(re)classifying FOSS licenses

New strategy for classifying licenses in a better way

13:4015 mins08/11/2024

There are many efforts trying to classify licenses, for different use cases such as checking compatibility or for complying with the license terms. Most of these efforts seem to, explicitly or implicitly, have a certain use case in mind.

This project sets out to:
Consider provisioning case – how is the software provided to your user (e.g. binary distribution, SaaS, Web UI)
Consider use case – how is the software used (e.g. compiler, library)
Trust model – why should you trust the contributor of a classification or you should be able to exclude a contributor’s work etc
Identify and generalize FOSS license clauses
Identify and generalize when a clauses is triggered
Determine how clauses are compatible with each other (a license clause matrix)
Identify the clauses and triggers for each license

Keeping track of how 100 licenses are compatible with each other will result in a matrix with 10 000 (100 x 100) values. This is hard to maintain. Extending to 200 licenses requires 40 000 values. By instead looking at the license clauses we will end up with a much smaller problem, assuming we identify 20-30 of them, which will result in a matrix of 400-900 values. This is big, but maintainable. Adding a new license will not increase the size of the (license clause) matrix, which means that our approach scales much better. From the license definitions and license clause matrix we can compile a license compatibility matrix (for fast compatibility lookup).

This project sets out to provide to users:
A license obligation checklist for each provisioning case – for making compliance checks easy
A license compatibility matrix for each provisioning case – for fast compatibility lookup

All data and source code will be released under FOSS licenses.