[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Yahoo! DomainKeys license



Magnus Holmgren wrote:

> OK, another stab at this beast!
> 
> I've been in contact with Mark Delany, the Yahoo! engineer that wrote the
> draft and administrates the DomainKeys SourceForge project. HINAL though,
> AFAIK.
> 
> On Saturday 17 June 2006 19:41, Joe Smith took the opportunity to say:

<snip>
>>
>> Below is my initial analysis of the licence. The licence url is:
>> http://domainkeys.sourceforge.net/license/softwarelicense1-1.html, and I
>> have included a complete copy at the end of this message.
>>
>> Ok, 1.1 does not seem to grant the right to sell the code/program. 
>> Section 1.2 grants the right to sell "for the sole purpose of
>> implementing a sender verification solution in connection with e-mail.".
>> I'm not sure if limiting the scope of Sale is allowed by the DFSG or not.
> 
> But section 1.1 grants the right to modify and distribute the code.
> Without an explicit limitation that must mean that one can charge any
> consideration for it. Section 1.2 grants the right to infringe on the
> patents with the code (and modifications to it) insofar it's needed to
> implement a sender verification solution etc. But that's a patent license,
> and that can't be directly connected to the code. They also license their
> patent claims under their Patent License v 1.2, which says nothing about
> any particular code. Anyway, section 1.2 can't limit the ways the code can
> be used with respect to copyright, you can't expect them to completely
> waive their patents, and the impact of patents on DFSG-freeness has
> already been discussed at length.
> 
>> I'm slightly concerned that the "specification" is an Internet-Draft.
>> More distubing is that the Licence give a URL for the Draft, but the URL
>> does not work.
>> Section 3.3 says "You must create Your own product or service names or
>> trademarks for Your Licensed Code and You agree not to use the term
>> "DomainKeys" in or as part of a name or trademark for Your Licensed
>> Code.". This may be a problem, considering the name of the package.

Actually this is a weird restriction.  Suppose I don't want *any* product
or service names or trademarks, and I want to use the code in an anonymous
fashion.  Must I invent a trademark?  :-/

> According to Mark Delany it's OK to call the package that as long as the
> source code is unmodified. The DFSG specifically allows licenses that
> require name changes if the code is modified.
> 
>> Section 3.5 is a you must obey the laws section.
>>
>> Section 3.8 is choice of law and venue.
> 
> Yes, those are the problematic ones. Instances of both have been discussed
> here and are disliked by many,

We're all OK with choice of law if it seems to be a reasonable legal system
(we'd probably be disturbed by "This license shall be interpreted under the
laws of the Taliban").  Choice of venue is generally considered
unacceptable because it allows nuisance lawsuits by the license issuer, and
specifically allows the license issuer to drag the licensee to strange
faraway courts to defend him/herself.

> but was there consensus as to whether such 
> clauses go against the DFSG? DFSG 6 perhaps, if "breaking the law" is
> a "Fields of Endeavor".

"civil disobedience" perhaps would be a better description.  I don't know
whether this is DFSG-free or not.  It probably is, but it's not very
friendly.

> OK, choice of venue can be nasty, but at least one 
> is entitled to get legal notice and a chance to respond in writing before
> having to physically appear before the court for oral deliberations?

Is that true everywhere?  I hope so but I don't know.

>> It looks like Yahoo was indeed trying to create a a Free licence, or at
>> least an Open-Source licence. However, it clearly fails the part 10 of
>> the OSD (it is not technology nutral, as it is specific to e-mail), and
>> is quite likely to be running afoul of the DFSG.
> 
> It should at least be uploadable to non-free. But in that case Exim can't
> be linked with it unless Exim is moved to contrib, which is unacceptable.
> Seeing as DomainKeys is experimental and even obsolete already, but still
> not replaced with DKIM at Yahoo (for instance), the value of these
> packages can be questioned. OTOH, DKIM is still experimental too. I think
> it can make sense to include DomainKeys packages in Etch and drop them
> again for the next release.

I found one more problem, a big one.

>> 3.4. You may choose to distribute Licensed Code or modifications under
>> this Agreement or a different agreement, provided that:
>>
>> (a) a copy of this Agreement or the different agreement is included with
>> each copy of the Licensed Code or modifications along with the following
>> prominently displayed statement: "By using, reproducing, modifying,
>> publicly displaying, publicly performing, distributing, and/or
>> sublicensing this code as permitted, you agree to the terms and
>> conditions of the Yahoo! DomainKeys Public License Agreement or other
>> agreement contained herein."; and

Not OK.  It's not DFSG-free to have a use restriction in a copyright license
(patent licenses are a different matter obviously since they are use
licenses; this suffers from being a combined copyright and patent license). 
I would not agree to that statement ever, no matter what the license was,
because it surrenders certain fair use rights.

Perhaps I am downloading it for purposes of archival permitted under fair
use in the US and library privilege in the UK.  I do not agree to the
license in that case.

-- 
Nathanael Nerode  <neroden@fastmail.fm>

Bush admitted to violating FISA and said he was proud of it.
So why isn't he in prison yet?...



Reply to: