-
Notifications
You must be signed in to change notification settings - Fork 278
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New license request: DCL-1.0 [SPDX-Online-Tools] #2453
Comments
{metæffekt} Universe Comment |
@karsten-klein is there something i can do/change to make inclusion easier? i'm not sure exactly what you mean by "including the exception within the id" |
You can see it in the license list. There are two ids CAL-1.0 and CAL-1.0-Combined-Work-Exception which refer to the same underlying license text. In my eyes, this mixes license identification and license application/association. I would hope, that we do not do this for DCL-1.0. |
@karsten-klein can you suggest a concrete example of what you would like it to look like? i'm pretty open to changes if it's just a naming thing |
Let's wait for others to comment. I think your proposed name / identifier is a fit, while I would replace 'v1.0' with just '1.0': 'DecentraLicense 1.0' |
@thedavidmeister - from your comments as to changing things, is this license in the midst of still being drafted or finalized? |
@jlovejoy my comment was that i'd be open to changing the SPDX name if the SPDX maintainers mandate it be changed for inclusion the license is finalized |
@jlovejoy @karsten-klein hey, sorry i'm not really familiar with this repo or process, what is the next step for this? |
@thedavidmeister the discussion still continues. When it is all resolved, somebody will put here comment like this one: #2395 (comment) and then PR can be drafted. |
@xsuchy ok, thanks for the update, i'll wait to hear back |
sorry for the delay @thedavidmeister - and really appreciate the very thorough submission addressing the SPDX License List inclusion guidelines! I'm inclined to add as well, in the same spirit as CAL. As to @karsten-klein comment: he is referring to the situation where the license itself builds in an "exception" that can be triggered by way of a different license notice or some other such identification in the files, while the actual text of the full license remains the same whether the exception is triggered or not. Note that at the top of the DCL license text, it states: SPDX License List has the concept of license expressions and a syntax for such expressions, which included Because CAL-1.0, MPL-2.0, and DCL-1.0 incorporate the exception in the license text itself, we cannot rely on |
back to the question of inclusion and as discussed on 7/25 call: @thedavidmeister - the only reference regarding actual use is: So, I'm guessing b/c it is new, any use is sort of prospective, but not actual yet. If you can point to any actual use, that would be helpful. Otherwise, we may consider holding off on adding as "substantial use" is a key factor. |
@jlovejoy ok, so i can go ahead and see if i can change all the SPDX identifiers in the solidiity, but i suspect something will break somewhere along the line because the DCL identifier doesn't exist in SPDX yet isn't this a bit circular? |
@jlovejoy i'm going off the wording here:
The definitive plans are that I will personally update all the contracts as soon as it lands in SPDX. |
hey @jlovejoy looking for some guidance here i'm reasonably sure that i'll break tooling if i go ahead and reference a license that isn't included yet definitely qualify for "definitive plans" for use as our lawyer is regularly reminding me to update :) if you need some kind of inclusion of the license before it enters SPDX, what would that look like? i could update a LICENSE.txt or something if that helps? |
Summary of discussion on 9/26 legal call: Taking the first question of inclusion: This license has a couple issues in terms of meeting those - 1) it's not a open source license/doesn't meet those definitions b/c it has a restriction on use; and 2) it sounds like one project is planning to use and this is a new project, so "significance" and "substantial" is still TBD. However, not being accepted for the SPDX License List does not mean you can't use a valid SPDX id. We have |
Looking at this one through the lens of the "Other factors" in the SPDX License Inclusion Principles:
In light of this, I agree I wouldn't be inclined to add this to the list in its present state. If there were much broader usage (now or in the future), I might view it differently. All that said, I would also echo @jlovejoy's point above that the |
1. License Name: DecentraLicense v1.0
2. Short identifier: DCL-1.0
3. License Author or steward: Rain open source software Ltd
4. Comments: A. The submitted license must not match another license already on the SPDX License List as per the SPDX matching guidelines.
Decentralicense is modified from Cryptographic Autonomy License version 1.0 which is already in the SPDX list.
The diff between the two licenses can be seen at https://github.com/rainlanguage/decentralicense/pull/1/files
We consulted with the authors of CAL before making the modifications.
B. All OSI-approved licenses will be included on the SPDX License List.
CAL-1.0 is OSI approved but Decentralicense is not (has not been submitted or attempted to be included).
C. Software licenses that apply only to executables and do not provide for the availability of the source code will not be included on the SPDX License List.
Decentralicense explicitly requires all source code (as part of the system "rules") be public and in a human comprehensible form.
D. The license has identifiable and stable text; it is not in the midst of drafting.
The license is stable, it is being submitted to SPDX because rainlang (smart contract language https://rainlang.xyz/) is migrating from CAL-1.0 to Decentralicense.
E. The license steward, if any, is committed to not modifying after addition to the list and to versioning new versions in the future.
Decentralicense is in github and versioned as 1.0 already. It will not be modified without a new version.
Broadly decentralicense is very open. However, it seeks to define relationships between users (i.e. end users must retain exclusive access over their own private cryptographic keys), and in defining it implicitly restricts the domain in which the license makes sense to use. Some of the open source definitions (e.g. OSI) require the license to be technology agnostic, so decentralicense could potentially fail to meet that bar.
However, CAL-1.0 makes similar definitions and restrictions under clauses 4.2.x and is OSI approved, so I really cannot say whether decentralicense would be considered comparable or incompatible with OSI without formally submitting it.
Regardless, decentralicense would comply with other definitions in the list, such as https://opendefinition.org/od/2.1/en/
The license is not specific at all.
This is a new license, it will be used by https://rainlang.xyz/ smart contract language, DEX and other ecosystem platforms built on/with rainlang.
We believe the licence complies with at least one definition of open source.
Yes, the license steward not only supports, but would love to use DCL-1.0 directly from SPDX in their tooling.
5. License Request Url: http://tools.spdx.org/app/license_requests/364
6. URL(s):
7. OSI Status: Not Submitted
8. Example Projects:
8. License Text Diff: https://github.com/spdx/licenseRequestImages/blob/master/fcf3af0d-f08a-4a5b-bffb-a67d4b026abb.png
Note:
The license closely matched with the following license ID(s): CAL-1.0-Combined-Work-Exception
The text was updated successfully, but these errors were encountered: