlinux.org/archlinux/rfcs/-/merge_requests/49 > > > *Please note that any licenses already added to the repository needs to be > amended.* > > > My goal is to write up a RFC for the REUSE/SPDX part of this before the > current > 3 month timeline where we'll start adding licenses to ensure we don't prolong > the process. > > If people are curious how this would look like, I annotated the `usd` package > as > an example. > > https://gitlab.archlinux.org/foxboron/usd/-/tree/morten/reuse > > See the spec for more details: https://reuse.software/spec-3.2/ > > Cheers! I think changing the license text in the RFC is ok. It does not change anything from the perspective of contributors as the same conditions apply to their contributions. I have one question about REUSE: does the specification allow wildcards, such as `path = ["*.patch"]`? It would be nice if we could set it up just once per project and not have to think about it when adding or removing patches. Cheers, Jakub signature.asc Description: PGP signature
