<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 8/14/2019 8:26 PM, VanL wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFQvZENNNmZ1Lw2KNMVDgs3UxfG=Uu-RjbXF0OJerArbsbkJMQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">
<div>Hi Roger,</div>
<div dir="auto"><br>
</div>
<div dir="auto">Thanks for taking the time to comment.<br>
<br>
I'd disagree with this characterization:<br>
<div data-smartmail="gmail_signature" dir="auto"><br>
</div>
<div class="gmail_quote" dir="auto">
<div dir="ltr" class="gmail_attr">On Wed, Aug 14, 2019, 6:31
PM Roger Fujii <<a href="mailto:rmf@lookhere.com"
moz-do-not-send="true">rmf@lookhere.com</a>> wrote:</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Even more fundamentally than that is that this
section does something that no open source license
does (that I'm aware of anyway), which is to create an
obligation just by running an /unmodified/ program. </p>
</div>
</blockquote>
</div>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">A person can run the unmodified program (and
even a modified one) without having any obligations as <a
href="http://long.as" moz-do-not-send="true">long.as</a>
they run it for themselves, for their private purposes.</div>
<div dir="auto">This even applies to businesses, who can run
CAL-licensed software for the benefit of their employees and
dedicated contractors.</div>
<div dir="auto">The obligations of the CAL only apply when there
is a "Recipient" - a non-Affiliate third party who receives
part or all of the Work from you. <br>
</div>
<div dir="auto">That is a form of distribution - even if it is
partial - and that is the trigger for CAL's conditions.</div>
<div dir="auto"><br>
</div>
</div>
</blockquote>
But there is NO such constraint for 4.2.1. It says (bold mine):<br>
<b style="font-weight:normal;"
id="docs-internal-guid-18cd6704-7fff-f7ff-addd-7c5bf82bb54c"><span style="font-size:12pt;font-family:Calibri,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;">Throughout any period in which You exercise <b>any</b> of the permissions granted to You under this License
</span></b>
<p><b style="font-weight:normal;"
id="docs-internal-guid-18cd6704-7fff-f7ff-addd-7c5bf82bb54c"><span style="font-size:12pt;font-family:Calibri,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;"></span></b><b
style="font-weight:normal;"
id="docs-internal-guid-18cd6704-7fff-f7ff-addd-7c5bf82bb54c"><span style="font-size:12pt;font-family:Calibri,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;">So, let's concoct an example. I have an authentication db which has username/passwords. I have another separate db that has all sorts of data on the username. To get a username/password, the user submits a request to staff, the staff uses a unmodified CAL licensed standalone program that populates the username/password in the authentication db, and the user gets the authentication info texted/IMed/emailed to them. Since this is a concocted example, I'll say that this standalone program is the only CAL licensed part in the system.
Given the wording (since nothing is constraining "User Data" and you have to use some permission to execute the CAL binary), any one logging in can request their user data (including the data on the separate db server, that never touched CAL) even if the user logging in never executed a single line of CAL code.
</span></b></p>
<p><b style="font-weight:normal;"
id="docs-internal-guid-18cd6704-7fff-f7ff-addd-7c5bf82bb54c"><span style="font-size:12pt;font-family:Calibri,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;">The problem is that data and code live in separate spaces. Code lives when it is executed. Data lives by its mere existence. You /might/ get around this by adding 2 exceptions: so 4.2.1 does not apply if a) you use unmodified source, or b) modified source with modifications released. So one can either have released the source OR you have to release the user data - this would be no different than something that is dual licensed. Dunno if other people will agree though.</span></b></p>
<p><b style="font-weight:normal;"
id="docs-internal-guid-18cd6704-7fff-f7ff-addd-7c5bf82bb54c"><span style="font-size:12pt;font-family:Calibri,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;">Roger Fujii
</span></b></p>
<p><b style="font-weight:normal;"
id="docs-internal-guid-18cd6704-7fff-f7ff-addd-7c5bf82bb54c"><span style="font-size:12pt;font-family:Calibri,sans-serif;color:#000000;background-color:transparent;font-weight:400;font-style:normal;font-variant:normal;text-decoration:none;vertical-align:baseline;white-space:pre;white-space:pre-wrap;"></span></b></p>
</body>
</html>