Improve licensing article #174
Labels
No labels
Codeberg Pages
Documentation Usability
Forgejo
Good First Issue! 👋
Kind: Bug
Kind: Documentation
Kind: Enhancement
Kind: Feature
Kind: Question
Kind: Security
Licensing
Part: Generator
Priority: High
Priority: Low
Priority: Medium
Reviewed: Confirmed
Reviewed: Duplicate
Reviewed: Invalid
Reviewed: Wontfix
Status: Blocked
Status: Help wanted
Status: In progress
Status: Needs feedback
Status: Ready for Review
Status: Review
Status: Stale
No milestone
No project
No assignees
10 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
Codeberg/Documentation#174
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Just some additions to the recently added article from #173 (https://docs.codeberg.org/getting-started/licensing/)
Mention private repo / note-taking rule:
A user on Mastodon asked about private repos? We should mention that private repos are possible (re-link to the FAQ which explains this, but people only looking at the licensing guide will overlook the clarification in the FAQ and the section in the Terms of Use)
How to apply:
People might wonder how to apply a license to your code. AFAICT, it's usually considered okay to just put a file next to your code, but to properly license code and avoid any legal uncertainty, it should be explicitly stated that the code is under this license, right? Ideally, every file should include a license header.
It might be good to give good and precise instructions on how to actually change the license, especially since the full license texts are sometimes hard to copy into a easily readable file (so maybe tell people what's necessary to reference a file that lives outside etc).
A place where someone was hit by the "adding a file is enough" is in Codeberg/Community#407, and I agree that the Gitea UI kinda suggests that using the license dialog is everything you need.
Reasoning:
Some people might wonder why a repo needs a license. Some hints are kinda hidden, but they might be made more prominently.
@michielappelman are you interested in fixing this up once more? No obligation of course, your first version is already very nice, these are just some improvements I can think of by now.
Just some more thoughts:
I might eventually work this into the text. Sofar I was not active in contributing to the docs and don't know who is curating them.
So let me know if there are any objections.
I'm not an expert, but I actually consider the headers even more important because
As a reference: https://www.gnu.org/licenses/gpl-howto.en.html
Thank you for your feedback. The article about proper licensing is very important IMHO, because it's what we want to promote here and is a really important thing for us as a software forge, to give contributors at hand. So any improvement very welcome!
There is the lax rule of waiting for about two approvements before merging, less for less-important changes or when there is simply no more feedback after a while.
I think that personals views can make it into the licensing article, but I'd ask everyone to stay as objective as possible and to cover multiple perspectives. There are things people have fought war over, we should just quickly mention different arguments (e.g. copyleft vs temporarily open; license headers vs. one central place (promotion of the reuse project could also be an option), ...).
tok/codeberg-documentation@8f109fe51dNot a pull-request yet because it is late-night work. Just for reference and input to the discussion.
Another thought:
We should highlight that the licence is also about protecting the user from being sued for copyright or even patent infringement (as long as it relates to the licenced work). Especially the MIT licence basically allows that code can be used without copyright infringement but nevertheless the copyright owner can sue the user for patent infringement related to the licenced work. As a user this is good to know. Not sure if that happens often, though. So for this reason we should think about promoting the Apache Licence before the MIT licence.
Already checked out your commit from the explore view :)
Why did you switch from the OSI list to the FSF list in line 32/41? I don't know why the other one was listed there, though, maybe it's worth linking both as in the current no-license reminder inside the repos?
To the patent thing: It would be great to have resources if this happens, I have never heard of such a thing. It would also be very hard to claim patents if something was released for free use without mentioning the patent, I doubt this works in a court actually. But still, an interesting thought, that could be theoretically mentioned if no such evidence can be found.
I switched to the FSF list for following reasons:
We can indeed link to both. But I'd then also write a short explanation who they are (as objective as possible). I think it could be confusing otherwise.
The FSF on the X11 Licence and also Expat Licence (often called "the MIT licence"):
https://www.gnu.org/licenses/license-list.en.html#X11License
I'm not an expert on that, but maybe that's an interesting read:
https://international.vlex.com/vid/free-and-open-source-739218105
Also
As the article states, there seems to be unclarity.
Based on this I conclude that there's no guarantee that such software licences also give the user a licence to use a patent under the same conditions.
I believe that this can be avoided using licences with a 'patent clause' like the GPLv3 or Apache-2.0 do. Not only does this protect the user but it also protects the project from 'trojan' contributions.
Imagine Android would be licenced under the X11/Expat/MIT licence without a patent clause. It would be possible that somebody maliciously sneaks in a patented contribution and then later sues Google for patent infringement.
Yet another thought:
Do we want to have an opinion, recommendation or even terms-of-use regarding contributor licence agreements (CLA)?
I remember projects being licenced under an free and open-source licence but they required contributors to sign a CLA. The CLA basically said that the contributor transfers the copyright ownership to the project owner.
Such methods can be used as 'backdoors' to turn copyleft into non-copyleft or even proprietary code: If you are the only copyright owner of a software, then you can change the licence at will.
See for example https://en.wikipedia.org/wiki/Contributor_License_Agreement#Examples.
Comment on choosealicense.com
More ideas & comments:
I think, Codeberg can have its own recommendation of licences indeed (similar to what there is already).
However, I suggest to move this section more towards the top of the document and then later on go into explanations. I'm afraid, many people will not read the full text anyway.
About spelling: https://prowritingaid.com/art/492/Licence-vs--License%3A-Which-One-is-Right.aspx (trackers there)
In the US: license = noun, to license = verb
Everywhere else: licence = noun, to license = verb
Since codeberg.org is located in Germany, I suggest to use the latter spelling. (I was not being consistent myself, but will try from now on)
I'm afraid I only scanned through your comments. Feel free to just go ahead and realize them. We are happy about every contribution, and the current state does in no way reflect an official stance or anything, but is simply a very first contribution we received and allowed us to make licensing more clear to our users than it has been before. There is always a lot of room for improvements.
I had extensive offline discussions with @tok. Below are some of the thoughts which emerged:
In the statute of Codeberg is written that:
but in the current licencing page is written that:
The two should be consistent. Maybe rather than trying to deduce from abstract principles it is enought to state that term of use of codeberg requires the use of an open-source licence for all project. One can later explain why this is important.
Thank you for this easier-to-read list of points. We could even convert this into ToDo-Boxes (
[ ]) and ask people to pick one (some) of them.&
rather link to it, please
This page was mainly a blocker for licence reminders to spread awareness, and is thus mainly linked there. So the most important thing is to make people understand why a FLOSS licence is the thing we all want in their repo, not "just because it's in the Terms of Use". Whoever is going to rework this, please keep in mind that people might read the article without even fully understanding what this spirit means. I know many people who literally thought that they are contributing to Open Source because they put their code into a publicly accessible space (like a Git(Hub) repo). Those will be redirected to this article, and they should be caring about FLOSS afterwards 💙
@fnetX Ah, I did not fully get that people will be mainly redirected there with the licence reminder. Thanks!
I had in mind to start like this:
Perhaps indicate that REUSE (https://reuse.software/) is the prefered (expected) approach.
Copy from the original issue, I think this is the part not yet implemented but proposed in the now-closed issue.
For a public domain equivalent license, we recommend using 0BSD instead of other licenses. I think it would be beneficial to explain why: it has better reception and recognition from companies.
Relevant comment on choosealicence.com: https://github.com/github/choosealicense.com/issues/805#issuecomment-799220564
Found this issue via Community repo: Codeberg/Community#624 I apologize if this should be a separate issue or in a different tracker; this is my best guess.
Currently the new repo page still links to https://choosealicense.com/ where MIT license is prominently and favorably described as mentioned previously.
I would suggest that when this is fixed, the drop down list should correspond to the names given on the provided documentation.
This libre license advocated by the linked page is "GNU GPLv3". If I type "GNU" into the drop down I get
gnu-javamail-exceptionandgnu-plot. Type "GPL" and there are about 2 dozen options. "GPLv3" shows nothing but there are 4x variations underGPL-3.0-. In my browser the drop down only show 3 lines at a time so it is not easy to find thatv3is described as-3.0-.. you need to hunt a lot if you don't already know that. Then, I don't know which one actually is the same one I want.It's fine to have the long extensive list for those who wish to use it, but the first items should be exactly the same wording as whatever documentation is provided. In this case, the top item should be
GNU GPLv3, followed, I guess, byMIT.I'm in favour of promoting https://writefreesoftware.org/ from Codeberg, replacing Choose a license where applicable. WriteFreeSoftware aligns better with our mission, is more approachable in my opinion, and covers more than "simply choosing a license". Because writing Free Software does not end with picking a choice from a checkbox alone.
I am guessing you would link directly to Choosing a license? If yes I think it is a huge improvement over the existing link. It very succinctly touches on a range of issues to consider.
With regards to my previous comment about the licenses being findable in the list, I think the change of link should be made irregardless.
