[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

FYI: Zope Public License 1.1 vague, contradictory, and not DFSG-free



Version 1.1 of the Zope Public License was recently released.  It has a
lot of problems.

http://www.zope.org/Resources/ZPL

First, the license text itself:

"Copyright (c) Zope Corporation. All rights reserved."

If that refers to the text of the license itself, I may be violating the
license on the license text itself by quoting it for critical purposed.
Of course, in a society where Fair Use is recognized, that's not the
case, but I'm not sure the United States is such a society these days.
However, that's beyond the scope of this mail.

"This license has been certified as open source."

By whom?  By OSI?  I don't think this is the language OSI has in mind.

Quoting from http://www.opensource.org/docs/certification_mark.html:

"The OSI Certified mark applies to software, not to licenses. What people
really want to know is that a package consisting of software together
with its accompanying license is an open source distribution. Also,
licenses alone probably wouldn't qualify as "goods", which is what the
U.S. Patent and Trademark Office registers certification marks for.
However, software authors obviously have to be able to identify their
distributions as OSI Certified Open Source software, when appropriate,
without asking us ("self-certification")."

Although one can never be sure what exactly the Open Source Inititive
will certify from day to day,
http://www.opensource.org/licenses/index.html does not currently list
the ZPL.

It is not neighborly of the Zope Corporation, Inc., to mispresent their
license as being approved by anyone at this point, since they just
released version 1.1 on September 4th.

However, my concern for the moment is whether the license is DFSG-free.
It is my assesssment that it is not:

	Redistribution and use in source and binary forms, with or
	without modification, are permitted provided that the following
	conditions are met:

	1) Redistributions in source code must retain the above
	copyright notice, this list of conditions, and the following
	disclaimer.

	2) Redistributions in binary form must reproduce the above copyright
	notice, this list of conditions, and the following disclaimer in the
	documentation and/or other materials provided with the distribution.

So far, so good.  Standard BSD fare.

	3) All advertising materials and documentation mentioning
	features derived from or use of this software must display the
	following acknowledgement:

	 "This product includes software developed by Zope Corporation
	 for use in the Z Object Publishing Environment
	 (http://www.zope.org/)."

	  In the event that the product being advertised includes an
	  intact Zope distribution (with copyright and license included)
	  then this clause is waived.

What constitutes an "intact" Zope distribution is not clear.  Is it just
including the copyright and license?  Clauses 1) and 2) already forbid
distributing zope without "the above copyright notice, this list of
conditions, and the following disclaimer"?  If so, then clause 3) is
always waived because you have to already be breaking clauses 1) or 2)
for 3) to pertain to you.  Otherwise, what is an "intact Zope
distribution"?  The license does not define this term.

The above does not render the license non-DFSG-free, but it might be
regarded as dangerously vague, and it is evidence of a sloppily-written
license.

	4) Names associated with Zope or Zope Corporation must not be
	used to endorse or promote products derived from this software
	without prior written permission from Zope Corporation.

Standard BSD fare, and unproblematic.

	5) Modified redistributions of any form whatsoever must retain
	the following acknowledgment:

	 "This product includes software developed by Zope Corporation
	 for use in the Z Object Publishing Environment
	 (http://www.zope.org/)."

	  Intact (re-)distributions of any official Zope release do not
	  require an external acknowledgement.

What is an "intact (re-)distribution" of Zope?  What distinguishes an
official Zope release from an unofficial one?  What distinguishes an
"internal" acknowledgement from an "external" acknowledgement?  What do
these terms mean?

Now here's the clincher:

	6) Modifications are encouraged but must be packaged separately
	as patches to official Zope releases. Distributions that do not
	clearly separate the patches from the original work must be
	clearly labeled as unofficial distributions. Modifications which
	do not carry the name Zope may be packaged in any form, as long
	as they conform to all of the clauses above.

"Modifications...must be packaged separately as patches to official Zope
releases."  This fails DFSG 4:

"The license may restrict source-code from being distributed in modified
form _only_ if the license allows the distribution of "patch files" with
the source code for the purpose of modifying the program at build time."

By requiring that modifications be "packaged separately", i.e., not
"with the source code", the ZPL 1.1 fails DFSG 4.

Note that "Modifications must be packaged separately as patches to
official Zope releases." is an absolute statement.  It does not say
"except as permitted elsewhere is this license document", or words to
that effect.

Furthermore, we again have the question of "what is an official Zope
release?".  "Distributions that do not clearly separate the patches from
the original work must be clearly labeled as unofficial distributions."
Well, that's great, but we were just told that we can't modify an
official Zope release except as a separated patch.  This is reminiscent
of the DMCA; proponents of the law claim that Fair Use rights are not
compromised by the law, even if manufacturers put technological measures
in place that render the exercise of Fair Use rights impossible.  The
ZPL gives me no way to get from an official Zope release with separately
packaged modifications to an unofficial one, and furthermore does not
define exactly what an unofficial Zope release is.

"Modifications which do not carry the name Zope may be packaged in any
form, as long as they conform to all of the clauses above."

Another impossible clause, because I also am required to state that
"This product includes software developed by Zope Corporation for use in
the Z Object Publishing Environment."  That "carries the name Zope",
doesn't it?  Furthermore, even if that doesn't count as carrying the
name, in the previous sentence, if I somehow make an unofficial
distribution -- which doesn't carry the name Zope -- what I distribute
must be clearly labeled as [an] unofficial distribution"...of what?
Zope?  Damn, there I go carrying the name again.

The remainder of the license (the Disclaimer) is standard no-warranty
fare and not objectionable.

I think the intentions of the author this license might ultimately be
DFSG-free, though he may not really want to comply with DFSG 4, and
clause 3) is a copy of a clause that the University of California
withdrew from all Berkeley Software distribution code, and furthermore
the license author renders his own advertising clause ineffective as I
discussed above.

I suggest that all software licensed under version 1.1 of the ZPL be
restricted from entering main.  I'm willing to propose changes to the
above license that will render it DFSG-free (to say nothing of much less
ambiguous), if the Zope Corporation is willing to listen.

As a first approximation, I would strike the copyright from the license
document itself, if for no other reason than it is obviously a
derivative work of the BSD license; strike the bit about it being an
"open source" license; strike clauses 3), 5), and 6)
completely; and add a new clause that defines what an "official
distribution of Zope" is, and requires an indication of modifications to
official distributions to be placed in the license text of modified
distributions, and elsewhere at the (re-)distributor's discretion.  The
Zope Corporation, Inc., will probably find that organizations like
Debian are happy to denote the modified status of their versions.

Comments?

-- 
G. Branden Robinson                |     Q: How does a Unix guru have sex?
Debian GNU/Linux                   |     A: unzip;strip;touch;finger;mount;
branden@debian.org                 |        fsck;more;yes;fsck;fsck;fsck;
http://people.debian.org/~branden/ |        umount;sleep

Attachment: pgpYHucTF3i8N.pgp
Description: PGP signature


Reply to: