Hi
Context: a small company state founded would like to evaluate squeak for developing open-source software for education: environments for kids to learn maths, history, reading..... They are willing to invest quite some money in the process and if this is successful put more.
Problem: Now they are really big believers about open-source. Their mission is to help schools in the computer development: web hosting, management software....Now they are not specialist in squeak nor in licenses/lawyer. I told them that lot of projects are developed in Squeak (sophie, Tweak, openCroquet, Squeakland, SmallLand....) They asked around and they got several and different voices.
Request: Now they have the following request which makes a lot of sense: They would like to get the official analysis of the license so that they can understand the risk. (they are not talking about changes but they would like to understand in normal terms what are the problems and risks for them). They suggested me to contact some french free software organization to ask them.
Now I would like to know if this is possible that we ask andrew and the lawyer that ron contact for the cryptographic packages to write down their analysis and that we publish it on the squeak web site.
What do you think? I think that this would be a perfect use of the SqueakFoundation to make the situation clearer.
Stef
On 12/20/05, Stéphane Ducasse stephane.ducasse@univ-savoie.fr wrote:
Now I would like to know if this is possible that we ask andrew and the lawyer that ron contact for the cryptographic packages to write down their analysis and that we publish it on the squeak web site.
I think that is a good idea. Not that any surprises will pop up - the issues with the Squeak License have been hashed out many times, including a couple of times in discussions with Andrew Greenberg, who *is* a lawyer ;)
However - these are US lawyers. You don't mention what country this company lives in, but their analysis may or may not apply to local laws. So, if they are really serious, due dilligence would demand: - a translation of the license into the local language by a licensed legal translator; - an evaluation of the result by a local IP lawyer. But that one should do for any license.
BTW - if you think it's a good idea, you can pass them my contact details for any immediate questions. I think between the SqF board members, I've been doing the most legal work including more hours on the Squeak license than I care to count ;-).
Regards,
Cees
Hi Cees,
Now I would like to know if this is possible that we ask andrew and the lawyer that ron contact for the cryptographic packages to write down their analysis and that we publish it on the squeak web site.
I think that is a good idea. Not that any surprises will pop up - the issues with the Squeak License have been hashed out many times, including a couple of times in discussions with Andrew Greenberg, who *is* a lawyer ;)
yes I know. Now it would be nice if we could have a letter or report from him that we could put on the web. Because I do not want to give them an email or a thread :).
However - these are US lawyers. You don't mention what country this company lives in, but their analysis may or may not apply to local laws.
Sure but already having the analysis of a US lawyer would be something.
So, if they are really serious, due dilligence would demand:
- a translation of the license into the local language by a licensed
legal translator;
- an evaluation of the result by a local IP lawyer.
This is what we will do via the french organization too.
But that one should do for any license.
BTW - if you think it's a good idea, you can pass them my contact details for any immediate questions. I think between the SqF board members, I've been doing the most legal work including more hours on the Squeak license than I care to count ;-).
Thanks. Their problem is really that they would like to see a statement on the potential risk and interpretation of the license by a lawyer. I think that it makes sense. The boss is not a law person nor a developer and he want to show to the state people funding his activities that he is not fooling them.
Regards,
Cees
On 12/20/05, Stéphane Ducasse stephane.ducasse@univ-savoie.fr wrote:
Their problem is really that they would like to see a statement on the potential risk and interpretation of the license by a lawyer. I think that it makes sense.
I wasn't going to supply him with formal statements. But it would be nice to hear what he needs/expects etcetera before we ask Dan to go to work (assuming that they want to do this analysis for us). My experience with lawyers is that they like to answer precise questions :)
I agree that a general (preferably not country specific) professional legal analysis of the license would be useful.
I think the points of interest would be: - Risks in it for users, developers and redistributors - Analysis of its interaction with other code: fixes to existing classes vs. separate packages, and MIT vs. Squeak-L. - Analysis of the strategy I proposed a while ago for living with and eventually replacing SqueakL. The strategy is: dual license all new code as MIT/SqueakL, try to replace subsystems rather than fix them. If its bad, propose an alternative strategy.
Then the company in question should decide whether this is sufficient for it, to pay a local lawyer for the details specific to its situation.
If we do this, it is important to get it from someone that is already familiar with open source licenses, so the people Ron contacted would be a good starting point (if it is beyond what they want to do pro-bono, they can probably recommend someone).
Daniel
Cees De Groot wrote:
On 12/20/05, Stéphane Ducasse stephane.ducasse@univ-savoie.fr wrote:
Now I would like to know if this is possible that we ask andrew and the lawyer that ron contact for the cryptographic packages to write down their analysis and that we publish it on the squeak web site.
I think that is a good idea. Not that any surprises will pop up - the issues with the Squeak License have been hashed out many times, including a couple of times in discussions with Andrew Greenberg, who *is* a lawyer ;)
However - these are US lawyers. You don't mention what country this company lives in, but their analysis may or may not apply to local laws. So, if they are really serious, due dilligence would demand:
- a translation of the license into the local language by a licensed
legal translator;
- an evaluation of the result by a local IP lawyer.
But that one should do for any license.
BTW - if you think it's a good idea, you can pass them my contact details for any immediate questions. I think between the SqF board members, I've been doing the most legal work including more hours on the Squeak license than I care to count ;-).
Regards,
Cees
December 21, 2005 8:56 Daniel Vainsencher
I agree that a general (preferably not country specific) professional legal analysis of the license would be useful.
I think the points of interest would be:
- Risks in it for users, developers and redistributors
I asked Dan for users, contributors, and investors. I will mention redistributors.
- Analysis of its interaction with other code: fixes to existing classes
vs. separate packages, and MIT vs. Squeak-L.
- Analysis of the strategy I proposed a while ago for living with and
eventually replacing SqueakL. The strategy is: dual license all new code as MIT/SqueakL, try to replace subsystems rather than fix them. If its bad, propose an alternative strategy.
Dan has asked about these issues, and early on I pointed him to documentation that included your strategy. Cees has also answered a few questions for Dan to help get him up to speed. I got the impression that he agreed with your initial migration to MIT assessment, but there has been no agreement yet as to when and if to move forward on this. Cees has cautioned that this comes up over and over again. I would think that for now it would be best to answer Stef's question using the parameters he set (no change in license) and we can move to a more comprehensive risk assessment when (if) the time comes to change our license strategy.
I also agree with Cees that it would be good to have a general conversation between the new investor and Cees (language permitting) to get a general feel for what information they need, so that we can specifically address their concerns.
Ron Teitelbaum President / Principal Software Engineer US Medical Record Specialists Ron@USMedRec.com www.USMedRec.com
I pass to the company the information and I'm waiting for their reactions. In general they were positive about squeak but I think that their requests may help us to improve the visibility of the license and its understanding. So this is good. I also think that it would be good to proceed stepwise. First leaving with this license and helping people to understand it.
Thanks ron :)
Stef
I agree that a general (preferably not country specific) professional legal analysis of the license would be useful.
I think the points of interest would be:
- Risks in it for users, developers and redistributors
I asked Dan for users, contributors, and investors. I will mention redistributors.
- Analysis of its interaction with other code: fixes to existing
classes vs. separate packages, and MIT vs. Squeak-L.
- Analysis of the strategy I proposed a while ago for living with and
eventually replacing SqueakL. The strategy is: dual license all new code as MIT/SqueakL, try to replace subsystems rather than fix them. If its bad, propose an alternative strategy.
Dan has asked about these issues, and early on I pointed him to documentation that included your strategy. Cees has also answered a few questions for Dan to help get him up to speed. I got the impression that he agreed with your initial migration to MIT assessment, but there has been no agreement yet as to when and if to move forward on this. Cees has cautioned that this comes up over and over again. I would think that for now it would be best to answer Stef's question using the parameters he set (no change in license) and we can move to a more comprehensive risk assessment when (if) the time comes to change our license strategy.
I also agree with Cees that it would be good to have a general conversation between the new investor and Cees (language permitting) to get a general feel for what information they need, so that we can specifically address their concerns.
Ron Teitelbaum President / Principal Software Engineer US Medical Record Specialists Ron@USMedRec.com www.USMedRec.com
I agree with Stef & Daniel that this is a very appropriate and useful task for the Squeak Foundation to pursue.
On December 21, 2005 8:56 Daniel Vainsencher wrote:
I agree that a general (preferably not country specific) professional legal analysis of the license would be useful.
I think the points of interest would be:
- Risks in it for users, developers and redistributors
...
- Analysis of its interaction with other code: fixes to existing
classes vs. separate packages, and MIT vs. Squeak-L.
Agreed.
- Analysis of the strategy I proposed a while ago for living with and
eventually replacing SqueakL. The strategy is: dual license all new code as MIT/SqueakL, try to replace subsystems rather than fix them. If its bad, propose an alternative strategy.
I should mention that a lawyer, in discussions on squeak-dev a year or two ago, strongly discouraged this approach, at least for anything in the official image/package set. (Although this was not given as official legal "advice" of course... just conversation on squeak-dev.) I believe the concern was whether a package developed within the Squeak environment/toolset (which is Squeak-L licensed) could legitimately be licensed with something other than Squeak-L, if it was replacing a package which was formerly Squeak-L. (i.e. it would be hard to prove that the original Squeak-L code was not looked at/used) Or something like that... one would need to re-read the original thread to be sure of the argument made.
But yes, it would be nice to have an alternate long-term replacement strategy if the above is determined to be a bad idea. In any case, the above strategy should be studied as a possibility.
Other strategies that have been discussed in the past:
1. Get Apple to re-issue Squeak 1.0 under a different license, then re-build on that. This is legally clean, but is a huge amount of coding re-work, kind of starting over from scratch.
2. Try to exploit a possible sublicensing loophole in Squeak-L to tweak the problems of the license. No coding re-work, may or may not be feasible.
3. Live with the license as-is... the license isn't all that bad. It just misses qualifying as "Open Source" (OSI) and Debian Free on technicalities, mostly because it predates both of those standards. Overall it's still a fairly simple license, much shorter in length than say GPL or APSL. A number of companies have gone ahead with Squeak projects after having lawyers look over the license.
On Dec 20, 2005, at 1:52 PM, Ron Teitelbaum wrote:
Dan has asked about these issues, and early on I pointed him to documentation that included your strategy. ... I would think that for now it would be best to answer Stef's question using the parameters he set (no change in license) and we can move to a more comprehensive risk assessment when (if) the time comes to change our license strategy.
Definitely agreed.
- Doug
On 20-Dec-05, at 9:32 PM, Doug Way wrote:
A number of companies have gone ahead with Squeak projects after having lawyers look over the license.
I can think of five immediately that I have had dealings with - exobox Disney HP Interval Research Impara The middle three in particular have/had very deep pockets and so make very attractive targets for suing. This typically means they worry about such matters and employ many legally qualified people to check up on licenses and risks. The fact that they all had no serious problem with the Squeak license tells me that it really shouldn't worry us much.
tim -- tim Rowledge; tim@rowledge.org; http://www.rowledge.org/tim A flash of light, a cloud of dust, and... What was the question?
On 12/21/05, tim Rowledge tim@rowledge.org wrote:
The middle three in particular have/had very deep pockets and so make very attractive targets for suing. This typically means they worry about such matters and employ many legally qualified people to check up on licenses and risks. The fact that they all had no serious problem with the Squeak license tells me that it really shouldn't worry us much.
Yup. Especially the fact that the Mouse didn't roar tells me a lot (a *lot* more than a bunch of amateur lawyers from the debian project crying wolf...)
In any case, before the licensing discussion rages again (which we cannot have, because it is not the time of year for it): we asked our SFLC contact to evaluate the SqueakL from the view of a company wanting to produce software with it. If they go ahead, we may end up with something we can place on our website - if anything, this could help a prospective company to take SqueakL (and thus Squeak) as good enough to merit a full analysis (said company would have to have their own lawyer give advice anyway, fiduciary responsibility etcetera).
Good point.
Stef
On 21 déc. 05, at 07:18, tim Rowledge wrote:
On 20-Dec-05, at 9:32 PM, Doug Way wrote:
A number of companies have gone ahead with Squeak projects after having lawyers look over the license.
I can think of five immediately that I have had dealings with - exobox Disney HP Interval Research Impara The middle three in particular have/had very deep pockets and so make very attractive targets for suing. This typically means they worry about such matters and employ many legally qualified people to check up on licenses and risks. The fact that they all had no serious problem with the Squeak license tells me that it really shouldn't worry us much.
tim
tim Rowledge; tim@rowledge.org; http://www.rowledge.org/tim A flash of light, a cloud of dust, and... What was the question?
I personally think the Squeak License is "good enough". However, obviously others disagree.
Sounds like a business opportunity to me, for any mid-size to larger company. Here is the opportunity:
Sell a Squeak distribution, together with an indemnification contract. That way, for those who think the Squeak License is not good enough for use in their business, they are indemnified via a third party. That gives them somebody to sue if it turns out that the Squeak License is not good enough.
For the company doing the indemnifying, if you believe that the Squeak License is "good enough" and without risk, here is your opportunity to sell Squeak distros at a healthy profit, just by adding an indemnification contract when people get their distro from you.
Sounds like easy money to me-- potentially two or three thousand dollars per distribution (which would be about half or less of what VisualAge or VisualWorks cost). But, whoever does it would have to have deep enough pockets to convince their customers that the indemnification contract is worth more than the paper it is written on. So, that counts most of us out.
Nevin
I agree that a general (preferably not country specific) professional legal analysis of the license would be useful.
I think the points of interest would be:
- Risks in it for users, developers and redistributors
- Analysis of its interaction with other code: fixes to existing
classes vs. separate packages, and MIT vs. Squeak-L.
- Analysis of the strategy I proposed a while ago for living with and
eventually replacing SqueakL. The strategy is: dual license all new code as MIT/SqueakL, try to replace subsystems rather than fix them. If its bad, propose an alternative strategy.
Then the company in question should decide whether this is sufficient for it, to pay a local lawyer for the details specific to its situation.
If we do this, it is important to get it from someone that is already familiar with open source licenses, so the people Ron contacted would be a good starting point (if it is beyond what they want to do pro-bono, they can probably recommend someone).
Daniel
Cees De Groot wrote:
On 12/20/05, Stéphane Ducasse stephane.ducasse@univ-savoie.fr wrote:
Now I would like to know if this is possible that we ask andrew and the lawyer that ron contact for the cryptographic packages to write down their analysis and that we publish it on the squeak web site.
I think that is a good idea. Not that any surprises will pop up - the issues with the Squeak License have been hashed out many times, including a couple of times in discussions with Andrew Greenberg, who *is* a lawyer ;)
However - these are US lawyers. You don't mention what country this company lives in, but their analysis may or may not apply to local laws. So, if they are really serious, due dilligence would demand:
- a translation of the license into the local language by a licensed
legal translator;
- an evaluation of the result by a local IP lawyer.
But that one should do for any license.
BTW - if you think it's a good idea, you can pass them my contact details for any immediate questions. I think between the SqF board members, I've been doing the most legal work including more hours on the Squeak license than I care to count ;-).
Regards,
Cees
On 12/21/05, Nevin Pratt nevin@bountifulbaby.com wrote:
I personally think the Squeak License is "good enough". However, obviously others disagree.
The funny thing is, as Tim pointed out, that company lawyers do not seem to be among those that disagree. Only people who prefix their loudly voiced opinions with IANAL....
So I don´t think you´ll get very rich from this proposed business :)
Indeed.
The problem is not really the possibility or risk of fundamental flaw in the license, but an ideological opposition to things not GPL or conforming to certain notions of "free." While I am sympathetic to many of those positions, the proposition a lawyer should be engaged perform a "risk analysis" for prospective users, as though there actually were such a thing, by any person other than the prospective user, is silly.
It appears that there is no ambiguity as to the meaning of Squeak-L, it pretty much means what it says. The dispute seems, rather to be whether it should say what it says. It is what it is, and pretty much has to be unless and until we rebuild it from the bottom up or get it relicensed all of its contributors. The longer we wait, the harder that will be for everyone.
Or maybe the lack of commitment to such a project indicates there really isn't that much need to change it?
On Dec 21, 2005, at 10:38 AM, Cees De Groot wrote:
On 12/21/05, Nevin Pratt nevin@bountifulbaby.com wrote:
I personally think the Squeak License is "good enough". However, obviously others disagree.
The funny thing is, as Tim pointed out, that company lawyers do not seem to be among those that disagree. Only people who prefix their loudly voiced opinions with IANAL....
So I don´t think you´ll get very rich from this proposed business :)
On 29 déc. 05, at 00:35, Andrew Greenberg wrote:
Indeed.
The problem is not really the possibility or risk of fundamental flaw in the license, but an ideological opposition to things not GPL or conforming to certain notions of "free." While I am sympathetic to many of those positions, the proposition a lawyer should be engaged perform a "risk analysis" for prospective users, as though there actually were such a thing, by any person other than the prospective user, is silly.
Hi andrew. I'm sorry to be silly then.
It appears that there is no ambiguity as to the meaning of Squeak- L, it pretty much means what it says. The dispute seems, rather to be whether it should say what it says.
No it was not the point of the original idea. People contacted me and asked if I could get an analysis of the license, since they are not lawyers and they are not familiar with Squeak and they heard a lot of different points on squeak (squeak license is the same as the one of flash, the same as java.......). So they wanted to know what were the problems so that they could evaluate it.
It is what it is, and pretty much has to be unless and until we rebuild it from the bottom up or get it relicensed all of its contributors. The longer we wait, the harder that will be for everyone.
Or maybe the lack of commitment to such a project indicates there really isn't that much need to change it?
On Dec 21, 2005, at 10:38 AM, Cees De Groot wrote:
On 12/21/05, Nevin Pratt nevin@bountifulbaby.com wrote:
I personally think the Squeak License is "good enough". However, obviously others disagree.
The funny thing is, as Tim pointed out, that company lawyers do not seem to be among those that disagree. Only people who prefix their loudly voiced opinions with IANAL....
So I don´t think you´ll get very rich from this proposed business :)
On Dec 29, 2005, at 4:49 PM, stéphane ducasse wrote:
On 29 déc. 05, at 00:35, Andrew Greenberg wrote:
Indeed.
The problem is not really the possibility or risk of fundamental flaw in the license, but an ideological opposition to things not GPL or conforming to certain notions of "free." While I am sympathetic to many of those positions, the proposition a lawyer should be engaged perform a "risk analysis" for prospective users, as though there actually were such a thing, by any person other than the prospective user, is silly.
Hi andrew. I'm sorry to be silly then.
You are not your proposition! While I don't consider myself silly, I frequently come up with silly ideas. You are truthseeker and academic enough to appreciate that my remark was not intended as ad hominem, nor any reflection of my respect for you. But the proposition *is* silly.
It appears that there is no ambiguity as to the meaning of Squeak- L, it pretty much means what it says. The dispute seems, rather to be whether it should say what it says.
No it was not the point of the original idea. People contacted me and asked if I could get an analysis of the license, since they are not lawyers and they are not familiar with Squeak and they heard a lot of different points on squeak (squeak license is the same as the one of flash, the same as java.......). So they wanted to know what were the problems so that they could evaluate it.
I get it. I hope my prior, more detailed and offline, remarks were self-explanatory.
Indeed.
The problem is not really the possibility or risk of fundamental flaw in the license, but an ideological opposition to things not GPL or conforming to certain notions of "free." While I am sympathetic to many of those positions, the proposition a lawyer should be engaged perform a "risk analysis" for prospective users, as though there actually were such a thing, by any person other than the prospective user, is silly.
Hi andrew. I'm sorry to be silly then.
You are not your proposition! While I don't consider myself silly, I frequently come up with silly ideas. You are truthseeker and academic enough to appreciate that my remark was not intended as ad hominem, nor any reflection of my respect for you. But the proposition *is* silly.
Sure ;) Still I thought that the request of this small company not knowing anything about Squeak and its license was making sense. Once they will have been developing their software in squeak and understand it better, I'm sure that they will see that the license is normal.
It appears that there is no ambiguity as to the meaning of Squeak- L, it pretty much means what it says. The dispute seems, rather to be whether it should say what it says.
No it was not the point of the original idea. People contacted me and asked if I could get an analysis of the license, since they are not lawyers and they are not familiar with Squeak and they heard a lot of different points on squeak (squeak license is the same as the one of flash, the same as java.......). So they wanted to know what were the problems so that they could evaluate it.
I get it. I hope my prior, more detailed and offline, remarks were self-explanatory.
Yes I will see what Cees write down because I think that people are often scared by legal terms especially in a foreign language so a text explaining simply the license will help.
Stef
squeak-dev@lists.squeakfoundation.org