[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Josh Berkus josh at berkus.org
Thu Dec 12 22:31:27 UTC 2019


On 12/11/19 1:05 PM, VanL wrote:
> Hi Josh,
> 
> Ok, this puts Nigel's concern into clearer focus, and I am glad to see
> Nigel confirming it. Nevertheless, I am not convinced. Reasoning below:
> 
> On Wed, Dec 11, 2019 at 2:08 PM Josh Berkus <josh at berkus.org
> <mailto:josh at berkus.org>> wrote:
> 
>     1) You create some software that has no data export functionality and
>     license it under the CAL.
> 
>  
> This is the first big problem. Is the distribution of the software
> compliant? If so, there is *some* data export functionality, even if it
> is not polished for non-technical operators. So starting by saying
> "there is software with *no* data export functionality" is starting by
> saying "if I receive a non-compliant distribution, then my own
> subsequent distribution will be non-compliant."

Such software can be compliant if it contains/requires no user data to
operate.  Or it can have a way to get the user data for one area of the
program, but not for others.

>  
> 
>     2) I use your software as the basis for some other application.
> 
> 
> OK.
>  
> 
>     3) I am now compelled, under the terms of the license, to *write* a user
>     data export feature that didn't exist in the software that I copied from
>     you under the CAL.
> 
> 
> This is where the logic chain really falls apart.
> 
> If a person wants to use the CAL-licensed software, for their own
> private purposes, then they can do so. They don't need to write any
> features, they don't need to provide any data to any other person. You
> are missing step 2.5: You decide to use the software (either the
> original application or your derived application) to provide services to
> another third party.
> 
> If someone wants to offer services to someone else, then they are
> already choosing to take upon themselves various burdens. If part of the
> additional burden that they choose to take on involves providing the
> software and data to users, then they are choosing that.

People build applications in layers.  Imagine the sofware I'm copying is
a CAL-licensed database, but what I'm building is some node.js-based
end-user app.
> I would also push back on the idea that even if there isn't a polished
> "data export" functionality, then that means that the data isn't
> available. I would also suggest that if they are offering services to
> third parties, but they don't have the necessary skills to
> operate/troubleshoot the software, they are already in a bad position.

Um, have you ever worked in the web or mobile applications fields?
There are pretty good reasons why front-end and back-end are generally
separate teams.

>     4) As a corollary, this means that if I am not a programmer (and don't
>     have $$$$), I cannot use the software you created in (1).
> 
> 
> I hope you see the logical errors now:
> - You *can* use the software, as a non-technical user, as long as you
> are using it for private purposes.

I don't care about "private purposes".  Any OSS license is OK with
private usage; if the CAL wasn't, we'd be blocking it for that reason.
I'm talking about downstream users who are supplying a service or
software to someone else.

> If you choose to use the software to provide services to others, *yes*,
> you must comply with the terms of the CAL. But you can't assume that the
> distribution you received is going to be non-compliant in the first place. 
> 
> - If the distribution you received is compliant, then this issue doesn't
> exist.
> - If the software distribution *you* received is not compliant, or some
> other software that you built on top of CAL-licensed software is not
> compliant, then yes, you must invest time or money to be compliant if
> you wish to use that software to provide services to others.

Seems like you understand the novelty factor here; this is it in a
nutshell.  The new factor doesn't necessarily mean that the licence is
not acceptable, but it *is* something that needs to be hashed out.

Do you understand, now, why Nigel was suggesting symmetry as a solution
for this, even if you don't agree with it?

-- 
Josh Berkus



More information about the License-review mailing list