Boost licensing information

newer
[typeof][scope_exit] VS2017 and...

Fabrizio Riente

11 Apr 2017 11 Apr '17

12:32 p.m.

Dear Boost Members, I'm Fabrizio Riente and I'm a researcher from the Politecnico di Torino in Italy. I'm using some part of boost libraries in our application. In particular we are using boost spirit, odeint and serialization. In the next future, we would like to release this tool for free for research purposes. I read that at the moment boost is released under Boost license. I was wandering if under this license it is possible to distribute the application for free to other universities and interested people without sharing the source code. Thanks in advance for your time. Best regards. Fabrizio Riente -- Fabrizio Riente, Postdoctoral Research Associate Politecnico di Torino, Dept. of Electronics and Telecommunications C.so Duca degli Abruzzi 24, I-10129, Torino, Italy Phone: +39 011 090 4241, Email: fabrizio.riente@polito.it

Show replies by date

Andrey Semashev

11 Apr 11 Apr

6:08 p.m.

On 04/11/17 15:32, Fabrizio Riente via Boost wrote:

...

Dear Boost Members,

I'm Fabrizio Riente and I'm a researcher from the Politecnico di Torino in Italy. I'm using some part of boost libraries in our application. In particular we are using boost spirit, odeint and serialization.

In the next future, we would like to release this tool for free for research purposes. I read that at the moment boost is released under Boost license.

I was wandering if under this license it is possible to distribute the application for free to other universities and interested people without sharing the source code.

As long as you comply with the Boost license terms, I don't see why not.

Paul A. Bristow

12 Apr 12 Apr

8:56 a.m.

...

-----Original Message----- From: Boost [mailto:boost-bounces@lists.boost.org] On Behalf Of Fabrizio Riente via Boost Sent: 11 April 2017 13:32 To: boost@lists.boost.org Cc: Fabrizio Riente Subject: [boost] Boost licensing information

Dear Boost Members,

I'm Fabrizio Riente and I'm a researcher from the Politecnico di Torino in Italy. I'm using some part of boost libraries in our application. In particular we are using boost spirit, odeint and serialization.

In the next future, we would like to release this tool for free for research purposes. I read that at the moment boost is released under Boost license.

I was wandering if under this license it is possible to distribute the application for free to other universities and interested people without sharing the source code.

I presume you mean sharing *your* source code, as you can't prevent people seeing the Boost source code - that's the whole point of the license. You should of course claim copyright on your source; this will prevent anyone else claiming copyright. I believe that you are free to choose whatever licence you like for *your* code. If you want to keep it secret, then the Boost license is probably not what you want. You should use the Boost code by #include statements rather than copy'n'pasting into your code. It is of course courteous (and helpful) to acknowledge use of Boost code and authors in your documentation and references. HTH Paul --- Paul A. Bristow Prizet Farmhouse Kendal UK LA8 8AB +44 (0) 1539 561830

Antony Polukhin

6:54 p.m.

2017-04-11 15:32 GMT+03:00 Fabrizio Riente via Boost : <...>

...

I was wandering if under this license it is possible to distribute the application for free to other universities and interested people without sharing the source code.

This issue often confuses users. Especially non native speakers for whom all that perfectly measured legal words make absolutely no sense! Seriously, I need to spend about an hour to understand what a license is talking about. And I *know* the restrictions, it's just unbelievably hard to convert legal words to understanding. What's worse - BSL is not a very popular license. There's probably only 1-2 pages in non-English languages about BSL on wikipedia. Other wiki pages redirect from BSL to Boost libraries. So for example I can get no information about BSL in Russian. I've tried twice to translate BSL to Russian. Both times the wiki page was removed as a minor/useless topic. Could we somehow solve the issue in Boost by * also distributing Boost under the MIT license (super extremely very close license) * or by summarizing the differences between BSL and MIT in simple English like here http://softwareengineering.stackexchange.com/a/44116 And it's really an issue! I know at least 6 small Russian companies that do not use Boost libraries because they could not get through the license. -- Best regards, Antony Polukhin

Andrey Semashev

7:20 p.m.

On 04/12/17 21:54, Antony Polukhin via Boost wrote:

...

2017-04-11 15:32 GMT+03:00 Fabrizio Riente via Boost : <...>

...
I was wandering if under this license it is possible to distribute the application for free to other universities and interested people without sharing the source code.

This issue often confuses users. Especially non native speakers for whom all that perfectly measured legal words make absolutely no sense! Seriously, I need to spend about an hour to understand what a license is talking about. And I *know* the restrictions, it's just unbelievably hard to convert legal words to understanding.

What's worse - BSL is not a very popular license. There's probably only 1-2 pages in non-English languages about BSL on wikipedia. Other wiki pages redirect from BSL to Boost libraries. So for example I can get no information about BSL in Russian. I've tried twice to translate BSL to Russian. Both times the wiki page was removed as a minor/useless topic.

Could we somehow solve the issue in Boost by * also distributing Boost under the MIT license (super extremely very close license)

I think, multi-license distribution would only complicate things, both for developers and users, for no real gain.

...

* or by summarizing the differences between BSL and MIT in simple English like here http://softwareengineering.stackexchange.com/a/44116

And it's really an issue! I know at least 6 small Russian companies that do not use Boost libraries because they could not get through the license.

If you can't understand the Boost license, why would you understand the MIT license?

Karen Shaeffer

8:35 p.m.

On Wed, Apr 12, 2017 at 09:54:06PM +0300, Antony Polukhin via Boost wrote:

...

2017-04-11 15:32 GMT+03:00 Fabrizio Riente via Boost : <...>

...
I was wandering if under this license it is possible to distribute the application for free to other universities and interested people without sharing the source code.

This issue often confuses users. Especially non native speakers for whom all that perfectly measured legal words make absolutely no sense! Seriously, I need to spend about an hour to understand what a license is talking about. And I *know* the restrictions, it's just unbelievably hard to convert legal words to understanding.

What's worse - BSL is not a very popular license. There's probably only 1-2 pages in non-English languages about BSL on wikipedia. Other wiki pages redirect from BSL to Boost libraries. So for example I can get no information about BSL in Russian. I've tried twice to translate BSL to Russian. Both times the wiki page was removed as a minor/useless topic.

Could we somehow solve the issue in Boost by * also distributing Boost under the MIT license (super extremely very close license) * or by summarizing the differences between BSL and MIT in simple English like here http://softwareengineering.stackexchange.com/a/44116

And it's really an issue! I know at least 6 small Russian companies that do not use Boost libraries because they could not get through the license.

-- Best regards, Antony Polukhin

Hi Antony, Have you considered using Google Translate? https://translate.google.com/about/intl/en_ALL/index.html Karen -- Karen Shaeffer The subconscious mind is driven by your deeply Neuralscape Services held beliefs -- not your deeply held desires.

Niall Douglas

8:55 p.m.

...

This issue often confuses users. Especially non native speakers for whom all that perfectly measured legal words make absolutely no sense! Seriously, I need to spend about an hour to understand what a license is talking about. And I *know* the restrictions, it's just unbelievably hard to convert legal words to understanding.

What's worse - BSL is not a very popular license. There's probably only 1-2 pages in non-English languages about BSL on wikipedia. Other wiki pages redirect from BSL to Boost libraries. So for example I can get no information about BSL in Russian. I've tried twice to translate BSL to Russian. Both times the wiki page was removed as a minor/useless topic.

Also, translations prepared by non-lawyers are problematic.

...

Could we somehow solve the issue in Boost by * also distributing Boost under the MIT license (super extremely very close license) * or by summarizing the differences between BSL and MIT in simple English like here http://softwareengineering.stackexchange.com/a/44116

I would *really* prefer the EUPL over the MIT licence. The EUPL comes in 22 languages and was written to work well in any of the major legal systems in the world, including Russia's. I'm currently strongly considering placing Outcome and all my Boost like libraries under the EUPL licence. It far better matches the "Licence requirements" at http://www.boost.org/development/requirements.html than the Boost licence does. And it comes in 22 translations as prepared by lawyers in those languages, and those translations have undergone multiple rounds of peer review and checking. It is a far superior licence for Boost code. https://joinup.ec.europa.eu/community/eupl/og_page/european-union-public-lic... Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Andrey Semashev

9:07 p.m.

On 04/12/17 23:55, Niall Douglas via Boost wrote:

...

I'm currently strongly considering placing Outcome and all my Boost like libraries under the EUPL licence. It far better matches the "Licence requirements" at http://www.boost.org/development/requirements.html than the Boost licence does.

A license that is 7 A4 pages doesn't look like one that is "simple to read and understand". Also, from a cursory look, it doesn't seem to require to retain copyright notices and the license in redistributed source code. There may be other significant differences, which is difficult to learn quickly because of that license volume and language.

Niall Douglas

9:17 p.m.

...

...
I'm currently strongly considering placing Outcome and all my Boost like libraries under the EUPL licence. It far better matches the "Licence requirements" at http://www.boost.org/development/requirements.html than the Boost licence does.

A license that is 7 A4 pages doesn't look like one that is "simple to read and understand".

A licence which understands that there is a legal world outside the United States of America and it is not the same needs to be longer. Many would find the Boost licence insufficiently specified to give clarity and lack of ambiguity.

...

Also, from a cursory look, it doesn't seem to require to retain copyright notices and the license in redistributed source code. There may be other significant differences, which is difficult to learn quickly because of that license volume and language.

I don't know what you're on about here. The language is very simple. Much clearer than say the GPL. And the clause you didn't find is on page 3: "Attribution right: the Licensee shall keep intact all copyright, patent or trademarks notices and all notices that refer to the Licence and to the disclaimer of warranties. The Licensee must include a copy of such notices and a copy of the Licence with every copy of the Work he/she distributes and/or communicates." Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Rene Rivera

9:22 p.m.

On Wed, Apr 12, 2017 at 4:17 PM, Niall Douglas via Boost < boost@lists.boost.org> wrote:

...

...
...
I'm currently strongly considering placing Outcome and all my Boost like libraries under the EUPL licence. It far better matches the "Licence requirements" at http://www.boost.org/development/requirements.html than the Boost licence does.

A license that is 7 A4 pages doesn't look like one that is "simple to read and understand".

A licence which understands that there is a legal world outside the United States of America and it is not the same needs to be longer.

Many would find the Boost licence insufficiently specified to give clarity and lack of ambiguity.

