[RFC] What license should we release DMS software using?

Draco · May 14, 2018, 7:41pm

As it stands right now there are no licenses on the DMS GitHub for many of the projects have I have look at.
This means that other people and makerspaces have no legal way to use our products for their spaces.

There are many open source license available to choose from…

I’m inclined to MIT License, BSD License and Apache License.
But since it is a legal thing, the board will need to approve them.
Also, do we need to get each person that developed part of each of the softwares to sign off on it?

Here is the software we have available for download on the DMS GitHub currently

Here is a comparison of all the different open-source licenses

What do you think? @LukeStrickland

Draco · May 14, 2018, 8:07pm

Here are the top 20 license …

Apparently, the Apache License URL in the above was mistyped … here it is

https://www.apache.org/licenses/

Brian · May 14, 2018, 8:21pm

DMS cannot legally use such things. Copyright is granted to the original author at creation. Unless the original author takes action that persists even after the original author dies.

Draco · May 14, 2018, 8:28pm

These are projects that DMS created. Some I know we paid to have someone create. I think they are all owned by DMS. It is just if we have them out there on GitHub to help other people and makerspaces we need to be able to release them with a license. Or perhaps I am not understanding what you are saying?

Bill · May 14, 2018, 9:19pm

When an individual does work for an organization, whether for pay or not, the rights can be assigned to that organization.

We need to be sure that any volunteers assign the rights to DMS.

Draco · May 14, 2018, 9:20pm

If DMS doesn’t have rights for it, we shouldn’t distributing it on GitHub either.

Bill · May 14, 2018, 9:24pm

Might the act of the original author putting it up on DMS’ GitHub without personal license terms indicate relinquishing those rights?

Draco · May 14, 2018, 9:26pm

Well, they had full knowledge that it is DMSs GitHub Account. If they didn’t want us to have it, why copy it to our GitHub? Why not just provide a link to their GitHub? I don’t know if that is a legal standard however…

Brian · May 14, 2018, 9:52pm

I suggest focusing on…

• Settle on a blanket license agreement (thank you @Draco for taking the lead!)

• Get each author who has already contributed to agree to the license

• Ensure future authors agree to the license

In other words, @Draco, please focus on finding a blanket license agreement. The rest can come after.

Brian · May 14, 2018, 11:25pm

…lacks attribution which is a motivator for some. Using that license reduces the number of people who will contribute.

GPL reduces the number of people who will contribute because of it’s poisonous nature (once GPL always GPL).

Something like clause 3 of BSD…

…is important in protecting DMS.

Artistic License has a no-distribution clause for modified work. There is no way we can enforce that. (And other objections.)

LGPL confuse nearly everyone.

Apache 2 looks like it addresses all my concerns. That’s my vote.

Draco · May 14, 2018, 11:27pm

I’m going through each GitHub repository that we have and noting if it has a license, what it is, who is the copyright holder
If it doesn’t have a license, who the contributors are. I will provide the list here when I get it finished.

william_petefish · May 15, 2018, 8:48am

My vote: the Beerware License. (my default)

redroosterkey · May 15, 2018, 1:12pm

My non-professional understanding of this is that unless someone makes a claim to the work, the point is moot. This is all really just legal protection in the event you are facing a lawsuit.

Having said that, I know google requires you to sign a release before they will accept a pull request on their open source projects. https://cla.developers.google.com/about

I’m wondering if us having them write some comment on the pull request saying, “I grant distribution and use rights” is sufficient.

And I again re-emphasize what my friends in law school told me all the time:
IANAL (I Am Not A Lawyer)
and this is not legal advice

redroosterkey · May 15, 2018, 1:15pm

Also many of google’s project have a file called CONTRIBUTING.MD that describes what is required of contributers.

e.g. https://github.com/google/keytransparency/blob/master/CONTRIBUTING.md

denzuko · May 15, 2018, 2:47pm

Since the majority of our applications are written in cakephp which also uses the MIT license we really should be considering to use that or the BSD simplified licence.

Personally I’m a proponent of the bsd simplified.

Now I’m fairly sure at one point I’ve gone though each project and updated their README.md, licences, and added a .github which included the extra bits. There should also be some integration with ticket management bots, travis-ci and coveralls.

I’d suggest checking though commit logs to see where these changes have been made. While we’re at it we may want to create a base template repo which includes a standardized boilerplate project so we do not always have to recreate everything with new repositories.

Draco · May 15, 2018, 3:12pm

Wait, you have changed the licenses on software you didn’t write? Which repositories?

denzuko · May 15, 2018, 3:15pm

here’s another reason why helpdesk is on github. Have you tried to use thier api?

curl -sSLk https://api.github.com/orgs/Dallas-Makerspace/repos | jq '[ .results[] | { repo: .full_name, license: .license }]

[
  {
    "license": null,
    "repo": "Dallas-Makerspace/Near-Space-Balloon"
  },
  {
    "license": {
      "url": null,
      "spdx_id": null,
      "name": "Other",
      "key": "other"
    },
    "repo": "Dallas-Makerspace/Voting"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/ThrICE-Access-Control"
  },
  {
    "license": {
      "url": "https://api.github.com/licenses/agpl-3.0",
      "spdx_id": "AGPL-3.0",
      "name": "GNU Affero General Public License v3.0",
      "key": "agpl-3.0"
    },
    "repo": "Dallas-Makerspace/Inventory"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/Badges"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/Account-Management"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/Repeater-Controller"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/Dizzy-Fling"
  },
  {
    "license": {
      "url": null,
      "spdx_id": null,
      "name": "Other",
      "key": "other"
    },
    "repo": "Dallas-Makerspace/ToDo"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/DSMART"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/RFID-Interlock"
  },
  {
    "license": {
      "url": "https://api.github.com/licenses/mit",
      "spdx_id": "MIT",
      "name": "MIT License",
      "key": "mit"
    },
    "repo": "Dallas-Makerspace/Pinball"
  },
  {
    "license": {
      "url": "https://api.github.com/licenses/gpl-2.0",
      "spdx_id": "GPL-2.0",
      "name": "GNU General Public License v2.0",
      "key": "gpl-2.0"
    },
    "repo": "Dallas-Makerspace/DMSSimpleInventory"
  },
  {
    "license": {
      "url": "https://api.github.com/licenses/bsd-2-clause",
      "spdx_id": "BSD-2-Clause",
      "name": "BSD 2-Clause \"Simplified\" License",
      "key": "bsd-2-clause"
    },
    "repo": "Dallas-Makerspace/makermanager"
  },
  {
    "license": {
      "url": "https://api.github.com/licenses/mit",
      "spdx_id": "MIT",
      "name": "MIT License",
      "key": "mit"
    },
    "repo": "Dallas-Makerspace/3dFabOctoUI"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/weather-station"
  },
  {
    "license": {
      "url": "https://api.github.com/licenses/mit",
      "spdx_id": "MIT",
      "name": "MIT License",
      "key": "mit"
    },
    "repo": "Dallas-Makerspace/ansible-training"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/calendar"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/dms-discord-bot"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/runbooks-ipam"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/ad-lookup-kiosk"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/dockerlabs"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/PKI"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/solaris-ui"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/jaas"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/applications-as-a-service"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/guide"
  },
  {
    "license": {
      "url": "https://api.github.com/licenses/cc0-1.0",
      "spdx_id": "CC0-1.0",
      "name": "Creative Commons Zero v1.0 Universal",
      "key": "cc0-1.0"
    },
    "repo": "Dallas-Makerspace/tracker"
  },
  {
    "license": null,
    "repo": "Dallas-Makerspace/rfid-lock"
  },
  {
    "license": {
      "url": "https://api.github.com/licenses/bsd-2-clause",
      "spdx_id": "BSD-2-Clause",
      "name": "BSD 2-Clause \"Simplified\" License",
      "key": "bsd-2-clause"
    },
    "repo": "Dallas-Makerspace/presentations"
  }
]

denzuko · May 15, 2018, 3:15pm

Wait, you have changed the licenses on software you didn’t write? Which repositories?

Didn’t change, only added.

Draco · May 15, 2018, 3:19pm

Did you get the contributors to sign off on that?

denzuko · May 15, 2018, 5:05pm

are we making the assumption that these were actively being worked on by anyone other than myself?