[License-review] For Approval: The Cryptographic Autonomy License

Henrik Ingo henrik.ingo at avoinelama.fi
Tue May 14 12:48:43 UTC 2019


On Tue, May 14, 2019 at 12:21 AM VanL <van.lindberg at gmail.com> wrote:
>
> Hi Ingo,
>
> Thanks for the... ambiguous review?

You're welcome / My apologies.

> I think that you have put your finger on a number of key points. You may or may not agree with what I am proposing - and at this point I am not sure - but it seems from here that you generally understand it.
>
> One quick clarification, though:
>
> On Mon, May 13, 2019 at 11:33 AM Henrik Ingo <henrik.ingo at avoinelama.fi> wrote:
>>
>> Previously on license-review the License Zero license proposed a
>> requirement to publish anything *created with* the licensed software....
>> Software created with GCC is not required to be GPL licensed, and I wouldn't expect to
>> have to publish every text I wrote with OpenOffice.
>
>
> This is not analogous to the CAL. The CAL doesn't impose a need to publish "every text you wrote with OpenOffice" or all the "software created with GCC." Instead it just makes it so that someone couldn't keep your notes or your software from you.
>

Correct. I wanted to compare to a previous review to reflect on some
kind of precedent. (Both on and off license-review.) The commonality
here is that the licenses impose requirements wrt user data, that is
input or output from the software. I then went on to discuss their
differences.

Also, Richard Fontana then interjected:

> License Zero was not actually rejected. I know there is a
> currently-popular viewpoint that hostile reception to a license on
> license-review, resulting ultimately in withdrawal from the process,
> is tantamount to OSI rejecting a license, but I don't agree.
>
> I do think that significant past "hostile receptions" have been and
> should be treated as having some significance ("precedential" may not
> be the right concept).

I'm of course aware of the formal process, but I'm not aware of better
words to use here. FWIW it seems to me that in cases where the board
does make a formal decision, it's in any case expected to merely
affirm a license-review consensus. (In most cases a mostly-consensus,
or lack of it, can be inferred.) So I don't see it as particularly
problematic to make the shortcut I'm making here, but of course it is
also useful to have periodic reminders of what the real process is.

I think the concept here is that the process should be consistent, and
maybe fair. So absent a justification to decide otherwise, we should
be consistent with past decisions. (Which, as you point out, aren't
really decisions.)

Back to Van...
> As you later point out:
>>
>> Within the background set by both of those then... It still seems to
>> me that CAL has scoped this requirement in a way that is rather well
>> justified:
>>
>> "“User Data” means any data that is either a) an input to, or b) an
>> output from, the Workor a Modified Work, in which a third party other
>> than the Licensee has a Lawful Interestin the data."
>>
>> - It is not unreasonable that a user has the right to access data that
>> is theirs. (e.g. a photo that I own copyright in) This doesn't require
>> the user to give away rights to the data (as License Zero did).
>
>
> Correct. Just to emphasize this a little further, imagine a network-hosted compiler. Would you expect to be able to get the binaries that resulted from the compilation of your source code? Of course you would. But under all current licenses, the freedom to get your own binaries from the operator and run them in another context - to "run your program for any purpose" - is not an explicitly protected part of software freedom. Under the CAL it would be.
>

I think this is really the crux of this question: Are we protecting
the freedom of the user or the operator? Historically licenses were
concerned about the user-operator, who has received a copy of the work
and is executing it. To make the kind of progress you are hoping for,
we must make broaden that view.


-- 
henrik.ingo at avoinelama.fi
+358-40-5697354        skype: henrik.ingo            irc: hingo
www.openlife.cc

My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7



More information about the License-review mailing list