[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Sun Feb 9 17:54:52 UTC 2020

Eric,

I liked your previous email although I didn't reply to it. I think it
would be an interesting discussion to debate how free software can
benefit (or not) the Uighurs, or the LGBT community. However, I don't
think such a discussion belongs in the thread about reviewing and
approving a particular license. For one thing, the people competent in
understanding the legal text of a license may not be competent in
commenting on what is best for the Uighur people. Therefore, the way I
see it, we use concepts like values and principles as an abstraction
layer to distill some high level guidelines (OSD and the four
freedoms, but not only those...), and then we evaluate specific
licenses (and software and their  communities) against those values. I
of course believe that software freedom and also data autonomy / open
data tend to benefit both oppressed minorities, third world countries,
etc. But it would be an interesting topic to study further too.

As for the CAL, I think it is in alignment with our current
understanding of values of the FOSS community. Separately, also the
current values are always up for re-evaluation, but in a different
thread and possibly in a different forum.

Josh,

I was already previously on the record that I think the latest version
of the CAL does conform to the OSD. For those just tuning in, it's
worth mentioning that over the past year Van made significant changes
to the license in response to feedback from this list, including from
me. I'd like to commend him for setting a shining example of how to
work with the process. I hope future submitters can study and learn
from this process.

I also previously had supported the idea that OSI could in limited
circumstances also deprecate previously approved licenses. I think
such decisions should be rare, and the number of licenses thus
deprecated could even be zero. But I believe it might reduce some of
the stress in reviewing new licenses if participants knew that there
is at least a theoretical possibility to de-list licenses that in
hindsight are considered as mistakes.

henrik

On Fri, Feb 7, 2020 at 9:31 PM Eric Schultz <eric at wwahammy.com> wrote:
>
> Consistent with my previous comments, I say "MoreDiscussionNeeded". I don't think we fully understand how this applies in some of the situations I previously mentioned and how it interacts with the principles behind FOSS and its effect on users. Sadly, the nature of this process doesn't really allow a proper nuanced exploration necessary for a decision of this magnitude and I don't think that discussion is going to happen on this list.
>
> That said, given the process we have and the discussion so far, I lean slightly towards this license being OSD compliant (and FSD compliant for that matter). But I'm also not going to be shocked if there's some unexpected consequences from this license.
>
> Eric
>
> On Fri, Feb 7, 2020, 11:20 AM Josh Berkus <josh at berkus.org> wrote:
>>
>>
>> > Having reviewed the latest draft, "Pass" from me. I have lingering
>> > concerns over this license, and the potential for abuse by Holochain or
>> > other unknown licensors, based partly on the earlier drafting history,
>> > some of Van's earlier comments on those drafts, and general suspicion of
>> > new copyleft licenses advanced specifically by narrow commercial
>> > interests. However I don't think those concerns are sufficiently
>> > grounded in the current license text such that I would recommend
>> > rejection or more protracted discussion. If this license is approved, I
>> > would not recommend that anyone use it. But on its face, the license,
>> > including the core interesting User Data requirement feature, seem to me
>> > consistent with the spirit of the OSD and software freedom.
>>
>> Well, let's thought-experiment this onto a non-crypto project to see how
>> it maps.  Imagine that I'm Tobias, lead maintainer of Pretalx conference
>> software, and owner of pretalx.com hosting service.  What I want out of
>> the license is:
>>
>> * reassurance for my customers that I won't "lock up" their data;
>> * a guarantee that if someone launches a competeing pretalx hosting
>> service, they can't lock up customer data preventing migration either
>> * maximizing sharing of any improvements to the code
>>
>> Does the CAL do this?
>>
>>
>> --
>> Josh Berkus
>>
>> _______________________________________________
>> License-review mailing list
>> License-review at lists.opensource.org
>> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
>
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org

-- 
henrik.ingo at avoinelama.fi
+358-40-5697354        skype: henrik.ingo            irc: hingo
www.openlife.cc

My LinkedIn profile: http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7