[License-discuss] For Discussion: Cryptographic Autonomy License (CAL) Beta 2
rmf at lookhere.com
Thu Aug 15 03:55:26 UTC 2019
On 8/14/2019 8:26 PM, VanL wrote:
> Hi Roger,
> Thanks for taking the time to comment.
> I'd disagree with this characterization:
> On Wed, Aug 14, 2019, 6:31 PM Roger Fujii <rmf at lookhere.com
> <mailto:rmf at lookhere.com>> wrote:
> Even more fundamentally than that is that this section does
> something that no open source license does (that I'm aware of
> anyway), which is to create an obligation just by running an
> /unmodified/ program.
> A person can run the unmodified program (and even a modified one)
> without having any obligations as long.as <http://long.as> they run it
> for themselves, for their private purposes.
> This even applies to businesses, who can run CAL-licensed software for
> the benefit of their employees and dedicated contractors.
> The obligations of the CAL only apply when there is a "Recipient" - a
> non-Affiliate third party who receives part or all of the Work from you.
> That is a form of distribution - even if it is partial - and that is
> the trigger for CAL's conditions.
But there is NO such constraint for 4.2.1. It says (bold mine):
*Throughout any period in which You exercise *any* of the permissions
granted to You under this License *
***So, let's concoct an example. I have an authentication db which has
username/passwords. I have another separate db that has all sorts of
data on the username. To get a username/password, the user submits a
request to staff, the staff uses a unmodified CAL licensed standalone
program that populates the username/password in the authentication db,
and the user gets the authentication info texted/IMed/emailed to them.
Since this is a concocted example, I'll say that this standalone program
is the only CAL licensed part in the system. Given the wording (since
nothing is constraining "User Data" and you have to use some permission
to execute the CAL binary), any one logging in can request their user
data (including the data on the separate db server, that never touched
CAL) even if the user logging in never executed a single line of CAL code. *
*The problem is that data and code live in separate spaces. Code lives
when it is executed. Data lives by its mere existence. You /might/ get
around this by adding 2 exceptions: so 4.2.1 does not apply if a) you
use unmodified source, or b) modified source with modifications
released. So one can either have released the source OR you have to
release the user data - this would be no different than something that
is dual licensed. Dunno if other people will agree though.*
*Roger Fujii *
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the License-discuss