Discussion: License Breakage Handling - Could it be better?

[TGTGamer]

So I wanted to start the discussion on licensing actions after breaking. It's part of the license people don't like to talk about, but as this license has the same goals as I wanted to achieve for my current R&D developments, I wanted to throw my thoughts out there.

The current license

As it stands, this license is a great start towards an eco-system where SaaS platforms can effectively license their products while still being open-source. My main concerns right now are regarding what happens when the license is broken.

As it stands, it would seem that the license is immediately terminated.

fsl.software/FSL-1.1-MIT.template.md

Lines 25 to 26 in 0288bf0

	Subject to your compliance with this License Grant and the Patents,
	Redistribution and Trademark clauses below, we hereby grant you the right to

I think everyone agrees is the right step, but it leaves how a license termination and repercussions are enacted completely undiscussed. We work in an amazing industry, with amazing teams such as Sentry that go out of their way to support developers, but when mistakes happen, some companies will not be as kind.

My concerns

Let's take a not too unrealistic example.

Bob from YourTech uses some software published under the FSL-1.1-MIT. Let's call that software "PackSoftware".
PackSoftware is published by "BadSoftware Co. "
PackSoftware has been around for 5+ years and has maintained version 1. x.x without releasing any breaking changes.
Bob is a member of a small company ("SmallSoftware Co") which utilises the MIT version of PackSoftware to power tools which compete with PackSoftware's copyright holders.

Bob is doing some maintenance on their product line, and as part of this intends to update the version of PackSoftware to the latest MIT licensed version 1.ba.x. He goes ahead and fetches the version using his command line:

npm install PackSoftware@1.ab.x

All seems good, nothing broke in his project, and the feature he was expecting is now available. He updates his production branch and forgets about the change.

The eagled-eyed of you probably saw the error, Bob got his version wrong when he typed it into the console, switching ba for ab. While bob is oblivious of this issue, BadSoftware Co. learns that SmallSoftware Co has breached the license. Rather than discussing it with Bob, SmallSoftware Co instead receives immediate court action from BadSoftware Co.

Seems a bit aggressive right? Good we agree! Anyone who remembers the SCO will remember how aggressive they could be, and there are some ~recent examples of companies being aggressive over relatively small issues, e.g. Redis issues regarding trademarks 1, 2, 3

Is there a solution?

Thankfully, I believe there is a viable solution. Include a variation of the GPL Cooperation Commitment & GPL version 3 cure and reinstatement clause within the License agreement, or something to the same extent.

Before filing or continuing to prosecute any legal proceeding or claim
(other than a Defensive Action) arising from termination of a Covered
License, we commit to extend to the person or entity ('you') accused
of violating the Covered License the following provisions regarding
cure and reinstatement, taken from GPL version 3. As used here, the
term 'this License' refers to the specific Covered License being
enforced.

However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly
and finally terminates your license, and (b) permanently, if the
copyright holder fails to notify you of the violation by some
reasonable means prior to 60 days after the cessation.

Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you
have received notice of violation of this License (for any work)
from that copyright holder, and you cure the violation prior to 30
days after your receipt of the notice.

https://github.com/gplcc/gplcc/blob/ba84b26ad34711c224448acab0929063234685ef/Company/GPL%20Cooperation%20Commitment-Company-Template.md?plain=1#L6-L10

How can we be sure companies would be on-board for this type of commitment?
Well, thankfully, the GPL has already proven that this works at scale with large companies, their current list has many notable names on it including Adobe, Amazon, Microsoft, and Google LLC.

---

As a small side note, I want to credit @t3dotgg for an amazing video explaining the redis changes and showcasing this repo's website. I was searching for a license which went this direction and after checking "choose a license" and the SPDX, was struggling to find something that fitted my goals. Without his video, I probably wouldn't have found this license, not for a while at least.

[chadwhitacre]

Thanks for weighing in @TGTGamer (and thanks @t3dotgg for the pointer ;-).

TIL GPLCC and the concept of "abusive enforcement tactics." My first impression is that GPL was very widely adopted before abusive enforcement became a big enough problem to worry about, and that FSL will be quite fortunate to ever reach the same level of adoption. For now it seems to me like premature optimization. I'm happy to keep this ticket open for a bit to see if there is any momentum from others around addressing this now, otherwise I think we close this out for now and revisit in 10 years when FSL is on the cusp of taking over the world. 😁

[chadwhitacre]

Okay, see you in 10 years! 😅