Consider adopting a Community Specification License terms for the new ERC repo

[sambacha]

Proposed Change

Reassess the usage of Public Domain - Creative Commons Zero

The public domain license used by EIP's has always irked me for a few reasons, however now that there is a separation of EIP and ERC's, I think a re-consideration of the public domain by default for ERC's should be re-examined (maybe even for certain EIPs as well?).

Community Specification License

I am NOT endorsing adopting this license verbatim. I only reference it as an example of an alternative (that to be honest, is more geared towards Apache Foundation style OSS than Ethereum ecosystem).

Copyright Attribution

Copyright Attribution. As a condition, anyone exercising this copyright license must include attribution to the Working Group in any derivative work based on materials developed by the Working Group. That attribution must include, at minimum, the material’s name, version number, and source from where the materials were retrieved. Attribution is not required for implementations of the Specification.

Promotion

Neither the name of Ethereum Foundation (Zug) nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.

Representation of specifications should explicitly be 'AS IS'

THIS DOCUMENT IS PROVIDED "AS IS," AND COPYRIGHT HOLDERS MAKE NO
REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED
TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
NON-INFRINGEMENT, OR TITLE; THAT THE CONTENTS OF THE DOCUMENT ARE SUITABLE FOR
ANY PURPOSE; NOR THAT THE IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE
ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.

COPYRIGHT HOLDERS WILL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, SPECIAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF ANY USE OF THE DOCUMENT OR THE
PERFORMANCE OR IMPLEMENTATION OF THE CONTENTS THEREOF.

Larger Works

The inclusion of a Larger Works concept facilitates use of a contributor license agreement (CLA), with contributors granting a patent license to the works to which they're contributing, and therefore creating a common & safe platform for collaboration where no one is going to assert infringement by the same project in which they're an active participant.

This may be irrelevant, but I mention it anyway, as example code should be licensed and not put in the public domain. I think UPL would be a viable option in that respect.

Stated Security and Defects Policy

Currently, there is no security policy. Should an EIP or ERC have such a defect, wat do? I have emailed personally the EF before about a security issue and never gotten a response, though it may have been 'out of scope'.¹

One more thing...

No Attorney-Client Relationship

Neither the availability, operation, transmission, receipt nor use of these suggestions is intended to create, nor does it create, an attorney-client relationship or any other relationship. Any information provided in connection with use of these suggestions is not privileged or confidential

Footnotes

1. The issue was related to the Flashbots MEV Relay implementation, in which we were paid a bug bounty by Flashbots for. ↩

[Pandapip1]

There was a discussion a while back for adding a CLA, which was shot down (IMO, for a bad reason). While this could definitely be useful, I don't see the extra effort of creating a brand-new license is worth the potential legal issues from not using a standard license.

[Pandapip1]

Currently, there is no security policy. Should an EIP or ERC have such a defect, wat do? I have emailed personally the EF before about a security issue and never gotten a response, though it may have been 'out of scope'.

If it only affects some implementations, contact those implementations, wait for the vulns to be fixed in the vulnerable implementations, and open a PR adding the vuln to the security considerations section.

Otherwise, the best way to address this IMO is to contact the EIP authors, who will be in the best position to determine the best course of action. If they can't be contacted, contact the EIP editors,, although we don't have an established procedure here and really the best we can do is an irregular state change to Withdrawn.

[minimalsm]

There was a discussion a while back for adding a CLA, which was shot down (IMO, for a bad reason).

Do you have a link to the previous discussion?

[Pandapip1]

#5662

[github-actions]

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

[github-actions]

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

[sambacha]

Should I take this discussion to the ERC Repo?

[github-actions]

There has been no activity on this issue for 1 week. It will be closed after 3 months of inactivity.

[github-actions]

This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback.