[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Nigel T nigel.2048 at gmail.com
Thu Dec 12 19:16:44 UTC 2019


If the users do not have admin privs they don't get to see wp_usermeta data
unless it's explicitly exposed in some form.  Given that plugins and forms
can store user input in wp_usermeta or in other areas of the database (like
wp_commentmeta) it is easy to show that Wordpress is not fully 4.2
compliant.

To argue that Wordpress is CAL 4.2 compliant because you can see your
comments ignores that there are many other interactions possible with
Wordpress like upvoting, voting in polls, answering questions on forms,
internal storage of data generated for the user, file uploads, badges,
memberships, payment data, comment tags, guest posts, etc.

And to say that because a user can copy/paste from HTML pages generated by
Wordpress that compliance with 4.2 is trivially achievable makes a mockery
of the desire for user data accessibility.

Wordpress is great because the user of the software can export their site
and import it into another Wordpress server....that's the desired goal for
access to your own content.  It, however, doesn't do that for individual
viewers of the site that interact with and respond to the content
provided.  So it isn't CAL 4.2 compliant for the non-technical user.

On Thu, Dec 12, 2019 at 3:06 AM Henrik Ingo <henrik.ingo at avoinelama.fi>
wrote:

> If there was a request from a user to get their user data, then the
> clueless operator could also easily publish or approve the queued comments,
> and they would be in compliance. This is a first class feature in the
> Wordpress GUI, and requires zero coding skills from the operator.
>
> For those who are not intimately familiar with Wordpress... It has been
> CAL compliant 13 years ago:
> https://en.blog.wordpress.com/2006/08/14/my-comments/
>
> Admittedly the CAL maybe implies data should be exported in some other
> format than a HTML page, such as a mysqldump, json, or xml file. But it
> doesn't explicitly mandate a specific data format. In the case of the
> clueless Wordpress operator presumably administering a fairly low volume
> site, it could be argued that a HTML page from where a user can easily
> copypaste all of their user data is in fact a good alternative to provide
> this data.
>
> IMO the Wordpress example rather strengthens Van's argument that for
> realistic scenarios the CAL requirements are not unreasonable. I agree that
> there's a discussion worth having about licensors with bad intent, but I
> don't support the idea that a license should be rejected based on rather
> theoretical corner cases. Especially when - as I illustrated in my previous
> email - same corner cases can be constructed for existing licenses like GPL.
>
> henrik
>
> On Thu, Dec 12, 2019 at 7:26 AM Bruce Perens via License-review <
> license-review at lists.opensource.org> wrote:
>
>> If they hosted comments on their WordPress blog, and did not approve some
>> comments but kept them in the approval queue, this would be sufficient to
>> activate the data terms.
>>
>> I agree with Nigel.
>>
>> On Wed, Dec 11, 2019, 8:53 PM VanL <van.lindberg at gmail.com> wrote:
>>
>>> On Wed, Dec 11, 2019, 9:18 PM Nigel T <nigel.2048 at gmail.com> wrote:
>>>
>>>> A SaaS license is intended to be applied to software that is seen and
>>>> used by third parties.
>>>>
>>>> It is disingenuous for you to imply otherwise.
>>>>
>>>> Many non-developers have set up their own content management system
>>>> like Wordpress on their own servers.  If Wordpress was CAL instead of GPL
>>>> none of those users would be able to use WordPress because it’s unlikely
>>>> that WordPress is fully compliant under the terms of 4.2.
>>>>
>>>
>>>
>>> This is an illuminating example. If WordPress was CAL licensed, then all
>>> those people hosting their own blogs on WordPress would have to provide a
>>> link to or copy of the source code they were using, but that is it. Why?
>>> Because they would not be hosting the user data of random readers. The
>>> outcome would be essentially the same as the AGPL.
>>>
>>> Someone would only need to provide additional user data if they did more
>>> than host their own blog, but instead moved into the blog hosting business.
>>>
>>> Thanks,
>>> Van
>>>
>>>
>>>> _______________________________________________
>>> License-review mailing list
>>> License-review at lists.opensource.org
>>>
>>> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>>>
>> _______________________________________________
>> License-review mailing list
>> License-review at lists.opensource.org
>>
>> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>>
>
>
> --
> henrik.ingo at avoinelama.fi
> +358-40-5697354        skype: henrik.ingo            irc: hingo
> www.openlife.cc
>
> My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
>
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20191212/93077df6/attachment-0001.html>


More information about the License-review mailing list