In most cases if the Spec Lead is a large company they need to consult their legal team.
Regarding the source code vs. attached "shrinkwrap" license, it gets a lot more complex, especially for Umbrella JSRs like Java EE. There the majority of users won't bother looking at hundreds or thousands of source files including JSR 330, CDI or other components including EJB, JSF, etc. or JMS (https://jcp.org/en/jsr/detail?id=343) There you'll see, even the RI/TCK license is not Apache or GPL/CPE, but a commercial Oracle License that's far more restrictive. 

Martijn is not in this thread any more, and there is no need to add him, but as he mentioned doing a WebSocket project for SE, it would be interesting to hear, if he uses JSR 356 (https://jcp.org/en/jsr/detail?id=356) That and a few others have 3-4(!) different licenses for RI/TCK alone, depending on usage or the commercial product it's used in. 

So from that point of view despite all critical voices (they'll be able to discuss this or try improve points they may find unacceptable) aiming for a single, unified license for ALL RI and TCK seems a good intention and won't put users at risk of surprises if they use an API like WebSockets or JBatch (or even CDI) standalone as opposed to a large platform or umbrella JSR.

Werner

On Fri, Jul 4, 2014 at 8:11 AM, Jens Schumann <jens.schumann@openknowledge.de> wrote:
Von:  Werner Keil <werner.keil@gmail.com>
Datum:  Friday 4 July 2014 00:46
An:  Mark Struberg <struberg@yahoo.de>
Cc:  Reza Rahman <reza.rahman@oracle.com>, Arun Gupta
<arungupta@redhat.com>, Badr Elhouari <badr.elhouari@gmail.com>, Adam Bien
<abien@adam-bien.com>, CDI-Dev <cdi-dev@lists.jboss.org>, Eisele Markus
<Markus@eisele.net>
Betreff:  Re: [cdi-dev] About JSR 330.Next and CDI 2.0


>In a majority of cases, not just Oracle but also other vendors from a
>legal point still live and practice a "Shrinkwrap mindset", so the only
>license that counts is the one you see when you "open the box". Or
>download artifacts from JCP or a similar place.

Well, this might be their mindset. However European IP law treats this
quite different and has a strict understanding for doing so (I avoid the
c-word here on purpose). I assume US IP law is quite similar in this
regard - especially in the area of author/copyright owner rights,
exploitation rights, etc.

I am not familiar with JCP/EC/Oracle/Sun/... internals. Nevertheless I
have been in a legal battle that covered both source code disclaimers and
"intended contractual purpose that lead to the source". Since both did not
match at some point we had to exchange arguments via lawyers. And - at no
surprise - it turned out that European/German IP law is pretty simple and
works just like Mark wrote in his mails before;).

Of course there are issues if source code is created as an result of an
specification process (say - paper was first). However it won¹t break
source code copyrights and attached licenses, particularly in the case of
JSR-330.


Let¹s hope things can be sorted out without lawyers,
Jens