1. Main
  2. Messages

Licensing Spec: Revisit Definitions 2.4 - Open Source

Shane Coughlan
 

During the North America / Asia monthly call January 2023 we had a solid discussion on this issue:
https://github.com/OpenChain-Project/License-Compliance-Specification/issues/63

Context:

== Current ==

2.4 - open source
software subject to one or more licenses that meet the Open Source Definition published by the Open Source Initiative (see opensource.org/osd) or the Free Software Definition published by the Free Software Foundation (see gnu.org/philosophy/free-sw.html) or similar license

== Discussion ==

tl;dr: the market has evolved over time and there are new types of license that are similar to traditional open source. Let's discuss what that means for us, and whether other / expanded definitions may be beneficial.

== Outcomes as per this call ==

The discussion built on previous discussion on North America / Europe January 2023 call.
Outcomes:
• The current approach in the licensing specification appears to reflect the market reality that companies are dealing with;
• This is because it sets a baseline for general expectations (OSD or FSD) while allowing for the fact that companies will be dealing with similar or adjacent licenses that are similar but not included in these definitions;
• The text use there is: "software subject to one or more licenses that meet the Open Source Definition published by the Open Source Initiative (see opensource.org/osd) or the Free Software Definition published by the Free Software Foundation (see gnu.org/philosophy/free-sw.html) or similar license" (See Section 2.4)
• It is acknowledged that this means an imperfect match between what everyone will call open source;
• But those market or individual organization differences fit into the complexity of the actual market.
As such, the main outcome of the discussion was that main consideration for us is the harmonization between the licensing and security specs, and in this context, using the language from the market proved licensing spec (including "or similar license") appears to be the best way forward.
This issue is not being closed immediately to allow for further comments. Comments by next North America / Europe call (Feb 2023) please.

Please leave the comments here: OpenChain-Project/Security-Assurance-Specification#20
Join main@lists.openchainproject.org to automatically receive all group messages.