Thread: Re: [HACKERS] proposed improvements to PostgreSQL license

"We" (the Postgres steering committee) have discussed these issues for
months and months. We aren't trying to change anything, just reinforce
what we believe to be already the case. However, the path to do this
isn't perfectly clear to anyone; this is the first concrete proposal we
have had which does try to address the issues we believe are already
here whether we want them or not.

I'll bring them up farther down (and will probably forget and leave some
relevant pieces out).

> I think this is a bad idea for the following reasons:
> 1) It is trying to be a GPL in what it is trying to achieve without
> actually being well thought out. Any person who "submits" modifications
> must do so under the same licence. Submits to what or whom?

It is *not* trying to be GPL. It is trying to be BSD, while extending
liability protection to the current cast of developers, who are (I'm
pretty sure) not covered in any of the wording of the UCB-generated
license.

> 2) If the core team want to make sure modifications to the software are
> under the same licence then they should merely insist that any patches
> are accompanied by that same licence (i.e. the current licence). End of
> story end of problem. If you want to go any further than that you may as
> well go GPL.

The current license asks users to absolve the University of California
of any liability involving use of the Postgres source code. It does not
(currently) explicitly ask the same on behalf of the current developers
(including yourself ;)

> 3) You talk about how wonderful the BSD licence is, then you really
> change the whole meaning of that licence.

How?

> 4) What is this stuff about "tightening up of what the existing licence
> is supposed to do"? What do you think it is supposed to do? I think it
> is basicly an annoying artifact of UCB's legal team that happens to make
> the software virtually public domain. We might just as well get rid of
> all licences except that we're not allowed.

I disagree, though we don't know UC's motivations for sure. imho the BSD
license is intended to protect UC from "deep pockets" lawsuits, while
preserving some credit for the original design team and the institution
which made it possible.

The new wording is intended to continue to do exactly that, extending
the umbrella to cover developers with no connection to UC.

> 5) This "protection" for developers is a straw-man. I don't see, say the
> free-bsd developers worried about this. If Great bridge wants to
> distribute with extra disclaimers then go ahead.

It is being proposed as an addition to the Postgres development effort.
I'm sure that GB knows they could add anything they want to their own
product.

> 6) This is a very US-centric view of the world. Most of the developers
> are not in the US if the postgresql.org home page is correct. We don't
> care about the stinkin UCITA, we are not bound by and don't care about
> anything the State of Virginia may or may not say.

Good point. But the USA is the demon spawning ground for lawyers, and is
at the leading edge of aggressive new legal territory. That may change
eventually, but since 90+% of our federal legislative representatives
are lawyers (stats from memory, but it is a *high* number), that may not
change very quickly :(

> 7) I hope you're not thinking of bloating each and every source file
> with all that legalese.

No, afaik that is not considered necessary.

> 8) "To be integrated with the software in such a way that this license
> must be seen before downloading can occur".
> Umm, can all the laywers please just butt out? Every other open-source
> package in the universe just relies on a licence file in the home
> directory. You going to try and stop people downloading with clicking a
> licence agreement? How you going to handle mirrors? Or are  you not
> going to mirror any more? What about Red Hat el al?

Good point. Not exactly sure why this was suggested, but the American
courts are *full* of cases where the plaintif said that they "didn't
really know" something that should have been obvious.

> Point (8) makes me thing that this whole thing is the recommendation of
> some lawyer who is totally out of touch with the free software community
> but feels compelled to add a whole lot of disclaimers and so-forth
> because that's his job. Bottom line is it's not broke so leave it alone.

afaik "it's not broken" is true, for the free software community. And
part of my pleasure in contributing to Postgres is exactly because of
that general distain for legaleze and idiot-speak commercial agreements.

Postgres is starting to become a visible thing, and is going to be used
by people who don't know much about the free software movement. And
*I'm* within reach of the American court system, and *you* can
contribute code which could make me a target for a lawsuit. I'd rather
short-circuit that before the lawsuit, rather than asking for a donation
for my defense ;)

So the intent was, as stated, to *reinforce* what we already believe to
be true (including yourself). The recently-enacted UCITA law was
(afaict) intended to protect, perhaps wrongly imho, commercial software
companies from liability claims (I know that Oracle *claims* a whole lot
more for 8i than we do for Postgres, so why shouldn't they be held
accountable for what they claim?). But UCITA is a sharp tool which we
can use to protect volunteer software developers such as myself, and
you.