The BSL was written with international consideration in mind. And most of the long language you see in other licenses was deemed superfluous as it was already covered by various international treaties and accords. Obviously, IANAL, but that is my recollection from the various discussions and legal team at the time of the BSL. -- -- Rene Rivera -- Grafik - Don't Assume Anything -- Robot Dreams - http://robot-dreams.net -- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail

Niall Douglas

9:52 p.m.

...

A licence which understands that there is a legal world outside the United States of America and it is not the same needs to be longer.

Many would find the Boost licence insufficiently specified to give clarity and lack of ambiguity.

The BSL was written with international consideration in mind. And most of the long language you see in other licenses was deemed superfluous as it was already covered by various international treaties and accords. Obviously, IANAL, but that is my recollection from the various discussions and legal team at the time of the BSL.

With respect, the aversion to Boost code by corporate legal teams is very well known here. Both in the US and outside. The superfluous wording you mention is highly important because those international treaties were not equally enacted in each country. For example, the US only recognises moral copyright to visual artistry alone. Most of Europe applied that treaty to everything. China has another application again. You need wording to indicate which enactment applies, else it is whatever formulation applies in the court in question rather than what the licensor intended. I think the BSL was up to par *at the time it was written* as compared to other software licences at that time. But the world has moved on. Most open source orgs have released a v2.0 of their licences to reflect the modern climate, and to reassure those corporate legal teams so the software is less objectionable. Apache v2.0 licence is an excellent example of a refresh to solve such worries. Meanwhile the BSL remains firmly locked in the past. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Michael Caisse

9:57 p.m.

On 4/12/17 14:52, Niall Douglas via Boost wrote:

...

...
A licence which understands that there is a legal world outside the United States of America and it is not the same needs to be longer.

Many would find the Boost licence insufficiently specified to give clarity and lack of ambiguity.

The BSL was written with international consideration in mind. And most of the long language you see in other licenses was deemed superfluous as it was already covered by various international treaties and accords. Obviously, IANAL, but that is my recollection from the various discussions and legal team at the time of the BSL.

With respect, the aversion to Boost code by corporate legal teams is very well known here. Both in the US and outside.

reference please -- Michael Caisse Ciere Consulting ciere.com

Niall Douglas

10:55 p.m.

...

...
...
The BSL was written with international consideration in mind. And most of the long language you see in other licenses was deemed superfluous as it was already covered by various international treaties and accords. Obviously, IANAL, but that is my recollection from the various discussions and legal team at the time of the BSL.

With respect, the aversion to Boost code by corporate legal teams is very well known here. Both in the US and outside.

reference please

You can search this list's archives for many tales of woe when trying to get Legal in a multinational to approve usage of Boost. I'm not saying it's all due to the Licence, there are other causes. But lawyers like detail, and the BSL lacks clarity. The biggest objection I always heard from Legal(s) was patent threat, and the BSL says absolutely zero about patents. You may notice all the v2.0 revisions of major open source licences do now say something about patents. That's why. If the steering committee might be thinking of fixing the BSL, better to adopt the Apache 2.0 licence https://www.apache.org/licenses/LICENSE-2.0.html. It has 25% of the open source market according to Wikipedia, and it's very well recognised by Legal, unlike the Boost licence. It isn't ideal for European jurisdictions, but it is widely recognised here too. They know how to deal with it upon sight, so in that sense it greatly improves on the BSL. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Rene Rivera

11:04 p.m.

On Wed, Apr 12, 2017 at 5:55 PM, Niall Douglas via Boost < boost@lists.boost.org> wrote:

...

If the steering committee might be thinking of fixing the BSL, better to adopt the Apache 2.0 licence

Also not compatible with the BSL. -- -- Rene Rivera -- Grafik - Don't Assume Anything -- Robot Dreams - http://robot-dreams.net -- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail

Niall Douglas

13 Apr 13 Apr

7:12 a.m.

On 13/04/2017 00:04, Rene Rivera via Boost wrote:

...

On Wed, Apr 12, 2017 at 5:55 PM, Niall Douglas via Boost < boost@lists.boost.org> wrote:

...
If the steering committee might be thinking of fixing the BSL, better to adopt the Apache 2.0 licence

Also not compatible with the BSL.

The BSL is compatible with the GPL, so I find it very hard to believe that Apache 2.0 is incompatible. Source: https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_li... Source: https://www.gnu.org/licenses/license-list.en.html Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Andrey Semashev

9:49 a.m.

On 04/13/17 10:12, Niall Douglas via Boost wrote:

...

On 13/04/2017 00:04, Rene Rivera via Boost wrote:

...
On Wed, Apr 12, 2017 at 5:55 PM, Niall Douglas via Boost < boost@lists.boost.org> wrote:

...
If the steering committee might be thinking of fixing the BSL, better to adopt the Apache 2.0 licence

Also not compatible with the BSL.

The BSL is compatible with the GPL, so I find it very hard to believe that Apache 2.0 is incompatible.

Source: https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_li...

Source: https://www.gnu.org/licenses/license-list.en.html

I believe it is more correct to say Apache 2.0 does not meet Boost requirements to the license in that it is more restrictive than the BSL. In particular, BSL has no requirements similar to those in Apache 2.0 [1] Section 4 item b. Also, unlike BSL, Apache 2.0 is not compatible with GPLv2, only GPLv3, which is not as popular. The boilerplate comment that is recommended to be used to apply the license, and the license itself, are significantly longer than those of BSL. I'll remind that this thread has started from someone having difficulty reading and understanding the BSL, and Apache 2.0 is not likely to improve on that. [1]: https://www.apache.org/licenses/LICENSE-2.0

John Maddock

9:56 a.m.

