[License-review] For Approval: The Cryptographic Autonomy License

Bruce Perens bruce at perens.com
Thu May 9 02:27:43 UTC 2019


Let's please get more specific regarding blockchain, since that is the
target of the customer.

Anna puts data in a blockchain, and her digital signature. She holds some
right to this data.
Betty then processes the blockchain, adding data and her own digital
signature. Because it's a blockchain, Betty's added data is necessarily
derivative of Anna's.

Anna asks Betty for her data. What does Betty have to provide?

1. Only the data that Anna fed into the system.
2. The data that Anna fed into the system, and Betty's data which is
3. #2, plus the secret key that Betty used to manipulate Anna's data.

Note your definition of "Source Code":

o) “Source Code” means the form of the work preferred for making
modifications, including any comments, design documentation, help
materials, installation instructions, *cryptographic keys*, and any
information reasonably necessary to compile the Source Code into Object
Code *or Process User Data* using generated Object Code.

Emphasis mine. Perhaps modulated by a comma, the definition of source code
seems to include cryptographic keys used to process user data.



On Wed, May 8, 2019 at 3:46 PM VanL <van.lindberg at gmail.com> wrote:

> Hi Pam,
> Reading through your hypothetical, you seem to get the big picture
> correct, but some of the details incorrect.
> At a high level, would a website operator running a CAL-licensed
> storefront application have to provide a copy of the store-running source
> code to you?
> *Yes, they would. *
> Would a website operator also need to offer you a copy of your User Data
> (here your order information)? *Yes, they would.*
> To specifics:
> On Wed, May 8, 2019 at 5:01 PM Pamela Chestek <pamela at chesteklegal.com>
> wrote:
>> Assume that the CAL is used for front-end software. A website uses the
>> software for its website. Through a webform I order a gift that is for my
>> daughter, who lives at a different address. It appears to me that, under
>> the CAL:
>> My daughter's name and address are "User Data," that is, they are data
>> that is input to the Work and my daughter, a third party, has a Lawful
>> Interest in the data.
> This is not quite correct. The information about the order is User Data,
> but it is *your* User Data, not your daughter's; your daughter is not a
> Recipient. (Note that *you* would have the ability to ask for your order
> data from the website.)
>> The website has Publicly Performed, that is, it has made an interface
>> available that is used for access to User Data, my daughter's name and
>> address. As a result, this interaction means that under 2.2.1 and 2.2.2 the
>> website has to provide me (the Recipient) with a copy of the source code.
> Yes, they would need to provide you a copy of the source code. This is
> similar (in practice) to how AGPL web apps work. Technically, the AGPL only
> requires a link to download the source code of modified works, but compare
> the as-applied licensing for various AGPL web apps:
>    - Owncloud
> <https://owncloud.com/owncloud-agplv3-owncloud-commercial-license/>: "How
> does the AGPLv3 apply to those apps and any apps you write as extentions?
> Very easily; every ownCloud app is treated as modified work because the
> code from the ownCloud core is always running in parallel of any such
> extensions."
>     - Processmaker
> <https://www.processmaker.com/agplv3-license-and-bpm-open-source-license>:
> "Under the AGPL, you must release the complete source code for the
> application that is built with ProcessMaker, even if that application is
> running on a network server for SaaS or Cloud hosted purposes."  (Compare
> Razuna <https://www.razuna.org/whatisrazuna/licensing>, who also use this
> phrasing).
>     - Artifex <https://artifex.com/licensing/>: "Bottom line, if you
> distribute our software, or make the functionality of the software
> available to users interacting with it remotely through a computer network,
> you must share your source code."
> Thanks,
> Van
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190508/1f5e23df/attachment-0001.html>

More information about the License-review mailing list