AFL Licenses prior to 3.0 inconsistent OSI Approved

[goneall]

The Academic Free Licenses versions 1.0, 1.1, 2.0, and 2.1 are marked as OSI approved in the license list, however, these licenses do not show up on the OSI list of approved licenses.

If there is agreement we should remove the OSI approved from these licenses, I can create a PR.

[seabass-labrax]

A quick grep of the OSI's license-discuss and license-review mailing list archives doesn't yield even but a mention of older versions of the AFL, let alone an approval status! The isOsiApproved field in the source files also predates our move to the XML format, so there's no Git history to look back in.

Unless anyone has evidence to the contrary, I'd concur with you that the isOsiApproved fields should be set to false.

[seabass-labrax]

The Wayback Machine (following the crossRef links in our XML files) seems to indicate that the OSI had approved the earlier versions, but after each new release of the license had removed any mention of the previous version by overwriting their webpage.

The plot thickens! :)

[goneall]

The Wayback Machine (following the crossRef links in our XML files) seems to indicate that the OSI had approved the earlier versions

That is interesting. There are other licenses on the OSI website where they maintained the previous versions. I wonder why the difference? Is this a conscious decision by the OSI to drop support of the previous versions of the license and we should update our OSI flag in SPDX, or is this just an artifact of how they are maintaining their website?

If anyone has a contact at OSI - it would be interesting to get their read on this issue.

[vmbrasseur]

I've emailed the l-d list asking for information. If that doesn't work then maybe contacting Pamela or Fontana directly could help.

[seabass-labrax]

I've emailed the l-d list asking for information. If that doesn't work then maybe contacting Pamela or Fontana directly could help.

Thank you, @vmbrasseur! It seems the OSI's API doesn't mention the earlier version either; I'm very intrigued to hear their response on the list.

[vmbrasseur]

Larry Rosen, author of the ASL licenses, has chimed in with information:

Vicky and others,

Those earlier versions of AFL and OSL were approved by the OSI board at the time, mostly because those licenses were specifically written to the requirements stated by various members (then) of the OSI board. They wanted very strong patent protection, for example, but when those early versions of the licenses were approved, the outcry from certain companies (Google and IBM, in particular) and their attorneys was intense.

So my role, as OSI's attorney, was to "negotiate" something tolerable by all parties.

The results were AFL/OSL 3.0, but then the religious dogmatism of the GPL folks, and the objections of Google to the specific reciprocal provision in the OSL, made me realize that obtaining widespread consensus to any license would be impossible. Their rejections of the licenses simply became more intense over the next few years, and the community at large continued to propose new licenses that made every form of consensus more impossible. New licenses were proposed and approved constantly.

I gave up promoting new licenses (except for the Non-Profit OSL 3.0 requested by IETF for their software), particularly when it was clear that some members of the OSI board at the time (Eric Raymond specifically) wanted me to include provisions (about "joint works") that I thought would be illegal if included.

I wrote my book and then I resigned from the OSI entirely.

I stand behind AFL and OSL and NOSL versions 3.0. They remain my not-so-humble attempt to create licenses that would generally please the community, but asking lawyers and open source advocates to converge on a consensus is impossible.

McCoy: That is why I seldom comment on this list. As I got older I began to better appreciate futility.

/Larry

Lawrence Rosen
707-478-8932
3001 King Ranch Rd., Ukiah, CA 95482

So it appears that earlier versions were approved and are superseded by v3.0.

The full details are in the l-d thread.

[goneall]

@vmbrasseur Thanks for update!

So, based on this, should we remove this OSI approved from the AFL licenses prior to 3.0?

[vmbrasseur]

These licenses are probably still out there in the wild, so removing might not be the right approach. Do we have a process for handling superseded licenses?

[seabass-labrax]

In general, we wouldn't want to remove them from the SPDX License List altogether; in this case it's more whether or not the 'OSI-approved' metadata is appropriate for these older licenses. I think I would personally lean towards leaving them listed as OSI-approved: Larry confirmed that they were at one point approved, and I haven't come across any announcement to say that the approval status was later revoked by the OSI. Maybe we should bring this up at a future Legal Team meeting (the next one is on the 16th of September) - what do you think, @vmbrasseur, @goneall?

[vmbrasseur]

+1 to leaving them as-is, unless we have a way to mark them as superseded in which case do that. (I confess I haven't looked into it yet)

Generally in favour of covering it on the next call, with the caveat that Thursday the 16th is the day of OSI's POSI conference so I won't be at the Legal Team meeting that day. Thankfully, though, I'm not required for this conversation. :-)

[goneall]

My opinion is that it depends on if OSI intended to remove OSI approvals for the previous versions of AFL.

My reading of Larry's response above was that the previous versions were consciously removed after 3.0 came out, making them no longer OSI approved. I may be wrong on this, however.

Note that other licenses with multiple versions retain their OSI approval status on the OSI license page.

If indeed, these earlier versions of AFL are no longer approved, I believe we should remove the OSI approved flag.

For the next legal call, perhaps we could clarify the meaning of OSI approved and what we should do with that flag if OSI changes it's collective mind and decides it no longer approves a particular license.

Here's the current definition of the isOsiApproved XML attribute as documented in the XML schema:

<xhtml:code>isOsiApproved</xhtml:code> is true if and only if the license is approved by Open Source Initiative as listed <xhtml:a href="https://opensource.org/licenses">here</xhtml:a>.

Note that if we go by this definition, it should be removed since those licenses are not listed on the opensource.org/licenses page.

A second topic would be if we think the the removal of the old AFL versions from their website represents removing approval for those licenses.

[jlovejoy]

oh dear, I didn't see this lengthy discussion until now. We (well, mostly me from the SPDX side and a few people on the OSI side) spent a lot of time covering this topic when we were ensuring SPDX had all OSI-approve licenses on the SPDX License List way back in 2011. This issue of older licenses no longer appearing on the OSI site came up a few time (for these licenses and others) and the answer was that OSI does not (or has not to date) "un" approved licenses it previously approved. Their website has changed a lot over the years and it has never seemed to be a full and accurate reflection of every license ever approved (unfortunately).

Incidentally, the answer to these questions are probably in the SPDX-legal mailing list archives :)

Having already been down this road before, I would leave everything as it is. If, at some point in the future, OSI decides to officially "un-approve" licenses, then we will cross that bridge.

[goneall]

Based on @jlovejoy description above, it looks like we leave this as is and close this issue.

OSI is re-activating a project to maintain a machine readable version of their list of OSI approved licenses. I've added an issue for their repo to include previous versions of AFL and closing this issue.

If I get feedback from OSI that they are no longer approved from the new issue, I'll reopen this with the new information.