...

...
The BSL is compatible with the GPL, so I find it very hard to believe that Apache 2.0 is incompatible.

Source: https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_li...

Source: https://www.gnu.org/licenses/license-list.en.html

I believe it is more correct to say Apache 2.0 does not meet Boost requirements to the license in that it is more restrictive than the BSL. In particular, BSL has no requirements similar to those in Apache 2.0 [1] Section 4 item b.

Also, unlike BSL, Apache 2.0 is not compatible with GPLv2, only GPLv3, which is not as popular.

The boilerplate comment that is recommended to be used to apply the license, and the license itself, are significantly longer than those of BSL. I'll remind that this thread has started from someone having difficulty reading and understanding the BSL, and Apache 2.0 is not likely to improve on that.

[1]: https://www.apache.org/licenses/LICENSE-2.0

Irrespective of the merits of the various licences, I would remind everyone that it took us the better part of 2 years last time we changed licences... and Boost has grown immeasurably larger since then. I am emphatically not going to take on that task again, if someone else wants to volunteer, I can only wish them good luck - they will most certainly need it! Best, John. --- This email has been checked for viruses by AVG. http://www.avg.com

Niall Douglas

10:29 a.m.

...

Irrespective of the merits of the various licences, I would remind everyone that it took us the better part of 2 years last time we changed licences... and Boost has grown immeasurably larger since then. I am emphatically not going to take on that task again, if someone else wants to volunteer, I can only wish them good luck - they will most certainly need it!

New libraries can be licensed under improved licences so long as they are compatible with the Boost licence and meet the licence requirements at http://www.boost.org/development/requirements.html. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Rene Rivera

12:47 p.m.

On Thu, Apr 13, 2017 at 5:29 AM, Niall Douglas via Boost < boost@lists.boost.org> wrote:

...

...
Irrespective of the merits of the various licences, I would remind everyone that it took us the better part of 2 years last time we changed licences... and Boost has grown immeasurably larger since then. I am emphatically not going to take on that task again, if someone else wants to volunteer, I can only wish them good luck - they will most certainly need it!

New libraries can be licensed under improved licences so long as they are compatible with the Boost licence and meet the licence requirements at http://www.boost.org/development/requirements.html.

Good point indeed.. But so far in this thread non of the licenses mentioned meet those requirements. Perhaps someone, with legal acumen, could go the OSS licenses https://opensource.org/licenses/alphabetical and indicate which ones meet the Boost requirements. -- -- Rene Rivera -- Grafik - Don't Assume Anything -- Robot Dreams - http://robot-dreams.net -- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail

Peter Dimov

2:04 p.m.

Niall Douglas wrote:

...

New libraries can be licensed under improved licences so long as they are compatible with the Boost licence and meet the licence requirements at http://www.boost.org/development/requirements.html.

Hypothetically, yes. In practice, no. If it's not BSL, it's not going into Boost.

Andrey Semashev

3:14 p.m.

On 04/13/17 17:04, Peter Dimov via Boost wrote:

...

Niall Douglas wrote:

...
New libraries can be licensed under improved licences so long as they are compatible with the Boost licence and meet the licence requirements at http://www.boost.org/development/requirements.html.

Hypothetically, yes. In practice, no. If it's not BSL, it's not going into Boost.

I agree with this sentiment. In fact, why not spell it explicitly on the web site?

Niall Douglas

3:49 p.m.

...

...
New libraries can be licensed under improved licences so long as they are compatible with the Boost licence and meet the licence requirements at http://www.boost.org/development/requirements.html.

Hypothetically, yes. In practice, no. If it's not BSL, it's not going into Boost.

That's a pretty arrogant statement. It's down to the review manager in question at the time of review. Unless you're the review manager, your vote is just one of many considered. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Michael Caisse

3:59 p.m.

On 4/13/17 08:49, Niall Douglas via Boost wrote:

...

...
...
New libraries can be licensed under improved licences so long as they are compatible with the Boost licence and meet the licence requirements at http://www.boost.org/development/requirements.html.

Hypothetically, yes. In practice, no. If it's not BSL, it's not going into Boost.

That's a pretty arrogant statement.

It's down to the review manager in question at the time of review. Unless you're the review manager, your vote is just one of many considered.

Niall

It is significantly more complicated than that. If it isn't BSL it would need to be reviewed by SFC's counsel and we would need to weigh the benefits over the confusion. -- Michael Caisse Ciere Consulting ciere.com

Chris Glover

4:09 p.m.

...

...
That's a pretty arrogant statement.

It's down to the review manager in question at the time of review. Unless you're the review manager, your vote is just one of many considered.

Niall

It is significantly more complicated than that. If it isn't BSL it would need to be reviewed by SFC's counsel and we would need to weigh the benefits over the confusion.

From my point of view, as a boost user at a company, I can tell you that if

boost had different licenses on different libraries, that would be a problem for me. It is extremely handy that we can be confident that all of the code in the boost distribution is under a common license. If a particular library wants to be dual licensed, that's probably fine, but one of those licenses had better be BSL. -- chris

Peter Dimov

10:26 p.m.

Niall Douglas wrote:

...

...
Hypothetically, yes. In practice, no. If it's not BSL, it's not going into Boost.

