proposed improvements to PostgreSQL license

Ned Lilly writes:

What we'd like to propose is a general tightening up of what the
existing license is *supposed* to be doing in the first place -

In order to tighten up the license you'd need to get every developer past,
present, and future to sign paperwork that they agree to this change.

protecting the developers who worked on the code,

I've said it before and I'll say it again: If you, as a developer, want to
"protect" yourself, talk to a lawyer licensed in your jurisdiction, and
not "one East coast" and "one West coast". And don't trust any untested
licenses based on a law that will potentially be overturned in the Supreme
Court anyway.

and ensuring that the code stays open source in perpetuity.

No, that's what the GPL does.

Second, and admittedly of significant importance to Great Bridge, the
commercial proliferation of PostgreSQL could be hindered if business
users are concerned that the license might not cover the substantial
additions and improvements made to the code over the last few years.

How can you guarantee them that none of the code now is under a different
license (because it was ripped off somewhere) or under patent
restrictions? Or for that matter, how can you guarantee it in the future?
What do you say to anyone that comes along and says "This is my code, it
shouldn't be here"? Will you go back to the logs and prove that he
"contributed or submitted" it and is therefore bound to the license?

Changing the license wording might satisfy the suits, but it doesn't
change reality a bit. It just creates more legal uncertainty for users at
that point. The least thing we need is Yet Another Open Source License.

To my knowledge, the BSD license has been used in one form or another for
at least 20 years and neither has any contributor ever been sued for
liability, nor was there any court case that concluded that the BSD
license is worth anything at all, nor has the developer or commercial
acceptance of any product ever been affected by this "untight" license.

[To be integrated with the software in such a way that this license
must be seen before downloading can occur]

That's funny...

The foregoing shall be governed by and construed under the laws of
the State of Virginia.

The recurring theme throughout this email was that Great Bridge has
apparently not appreciated that PostgreSQL land extends beyond the borders
of the U.S. of A. Maybe your 32 focus groups in major U.S. cities wanted
the license changed like this, but I'll bet lunch that 32 out of 32 focus
groups in major European cities will look with extreme suspicion at
anything with "laws of the State of XXX" attached to it.

Until they realize that the laws of Virginia don't apply to them. Or to
Canada, where hub.org is located these days.

--
Peter Eisentraut Sernanders v�g 10:115
peter_e@gmx.net 75262 Uppsala
http://yi.org/peter-e/ Sweden

Ned Lilly <ned@greatbridge.com> writes:

We've also found, through some rather extensive market
research, that the business community (to which we'll be selling
products and services) vastly prefers it over GPL, or hybrids like
Mozilla, etc.

That depends on what your market is - for businesses who wants to be
able to hide source, yes. For businesses who use it, being sure the
source is available is the best - which the GPL guarantees. BSD gives
the middle man more freedom to screw the end user ;)

What we'd like to propose is a general tightening up of what the
existing license is *supposed* to be doing in the first place -
protecting the developers who worked on the code, and ensuring that
the code stays open source in perpetuity.

GPL would solve this - the main advantage of BSDish licenses is you
can go closed source if you want to.

Now, I don't advocate a change in license - my main consern is "there
are enough licenses in the world". I think the "each package one
license" is a bad trend.

--
Trond Eivind Glomsr�d
Red Hat, Inc.

I think this is a bad idea for the following reasons:

1) It is trying to be a GPL in what it is trying to achieve without
actually being well thought out. Any person who "submits" modifications
must do so under the same licence. Submits to what or whom?

2) If the core team want to make sure modifications to the software are
under the same licence then they should merely insist that any patches
are accompanied by that same licence (i.e. the current licence). End of
story end of problem. If you want to go any further than that you may as
well go GPL.

3) You talk about how wonderful the BSD licence is, then you really
change the whole meaning of that licence.

4) What is this stuff about "tightening up of what the existing licence
is supposed to do"? What do you think it is supposed to do? I think it
is basicly an annoying artifact of UCB's legal team that happens to make
the software virtually public domain. We might just as well get rid of
all licences except that we're not allowed.

5) This "protection" for developers is a straw-man. I don't see, say the
free-bsd developers worried about this. If Great bridge wants to
distribute with extra disclaimers then go ahead.

6) This is a very US-centric view of the world. Most of the developers
are not in the US if the postgresql.org home page is correct. We don't
care about the stinkin UCITA, we are not bound by and don't care about
anything the State of Virginia may or may not say.

7) I hope you're not thinking of bloating each and every source file
with all that legalese.

8) "To be integrated with the software in such a way that this license
must be seen before downloading can occur".
Umm, can all the laywers please just butt out? Every other open-source
package in the universe just relies on a licence file in the home
directory. You going to try and stop people downloading with clicking a
licence agreement? How you going to handle mirrors? Or are you not
going to mirror any more? What about Red Hat el al?

Point (8) makes me thing that this whole thing is the recommendation of
some lawyer who is totally out of touch with the free software community
but feels compelled to add a whole lot of disclaimers and so-forth
because that's his job. Bottom line is it's not broke so leave it alone.

Ned Lilly wrote:

"We" (the Postgres steering committee) have discussed these issues for
months and months. We aren't trying to change anything, just reinforce
what we believe to be already the case. However, the path to do this
isn't perfectly clear to anyone; this is the first concrete proposal we
have had which does try to address the issues we believe are already
here whether we want them or not.

I'll bring them up farther down (and will probably forget and leave some
relevant pieces out).

I think this is a bad idea for the following reasons:
1) It is trying to be a GPL in what it is trying to achieve without
actually being well thought out. Any person who "submits" modifications
must do so under the same licence. Submits to what or whom?

It is *not* trying to be GPL. It is trying to be BSD, while extending
liability protection to the current cast of developers, who are (I'm
pretty sure) not covered in any of the wording of the UCB-generated
license.

2) If the core team want to make sure modifications to the software are
under the same licence then they should merely insist that any patches
are accompanied by that same licence (i.e. the current licence). End of
story end of problem. If you want to go any further than that you may as
well go GPL.

The current license asks users to absolve the University of California
of any liability involving use of the Postgres source code. It does not
(currently) explicitly ask the same on behalf of the current developers
(including yourself ;)

3) You talk about how wonderful the BSD licence is, then you really
change the whole meaning of that licence.

How?

4) What is this stuff about "tightening up of what the existing licence
is supposed to do"? What do you think it is supposed to do? I think it
is basicly an annoying artifact of UCB's legal team that happens to make
the software virtually public domain. We might just as well get rid of
all licences except that we're not allowed.

I disagree, though we don't know UC's motivations for sure. imho the BSD
license is intended to protect UC from "deep pockets" lawsuits, while
preserving some credit for the original design team and the institution
which made it possible.

The new wording is intended to continue to do exactly that, extending
the umbrella to cover developers with no connection to UC.

5) This "protection" for developers is a straw-man. I don't see, say the
free-bsd developers worried about this. If Great bridge wants to
distribute with extra disclaimers then go ahead.

It is being proposed as an addition to the Postgres development effort.
I'm sure that GB knows they could add anything they want to their own
product.

6) This is a very US-centric view of the world. Most of the developers
are not in the US if the postgresql.org home page is correct. We don't
care about the stinkin UCITA, we are not bound by and don't care about
anything the State of Virginia may or may not say.

Good point. But the USA is the demon spawning ground for lawyers, and is
at the leading edge of aggressive new legal territory. That may change
eventually, but since 90+% of our federal legislative representatives
are lawyers (stats from memory, but it is a *high* number), that may not
change very quickly :(

7) I hope you're not thinking of bloating each and every source file
with all that legalese.

No, afaik that is not considered necessary.

8) "To be integrated with the software in such a way that this license
must be seen before downloading can occur".
Umm, can all the laywers please just butt out? Every other open-source
package in the universe just relies on a licence file in the home
directory. You going to try and stop people downloading with clicking a
licence agreement? How you going to handle mirrors? Or are you not
going to mirror any more? What about Red Hat el al?

Good point. Not exactly sure why this was suggested, but the American
courts are *full* of cases where the plaintif said that they "didn't
really know" something that should have been obvious.

Point (8) makes me thing that this whole thing is the recommendation of
some lawyer who is totally out of touch with the free software community
but feels compelled to add a whole lot of disclaimers and so-forth
because that's his job. Bottom line is it's not broke so leave it alone.

afaik "it's not broken" is true, for the free software community. And
part of my pleasure in contributing to Postgres is exactly because of
that general distain for legaleze and idiot-speak commercial agreements.

Postgres is starting to become a visible thing, and is going to be used
by people who don't know much about the free software movement. And
*I'm* within reach of the American court system, and *you* can
contribute code which could make me a target for a lawsuit. I'd rather
short-circuit that before the lawsuit, rather than asking for a donation
for my defense ;)

So the intent was, as stated, to *reinforce* what we already believe to
be true (including yourself). The recently-enacted UCITA law was
(afaict) intended to protect, perhaps wrongly imho, commercial software
companies from liability claims (I know that Oracle *claims* a whole lot
more for 8i than we do for Postgres, so why shouldn't they be held
accountable for what they claim?). But UCITA is a sharp tool which we
can use to protect volunteer software developers such as myself, and
you.

I (and *all* of the steering committee) had pretty much the same
reaction as you did at first. But some of us are closer to the US legal
system, and see what silliness it can generate, so came around to
thinking that there was something to be gained by license additions.

Regards.

- Thomas

One issue that has always been a source of uncertainty - I think for
all of us - has been the license under which PostgreSQL is
distributed.

Only an issue of uncertainty when people talk about changing it.

As a company who wants PostgreSQL to remain in the public domain, I would
prefer to see it go GPL; this effectively prevents another company coming
along and swallowing the major developers as a means of stifling further
development. This latter tactic would probably never work, but it would be
extermely disruptive.

As a developer who likes to be able to make a buck from their work, I like
the idea of licencing my code for free use within, and only within, the
free, open-source version of PostgreSQL.

It seems to me that if you want to do all that you say, this is probably
the way to go.

We've also found, through some rather extensive market
research

Out of curiosity, who with & where?

I don't want to re-start that debate here

Sorry.

- the
consensus in the PostgreSQL community over the past few years seems
to be that the Berkeley style license is best suited for the
continued development of PostgreSQL.

News to me. Perhaps an informed survey of the current PostgreSQL user base
might be in order (perhaps each party - BSD, GPL, and other - can put their
case in 500 words or less?). I would be very interested to know the
outcome. It seems to me that the camps are highly divided, perhaps the
majority prefer BSD, but I suspect that they all agree that the status-quo
is acceptable. Once you seek to change the agreement to another
non-standard agreement, I think you will be opening a can of worms. You
will at least have to persuade all past contribitors that your new version
is better than their favorite model and BSD.

protecting the developers who worked on the code, and ensuring that
the code stays open source in perpetuity.

No; this is what companies seeking to develop private versions of the
software want. As it stands, all developers who have contributed to PG over
the years still own the copyright of their code, and can withold the
license to use it. Unless they have assigned that copyright somewhere else,
or signed the sort of agreement you propose. Releasing code to the PG
community provides an implied license to the PG community. It does not
necessarily grant rights to others, unless specifically stated in the code.
This is why you have:

"Any person who contributes or submits any modification or other
change to the PostgreSQL software or documentation grants
irrevocable, non-exclusive, worldwide permission, without charge, to
use, copy, further modify and distribute the same under the terms of
this license"

which just dimishes the rights of the developer make a buck if someone else
uses their code as part of a commercial version of PG.

I have just submitted a chunk of code to the project, and the notice in the
code says, basically, it is free to be used in any way. But I would have
*much* preferred it to have been under the GPL; then when someone fixes my
code, or improves it, I know that I will get to see (and use) the changes.

Unlike other open source licenses (GNU, Mozilla,
Interbase), the original Berkeley license does not take into account
that over time a lot of different individual developers and perhaps
some corporate contributors, would have individual copyrights on
substantial portions of the code.

It does not need to in the sense that while it remains public and in it's
original form, an implied license is granted. Otherwise the notice that the
developer placed in the code holds, and failing that, whatever the
governing law for the country/state of origin applies. Generally this means
that the developer owns the copyright, but gives others rights to use it in
the public version of PG.

This deficiency has two adverse affects. First, the contributing
developers are not afforded the protection of the exculpatory
language in "bold face."

I agree this is a problem. Developers should be warned to always add some
kind of text like this to all their public code - not just PG.

Second, and admittedly of
significant importance to Great Bridge, the commercial proliferation
of PostgreSQL could be hindered if business users are concerned that
the license might not cover the substantial additions and
improvements made to the code over the last few years.

They will be covered so long as they release their developments back into
the community, I think.

In developing the new language, the resources of two intellectual
property law firms, one East Coast and one West Coast, were tapped.

What about European (east and west), Japanese, and Australian?

No discussion of this type should be without controversy, so I throw
you the following red meat: the choice of state law has been
selected to cause the application of the Uniform Computer
Information Transactions Act (UCITA) to the usage of the software.

(Pause for outrage to subside.)

What is it? Does it even apply to me? [I am awaiting advice on this from my
IP lawyer]

I submit that your efforts should be exempted from any potential
liability.

This is good. We can add the extra <bold face> paragraph.

Two states have adopted UCITA - Virginia and Maryland.

As a matter of interest - do Virginia & Maryland have a reputation for
being forward looking in their law making, and being protective of the
right of individuals over companies and government? I ask this because I
know very little about individual US states...

had to be contributed back to the public use, would be poorly
received and would possibly discourage the use by businesses who
might want to make certain improvements for their internal use

How about allowing developers the choice, as they have now?

----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.C.N. 008 659 498) | /(@) ______---_
Tel: (+61) 0500 83 82 81 | _________ \
Fax: (+61) 0500 83 82 82 | ___________ |
Http://www.rhyme.com.au | / \|
| --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/

On Tue, 4 Jul 2000, Thomas Lockhart wrote:

I'm not going to comment on those points that Thomas said that I do agree
with, since it could become a very long email ...

6) This is a very US-centric view of the world. Most of the developers
are not in the US if the postgresql.org home page is correct. We don't
care about the stinkin UCITA, we are not bound by and don't care about
anything the State of Virginia may or may not say.

Good point. But the USA is the demon spawning ground for lawyers, and is
at the leading edge of aggressive new legal territory. That may change
eventually, but since 90+% of our federal legislative representatives
are lawyers (stats from memory, but it is a *high* number), that may not
change very quickly :(

Point 6 here is the one that prevents me from being able to back up this
change, and is the reason I'm against it. PostgreSQL, for 3+ years, has
been a *Canadian* based project, yet now she's going to fall under US
laws? The whole 'juristiction of Virginia' point puts me on the
"anti-changes" side of this issue ... and other then that point, (and
pending several more re-reads), I like the general wording of the
additions ...

8) "To be integrated with the software in such a way that this license
must be seen before downloading can occur".
Umm, can all the laywers please just butt out? Every other open-source
package in the universe just relies on a licence file in the home
directory. You going to try and stop people downloading with clicking a
licence agreement? How you going to handle mirrors? Or are you not
going to mirror any more? What about Red Hat el al?

Good point. Not exactly sure why this was suggested, but the American
courts are *full* of cases where the plaintif said that they "didn't
really know" something that should have been obvious.

Point 8 here I'm against also ... god, could you imagine having to "agree
to an open source license" each time you wanted to download it?

I (and *all* of the steering committee) had pretty much the same
reaction as you did at first. But some of us are closer to the US legal
system, and see what silliness it can generate, so came around to
thinking that there was something to be gained by license additions.

First off, why are we trying to set a precedent here for the open source
community? Have no other open source projects out there not looked at the
legal ramifications of their softare? Why are we more special then, say,
Linux(GPL), FreeBSD(Standard BSD), MySQL(GPL), KDE(GPL), etc as far as
licensing is concerned?

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org

On Tue, 4 Jul 2000, Philip Warner wrote:

One issue that has always been a source of uncertainty - I think for
all of us - has been the license under which PostgreSQL is
distributed.

Only an issue of uncertainty when people talk about changing it.

As a company who wants PostgreSQL to remain in the public domain, I would
prefer to see it go GPL; this effectively prevents another company coming
along and swallowing the major developers as a means of stifling further
development. This latter tactic would probably never work, but it would be
extermely disruptive.

Actually, with the BSD license as it is now, that isn't an issue either
... if someone where to come along and 'close the source', that license
change couldn't only be on future changes, not past ones ... as Vadim has
stated previously, he'd just go off and branch off the code and continue
open source ...

We've also found, through some rather extensive market
research

Out of curiosity, who with & where?

Americans ... I do not believe they've done any market research in any
country out of the USofA, but I may be wrong here ...

This deficiency has two adverse affects. First, the contributing
developers are not afforded the protection of the exculpatory
language in "bold face."

I agree this is a problem. Developers should be warned to always add some
kind of text like this to all their public code - not just PG.

And any developer is more then welcome to add that to their patches when
they submit it ... just nobody has done it to date ...

In developing the new language, the resources of two intellectual
property law firms, one East Coast and one West Coast, were tapped.

What about European (east and west), Japanese, and Australian?

hey, what about Canadian, where this project operates out of? It isn't an
American project, it is "Proudly Canadian" with a crack team of developers
around the world working on it ... by number(s), I would guess that the
majority of our developers are non-US citizens ...

What is it? Does it even apply to me? [I am awaiting advice on this
from my IP lawyer]

From my undertanding, it only applies to those states (US) that have
passed UCITA through legislature ... which, I believe, only accounts for 2
states right now out of 52, and zero other countries are even considering
it (but on that point I might be mistaken) ...

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org

Good point. But the USA is the demon spawning ground for lawyers, and is
at the leading edge of aggressive new legal territory.

Actually that is the exact reason you _don't_ want to be based in the
USA. Do you really want Postgres to be breaking new ground in the
courts? The USA is at the leading edge of lame new legislation. If the
postgresql licence is locked into Virginia law forever, (because any
licence change will be forever), you are subject to that law forever no
matter how stupid it may get.

For that reason I don't think you should be naming a jurisdiction. You
don't know what that jurisdiction may do in the future. Now any normal
corporation in this event could just change their licence to
jurisdiction B which has more favourable laws. Open source can't change
the licence ever unless you assign the rights to every bit of submitted
code like RMS insists on for GNU code.

If you must pick a jurisdiction pick Australia. We are *much* less
litigious. :-) Actually, pick Sealand. They have no laws and no courts.

Thomas Lockhart wrote:

8) "To be integrated with the software in such a way that this license
must be seen before downloading can occur".
Umm, can all the laywers please just butt out? Every other open-source
package in the universe just relies on a licence file in the home
directory. You going to try and stop people downloading with clicking a
licence agreement? How you going to handle mirrors? Or are you not
going to mirror any more? What about Red Hat el al?

Good point. Not exactly sure why this was suggested, but the American
courts are *full* of cases where the plaintif said that they "didn't
really know" something that should have been obvious.

My dos centavos of an alternate solution:
Upon a sucessful install, and/or when opening template1, spit this out on
screen. This means that to *use* the product, they must see the license
at least once.

So the intent was, as stated, to *reinforce* what we already believe to
be true (including yourself). The recently-enacted UCITA law was
(afaict) intended to protect, perhaps wrongly imho, commercial software
companies from liability claims

Even liability of their own making, and negligence... which might be why
it was hotly contested, and possibly struck down soon.... is it written
in such a way as to be enforcable if UTOCA is struck down?

-Bop

--
Brought to you from iBop the iMac, a MacOS, Win95, Win98, LinuxPPC machine,
which is currently in MacOS land. Your bopping may vary.

Thomas Lockhart wrote:

However, the path to do this
isn't perfectly clear to anyone; this is the first concrete proposal we
have had which does try to address the issues we believe are already
here whether we want them or not.

As someone else mentioned, why does postgresql have to break new ground?

I think this is a bad idea for the following reasons:
1) It is trying to be a GPL in what it is trying to achieve without
actually being well thought out. Any person who "submits" modifications
must do so under the same licence. Submits to what or whom?

It is *not* trying to be GPL.

GPL is essentially "You must make changes under the same licence". As
far as I can see this licence is saying the same thing in a wishy-washy
way.

It is trying to be BSD, while extending
liability protection to the current cast of developers,

The liability exclusion clause I don't really have a problem with. It's
the other bits that I'd concerned about. I ask again what does "submits"
mean? Who does it mean to? The GPL has nailed down the definitions here.
This language is so wide I'd defy you to get the same meaning from most
people who read it.

The current license asks users to absolve the University of California
of any liability involving use of the Postgres source code. It does not
(currently) explicitly ask the same on behalf of the current developers
(including yourself ;)

My guess is that if anyone is going to be sued (which I just don't
believe, but anyway....), it wouldn't be based on the software, it would
be based on what some developer has said on a mailing list. Given a
working compiler the source code will do exactly what the source code
says it should do. It's the statements the developers make in other
forums which people will be relying on to know what the source code
should do.

3) You talk about how wonderful the BSD licence is, then you really
change the whole meaning of that licence.

How?

By changing what you are and aren't allowed to do with changes to the
code.

I disagree, though we don't know UC's motivations for sure. imho the BSD
license is intended to protect UC from "deep pockets" lawsuits, while
preserving some credit for the original design team and the institution
which made it possible.

If we accept the above, then why the restrictions on how you can change
it?

Good point. But the USA is the demon spawning ground for lawyers, and is
at the leading edge of aggressive new legal territory.

The nice thing about the simple licence with no mention of legal
territory is that it can be sensibly interpreted in each independant
legal jurisdiction. If Virginia passes a law saying that any developer
who releases software with bugs with licencing subject to their laws,
shall be hung until they are dead, then I am not affected, even if one
day I want to visit Virginia. That's extreme I know, but what do I as an
Australian know abouth Virginia? For all I know they are a nazi regime.
I just don't want anything I have to do with be in any way subject to
the laws of that state. Why would I?

My final statement would be this, YOU CAN ALWAYS MAKE AN OPEN-SOURCE
LICENCE STRONGER. YOU CAN NEVER MAKE IT WEAKER EVER AGAIN.

-On [20000704 08:00], Thomas Lockhart (lockhart@alumni.caltech.edu) wrote:

I think this is a bad idea for the following reasons:
1) It is trying to be a GPL in what it is trying to achieve without
actually being well thought out. Any person who "submits" modifications
must do so under the same licence. Submits to what or whom?

It is *not* trying to be GPL. It is trying to be BSD, while extending
liability protection to the current cast of developers, who are (I'm
pretty sure) not covered in any of the wording of the UCB-generated
license.

* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.

Seems pretty clear to me. ``In no event shall the author or
contributors be liable for any...''

Anyways, why do people always have to start whole threads on -announce?
Reply-to set. Please honour it.

--
Jeroen Ruigrok vd Werven/Asmodai asmodai@[wxs.nl|bart.nl|freebsd.org]
Documentation nutter/C-rated Coder BSD: Technical excellence at its best
The BSD Programmer's Documentation Project <http://home.wxs.nl/~asmodai&gt;
Malam bulan dipagar bintang makin indah jika dipandang bagai gadis beri
senyuman pada bujang idaman...

Thomas Lockhart <lockhart@alumni.caltech.edu> writes:

Postgres is starting to become a visible thing, and is going to be used
by people who don't know much about the free software movement. And
*I'm* within reach of the American court system, and *you* can
contribute code which could make me a target for a lawsuit.

A further comment here: BSD and similar licenses have indeed been used
successfully for a couple of decades --- within a community of like-
minded hackers who wouldn't dream of suing each other in the first
place. Postgres is starting to get out into a colder and harder world.
To name just one unpleasant scenario: if PG continues to be as
successful as it has been, sooner or later Oracle will decide that we
are a threat to their continued world domination. Oracle have a
longstanding reputation for playing dirty pool when they feel it
necessary. It'd be awfully convenient for them if they could eliminate
the threat of Postgres with a couple of well-placed lawsuits hinging on
the weaknesses of the existing PG license. It'd hardly even cost them
anything, if they can sue individual developers who have no funds for
a major court case.

Chris and Peter may not feel that they need to worry about the
sillinesses of the American legal system, but those of us who are
within its reach do need to worry about it.

I'm not opining here about the merits or weaknesses of Great Bridge's
proposal. (What I'd really like is to see some review from other
legal experts --- surely there are some people on these mailing lists
who can bring in their corporate legal departments to comment?) But
what we have here is a well-qualified lawyer telling us that we've got
some problems in the existing license. IMHO we'd be damned fools to
ignore his advice completely. Sticking your head in the sand is not
a good defense mechanism.

regards, tom lane

At 03:23 4/07/00 -0400, Tom Lane wrote:

IMHO we'd be damned fools to
ignore his advice completely. Sticking your head in the sand is not
a good defense mechanism.

I think virtually everybody is happy with the extra disclaimer. It the
other parts that bother me.

----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.C.N. 008 659 498) | /(@) ______---_
Tel: (+61) 0500 83 82 81 | _________ \
Fax: (+61) 0500 83 82 82 | ___________ |
Http://www.rhyme.com.au | / \|
| --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/

At 03:23 4/07/00 -0400, Tom Lane wrote:

IMHO we'd be damned fools to
ignore his advice completely. Sticking your head in the sand is not
a good defense mechanism.

FWIW, I think the disclaimer could be strengthened to protect people who
sell the PostgreSQL CD, and people who offer it on servers, and people who
apply patches from other people (who may not themselves be contributors or
developers). It's just a box of worms - no source can be too open, and no
indemnity can be too strong.

----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.C.N. 008 659 498) | /(@) ______---_
Tel: (+61) 0500 83 82 81 | _________ \
Fax: (+61) 0500 83 82 82 | ___________ |
Http://www.rhyme.com.au | / \|
| --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/

Tom Lane wrote:

Thomas Lockhart <lockhart@alumni.caltech.edu> writes:

Postgres is starting to become a visible thing, and is going to be used
by people who don't know much about the free software movement. And
*I'm* within reach of the American court system, and *you* can
contribute code which could make me a target for a lawsuit.

A further comment here: BSD and similar licenses have indeed been used
successfully for a couple of decades --- within a community of like-
minded hackers who wouldn't dream of suing each other in the first
place. Postgres is starting to get out into a colder and harder world.
To name just one unpleasant scenario: if PG continues to be as
successful as it has been, sooner or later Oracle will decide that we
are a threat to their continued world domination. Oracle have a
longstanding reputation for playing dirty pool when they feel it
necessary.

Does hiring private detectives to rifle through allies of
Microsoft's trash count as dirty pool? ;-) I personally feel that
analogies between PostgreSQL/Oracle and Linux/Windows NT are
becoming more realistic. You'll know PostgreSQL has reached Prime
Time when a CNBC reporter asks Larry Ellison about it the same
way they ask Bill Gates about Linux (sorry Marc).

It'd be awfully convenient for them if they could eliminate
the threat of Postgres with a couple of well-placed lawsuits hinging on
the weaknesses of the existing PG license. It'd hardly even cost them
anything, if they can sue individual developers who have no funds for
a major court case.

Chris and Peter may not feel that they need to worry about the
sillinesses of the American legal system, but those of us who are
within its reach do need to worry about it.

From a user's perspective, the only concern that I have is that
it remains BSD-ish instead of GPL-ish. Commercial products built
around database solutions often wander too vaguely into "GPL vs.
LGPL" land to be safe, depending upon how "wired" they are in the
product. For example, if PostgreSQL were GPL and libpq were LGPL,
and I wanted to sell a product which required SPI or new types,
would I have to release such source? With pure BSD the ambiguity
is gone. The "intentions" mentioned in the proposal seemed GPLish
even though the agreement seemed BSDish.

I'm not opining here about the merits or weaknesses of Great Bridge's
proposal. (What I'd really like is to see some review from other
legal experts --- surely there are some people on these mailing lists
who can bring in their corporate legal departments to comment?) But
what we have here is a well-qualified lawyer telling us that we've got
some problems in the existing license. IMHO we'd be damned fools to
ignore his advice completely. Sticking your head in the sand is not
a good defense mechanism.

My distaste for the profession grows with every day (just try and
wade through corporate tax law). Its a pretty sorry state we're
(Americans) in when guys who want to give out software *free*
have to worry about the legal consequences...But, for what its
worth, I agree with your conclusions :-(

Mike Mascari

Ned Lilly wrote:

Two states have adopted UCITA - Virginia and Maryland. Maryland has
an October 1, 2000, effective date, but requires that its laws will
only apply if there is a reasonable connection with the state.
Virginia has an effective date of July 1, 2001, but does not require
a connection with the state and thereby gives somewhat greater
assurance that UCITA will apply to all Postgres-related dealings,
wherever they occur.

Not here in Scotland, they won't. If people in the United States feel
that United States law prevents them contributing to Open Source
projects, that is a local problem which should be addressed locally - by
lobbying their representatives to change the law.

The fact that Great Bridge is based in
Virginia is really a complete coincidence.

I was initially agnostic regarding Great Bridge's involvement. Now I am
not so sure.

I would regard any variation from one of the Big Two open source
licences an extremely retrograde step -- the more different licences
there are out there, the more confusion there is, and the more room
there is for sleight of hand like the soi-disant 'open' Motif licence.
That's why my company uses the exact wording of the BSD licence for our
products; if we were to tighten up at all it would be to adopt the GPL.
If there is to be any change to the BSD licence currently used for
Postgres I would suggest it be limited to:

s/\(University of California\)/\1 and the developers listed in the
HISTORY file/g

Sincerely

Simon Brooke

--
Simon Brooke, Technical Director, Weft Technology Ltd --
http://www.weft.co.uk/

the weft is not just what binds the web: it is what makes it a web

On Tue, 4 Jul 2000, Tom Lane wrote:

Chris and Peter may not feel that they need to worry about the
sillinesses of the American legal system, but those of us who are
within its reach do need to worry about it.

I grant you that, but as Chris pointed out the proposed change may
actually have a net negative effect, namely bringing those outside the
reach of the American legal system withing it, and at the same time not
doing anything for other silly legal systems.

I, and I think most others, don't have a problem with repeating the
existing boilerplate with s/Regents of the University of
California/various contributors/g.

--
Peter Eisentraut Sernanders vaeg 10:115
peter_e@gmx.net 75262 Uppsala
http://yi.org/peter-e/ Sweden

On Tue, 4 Jul 2000, Thomas Lockhart wrote:

It is being proposed as an addition to the Postgres development effort.

The Yet Another Open Source License issue is not to be played with. It
will have to go to the OSI and RMS, Slashdot, all the usual suspects. And
you know what it will say? "PostgreSQL changes to hand-crafted license
dictated by corporate interests", no matter how much anyone denies
that.

There are enough open source licenses out there. Use one.

--
Peter Eisentraut Sernanders vaeg 10:115
peter_e@gmx.net 75262 Uppsala
http://yi.org/peter-e/ Sweden

Note that I have no issues at all with the addition of the three BOLD
paragraphs ... it is the "under juristiction of the state of
Virginia" part that I have an issue with, as I've noticed, do those other
developers outside of the USofA ...

On Tue, 4 Jul 2000, Tom Lane wrote:

Thomas Lockhart <lockhart@alumni.caltech.edu> writes:

Postgres is starting to become a visible thing, and is going to be used
by people who don't know much about the free software movement. And
*I'm* within reach of the American court system, and *you* can
contribute code which could make me a target for a lawsuit.

A further comment here: BSD and similar licenses have indeed been used
successfully for a couple of decades --- within a community of like-
minded hackers who wouldn't dream of suing each other in the first
place. Postgres is starting to get out into a colder and harder world.
To name just one unpleasant scenario: if PG continues to be as
successful as it has been, sooner or later Oracle will decide that we
are a threat to their continued world domination. Oracle have a
longstanding reputation for playing dirty pool when they feel it
necessary. It'd be awfully convenient for them if they could eliminate
the threat of Postgres with a couple of well-placed lawsuits hinging on
the weaknesses of the existing PG license. It'd hardly even cost them
anything, if they can sue individual developers who have no funds for
a major court case.

Chris and Peter may not feel that they need to worry about the
sillinesses of the American legal system, but those of us who are
within its reach do need to worry about it.

I'm not opining here about the merits or weaknesses of Great Bridge's
proposal. (What I'd really like is to see some review from other
legal experts --- surely there are some people on these mailing lists
who can bring in their corporate legal departments to comment?) But
what we have here is a well-qualified lawyer telling us that we've got
some problems in the existing license. IMHO we'd be damned fools to
ignore his advice completely. Sticking your head in the sand is not
a good defense mechanism.

regards, tom lane

Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org