But I would like to point out that of the libre licenses recommended, none of them are findable. (Both the MIT and BSD licenses are findable though.)
The problem is that abbreviations are being used instead of the full names. Also, the GPL abbreviations have different word orders than the full names on this website. So they are not located in the expected alphabetical order.
On my desktop browser, this drop down shows up with a fancy type-to-find widget that should make obtaining the correct item from the long list pretty fast. Yes none of them are findable this way; you really have to scroll through the list which only shows 3 lines at a time.
The solution could be to list the full name along with abbreviations. For example, replace "MPL-2.0" with "Mozilla Public License 2.0 (MPL-2.0)". Assuming other browsers work the same way mine does, this would still allow people who know the abbreviation they are looking for to locate easily (typing "mpl").
Idk if there is some other reason why the listings are abbreviation-only. Internationalization?
Could you try to propose your changes to the license chooser to https://codeberg.org/forgejo/forgejo?
The list is autogenerated from SPDX license data, but I'm pretty sure that someone could make adjustments to this process to allow the format "Full Name (Short Name)".
I've had this issue pinned as I was trying to articulate a request in https://codeberg.org/forgejo/forgejo as requested. But I couldn't get it very concise.
Now I see the linked documentation has been changed to https://docs.codeberg.org/getting-started/licensing. For me, I like the new one. I finally know which license to select from the list (AGPL 3.0 or later). I honestly couldn't figure it out before.
I feel that the document might be a little complicated for someone who isn't already framiliar with the concepts though. Maybe it's just impossible to explain in a way that's both reasonably accurate/nuanced and also extremely brief.
I am curious:
1: are the effects measurable?
Are there any metrics available describing how many people actually select a license at the "create repo" page and if it changes over time? Especially if it can be correlated with viewing the explainer document.
Hope it doesn't come across as excessively taylorist or snooping.
2: flowchart flow
Is the intention to make the "flowchart" section visually clearer? I am not framiliar with eleventy. Without adding a bunch of complexity to the whole repo would it be possible to add some more hints to help follow the narrative? Such as borders on the left side, highlight on mouse over? Like this (tiny on purpose to show structure not content):
3: easy input license into form
Would it be possible to have links next to each license name that brings you to the new repo page with that form filled? Could look like this:
With that URL being
https://codeberg.org/repo/create?license=AGPL-3.0-or-laterand clicking it does this:Not sure if it would/could go back to the previous tab the user arrived from or if it just opens a fresh one.
It might sound excessively hand-holding but remembering a long code to find it in a list among a bunch of other nearly-identical long codes is kind of hard if you don't already have a familiarity with what they are designating.
If it can't be done by magic, then having an option to copy the exact and complete name as it appears in the drop down list would be a good alternative. Like how code snippets often have the little "copy" button in the top-right corner.
4: other ways to make license choosing easier
The easier it is the more likely it will happen.
Allow user/organization to configure default license for new repos. Then you are not faced with re-reading the guidance document every time. Make a thoughtful decision once and revisit it only when needed.
Provide a page showing an overview of licenses of all repos for user/organization. Like https://codeberg.org/username?tab=repositories there could be a search filter/sort for license, and for needs-a-license. This would let people check easily if they forgot somewhere. For repos which are public, it would encourage accountability as other poeple could easily see an overview.
Have some toggle for the list on new repo page to be abbreviated on an opt-in basis. Most people do not need all these choices. Being able to click "Short list" or something and have everything but the most up to date and popular 5-10 options go away would make it easier if you are trying to jog your memory.
Somewhat conversely, I still think the full names would be worthwhile including in addition to the abbreviations. Previously I was trying to search for "gnu" instead of GPL which gets you like "GNU-compiler-exception". Other commonly-used name someone might want like mozilla or creative commons are likewise not findable.
There should be a link on the new repo page to wherever the licenses are stored. I assume in their own repo somewhere. So that the full text can be read by anyone so inclined prior to accepting it.
I do not find a way to add the license after the repo is created. If it exists it's hard to find. If it doesn't exist it would be nice. In the settings have an "add license" section. Even if it is literally just a link to wherever the license are kept and instructions on how to do it manually. But better if it's magic of course. I think it's reasonable that you might want to work on something a little before deciding on a license.
Sorry there's so many things. It's a bit of a bike shed type thing probably but thought I'd throw them out there in case any of them sound like a good fit.
Idea: Fork Choose a License and carry over the essential points of the current article ("our perspective") onto that tool?
Do you mean formatting of license texts, or formatting of the licensing guide, or formatting of documents in projects? For the latter, REUSE would define some sort of formatting which is even machine readable.