That's a pretty arrogant statement.

It's just putting the status quo in words. I'm not making an "ought" statement, I'm making an "is" statement. The BSL is a de-facto requirement. Do you think that all libraries in Boost use the BSL by some sort of a happy accident? How would you estimate the chances of that coincidence? The reason all Boost libraries use a single license is to ease adoption. Once the BSL is cleared by legal, ALL of Boost is cleared by legal. If libraries could pick a license, every library would need to be cleared separately. This is enforced by the Inspect tool, see https://github.com/boostorg/inspect/blob/develop/license_check.cpp For the record, the decision to use the BSL wasn't mine, I didn't write the Inspect tool, the decision to add a BSL check in it wasn't mine, and the rationale to use a single license for each and every file in the distribution isn't mine either.

John Maddock

4:34 p.m.

On 13/04/2017 11:29, Niall Douglas via Boost wrote:

...

...
Irrespective of the merits of the various licences, I would remind everyone that it took us the better part of 2 years last time we changed licences... and Boost has grown immeasurably larger since then. I am emphatically not going to take on that task again, if someone else wants to volunteer, I can only wish them good luck - they will most certainly need it! New libraries can be licensed under improved licences so long as they are compatible with the Boost licence and meet the licence requirements at http://www.boost.org/development/requirements.html.

That's only sort of true - if those libraries have dependencies then users are now left having to understand *both* the "new" and the "old" licence, which is hardly an improvement. On the other hand if they have no dependencies, then there is nothing to prevent you from dual licensing. --- This email has been checked for viruses by AVG. http://www.avg.com

Niall Douglas

10:27 a.m.

...

I believe it is more correct to say Apache 2.0 does not meet Boost requirements to the license in that it is more restrictive than the BSL. In particular, BSL has no requirements similar to those in Apache 2.0 [1] Section 4 item b.

It is correct that Apache 2.0 licence imposes more requirements. That's its merit over the BSL.

...

Also, unlike BSL, Apache 2.0 is not compatible with GPLv2, only GPLv3, which is not as popular.

Correct.

...

The boilerplate comment that is recommended to be used to apply the license, and the license itself, are significantly longer than those of BSL. I'll remind that this thread has started from someone having difficulty reading and understanding the BSL, and Apache 2.0 is not likely to improve on that.

You are allowed to, and indeed encouraged to, provide just a URL to the licence text. Besides, Apache 2.0 is a very popular and well understood licence. You don't need a large boilerplate, unlike the relatively unknown BSL. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Rene Rivera

12:43 p.m.

On Thu, Apr 13, 2017 at 4:49 AM, Andrey Semashev via Boost < boost@lists.boost.org> wrote:

...

On 04/13/17 10:12, Niall Douglas via Boost wrote:

...
On 13/04/2017 00:04, Rene Rivera via Boost wrote:

...
On Wed, Apr 12, 2017 at 5:55 PM, Niall Douglas via Boost < boost@lists.boost.org> wrote:

If the steering committee might be thinking of fixing the BSL, better to

...
adopt the Apache 2.0 licence

Also not compatible with the BSL.

The BSL is compatible with the GPL, so I find it very hard to believe that Apache 2.0 is incompatible.

Source: https://en.wikipedia.org/wiki/Comparison_of_free_and_open-so urce_software_licenses

Source: https://www.gnu.org/licenses/license-list.en.html

I believe it is more correct to say Apache 2.0 does not meet Boost requirements to the license in that it is more restrictive than the BSL. In particular, BSL has no requirements similar to those in Apache 2.0 [1] Section 4 item b.

Sorry, yes, it's more accurate to say the APL doesn't meet Boost licensing requirements. And it's not just 4.b, it's 4.a also. As both apply to "Object form" redistribution. There's a good reason why you see considerably more commercial products use Boost and not other OSS libraries. -- -- Rene Rivera -- Grafik - Don't Assume Anything -- Robot Dreams - http://robot-dreams.net -- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail

Andrey Semashev

10:01 a.m.

On 04/13/17 01:55, Niall Douglas via Boost wrote:

...

The biggest objection I always heard from Legal(s) was patent threat, and the BSL says absolutely zero about patents.

You may notice all the v2.0 revisions of major open source licences do now say something about patents. That's why.

Having a section regarding patents in the license implies that the author is supposed to perform a research on possible patent infringement. Otherwise he might be giving a license to patents he doesn't own. I'd say most of the Boost contributors don't have the resources or will to conduct such research, so this task is upon users (more presicely, those users who act in jurisdictions that recognize software patents). Pretty much the same goes for trademarks.

Niall Douglas

10:37 a.m.

...

...
The biggest objection I always heard from Legal(s) was patent threat, and the BSL says absolutely zero about patents.

You may notice all the v2.0 revisions of major open source licences do now say something about patents. That's why.

Having a section regarding patents in the license implies that the author is supposed to perform a research on possible patent infringement.

Completely incorrect. Under Apache 2.0, contributors give a licence to licensees to use any patents the *contributor* holds. This is exactly the clause that Corporate Legal wants to see, and what the BSL lacks. Without it, it allows bait-and-sue on code because say someone like you Andrey could deliberate contribute code to Boost violating a software patent you hold. You then wait for people to use your patented code in Boost. You then sue them for patent violation. That's why Legal doesn't like the Boost Software Licence. It's an open season to getting sued for patent violation in those countries where software patents are a thing (in most of the world they are not enforceable). If on the other hand (new, standalone) Boost libraries were under Apache 2.0, Corporate Legal would more readily approve the use of such libraries in proprietary code.

