January 23, 2020
What did I just agree to?Marc Jones on oddities in OSI-approved licenses
I just got around to watching a recording of Marc Jones’ talk at FOSDEM 2019, “What did I just agree to? A Quick Trip Through the Un-“Popular” Open Source Licenses”. Marc points out a number of oddities, flaws, and curiosities in Open Source Initiative approved licenses. He also provides some interesting statistics on how many approved licenses evidence which types and features.
I wrote up my own warning about the irregularity of OSI approved terms in “Don’t Rely on OSI Approval”. Adding Marc’s observations to my own, my advice remains the same:
Unless your purpose is to track OSI political history or bolster OSI esteem, don’t define “open source” by OSI approval in written rules, and don’t incorporate OSI’s list of approved licenses by reference for consistency or completeness.
In other words: Don’t write rules in contracts, policies, licenses, or other operative terms that rely on Open Source Initiative approval to guarantee any practical license features. Instead, identify the licenses you’ll accept by SPDX identifier or in some other robust way, such as by appending the licenses themselves to your terms.
If you need broader coverage, and don’t want to read a hundred licenses or more, consider incorporating Blue Oak Council’s permissive or copyleft lists by reference. Want only the strongest, popular permissive licenses? Blue Oak silver or better. Want copyleft, but only weak copyleft? Blue Oak’s “weak copyleft family”.
Your thoughts and feedback are always welcome by e-mail.
back to top — edit on GitHub — revision history