I (and *all* of the steering committee) had pretty much the same
reaction as you did at first. But some of us are closer to the US legal
system, and see what silliness it can generate, so came around to
thinking that there was something to be gained by license additions.

Regards.

                       - Thomas

On Tue, 4 Jul 2000, Thomas Lockhart wrote:

I'm not going to comment on those points that Thomas said that I do agree
with, since it could become a very long email ...

> > 6) This is a very US-centric view of the world. Most of the developers
> > are not in the US if the postgresql.org home page is correct. We don't
> > care about the stinkin UCITA, we are not bound by and don't care about
> > anything the State of Virginia may or may not say.
>
> Good point. But the USA is the demon spawning ground for lawyers, and is
> at the leading edge of aggressive new legal territory. That may change
> eventually, but since 90+% of our federal legislative representatives
> are lawyers (stats from memory, but it is a *high* number), that may not
> change very quickly :(

Point 6 here is the one that prevents me from being able to back up this
change, and is the reason I'm against it.  PostgreSQL, for 3+ years, has
been a *Canadian* based project, yet now she's going to fall under US
laws?  The whole 'juristiction of Virginia' point puts me on the
"anti-changes" side of this issue ... and other then that point, (and
pending several more re-reads), I like the general wording of the
additions ...

> > 8) "To be integrated with the software in such a way that this license
> > must be seen before downloading can occur".
> > Umm, can all the laywers please just butt out? Every other open-source
> > package in the universe just relies on a licence file in the home
> > directory. You going to try and stop people downloading with clicking a
> > licence agreement? How you going to handle mirrors? Or are  you not
> > going to mirror any more? What about Red Hat el al?
>
> Good point. Not exactly sure why this was suggested, but the American
> courts are *full* of cases where the plaintif said that they "didn't
> really know" something that should have been obvious.

Point 8 here I'm against also ... god, could you imagine having to "agree
to an open source license" each time you wanted to download it?

> I (and *all* of the steering committee) had pretty much the same
> reaction as you did at first. But some of us are closer to the US legal
> system, and see what silliness it can generate, so came around to
> thinking that there was something to be gained by license additions.

First off, why are we trying to set a precedent here for the open source
community?  Have no other open source projects out there not looked at the
legal ramifications of their softare?  Why are we more special then, say,
Linux(GPL), FreeBSD(Standard BSD), MySQL(GPL), KDE(GPL), etc as far as
licensing is concerned?

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org

Thomas Lockhart wrote:
> However, the path to do this
> isn't perfectly clear to anyone; this is the first concrete proposal we
> have had which does try to address the issues we believe are already
> here whether we want them or not.

As someone else mentioned, why does postgresql have to break new ground?

> > I think this is a bad idea for the following reasons:
> > 1) It is trying to be a GPL in what it is trying to achieve without
> > actually being well thought out. Any person who "submits" modifications
> > must do so under the same licence. Submits to what or whom?

> It is *not* trying to be GPL.

GPL is essentially "You must make changes under the same licence". As
far as I can see this licence is saying the same thing in a wishy-washy
way.

> It is trying to be BSD, while extending
> liability protection to the current cast of developers,

The liability exclusion clause I don't really have a problem with. It's
the other bits that I'd concerned about. I ask again what does "submits"
mean? Who does it mean to? The GPL has nailed down the definitions here.
This language is so wide I'd defy you to get the same meaning from most
people who read it.

> The current license asks users to absolve the University of California
> of any liability involving use of the Postgres source code. It does not
> (currently) explicitly ask the same on behalf of the current developers
> (including yourself ;)

My guess is that if anyone is going to be sued (which I just don't
believe, but anyway....), it wouldn't be based on the software, it would
be based on what some developer has said on a mailing list. Given a
working compiler the source code will do exactly what the source code
says it should do. It's the statements the developers make in other
forums which people will be relying on to know what the source code
should do.

> > 3) You talk about how wonderful the BSD licence is, then you really
> > change the whole meaning of that licence.
>
> How?

By changing what you are and aren't allowed to do with changes to the
code.

