Decision on final public license for repo

[ChristopherA]

To date this repo has been under an MIT License (spdx:MIT) as this is the Permissive License used by @dsprenkels as the the original sss library's LICENSE. As the purpose of this project is to standup full nodes using bitcoind, which also uses this same license (see bitcoin's COPYING) it may make sense that we continue using this license.

However, though we clearly do not want to transition to using a Copyleft license with this project, there is an argument that in general Blockchain Commons as it's choice for permissive licenses should use the BSD-2-Clause Plus Patent License (spdx:BSD-2-Clause-Patent) as it adds an express patent grant and is an OSI-Approved license.

However, the Apache Foundation has listed this license as one of the Category X license, meaning it can't be used in Apache products. I'm don't completely understand the issue, but I've found some discussion at Lesson learned from facebook and BSD+Patent, but Facebook describes it differently.

On the good side, Blue Oak Council lists the "BSD-2-Clause Plus Patent License" as Gold, their 2nd highest rating.

If we choose "BSD-2-Clause Plus Patent License" this would mean that our Shamir library would not be able to be included in any Apache products or other projects that limit themselves to Apache licenses. This may be OK, but we don't know the long-term impact.

The "Category X" problem may also challenge us if we choose the Apache 2.0 license for our standard Weak Copy Left license.

This whole area annoys me and I wish we could avoid it, but with the proliferation of submarine blockchain patents, as an organization will need to create some policies here.

-- Christopher Allen

[dsprenkels]

My personal view on this topic:

The BSD-2-Clause+Patent licences you link to are not the same licences.

The old license that facebook used was based on the BSD-3-Clause license, and they added a separate patent waiver.
Basically, Apache is concerned about that patent waiver file, which includes that the patent license is terminated whenever the licensee asserts a patent against the author (even if it is unrelated to the software).

The other link (spdx:BSD-2-Clause-Patent) is based on the BSD-2-Clause license, but adds the first clause (the patent waiver) from the facebook license. In itself, the BSD-2-Clause+Patent license looks fine.

However, the fact that there is an easy misconception to be made feels like a very good reason not to adopt that license.

In any case:

• I am planning to keep the original SSS library licenced under the MIT license, but dual-licensing is a valid option. I would personally prefer the Apache-2 licence, because I think it's clearer than BSD-2-Clause+Patent (and it is more commonly used). But I do not hold any patents, so virtually anything would be ok with me.
• If you would like to relicense the SSS core, note that you will need a sign-off from all the individual contributors.

[ChristopherA]

This same issue was also brought up in a different repo, and there were some responses there BlockchainCommons/Gordian#1 that didn't get duplicated here.

Recent commentary @kemitchell on this topic:

https://writing.kemitchell.com/2019/11/07/BSD-Patents.html

Summary: That BSD-2-Clause Plus Patent License (spdx:BSD-2-Clause-Patent) is not the same license as the proposed Facebook BSD+Patent. The BSD-2-Clause Plus Patent License (spdx:BSD-2-Clause-Patent) is “gold”.