...

Pretty much the same goes for trademarks.

Apache 2.0 allows you to use other people's trademarks so long as you acknowledge they belong to those other people. You cannot appropriate another's trademark for yourself. Which is the whole point of a trademark. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Peter Dimov

2:06 p.m.

Niall Douglas wrote:

...

Without it, it allows bait-and-sue on code because say someone like you Andrey could deliberate contribute code to Boost violating a software patent you hold. You then wait for people to use your patented code in Boost. You then sue them for patent violation.

Has this ever occurred? Because the license clearly states that the owner grants a right to use, and defending in court the proposition that this grant somehow only applies for use in a copyright sense but not for use in a patent sense (as if there's a difference) will be an interesting exercise.

Niall Douglas

3:56 p.m.

On 13/04/2017 15:06, Peter Dimov via Boost wrote:

...

Because the license clearly states that the owner grants a right to use, and defending in court the proposition that this grant somehow only applies for use in a copyright sense but not for use in a patent sense (as if there's a difference) will be an interesting exercise.

I would never second guess a clever lawyer. The point being made is not whether any licence is enforceable in court. Most have never really been tested in a court, even the GPL. It is about risk minimisation to a lawyer, and persuading Corporate Lawyers that the licence on some bit of open source is minimum risk or not. I have seen no persuasive argument that the BSL is perceived as less legal risk to lawyers than the Apache 2.0. From all my interaction with Corporate Legal departments over the years, never mind trying to get Professional Indemnity insurance for works covered by the BSL as against a better known licence (tl;dr forget about it, they won't insure BSL licenced code, at least in Europe), I am very sure that the Apache 2.0 is a safer, more acceptable, more inclusive, more commercially friendly licence than the BSL. New Boost libraries should as a minimum, use the Apache 2.0 licence in preference to the Boost licence. Period. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Michael Caisse

4:45 p.m.

On 4/13/17 08:56, Niall Douglas via Boost wrote:

...

On 13/04/2017 15:06, Peter Dimov via Boost wrote:

...
Because the license clearly states that the owner grants a right to use, and defending in court the proposition that this grant somehow only applies for use in a copyright sense but not for use in a patent sense (as if there's a difference) will be an interesting exercise.

I would never second guess a clever lawyer.

The point being made is not whether any licence is enforceable in court. Most have never really been tested in a court, even the GPL. It is about risk minimisation to a lawyer, and persuading Corporate Lawyers that the licence on some bit of open source is minimum risk or not.

I have seen no persuasive argument that the BSL is perceived as less legal risk to lawyers than the Apache 2.0. From all my interaction with Corporate Legal departments over the years, never mind trying to get Professional Indemnity insurance for works covered by the BSL as against a better known licence (tl;dr forget about it, they won't insure BSL licenced code, at least in Europe), I am very sure that the Apache 2.0 is a safer, more acceptable, more inclusive, more commercially friendly licence than the BSL.

New Boost libraries should as a minimum, use the Apache 2.0 licence in preference to the Boost licence. Period.

Niall

Since there is plenty of this banter going on in the thread, let me add my own experience of 11-years dealing with BSL. We have had clients in the US, Europe, and Asia. Our clients include very large multinational corporations that are household names and small start-ups that are looking for exit plans to sell. Our clients work in fields such as financial, medical, various research, consumer products, business-to-business ventures, blaa blaa blaa... Many of the organizations are already using Boost and some were introduced to Boost during the project. Those we introduced to Boost (including large international corps) have all had their teams of concerned lawyers evaluate the BSL to determine the risk of including libraries. We have some clients that require each new OSS library to be evaluated (add Boost.MSM and have it and dependencies evaluated. Now add Boost.Spirit and have it and dependencies evaluated.) We have helped several companies through the IP purchase process in which OSS inventories are scrutinized by teams of lawyers looking for a reason to not purchase or to reduce the cost. Our most recent exercise in this was last month. Not one lawyer along the way has raised a red flag. There has been more than enough opportunity for the BSL to be rejected. Not one lawyer has done so. I am sorry you have had such a horrible experience with licensing. Dealing with this stuff can be hard. Perhaps it is a reflection of the quality of lawyer you are interacting with. Ambiguity *always* works against the writer of the license. That is the legal way of it. So while you have had the experience of "aversion to Boost code by corporate legal teams" I have had the exact opposite experience. In fact, we have clients that say if it isn't BSL ... it isn't going in. michael -- Michael Caisse Ciere Consulting ciere.com

Peter Dimov

12 Apr 12 Apr

9:18 p.m.

Andrey Semashev wrote:

...

Also, from a cursory look, it doesn't seem to require to retain copyright notices and the license in redistributed source code.

It does, see "Attribution right" in clause 5. It's not even limited to source code. I'm not clear on "Provision of Source Code", it's not limited to the Original Work, so it seems to apply to derived works as well. If so, this makes the EUPL unsuitable for Boost. We don't require source availability for derived works.

Niall Douglas

9:43 p.m.

On 12/04/2017 22:18, Peter Dimov via Boost wrote:

...

...
Also, from a cursory look, it doesn't seem to require to retain copyright notices and the license in redistributed source code.