(Honestly, this post reads like a advertisement for this commercial service which is probably not interesting for this community.)
Yes it does sound like that. @moderation
@moderation
This link is to a commercial service which looks very much like the typical buy-your-coursework-essay-or-term-paper-here. I did not explore beyond first impressions, but if this has any relevance to the concerns discussed in this issue, it is certainly hidden extremely well.
There does not seem to be any option to report a problem with a post. Not sure if I'm meant to open a new issue about a comment, but hopefully this is enough to draw it to somebody's attention.
See osdc/bots#71 (comment). User has 2 posts. Both spam as far as I can see.
Old licenses like MIT and BSD are simple and permissive, but they have known legal weaknesses, at example: they lack explicit patent protections, their liability disclaimers are not fully enforceable in any legal system, and even the use of capital letters in disclaimers has sometimes been judged by courts as less readable and therefore less effective.
Modern licenses like Apache or Mozilla were designed to address the weaknesses of older licenses. They explicitly handle patent risks, provide clearer liability disclaimers, and improve legal enforceability across jurisdictions, making them more robust in today’s legal environment.
The EUPL is the only open-source license formally adopted by the European Commission and is legally valid in all 27 EU Member States. This ensures enforceability under national laws, unlike other licenses which rely on general contract principles.
The EUPL exists in 23 official EU languages, and all versions are legally equivalent, avoiding ambiguity in translation.
The EUPL is thoroughly documented by the EU itself, avoiding ambiguity in interpretation.
How to use the EUPL (very informative):
https://joinup.ec.europa.eu/collection/eupl/how-use-eupl
EUPL text:
https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
Compatibility matrix:
https://joinup.ec.europa.eu/collection/eupl/matrix-eupl-compatible-open-source-licences
Description of the 7 new principles enforced in the license (the license covers "work", any combination of SW, DATA, design etc.):
https://joinup.ec.europa.eu/sites/default/files/discussion/attachment/2024-01/How%20could%20open%20licensing%20protect%20democracy.pdf
MIT and Unlicense weaknesses:
https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-Line
https://writing.kemitchell.com/2022/08/05/Public-Domain-Software
EU legal framework for any SW license:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32009L0024
US legal framework for any SW license:
Hi, sorry, we need people that contribute to the documentation from an objective point of view - we understand that the page could be improved.
The EU recognized that many established open‑source licenses have weaknesses, so it developed the EUPL to provide a clearer, more robust framework. This document explains how the EUPL addresses those gaps, and I think you’ll find it a valuable resource for improving your license page.
https://interoperable-europe.ec.europa.eu/sites/default/files/discussion/attachment/2024-01/How%20could%20open%20licensing%20protect%20democracy.pdf
I have some repositories licensed under MIT/BSD. I know these are weak and badly written licenses, I chose them out of laziness.
Have a good night :)
Good reference for open-source licenses, with a curated list of licenses by legal experts.
https://blueoakcouncil.org/
https://blueoakcouncil.org/list
I replaced my lazy MIT/BSD with the BlueOak Model, a modern and legally sound replacement for the outdated MIT/BSD.
https://blueoakcouncil.org/license/1.0.0
@ppigazzini wrote in #174 (comment):
I don't think this is a useful link. The writeup reflects a clear bias in favour of 'permissive' licences, describing copyleft licences as like permissive licences 'with a catch', with stronger copyleft protections described in terms of more stringent requirements.
Insofar as this is aimed at developers selecting licences, it is deeply misleading.
The list of 'curated' licences includes only permissive ones. Moreover, it gives no useful indication of why particular licences are categorised in particular ways. So there is no way to tell if a licence is rated 'lead' rather than 'gold' because it is less permissive or less legally sound.
Meanwhile the copyleft licences are grouped in possibly more useful ways, but since these are not 'curated' or (presumably) legally checked, they are essentially also-rans and relegated to a separate page of (presumably) non-curated, non-legally sound options.
I did not look into the funding of the council, but I would be surprised not to find familiar opponents of copyleft there.
My bad, I forgot to write "curated list of permissive licenses".
The criterions are crystal clear in the whole site content and in the category description (Model, Gold, Silver etc.):
A subset of the guidelines that the legal experts of EU used to craft the readable, complete, lean EUPL.
MIT is a relic of the past because does not contain many essential points of a license, explicit is better than implicit, tricking at example the users of a MIT licensed code in a patent submarine danger.
From the Codeberg schema:
Google is your friend in finding people involved in the Blue Oak Council:
https://writing.kemitchell.com/series/blue-oak-council