[License-discuss] For Public Comment: The Libre Source License
Howard Chu
hyc at openldap.org
Thu Aug 22 04:17:50 UTC 2019
Thorsten Glaser wrote:
> Howard Chu dixit:
>
>> A standard license clause of this form would also have ended the
>> debate over disclosure of zero-day vulnerabilities and other such
>> nonsense that plagues today's software world. I.e., you would have a
>> clear obligation to inform the software authors of any flaws you
>> discover in their code - first, before doing anything else with that
>> knowledge.
>>
>>> What the FSF calls "freedom 0" was very specifically intended to not
>>> put obligations on pure software use. There is no obligation to
>>> contribute, only a freedom to contribute (freedoms 2 and 3).
>>
>> I still believe the FSF erred here. Free software only grows if a
>> community contributes back. It may be OK for a large corporation to
>> toss software over a wall, but for individual hobbyist programmers
>> trying to improve their work and support their users, this "pure use"
>> freedom sucks people dry and burns them out.
>
> Licences which require distribution of changes (outside of to whom
> the changed work is distributed) are explicitly unacceptable to
> Debian, whose DFSG are the “sister” of the OSD used by OSI.
>
> In Debian, there are explicit “tests” one can use to verify the
> freeness of a licence from a number of already-seen fallacies.
>
> Two of these which often appear necessary are the Chinese Dissident
> test (requirement to publish will endanger them as it makes identi‐
> fication possible)
I don't believe this test is conclusive. Sending modifications back to the
code's original author doesn't immediately publish them. And, publication
of a modification doesn't necessarily identify anybody. For example -
some of the contributors to rtmpdump used a cryptographic hash to
assert their copyrights.
http://git.ffmpeg.org/gitweb/rtmpdump.git/blob/c5f04a58fc2aeea6296ca7c44ee4734c18401aa3:/README
> and Desert Island test (a person stranded on an
> island, no matter whether alone or with other deserted people, but
> cut off, must be able to exercise all DFSG-conformant works inside
> their limited-connectivity society).
The requirement to send modifications back doesn't prevent anyone from using the code. You
could call it best-effort, or at earliest opportunity.
> I believe private modifications are not required permission from
> the copyright owner, and any licences trying to coerce recipients
> into agreement to a forced condition regarding them (by making
> the granting of other rights conditional on that) questionable,
> no scratch that, inacceptable.
>
>
> Incidentally works covered by the AGPL are being removed from a
> lot of institutions now due to the inability to deploy embargoed
> security fixes. This isn’t just a licence issue, but the ability
> to operate securely is clearly also relevant. (This was also ob‐
> served near Debian.)
>
> Thank you for listening,
> //mirabilos
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the License-discuss
mailing list