Add OSI-approved license

[overheadhunter]

At the time of writing this, the license of this project seems to be a custom license (maybe I'm wrong).

Describe the solution you'd like

While I don't see any specific problem with the terms in the current license, it would be beneficial to use an OSI-approved license. Your license comes very close to BSD 2-Clause license anyway.

Alternatively, add an OSI-approved license additionally to the current one and let the downstream library user choose either of the two.

Why does it matter?

We have to distinguish two cases:

Adding code from other projects

Imagine there is some algorithm nicely implemented in a different library and we want to copy parts of this code to CryptoSwift. Currently it is not easily possible to use this code or even link with the third party library, as it isn't clear whether the third party license is offended.

If this project was under a well-known license, one could easily check a license compatibility chart.

See this SO post on why common licenses do matter.

Using this library in other open source projects

Again, checking the license compatibility chart is easier than asking a lawyer whether one is allowed to use this library.

For this case, dual-licensing is the easiest solution. While it might still restrict contributions, at least it allows to use this project without doubt.

[overheadhunter]

On a side note, this might also affect #811: Many common licenses contain a section "how to apply this license" 😉

[krzyzanowskim]

than you for your thoughts.

As of today I'm not interested in re-licensing or changing license here. Current license is clear and I'm comfortable with that. The only requirement is to keep attribution that is neither hard to follow, nor too much to ask for (and it happens all the time)

[overheadhunter]

Current license is clear and I'm comfortable with that.

I don't doubt that. But my issue is more about whether others are comfortable with the license.

The only requirement is to keep attribution that is neither hard to follow, nor too much to ask for (and it happens all the time)

Never intended to change that. This is still part in basically any open source license.

If this is your only concern, would dual-licensing hurt?

Note that dual-licensing still makes it impossible to add code from other projects.

[krzyzanowskim]

But my issue is more about whether others are comfortable with the license.

I don't care much tbh. It's too stressful to try to please everyone on the planet. I already choose the shortest and most freedom license possible (based on zlib license), with a single non-optional clause that is emphasized. If anyone feel "it should be even more free" or whatever, that's not my concern.

This is still part in basically any open source license.

in fact, it's not. some are copyleft, and most (if not all OSI) has optional attribution.

Note that dual-licensing still makes it impossible to add code from other projects.

It has nothing to do this license in particular. It obvious that the code shouldn't be copied in blindly if the original code license doesn't allow that. I don't see why should I care about that.

[overheadhunter]

I don't care much tbh. It's too stressful to try to please everyone on the planet. I already choose the shortest and most freedom license possible (based on zlib license), with a single non-optional clause that is emphasized. If anyone feel "it should be even more free" or whatever, that's not my concern.

To get a few things clear:

1. Your reaction clearly suggests you feel somehow offended. Why is this? If you did read the rationale and especially the linked SO post, you would understand this is neither about taking away the attribution nor about granting anyone more rights.
2. It's not about pleasing everyone on the planet, its about helping this project.
3. This is not about a more permissive license. I wouldn't even care if you chose a strong copyleft one. This issue is about using a standard license for the aforementioned license compatibility reason.

in fact, it's not. some are copyleft [...]

Which has nothing to do with attribution

[...] and most (if not all OSI) has optional attribution.

First of all, except for public domain licenses, this is untrue. Just to quote a few:

All these standard licenses have strong attribution (most even in binary redistribution)

BSD 2-clause

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

MIT

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

Apache 2.0

(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work

Mozilla Public License

You may not remove or alter the substance of any license notices
(including copyright notices, patent notices, disclaimers of warranty,
or limitations of liability)

GPL:

(1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work

LGPL:

For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.

Furthermore even if most licenses did not include attribution (which they do!), you would still have the choice to apply any other license that has name attribution.

It has nothing to do this license in particular. It obvious that the code shouldn't be copied in blindly if the original code license doesn't allow that. I don't see why should I care about that.

It has to do a lot with this license. You're right, that it primarily depends on the license of the foreign code. But if the foreign license is compatible to this license, everything is fine.

You should therefore care, as currently it may for most cases be hard to tell if such a compatibility exists.

If you don't care, thats fine for me. But it may restrict others that want to add some lines of code they found elsewhere under a foreign license.

[krzyzanowskim]

But if the foreign license is compatible to this license, everything is fine.

attribution clause doesn't make anything automatically incompatible. It's just like optional attribution, but non-optional.

I don't want to re-license this project. I don't think it's feasible. Thank you for your consideration, I really appreciate.

Please don't try to force to use this or that license because it's listed on this or that website. It's not what I want, hence I didn't use it - that's the whole magic behind.

If nobody wants to read the actual license, there's nothing I can do about it.

The license can be found here: https://github.com/krzyzanowskim/CryptoSwift/blob/master/LICENSE and in the file headers.

[overheadhunter]

attribution clause doesn't make anything automatically incompatible.

Never said that. Nor is an attribution clause anything exotic that isn't included in standard licenses (as proved above), therefore I don't understand why you focus on this point that much.

I don't want to re-license this project. I don't think it's feasible.

Fair enough. Nothing more to discuss then.

Still I hope you will eventually find time to read a bit on the topic (at least the SO post) and attempt to understand that my suggestion isn't meant to strip you (and all contributors) from your/their rights in any way but doing quite the opposite.

[moritzmhmk]

The first thing I do when choosing a library is checking the license in use, and it makes life a lot easier if that is one of the many well known licenses available.

Choosing one of those licenses suggested by @overheadhunter would result in no loss of attribution or copyright compared to your current license and make life a lot easier for everyone else who finds this project and does not have to look into the issues to find what the reason for this uncommon license is.

Beside these arguments please consider that even though your license is really simple and easy to understand it is hard to be sure if you made some legal mistake to your own disadvantage, this can be avoided by using a standard license that has proven to be legally sound and might already have legal cases that can be used as a reference. Those mistakes are not about losing copyright or attribution but about being sued for e.g. losses caused by the use of your software which is why most licenses include a phrase like "provided as is...". (Please note that I am not a lawyer and this is not legal advice.)

To be honest, it is entirely unclear to me why now (one year later) still no standard license is being used. It seems to be just a random illogical decision against all good arguments. Of course, it is entirely up to you to choose whatever license you like for your code, but please read my considerations and the comprehensive comment by @overheadhunter and make that decision for a reason (and to avoid further confusion communicate that reason).