It does, see "Attribution right" in clause 5. It's not even limited to source code.

Earlier on "the Work" is defined to be the source code I believe.

...

I'm not clear on "Provision of Source Code", it's not limited to the Original Work, so it seems to apply to derived works as well. If so, this makes the EUPL unsuitable for Boost. We don't require source availability for derived works.

It's a much weaker "non viral" copyleft than the GPL because it defers to any of the compatible licences listed at the end if combined into a work consisting of multiple licenced codes. I had understood that to mean that if your EUPL code is used as a library in a bigger project, no obligations to distribute source land on the licensee, but if they distribute a modified copy of your library as a standalone thing, then they can't supply prebuilt DLLs without source code. But that requirement, now you make me think about it, does violate the Boost licence which does allow people to derive from Boost and publish binaries without source. Good catch. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

Peter Dimov

9:49 p.m.

Niall Douglas wrote:

...

On 12/04/2017 22:18, Peter Dimov via Boost wrote:

...
It does, see "Attribution right" in clause 5. It's not even limited to source code.

Earlier on "the Work" is defined to be the source code I believe.

No. "- The Work: the Original Work and/or its Derivative Works." "- The Source Code: the human-readable form of the Work which is the most convenient for people to study and modify."

...

I had understood that to mean that if your EUPL code is used as a library in a bigger project, no obligations to distribute source land on the licensee, but if they distribute a modified copy of your library as a standalone thing, then they can't supply prebuilt DLLs without source code.

That's not how I read it.

...

But that requirement, now you make me think about it, does violate the Boost licence which does allow people to derive from Boost and publish binaries without source.

We also allow binary distribution without attribution.

Rene Rivera

9:17 p.m.

On Wed, Apr 12, 2017 at 3:55 PM, Niall Douglas via Boost < boost@lists.boost.org> wrote:

...

...
Could we somehow solve the issue in Boost by * also distributing Boost under the MIT license (super extremely very close license)

The MIT license is technically incompatible with the Boost license. -- -- Rene Rivera -- Grafik - Don't Assume Anything -- Robot Dreams - http://robot-dreams.net -- rrivera/acm.org (msn) - grafikrobot/aim,yahoo,skype,efnet,gmail

Stefan Seefeld

11:15 p.m.

On 12.04.2017 17:17, Rene Rivera via Boost wrote:

...

On Wed, Apr 12, 2017 at 3:55 PM, Niall Douglas via Boost < boost@lists.boost.org> wrote:

...
...
Could we somehow solve the issue in Boost by * also distributing Boost under the MIT license (super extremely very close license) The MIT license is technically incompatible with the Boost license.

It might be a good idea to collect such bits of wisdom in a common place (such as the wiki). A good starting point: a list of widely known Free Software licenses, annotated to indicate whether they meet the requirements in http://www.boost.org/development/requirements.html#License (with explicit references to the clause they don't meet if applicable). Stefan -- ...ich hab' noch einen Koffer in Berlin...

Gavin Lambert

13 Apr 13 Apr

12:33 a.m.

On 13/04/2017 11:15, Stefan Seefeld wrote:

...

It might be a good idea to collect such bits of wisdom in a common place (such as the wiki). A good starting point: a list of widely known Free Software licenses, annotated to indicate whether they meet the requirements in http://www.boost.org/development/requirements.html#License (with explicit references to the clause they don't meet if applicable).

The BSL is generally more permissive than the other popular licenses (in particular placing no obligation of attribution or source-sharing on distribution in binary form); that's typically where the conflicts lie. To most users of the Boost libraries, it doesn't make any difference either way -- they either distribute the libraries in compiled form, which the BSL permits without complications, or they distribute their own library/application in source form typically without redistributing the Boost libraries themselves (instead just telling people where to find them or expecting that they'll be able to find them themselves). The latter approach might technically get them in trouble with their own licenses (eg. if they're using GPL) but most people don't worry about that either.

Josh Juran

10:40 a.m.

On Apr 12, 2017, at 8:33 PM, Gavin Lambert via Boost wrote:

...

To most users of the Boost libraries, it doesn't make any difference either way -- they either distribute the libraries in compiled form, which the BSL permits without complications, or they distribute their own library/application in source form typically without redistributing the Boost libraries themselves (instead just telling people where to find them or expecting that they'll be able to find them themselves).

The latter approach might technically get them in trouble with their own licenses (eg. if they're using GPL) but most people don't worry about that either.

Not even technically. Authors who license their own code under the GPL are not bound by the GPL with respect to that code. An author is allowed to offer anything under the terms of the GPL, including a program that links to a binary-only library that you have to pay to use -- although nobody else would be legally allowed to redistribute it, due to being unable to fulfill the terms of the GPL. Josh

Andrey Semashev

11:10 a.m.

On 04/13/17 13:40, Josh Juran via Boost wrote:

...

Authors who license their own code under the GPL are not bound by the GPL with respect to that code. An author is allowed to offer anything under the terms of the GPL, including a program that links to a binary-only library...

That's not my reading of the GPL. According to Section 6 [1], everyone, including the author, must provide source code of the (derived) work as part of distribution, which is not possible if the work contains a binary-only component. [1]: https://www.gnu.org/licenses/gpl.html

Bjørn Roald

12:59 p.m.

