JSON License only allows good causes not evil ones?

[Phishfry]

I was blown away that pfSense switched to an Apache license. It help me move to OPNSense.
Now I see a dustup where Chef had a developer pull his gem work because of personal beliefs.
Thank Goodness we use a more rational license. Unfortunately our ports system is not so lucky.

Apache and the JSON license [LWN.net]

lwn.net

Can you imagine the controlling legal contract containing a 'joke'.

 

[Phishfry]

I don't understand how pfSense can use pf under the Apache license? It is not compatible right?
Derivatives are allowed to use a stricter license?

 

[shkhln]

As far as I can see, pfSense has a rather substantial web UI with quite a few supporting scripts, which are obviously not derived from the firewall code. That part is offered under Apache license. The other bundled software stays under its respective licenses, of course.

 

[Phishfry]

So only Netgates actual code falls under Apache than.
More like their project license, not all the code base.
With our liberal BSD license they can do whatever they want with it as well I suppose. (As long as the license stays in the source)

 

[Phishfry]

This header confuses me:

 part of pfSense (https://www.pfsense.org)
# Copyright (c) 2004-2013 BSD Perimeter
# Copyright (c) 2013-2016 Electric Sheep Fencing
# Copyright (c) 2014-2019 Rubicon Communications, LLC (Netgate)
# All rights reserved.
#
# originally based on m0n0wall (http://neon1.net/m0n0wall)
# Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>.
# All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");

So original project m0n0wall was copyrighted but now the pfSense fork is using an Apache license.
How did they manage that?
Perhaps a complete rewrite of any code that m0n0wall had copyrighted?

 

[shkhln]

That is an interesting question… Ideally you would contact each contributor and ask their permission to relicense the software under the new terms. The other way is requiring contributors to sign a CLA (contributor license agreement), effectively asking that permission in advance. The latter is what corporations and large organizations like Apache Foundation usually do.

m0n0wall, being started in 2001, certainly predates this CLA fashion, and although there is a contributor list (an unusually thorough one, I might add), there bound to be at least a couple of Apache-hating people from the OpenBSD community. I can't see pfSense pulling this off without some shenanigans.

 

[rigoletto@]

Apache is quite verbose but the only real practical difference between Apache and BSD is the Apache patent termination clause (what I like).

Derivatives are allowed to use a stricter license?

Yes, you can do wherever you want with BSD code.

 

[Phishfry]

I had to read up on why you like it so much.

Apache disallows the Facebook BSD+patent license [LWN.net]

lwn.net

So the BSD Clause3 is a license but doesn't mention patents. So absent language granting patent it is ambiguous.
Very interesting to see the Rambus case brought up in the comments.