[License-review] For Approval: The Cryptographic Autonomy License
van.lindberg at gmail.com
Wed May 8 22:45:08 UTC 2019
Reading through your hypothetical, you seem to get the big picture correct,
but some of the details incorrect.
At a high level, would a website operator running a CAL-licensed storefront
application have to provide a copy of the store-running source code to you?
*Yes, they would. *
Would a website operator also need to offer you a copy of your User Data
(here your order information)? *Yes, they would.*
On Wed, May 8, 2019 at 5:01 PM Pamela Chestek <pamela at chesteklegal.com>
> Assume that the CAL is used for front-end software. A website uses the
> software for its website. Through a webform I order a gift that is for my
> daughter, who lives at a different address. It appears to me that, under
> the CAL:
> My daughter's name and address are "User Data," that is, they are data
> that is input to the Work and my daughter, a third party, has a Lawful
> Interest in the data.
This is not quite correct. The information about the order is User Data,
but it is *your* User Data, not your daughter's; your daughter is not a
Recipient. (Note that *you* would have the ability to ask for your order
data from the website.)
> The website has Publicly Performed, that is, it has made an interface
> available that is used for access to User Data, my daughter's name and
> address. As a result, this interaction means that under 2.2.1 and 2.2.2 the
> website has to provide me (the Recipient) with a copy of the source code.
Yes, they would need to provide you a copy of the source code. This is
similar (in practice) to how AGPL web apps work. Technically, the AGPL only
requires a link to download the source code of modified works, but compare
the as-applied licensing for various AGPL web apps:
does the AGPLv3 apply to those apps and any apps you write as extentions?
Very easily; every ownCloud app is treated as modified work because the
code from the ownCloud core is always running in parallel of any such
"Under the AGPL, you must release the complete source code for the
application that is built with ProcessMaker, even if that application is
running on a network server for SaaS or Cloud hosted purposes." (Compare
Razuna <https://www.razuna.org/whatisrazuna/licensing>, who also use this
- Artifex <https://artifex.com/licensing/>: "Bottom line, if you
distribute our software, or make the functionality of the software
available to users interacting with it remotely through a computer network,
you must share your source code."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the License-review