Boost licensing information

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
44 messages Options
123
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Boost licensing information

Boost - Dev mailing list
On 4/13/17 08:56, Niall Douglas via Boost wrote:

> On 13/04/2017 15:06, Peter Dimov via Boost wrote:
>> Because the license clearly states that the
>> owner grants a right to use, and defending in court the proposition that
>> this grant somehow only applies for use in a copyright sense but not for
>> use in a patent sense (as if there's a difference) will be an
>> interesting exercise.
>
> I would never second guess a clever lawyer.
>
> The point being made is not whether any licence is enforceable in court.
> Most have never really been tested in a court, even the GPL. It is about
> risk minimisation to a lawyer, and persuading Corporate Lawyers that the
> licence on some bit of open source is minimum risk or not.
>
> I have seen no persuasive argument that the BSL is perceived as less
> legal risk to lawyers than the Apache 2.0. From all my interaction with
> Corporate Legal departments over the years, never mind trying to get
> Professional Indemnity insurance for works covered by the BSL as against
> a better known licence (tl;dr forget about it, they won't insure BSL
> licenced code, at least in Europe), I am very sure that the Apache 2.0
> is a safer, more acceptable, more inclusive, more commercially friendly
> licence than the BSL.
>
> New Boost libraries should as a minimum, use the Apache 2.0 licence in
> preference to the Boost licence. Period.
>
> Niall
>

Since there is plenty of this banter going on in the thread, let me add
my own experience of 11-years dealing with BSL.

We have had clients in the US, Europe, and Asia. Our clients include
very large multinational corporations that are household names and small
start-ups that are looking for exit plans to sell. Our clients work in
fields such as financial, medical, various research, consumer products,
business-to-business ventures, blaa blaa blaa... Many of the
organizations are already using Boost and some were introduced to Boost
during the project. Those we introduced to Boost (including large
international corps) have all had their teams of concerned lawyers
evaluate the BSL to determine the risk of including libraries. We have
some clients that require each new OSS library to be evaluated (add
Boost.MSM and have it and dependencies evaluated. Now add Boost.Spirit
and have it and dependencies evaluated.) We have helped several
companies through the IP purchase process in which OSS inventories are
scrutinized by teams of lawyers looking for a reason to not purchase or
to reduce the cost. Our most recent exercise in this was last month.

Not one lawyer along the way has raised a red flag. There has been more
than enough opportunity for the BSL to be rejected. Not one lawyer has
done so.

I am sorry you have had such a horrible experience with licensing.
Dealing with this stuff can be hard. Perhaps it is a reflection of the
quality of lawyer you are interacting with. Ambiguity *always* works
against the writer of the license. That is the legal way of it.

So while you have had the experience of "aversion to Boost code by
corporate legal teams" I have had the exact opposite experience. In
fact, we have clients that say if it isn't BSL ... it isn't going in.

michael


--
Michael Caisse
Ciere Consulting
ciere.com

_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Boost licensing information

Boost - Dev mailing list
In reply to this post by Boost - Dev mailing list
Niall Douglas wrote:
> > Hypothetically, yes. In practice, no. If it's not BSL, it's not going
> > into Boost.
>
> That's a pretty arrogant statement.

It's just putting the status quo in words. I'm not making an "ought"
statement, I'm making an "is" statement. The BSL is a de-facto requirement.

Do you think that all libraries in Boost use the BSL by some sort of a happy
accident? How would you estimate the chances of that coincidence?

The reason all Boost libraries use a single license is to ease adoption.
Once the BSL is cleared by legal, ALL of Boost is cleared by legal. If
libraries could pick a license, every library would need to be cleared
separately.

This is enforced by the Inspect tool, see

https://github.com/boostorg/inspect/blob/develop/license_check.cpp

For the record, the decision to use the BSL wasn't mine, I didn't write the
Inspect tool, the decision to add a BSL check in it wasn't mine, and the
rationale to use a single license for each and every file in the
distribution isn't mine either.


_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Boost licensing information

Boost - Dev mailing list
In reply to this post by Boost - Dev mailing list


> -----Original Message-----
> From: Boost [mailto:[hidden email]] On Behalf Of Niall Douglas via Boost
> Sent: 12 April 2017 21:56
> To: [hidden email]
> Cc: Niall Douglas
> Subject: Re: [boost] Boost licensing information
>
> > This issue often confuses users. Especially non native speakers for
> > whom all that perfectly measured legal words make absolutely no sense!
> > Seriously, I need to spend about an hour to understand what a license
> > is talking about. And I *know* the restrictions, it's just
> > unbelievably hard to convert legal words to understanding.
> >
> > What's worse - BSL is not a very popular license. There's probably
> > only 1-2 pages in non-English languages about BSL on wikipedia. Other
> > wiki pages redirect from BSL to Boost libraries. So for example I can
> > get no information about BSL in Russian. I've tried twice to translate
> > BSL to Russian. Both times the wiki page was removed as a
> > minor/useless topic.
>
> Also, translations prepared by non-lawyers are problematic.
>
> > Could we somehow solve the issue in Boost by
> > * also distributing Boost under the MIT license (super extremely very
> > close license)
> > * or by summarizing the differences between BSL and MIT in simple
> > English like here http://softwareengineering.stackexchange.com/a/44116
>
> I would *really* prefer the EUPL over the MIT licence. The EUPL comes in
> 22 languages and was written to work well in any of the major legal
> systems in the world, including Russia's.
>
> I'm currently strongly considering placing Outcome and all my Boost like
> libraries under the EUPL licence. It far better matches the "Licence
> requirements" at http://www.boost.org/development/requirements.html than
> the Boost licence does. And it comes in 22 translations as prepared by
> lawyers in those languages, and those translations have undergone
> multiple rounds of peer review and checking. It is a far superior
> licence for Boost code.
>
> https://joinup.ec.europa.eu/community/eupl/og_page/european-union-public-licence-eupl-v11

I can't help myself bike shedding that clause 8 looks to have less complete no-liability.

"Except  in  the  cases  of  wilful  misconduct  or  damages  directly  caused  to  natural persons, the Licensor will in no event
be liable..."

IANAL, but might look as though - If someone dies from a life-support software malfunction, the author is on the hook?  (Damage to
'un-natural persons' are exempted I note ;-)

It looks like a case of "If it ain't broke, don't fix it to me".

If your lawyers can't be bothered to read or translate the Boost license, or don't like it - tough?

Paul

---
Paul A. Bristow
Prizet Farmhouse
Kendal UK LA8 8AB
+44 (0) 1539 561830





_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Boost licensing information

Boost - Dev mailing list
> I can't help myself bike shedding that clause 8 looks to have less complete no-liability.
>
> "Except  in  the  cases  of  wilful  misconduct  or  damages  directly  caused  to  natural persons, the Licensor will in no event
> be liable..."
>
> IANAL, but might look as though - If someone dies from a life-support software malfunction, the author is on the hook?  (Damage to
> 'un-natural persons' are exempted I note ;-)

Wilful misconduct or damages directly caused to natural persons is
better known as "a crime".

Under EU law since about 2011 or so, it is illegal to disclaim liability
for that under EU consumer protection law, and a licence or EULA or
contract which does so is problematic and depending on how the rest of
it is written, could be null and void. Indeed there was some past case
law before the ECJ where the disclaimer of liabilities was rendered
void, and a US multinational had to fork out a ton of cash far in excess
of the contracted liability limit to some small European business. If
you read the recommended practices guide for EU lawyers, it suggests to
insert many separate and standalone disclaimers of liability with clear
boundaries around specific things, and not to use broad brush
disclaimers as is typical under US law. The EUPL is following that advice.

But to answer your question, unless someone can prove that you
deliberately made your software target directly specific people or a
specific person, there is no liability in the above clause. Even if you
wrote a virus which trashed people's stuff, unless it can be proved that
you *deliberately* trashed people's stuff and it's not a programming
error by you, you're fine.

Niall

--
ned Productions Limited Consulting
http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/


_______________________________________________
Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
123
Loading...