[License-review] AGPL timeline & why cautious processes with real-world testing are better (was Re: For approval: The Cryptographic Autonomy License (Beta 4))

[Bradley M. Kuhn]

VanL wrote today:
>    So regardless of whether the AGPL was "accepted" or "endorsed" by the
>    FSF, it benefitted from Bradley's official relationship with the FSF.

... and I'm sure your license will benefit from your official relationship
with its drafting authority too.

(I won't bore the list with full fact-check corrections of Van's speculations
about my relationships with FSF and AGPL, so I'll limit to this: I have no
affiliation with FSF per <http://ebb.org/bkuhn/blog/2019/10/15/fsf-rms.html>
but I do think FSF did a good job handling AGPLv1 -> AGPLv3.  Van was
narrowly correct in that I historically had some form of relationship with
the FSF during the AGPLv1 through the initial AGPLv3 era, although at times
during that period, the relationship was only as a untitled volunteer.)

In this analogy, Van and Holochain are the drafting authority.  I brought up
the drafting authority's actions with regard to AGPL and copyleft-next to
laud those drafting authorities for advisable restraint in *not* submitting a
license to OSI before the license percolated in use and community
consideration.  They certainly didn't post multiple revisions here seeking
interactive drafting assistance from overworked OSI volunteers; they created
wholly separate public-focused drafting processes invited everyone to
participate in those public processes.

Van wrote further:
> AGPL process.. was based upon ... unique circumstances

Neither approach is unique: AGPL and copyleft-next are clear examples of my
suggested approach, while Radcliffe's CPAL and MongoDB's SS Public License
are other examples of the approach that Van has pursued.

However, Van, you cherry-picked that side point of my email, and ignored the
main point.  You focused only one drafting authority's behavior.  The main
question for this discussion is what the OSI should do.  As I pointed out,
the OSI did *not* list the AGPL nor copyleft-next for the first 6-7 years of
their existence, *and* the drafting authority *did not* submit it during that
period.  Indeed, AGPLv3 was ultimately submitted by a *third party* licensor
who wanted OSI to endorse it as open source.  As I pointed out, historically,
licenses submitted before use by the drafting authority and pre-approved by
OSI have ultimately been deprecated or (at times) outright embarrassments for
OSI.  I'm glad OSI narrowly escaped this problem with MongoDB's SS Public
License, but we're having a repeat of that scenario here.

If we want to talk about what's really different from the time of past
licenses and today, it's really the story of OSI's great success.  Sorry to
quote something as base as "Spiderman", but with that greater power comes
greater responsibility.  Bestowing the label of "open source" onto a license
today gives serious power and real economic advantages to a license drafting
authority -- particularly, when that drafting authority is also a for-profit
company distributing software under that license, and/or a lawyer/law firm
who sells their services as an open source licensing expert.  It's an
unenviable position for the OSI, particularly as a primarily volunteer
organization.  I appreciate that Van is a great lawyer (and thus a zealous
advocate for his client's success), but the policy implications of OSI
volunteers interactively drafting a very novel copyleft license with a
for-profit entity's lawyer and then approving it quickly really concern me.
Licenses function as legislation of our community.  Yes, lobbyists often
write our legislation, but that rarely generates good outcomes for the
Republic and its people.

McCoy also said yesterday:
> [AGPLv3] was approved...with very little discussion on the mailing list.

This also goes to my point: the Affero clause by then had an 7+ year track
record, enforcement history and real projects under it.  There was a real
community and real usage to examine, so hypothetical debate wasn't needed.
All we have with unused and untested copyleft experiments is hypothetical
debate, which can only get us so far, but not far enough to tell whether a
particular license really expands or curtails software freedom.

Henrik asked specifically this morning:
> Would you mind clarifying what you mean by "not officially endorsed by the
> FSF"

AGPLv1 was an authorized fork of GPL published by (now defunct) Affero, Inc.
It was not an official license promulgated by the FSF until AGPLv3's release.

--
Bradley M. Kuhn - he/him

Pls. support the charity where I work, Software Freedom Conservancy:
https://sfconservancy.org/supporter/