Appreciate the intent!
For practical adoption, especially in larger orgs, OSI-approved licences are much easier to get through legal review than custom ones.
Appreciate the intent!
For practical adoption, especially in larger orgs, OSI-approved licences are much easier to get through legal review than custom ones.
The current license is PostgreSQL (which is OSI approved)
We could also change to MIT/Apache but we feel PostgreSQL is more appropriate given our intentions to upstream the code
> The current license is PostgreSQL
That's just not true. Your license[0] adds a clause to the Postgresql license[1]. This makes it a different license, which by extension also means it isn't OSI approved.
It's the same with the BSD licenses[2]: the 4-clause one is OSI-approved, whereas the 3-clause one is not. Turns out that one additional "all advertising must display the following acknowledgement" clause was rather important - and so is your lawsuit clause.
[0]: https://github.com/orioledb/orioledb?tab=License-1-ov-file
[1]: https://github.com/postgres/postgres?tab=License-1-ov-file
[2]: https://en.wikipedia.org/wiki/BSD_licenses#4-clause_license_...
sorry about the confusion - I wasn't as involved in this process as I should have been. My fault. This is now fixed:
https://github.com/orioledb/orioledb/pull/558
The code is now Apache 2.0 which grants patent rights and can be re-licensed to PostgreSQL when the code is upstreamed. I'll amend the blog to make that clearer
Thanks for the fix!
From the phrasing it already seemed your heart was in the right place, but I understand that it can get tricky once people get involved who aren't as familiar with the details of open source licensing.
Getting legal to sign off on a different license this quickly is impressive!
(er, surely it's the other way around? the 3-clause one is OSI approved and the 4-clause one is not)
Anyway, I'm not sure this is true. Having a separate software license + secondary patent grant license is very very common in open source projects where patent trolls are common. See e.g. https://aomedia.org/about/legal/
I would just put them in separate files and then you're good to go.
I like how well-thought-out the licence revocation clause of the AOMedia patent licence is. It takes effect when a licensee sues over an implementation specifically over the relevant patent claims--so lawsuits unrelated to these patent claims are allowed (so if you infringe on other patents but also implement the licensed patent in the same implementation, the rights holder of the other patents can sue you over those claims without losing their licence)--and there is also a carve-out for counterclaims, and lawsuits to enforce this licence.
But I am not sure if the first exemption is necessarily a good thing. The Apache License, Version 2.0 is broader in what may be grounds for patent licence termination. So it is a better deterrent against patent trolls (even if that means some legitimate patent claims are also discouraged).
Cypher in a sibling comment makes a good argument that this was the same logic (patent termination for legitimate, non-licensed patent claims) that got Facebook in trouble: https://news.ycombinator.com/item?id=45199687
I re-read the text again and it's even worse than the Facebook one -- the entire license terminates in reaction to any litigation, not just patent litigation. Hypothetically, a former employee suing Supabase for violation of workers' rights would not be allowed to use the software anymore.
But they have switched to Apache 2.0 now, so crisis averted.
> (er, surely it's the other way around? the 3-clause one is OSI approved and the 4-clause one is not)
Whoops, I did indeed type that a bit too quickly.
> Having a separate software license + secondary patent grant license is very very common
Perhaps, but those are separate. In this instance it was one and the same license, with any violation of the patent part terminating the whole license - including the non-patented software parts.
Additionally, the AOMedia patent license seems to be a bit different: the OrioleDB one said it would terminate when you sued Supabase (and to make it worse: sue them for any reason), but the AOMedia one says it'll terminate if you sue anyone over the licensed patents.
In other words: the OrioleDB one protected only Supabase, the AOMedia one protects the entire community. When it comes to being compatible with open source licenses, details like that become crucial.
The PostgreSQL license does not have a termination clause, you added that. I see that you are trying to use the PostgreSQL license as the basis and simply add the patent clause onto it, but it fundamentally changes the license.
I hope you can look at the Apache 2 patent grant as a better clause- or even adopt something like Google's Additional IP License found here- https://www.webmproject.org/license/additional/, which doesn't modify the open source license but instead adds an additional grant as a separate license.
Supabase is doing great work, thank you!