<div dir="ltr"><div>Ultimately the language added gets decided by the IERS; we needn't necessarily make a decision. We might identify options (concise, verbose, by reference, or otherwise) that work for us and present those options to the IERS for their consideration.<br><br></div> @dashdashado<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 18, 2016 at 12:04 PM, Paul G <span dir="ltr"><<a href="mailto:paul@ganssle.io" target="_blank">paul@ganssle.io</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
Isn't CC0 designed specifically for this sort of situation? It's public domain with a fallback for jurisdictions where that concept doesn't exist.<br>
<br>
I've always been warned against using "crayon licenses" like simple declarations. Seems to me that any way you go, it's best to use one of the well known permissive licenses over something ad hoc.<br>
<div><div class="h5"><br>
<br>
On February 18, 2016 11:29:44 AM EST, Paul Eggert <<a href="mailto:eggert@cs.ucla.edu">eggert@cs.ucla.edu</a>> wrote:<br>
>On 02/18/2016 07:12 AM, Martin Burnicki wrote:<br>
>> after download you still can't be sure the file has not been<br>
>> modified. The included SHA1 hash can be generated by anyone<br>
><br>
>I wouldn't worry about this. We generate our own checksums for the<br>
>entire tzdata distribution including the leap-seconds file, and sign<br>
>them.<br>
><br>
>The main problem here is legal, not technical.<br>
><br>
>I agree with Tony that the EUPL is not suitable for the tz project.<br>
>It's<br>
>a pain to use the EUPL even with GPLed code (e.g., GNU/Linux), much<br>
>less<br>
>BSD (e.g., FreeBSD). We need something more like public-domain or<br>
>3-clause BSD, both of which we already use. Public domain is preferable<br>
><br>
>because it's simpler. CC0 would also be OK, I expect.<br>
><br>
>If this turns into a legal hassle for the IERS, as I suspect it will,<br>
>then it's not worth their trouble. We'll just keep doing what we have<br>
>been doing, or something like it.<br>
</div></div>-----BEGIN PGP SIGNATURE-----<br>
Version: APG v1.1.1<br>
<br>
iQI/BAEBCgApBQJWxfmkIhxQYXVsIEdhbnNzbGUgPHBnYW5zc2xlQGdtYWlsLmNv<br>
bT4ACgkQzVT849lkvvvNew/7Bfnk8eVazEQ3ah8vfu0rOi8epTzWobskMjZHyehO<br>
dymsaMBYCphveJyBhd/UNji6RrAAtUtESlGHV/dGkJoEb4DARgsIAh0miBK2jAVJ<br>
qEVlZimqMmSFlJsP0bEvebOvVj+d39ph2PTlzGV2uTsnmLDtCLtoA9/TKfnfdgC2<br>
+BrGziDkI+CcXx/m5iT9K7u95l7fvJjU+PHyWYtfV2QdiK2uoS20rn0wCzOVqzFD<br>
ykSQA0a9hoil+lyL70TCuE7HuF4DwJ7HkGhMRnSgLNIfDmmgiDzXAeDUZqj0uSXU<br>
+Z5JpyY4ZHvjqe1msD7iEShxtzziAE7wO4PeNo++3VUDLCjvM8vcisR2EQ/jz0k3<br>
Ahpv3bKzyYdKM2GhpwUKUXrbfDbNIbJPoFDbvC89gz1wspeZC0MIw3KfZsaYeMfx<br>
Qkn1zkoYnqe0aHsD0I4VPEDc3CGUpMe/pmWdu5pyrID4wYV9laKMMdhh5UcmhFpH<br>
7BBKtqzHZ58SgdXDCiUWVQiGhnAsQZrvbAUWQKC+DYVqcpydXD6anPE5TwzueUzb<br>
WcmOvj4gtINnmkLdD1X9FiMRXX1qdT9fq53LFHxhLGwPlJawF2j3OBHhDynWE7yg<br>
9zkGloJKULD3PeXgdGuv7xL8j58sXhcVp8Zcj4yihcJL7RsfZq4osFc1ach4fQMh<br>
LuE=<br>
=bZYG<br>
-----END PGP SIGNATURE-----<br>
<br>
</blockquote></div><br></div>