climate-strike / license Goto Github PK

After discussing adoption of Climate Strike License terms over on the numpy-discussion mailing list, I consider strong evidence of use and possibility of disruption to be a blocker for adoption. The maintainers of and contributors to any projects we lobby may be sympathetic to the issue of climate emergency, but unless we can demonstrate that the pro-climate effect of adopting these clauses outweighs the existential threats to the project and its downstream dependents , people will not want to adopt the clauses.

In the case of NumPy specifically, it's completely possible that Shell, Exxon, and other big players have no NumPy dependent code in their major operations -- they might be using MATLAB, or some other commercial package. Ideally we need to determine what is really powering their stacks, and this could extend not only to statistical packages, but also machine learning, and even industrial control or monitoring software, or maybe even something indirect like their logistics management platform. Rather than survey the handful of open-source code from these corps, let's try and determine the software which powers their critical paths from more targeted research. If we can go to a project and say "we know that Shell rely on your code to do X, and if you relicense then it will effectively shut them down" then we have a much greater chance of convincing people to adopt, because we are promising results, rather than asking them to gamble massive disruption on a shot in the dark. If we find commercial software in use, we may still be able to effectively lobby those producers as well, we need not lobby only open-source.

Here is how I reasoned about it in my reply in the thread [1]:

So essentially, this proposal is asking "are there some uses of NumPy
which are so ethically wrong, that it would be better for NumPy to be
non-F/OSS in order to prevent those uses, than for NumPy to be F/OSS,
and advance the F/OSS movement, while also allowing those uses?"

Answering this question requires an awareness of the broader context
within which NumPy sits. Ilhan has pointed out that O&G companies
cannot be coerced by more restrictive licensing of NumPy because there
are commercial options that they could use instead. Therefore, without
evidence that NumPy powers a significant chunk of the analytics at
major O&G companies, and that relicensing NumPy would cause
significant disruption to those companies and their ability to carry
out their operations, it is much more likely that any negative effect
on O&G, and therefore any positive effect on the climate, would be
outweighed by the harm caused to downstream packages.

and here is one of many responses concerned about effect on downstream [2]:

I think you are still grossly underestimating just how disastrous this
change would be to numpy.  For one thing, this would make numpy
GPL-incompatible.  No GPL software would be legally able to use numpy as a
dependency anymore, killing likely thousands of downstream projects.  And
it isn't always under the control of the project, since a lot of projects
have non-Python dependencies that are GPL.  For example PyFFTW could no
longer exist, since FFTW3 is GPL.  RPY2, which lets R and Python interact,
would be effectively killed, since R and many core packages are GPL, and it
is essentially useless without numpy or other packages that depend on
numpy.

The end result would be an instant fork of the project at the point the
license changed.  There are just too many packages that use GPL to make
such a change feasible.  So this would end up fracturing and hurting the
community without actually accomplishing your goal.

This isn't a hypothetical issue, people have tried putting additional
restrictions on their software like this, and it tends to kill the
project.

[1] https://mail.python.org/pipermail/numpy-discussion/2020-July/080820.html
[2] https://mail.python.org/pipermail/numpy-discussion/2020-July/080823.html

Hello,

I've checked the blocklist and wasn't entirely sure, if the second list is excluded from using the software as well. Maybe something worth to expand on / clarify further?

Cheers,
Peter

As pointed out in #12 we have multiple blocklists and should harmonize them into one. Part of this will involve settling on a process for determining what companies will be included on the list.

We currently have two blocklists listed in the repo, the first of which was manually compiled and the other pulled from Nasdaq and NYSE listings. The issue with stock exchange listings is that it only includes publicly-traded companies.

Using SIC codes was suggested in #8 which could be a good complement for the Nasdaq/NYSE listings (it sounds like SIC codes are available for all companies in the UK). NAICS is another alternative but only covers North America afaik. We'd need to look more into how these codes are determined because otherwise there could be loopholes (e.g. is this something a company just chooses for themselves? in which case it could be easy to re-classify to avoid the license restrictions).

For SIC codes there are lists and lookup services but a quick look only shows paid ones...but I imagine this information is public somewhere?

Project url:

[link to the project/repo]

Project description:

[a brief summary of what the project does]

Maintainer contact:

[email or some way to contact the project maintainer]

How does this project accelerate the climate crisis?

[Optional - a brief summary of how this project accelerates the climate crisis]

Provide template proposals to make it easier for ESG funds and other shareholder activists to prompt companies to A) accept the use of software that is released under climate strike licenses and B) release their own open source software under these licenses.

make a cookiecutter template to increase adoption by new users

The last item of the FAQ addresses it, but why introduce more license confusion into the marketplace?

I've just added the license to one of our projects, and made a PR here to add it to the Green List, but I notice that nothing else is added there and there seems to have been no project activity for a year.

Are there are any plans to develop on and increase adoption of the license, or is it essentially a nice idea that didn't gain any traction?

See https://twitter.com/andrestaltz/status/1030200563802230786 and similar.

Project url:

[link to the project/repo]

Project description:

[a brief summary of what the project does]

Maintainer contact:

[email or some way to contact the project maintainer]

How does this project accelerate the climate crisis?

[Optional - a brief summary of how this project accelerates the climate crisis]

Could we have a version for GPLv3, AGPL v3 just like the ones for MIT, BSD?

In order to foster the adoption of this license, I suggest that it is formalized as a SPDX document.

Quoting https://spdx.github.io/spdx-spec/1-rationale/:

The Software Package Data Exchange (SPDX®) specification is a standard format for communicating the component and metadata information associated with software packages. An SPDX file can be associated with a set of software packages, set of files or snippets and contains information about the software in the SPDX format described in this specification.

Quoting https://spdx.org/licenses/:

The SPDX License List is a list of commonly found licenses and exceptions used in free and open source and other collaborative software or documentation. The purpose of the SPDX License List is to enable easy and efficient identification of such licenses and exceptions in an SPDX document, in source files or elsewhere. The SPDX License List includes a standardized short identifier, full name, vetted license text including matching guidelines markup as appropriate, and a canonical permanent URL for each license and exception.

There are some detailed information on how to submit a new license here:
https://github.com/spdx/license-list-XML/blob/master/CONTRIBUTING.md#request-a-new-license-or-exception-be-added-to-the-spdx-license-list

As a foreword, I find your idea and project very interesting ! I will try to spread the idea, and maybe use such kind of license for my own projects in the future.

Now, quoting the license terms:

The Software may not be used in applications and services that are used for or aid in the exploration, extraction, refinement, processing, or transportation of fossil fuels. The Software may not be used by companies that rely on fossil fuel extraction as their primary means of revenue

I am not well-versed at all in law, and its very different applications around the world.
However I wonder how "strong" and "legally binding" is such a license.

What about it's use in software for cars, that consume fossil fuels ? What if such license ends up in some very "generic" software (on cell-phones, laptops...), that could be used by employees of companies working to extract fossil fuels ?

I guess no-one will really know until there is a first lawsuit. And for such lawsuit to occur, someone will have to sue a company using software under this license. In the past, with existing FOSS licenses,
it seems to me that it happened when a company using an open source license for their products tried to defend themself and their buisness model, from abuses in using their software against the terms they established.

Then (and this is my main question), who do you think will fill a lawsuit against a company not following this license terms ?

Now, a side comment: I had the chance to be at Tobie Langel "Bringing back ethics to open source" talk at the recent FOSDEM conference: https://chezsoi.org/lucas/blog/minutes-of-the-fosdem-2020-conference.html#sunday-1255-bringing-back-ethics-to-open-source---tobie-langel
Among the ideas he developped there was the suggestion to forbid a software usage for activities against human rights, through its license.
If I support both stances (fighting against fossil fuels exploitation and for the defense of human rights), which license should I choose for my software ?? A custom one ?

Thanks a lot for the work. The initiative make sense now more than ever !

I'd like to dig in a bit more on how enforceable is the climate-strike license in court all over the world. It not only depends on how compliant is the license to the law, but also on its - wide - adoption and its legal support. How do you guys see it working ?
Moreover, what we see with Open-Source or free license, as well as more restrictive license such as the Peer Production License (https://wiki.p2pfoundation.net/Peer_Production_License) for instance, is that it is quite difficult to defend yourself from predatory behaviors because of the lack of resources to support court actions for instance. Does such a support has been though to make sure that the term of the license is respected or, at least, that in case of conflict that actions will be taken to make the terms respected ?

Hi,

I'm a bit puzzled to see companies listed only by name, wouldn't there be some kind of ambiguity about which is meant? Shouldn't the list be augmented with precise identifiers, e.g., tax registration identifiers in some countries, or a Wikidata identifier?

In order to increase adoption and enforcement, provide legal services to projects or prospective projects. This could range from simple consultations to litigation enforcing the terms of the license. Organizations are more likely to adopt this if they do not have to figure out how to enforce terms on their own, and if there are qualified experts to provide clarifications.

This would require building an international network of qualified attorneys. That wouldn't be cheap. See #27

I was at an open source conference today, feeling bad that I am not allowing the republicans to use the software underlying https://Maps.Howie2020.tech, when I realized that they have it wrong, and I am in the right .

Then a quick search showed me your license. Thank you so much. I may not use it, but you expanded my thinking. One point I have to add. i am particularly concerned about internet censorship. It is alleged that the carbon lobby pays vast amounts of money to the MSM and the Internet giants to conceal climate change information. So this license should also apply to those media companies and think tanks who receive carbon lobby funding.

Linux foundation can you hear me?

This is the beginning of the email that I just received:

Your repo (apache/incubator-mxnet) is likely being used for oil and gas exploration and/or extraction.

I'm not part of the apache org, and don't own any repos in it. I don't recall contributing to any either.

Why does the license use the term "company" over the term "corporation"? What effects, if any does this term have on the enforceability of the licenses?

How can we finance this idea?

Open Collective is probably the lowest barrier to entry to start accepting donations worldwide.

Creating a US-based 501(c)(3) non-profit would make this effort eligible for grants.

Are there other options that should be considered?

Project url:

[link to the project/repo]

Project description:

[a brief summary of what the project does]

Maintainer contact:

[email or some way to contact the project maintainer]

How does this project accelerate the climate crisis?

[Optional - a brief summary of how this project accelerates the climate crisis]