Sorry for top-post, but this is to this discussion in general, not to Andrey in particular. If there is a need and interest, may I suggest to carry this discussion elsewhere, possibly starting with a new topic on the boost list. This discussion has drifted far off-topic with regard to the OP question and I am concerned direct responses to the original question was somewhat unclear. To my understanding, the BSL clearly is intended to, and likely meets the OP’s needs to use Boost code in a closed source project. As always such an answer to users should be given with the disclaimer that users should check themselves how the BSL apply to their needs, their business, their project, and local laws. But it is hard to imagine there should be any real need for concern about issues stemming from Boost code or the BSL in this case. To combat confusion about the BSL, answers to these kind of questions need to be as simple as they surely are. Having them leading to off-topic discussions like this is not helping anyone. As it stands in my experience, BSL is an excellent license for Boost and its users. I see no need to change licensing in Boost. — Bjørn

...

On 13 Apr 2017, at 13:10, Andrey Semashev via Boost wrote:

On 04/13/17 13:40, Josh Juran via Boost wrote:

...
Authors who license their own code under the GPL are not bound by the GPL with respect to that code. An author is allowed to offer anything under the terms of the GPL, including a program that links to a binary-only library...

That's not my reading of the GPL. According to Section 6 [1], everyone, including the author, must provide source code of the (derived) work as part of distribution, which is not possible if the work contains a binary-only component.

[1]: https://www.gnu.org/licenses/gpl.html

_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost

Paul A. Bristow

15 Apr 15 Apr

6:08 p.m.

...

-----Original Message----- From: Boost [mailto:boost-bounces@lists.boost.org] On Behalf Of Niall Douglas via Boost Sent: 12 April 2017 21:56 To: boost@lists.boost.org Cc: Niall Douglas Subject: Re: [boost] Boost licensing information

...
This issue often confuses users. Especially non native speakers for whom all that perfectly measured legal words make absolutely no sense! Seriously, I need to spend about an hour to understand what a license is talking about. And I *know* the restrictions, it's just unbelievably hard to convert legal words to understanding.

What's worse - BSL is not a very popular license. There's probably only 1-2 pages in non-English languages about BSL on wikipedia. Other wiki pages redirect from BSL to Boost libraries. So for example I can get no information about BSL in Russian. I've tried twice to translate BSL to Russian. Both times the wiki page was removed as a minor/useless topic.

Also, translations prepared by non-lawyers are problematic.

...
Could we somehow solve the issue in Boost by * also distributing Boost under the MIT license (super extremely very close license) * or by summarizing the differences between BSL and MIT in simple English like here http://softwareengineering.stackexchange.com/a/44116

I would *really* prefer the EUPL over the MIT licence. The EUPL comes in 22 languages and was written to work well in any of the major legal systems in the world, including Russia's.

I'm currently strongly considering placing Outcome and all my Boost like libraries under the EUPL licence. It far better matches the "Licence requirements" at http://www.boost.org/development/requirements.html than the Boost licence does. And it comes in 22 translations as prepared by lawyers in those languages, and those translations have undergone multiple rounds of peer review and checking. It is a far superior licence for Boost code.

https://joinup.ec.europa.eu/community/eupl/og_page/european-union-public-lic...

I can't help myself bike shedding that clause 8 looks to have less complete no-liability. "Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be liable..." IANAL, but might look as though - If someone dies from a life-support software malfunction, the author is on the hook? (Damage to 'un-natural persons' are exempted I note ;-) It looks like a case of "If it ain't broke, don't fix it to me". If your lawyers can't be bothered to read or translate the Boost license, or don't like it - tough? Paul --- Paul A. Bristow Prizet Farmhouse Kendal UK LA8 8AB +44 (0) 1539 561830

Niall Douglas

9:56 p.m.

...

I can't help myself bike shedding that clause 8 looks to have less complete no-liability.

"Except in the cases of wilful misconduct or damages directly caused to natural persons, the Licensor will in no event be liable..."

IANAL, but might look as though - If someone dies from a life-support software malfunction, the author is on the hook? (Damage to 'un-natural persons' are exempted I note ;-)

Wilful misconduct or damages directly caused to natural persons is better known as "a crime". Under EU law since about 2011 or so, it is illegal to disclaim liability for that under EU consumer protection law, and a licence or EULA or contract which does so is problematic and depending on how the rest of it is written, could be null and void. Indeed there was some past case law before the ECJ where the disclaimer of liabilities was rendered void, and a US multinational had to fork out a ton of cash far in excess of the contracted liability limit to some small European business. If you read the recommended practices guide for EU lawyers, it suggests to insert many separate and standalone disclaimers of liability with clear boundaries around specific things, and not to use broad brush disclaimers as is typical under US law. The EUPL is following that advice. But to answer your question, unless someone can prove that you deliberately made your software target directly specific people or a specific person, there is no liability in the above clause. Even if you wrote a virus which trashed people's stuff, unless it can be proved that you *deliberately* trashed people's stuff and it's not a programming error by you, you're fine. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/

2784

Age (days ago)

2788

Last active (days ago)

List overview

Download

43 comments

15 participants

participants (15)

Andrey Semashev
Antony Polukhin
Bjørn Roald
Chris Glover
Fabrizio Riente
Gavin Lambert
John Maddock
Josh Juran
Karen Shaeffer
Michael Caisse
Niall Douglas
Paul A. Bristow
Peter Dimov
Rene Rivera
Stefan Seefeld