[License-review] For Approval: The Cryptographic Autonomy License

VanL van.lindberg at gmail.com
Wed May 1 01:00:23 UTC 2019

Hi Pam,

Sorry for the delay replying.

On Sat, Apr 27, 2019 at 9:30 AM Pamela Chestek <pamela at chesteklegal.com>

> Hi Van,
> Below are some comments on the text itself.
> > Section 2.2.1 and 2.4 are circular references so that it's not clear
> what the duty is.

The intention is that it can function either like MPL's per-file licensing,
or like the LGPL. But reading this, I understand the confusion. I have
updated the draft to try to address this issue. Does this make it clearer?2.4.
Combined Work Exception

As an exception to the conditions in sections 2.2.1 and 2.2.2, any Source
Code files marked by the Licensor as having the “Combined Work Exception,”
or any Object Code exclusively resulting from Source Code files so marked,
may be combined with other Software into a “Larger Work.” So long as you
comply with the conditions in 2.1, 2.2, and 2.3 relative to the Source Code
provided to you by Licensor, any other Software in the Larger Work as well
as the Larger Work as a whole may be licensed under the terms of your

I hope that this also clears up the use of the term "relative." It is here
essentially a synonym for "regarding" or "with respect to."

> "Access to Source Code" must be provided by "You," the Licensee. It
> doesn't make sense to me that the Licensee has to provide access to the
> source code.

This is roughly equivalent to the GPL's "Complete Corresponding Source." In
this case, like in the GPL, the Licensee ("You") must pass the source code
on to further recipients.

> Section 2.3: It says "You must give the same permission received under
> this License to any Recipient...." However, Section 7.2 says the license
> is not sublicensable, so the Licensee doesn't have authority to grant
> permissions at all. The clause doesn't seem to have an effect and
> therefore only creates confusion.

This is intended to reflect a similar concept to the GPL's "no further
restrictions" clause. I am open to ways to improve this to make it clearer.

> Section 2.3(e): missing capitalization of "Work"? I also don't
> understand what it's trying to say or stop.

Thanks, capitalization fixed. With regard to the meaning, this is an
anti-DMCA clause. See my email to Henrik on this list identifying the
parallel GPLv3 clause.

> Section 4.1: I would insert the word "automatically" before "compliance"
> within 60 days to distinguish it from compliance after that, which
> requires the express restoration by the Licensor.

Is this what you mean? "As a special exception to termination for
non-compliance, Your permissions for the Work under this License will
*automatically* be reinstated if You come into compliance with all the
conditions in section 2 within sixty days of being notified by Licensor or
an intended third party beneficiary of Your noncompliance."

> You have defined "Public Performance" as using the Software to take any
> action that implicates the right of performance or public display under
> copyright law, and include as one use case of making an interface
> available. The license grant is for this full scope. However, your
> definition of "Modified Work" and "Recipient" refer only to "Public[ly]
> Perform[ance/ing] an interface." This creates ambiguity about the scope
> of the right for Modified Work and that Recipients have.

If you look at the header to 2.3, it encompasses all ways in which a
Licensee can communicate the Work to a Recipient.

> Section 7.1.1: I don't understand why a reference to GDPR is required;
> it strikes me as a "you must comply with all applicable law"
> requirement. And why the GDPR and not any other or future laws? If a
> statement is needed that the requirements the law impose will override
> the license requirements, you can say that more generally.

This clause is not about complying with the GDPR. Rather, it is the
reverse: It is a limitation saying that if you comply with those specific
subsets of the GDPR, that is also good enough to count as compliance with
CAL 2.3(b). It is intended to streamline CAL compliance by hooking into an
already-existing enforcement regime.

Thanks, and thanks for the feedback,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190430/8eb179a3/attachment-0001.html>

More information about the License-review mailing list