> I disagree, though we don't know UC's motivations for sure. imho the BSD
> license is intended to protect UC from "deep pockets" lawsuits, while
> preserving some credit for the original design team and the institution
> which made it possible.

If we accept the above, then why the restrictions on how you can change
it?

> Good point. But the USA is the demon spawning ground for lawyers, and is
> at the leading edge of aggressive new legal territory.

The nice thing about the simple licence with no mention of legal
territory is that it can be sensibly interpreted in each independant
legal jurisdiction. If Virginia passes a law saying that any developer
who releases software with bugs with licencing subject to their laws,
shall be hung until they are dead, then I am not affected, even if one
day I want to visit Virginia. That's extreme I know, but what do I as an
Australian know abouth Virginia? For all I know they are a nazi regime.
I just don't want anything I have to do with be in any way subject to
the laws of that state. Why would I?


My final statement would be this, YOU CAN ALWAYS MAKE AN OPEN-SOURCE
LICENCE STRONGER. YOU CAN NEVER MAKE IT WEAKER EVER AGAIN.

Thomas Lockhart wrote:
> > 8) "To be integrated with the software in such a way that this license
> > must be seen before downloading can occur".
> > Umm, can all the laywers please just butt out? Every other open-source
> > package in the universe just relies on a licence file in the home
> > directory. You going to try and stop people downloading with clicking a
> > licence agreement? How you going to handle mirrors? Or are  you not
> > going to mirror any more? What about Red Hat el al?
> Good point. Not exactly sure why this was suggested, but the American
> courts are *full* of cases where the plaintif said that they "didn't
> really know" something that should have been obvious.

My dos centavos of an alternate solution:
Upon a sucessful install, and/or when opening template1, spit this out on
screen. This means that to *use* the product, they must see the license
at least once.

> So the intent was, as stated, to *reinforce* what we already believe to
> be true (including yourself). The recently-enacted UCITA law was
> (afaict) intended to protect, perhaps wrongly imho, commercial software
> companies from liability claims

Even liability of their own making, and negligence... which might be why
it was hotly contested, and possibly struck down soon.... is it written
in such a way as to be enforcable if UTOCA is struck down?

-Bop

--
Brought to you from iBop the iMac, a MacOS, Win95, Win98, LinuxPPC machine,
which is currently in MacOS land.  Your bopping may vary.

-On [20000704 08:00], Thomas Lockhart (lockhart@alumni.caltech.edu) wrote:
>> I think this is a bad idea for the following reasons:
>> 1) It is trying to be a GPL in what it is trying to achieve without
>> actually being well thought out. Any person who "submits" modifications
>> must do so under the same licence. Submits to what or whom?
>
>It is *not* trying to be GPL. It is trying to be BSD, while extending
>liability protection to the current cast of developers, who are (I'm
>pretty sure) not covered in any of the wording of the UCB-generated
>license.

 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.

Seems pretty clear to me.  ``In no event shall the author or
contributors be liable for any...''

Anyways, why do people always have to start whole threads on -announce?
Reply-to set.  Please honour it.

--
Jeroen Ruigrok vd Werven/Asmodai    asmodai@[wxs.nl|bart.nl|freebsd.org]
Documentation nutter/C-rated Coder BSD: Technical excellence at its best
The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai>
Malam bulan dipagar bintang makin indah jika dipandang bagai gadis beri
senyuman pada bujang idaman...

Thomas Lockhart <lockhart@alumni.caltech.edu> writes:
> Postgres is starting to become a visible thing, and is going to be used
> by people who don't know much about the free software movement. And
> *I'm* within reach of the American court system, and *you* can
> contribute code which could make me a target for a lawsuit.

A further comment here: BSD and similar licenses have indeed been used
successfully for a couple of decades --- within a community of like-
minded hackers who wouldn't dream of suing each other in the first
place.  Postgres is starting to get out into a colder and harder world.
To name just one unpleasant scenario: if PG continues to be as
successful as it has been, sooner or later Oracle will decide that we
are a threat to their continued world domination.  Oracle have a
longstanding reputation for playing dirty pool when they feel it
necessary.  It'd be awfully convenient for them if they could eliminate
the threat of Postgres with a couple of well-placed lawsuits hinging on
the weaknesses of the existing PG license.  It'd hardly even cost them
anything, if they can sue individual developers who have no funds for
a major court case.

Chris and Peter may not feel that they need to worry about the
sillinesses of the American legal system, but those of us who are
within its reach do need to worry about it.

I'm not opining here about the merits or weaknesses of Great Bridge's
proposal.  (What I'd really like is to see some review from other
legal experts --- surely there are some people on these mailing lists
who can bring in their corporate legal departments to comment?)  But
what we have here is a well-qualified lawyer telling us that we've got
some problems in the existing license.  IMHO we'd be damned fools to
ignore his advice completely.  Sticking your head in the sand is not
a good defense mechanism.

            regards, tom lane

At 03:23 4/07/00 -0400, Tom Lane wrote:
>IMHO we'd be damned fools to
>ignore his advice completely.  Sticking your head in the sand is not
>a good defense mechanism.

I think virtually everybody is happy with the extra disclaimer. It the
other parts that bother me.


----------------------------------------------------------------
Philip Warner                    |     __---_____
Albatross Consulting Pty. Ltd.   |----/       -  \
(A.C.N. 008 659 498)             |          /(@)   ______---_
Tel: (+61) 0500 83 82 81         |                 _________  \
Fax: (+61) 0500 83 82 82         |                 ___________ |
Http://www.rhyme.com.au          |                /           \|
                                 |    --________--
PGP key available upon request,  |  /
and from pgp5.ai.mit.edu:11371   |/

Tom Lane wrote:
>
> Thomas Lockhart <lockhart@alumni.caltech.edu> writes:
> > Postgres is starting to become a visible thing, and is going to be used
> > by people who don't know much about the free software movement. And
> > *I'm* within reach of the American court system, and *you* can
> > contribute code which could make me a target for a lawsuit.
>
> A further comment here: BSD and similar licenses have indeed been used
> successfully for a couple of decades --- within a community of like-
> minded hackers who wouldn't dream of suing each other in the first
> place.  Postgres is starting to get out into a colder and harder world.
> To name just one unpleasant scenario: if PG continues to be as
> successful as it has been, sooner or later Oracle will decide that we
> are a threat to their continued world domination.  Oracle have a
> longstanding reputation for playing dirty pool when they feel it
> necessary.

Does hiring private detectives to rifle through allies of
Microsoft's trash count as dirty pool? ;-) I personally feel that
analogies between PostgreSQL/Oracle and Linux/Windows NT are
becoming more realistic. You'll know PostgreSQL has reached Prime
Time when a CNBC reporter asks Larry Ellison about it the same
way they ask Bill Gates about Linux (sorry Marc).

> It'd be awfully convenient for them if they could eliminate
> the threat of Postgres with a couple of well-placed lawsuits hinging on
> the weaknesses of the existing PG license.  It'd hardly even cost them
> anything, if they can sue individual developers who have no funds for
> a major court case.
>
> Chris and Peter may not feel that they need to worry about the
> sillinesses of the American legal system, but those of us who are
> within its reach do need to worry about it.

From a user's perspective, the only concern that I have is that
it remains BSD-ish instead of GPL-ish. Commercial products built
around database solutions often wander too vaguely into "GPL vs.
LGPL" land to be safe, depending upon how "wired" they are in the
product. For example, if PostgreSQL were GPL and libpq were LGPL,
and I wanted to sell a product which required SPI or new types,
would I have to release such source? With pure BSD the ambiguity
is gone. The "intentions" mentioned in the proposal seemed GPLish
even though the agreement seemed BSDish.

>
> I'm not opining here about the merits or weaknesses of Great Bridge's
> proposal.  (What I'd really like is to see some review from other
> legal experts --- surely there are some people on these mailing lists
> who can bring in their corporate legal departments to comment?)  But
> what we have here is a well-qualified lawyer telling us that we've got
> some problems in the existing license.  IMHO we'd be damned fools to
> ignore his advice completely.  Sticking your head in the sand is not
> a good defense mechanism.

My distaste for the profession grows with every day (just try and
wade through corporate tax law). Its a pretty sorry state we're
(Americans) in when guys who want to give out software *free*
have to worry about the legal consequences...But, for what its
worth, I agree with your conclusions :-(

Mike Mascari