<div dir="ltr"><div>I think you are complicating the issue. It started out as "no one could self-host WordPress." That is false. Self-hosting WordPress is allowed, and the compliance is just the same as the AGPL, because in the basic self-hosting instance, the operator is not holding any user data.<br></div><div><br></div><div>Then the hypothetical expanded to self-hosted comments, so that there was some minimal user data being held. In this case, I agree that the comments would need to be provided, should they be requested. But there are reasonable, semi-automatic ways by which this data is provided (HTML, RSS feeds). I would also note that a SQL dump would also work, and I don't think that copy+pasting a SQL select from the internet is beyond the capabilities of even a non-technical user (should the comments be requested).</div><div><br></div><div>The hypothetical then expanded again to user accounts, memberships, badges, user content, etc - the whole WordPress ecosystem. I can't say that the whole WordPress ecosystem would be able to easily comply. But you yourself identify that the information is stored in the database or the filesystem, and it is accessible, so compliance is possible. I would also note plugins like WP-all-export.</div><div><br></div><div>But then the hypothetical expands to a non-admin user - and that's where it breaks again. If someone starts a WordPress hosting business, where they are hosting other people's blogs, I don't think it is unreasonable to say that they are taking upon themselves substantial additional compliance requirements, of which the CAL's requirements are usually a subset.</div><div><br></div><div>Thanks,<br></div><div>Van<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 12, 2019 at 1:17 PM Nigel T <<a href="mailto:nigel.2048@gmail.com">nigel.2048@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">If the users do not have admin privs they don't get to see wp_usermeta data unless it's explicitly exposed in some form. Given that plugins and forms can store user input in wp_usermeta or in other areas of the database (like wp_commentmeta) it is easy to show that Wordpress is not fully 4.2 compliant.<div><br></div><div>To argue that Wordpress is CAL 4.2 compliant because you can see your comments ignores that there are many other interactions possible with Wordpress like upvoting, voting in polls, answering questions on forms, internal storage of data generated for the user, file uploads, badges, memberships, payment data, comment tags, guest posts, etc. </div><div><br></div><div>And to say that because a user can copy/paste from HTML pages generated by Wordpress that compliance with 4.2 is trivially achievable makes a mockery of the desire for user data accessibility.</div><div><br></div><div>Wordpress is great because the user of the software can export their site and import it into another Wordpress server....that's the desired goal for access to your own content. It, however, doesn't do that for individual viewers of the site that interact with and respond to the content provided. So it isn't CAL 4.2 compliant for the non-technical user.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 12, 2019 at 3:06 AM Henrik Ingo <<a href="mailto:henrik.ingo@avoinelama.fi" target="_blank">henrik.ingo@avoinelama.fi</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>If there was a request from a user to get their user data, then the clueless operator could also easily publish or approve the queued comments, and they would be in compliance. This is a first class feature in the Wordpress GUI, and requires zero coding skills from the operator.<br></div><div><br></div><div>For those who are not intimately familiar with Wordpress... It has been CAL compliant 13 years ago: <a href="https://en.blog.wordpress.com/2006/08/14/my-comments/" target="_blank">https://en.blog.wordpress.com/2006/08/14/my-comments/</a></div><div><br></div><div>Admittedly the CAL maybe implies data should be exported in some other format than a HTML page, such as a mysqldump, json, or xml file. But it doesn't explicitly mandate a specific data format. In the case of the clueless Wordpress operator presumably administering a fairly low volume site, it could be argued that a HTML page from where a user can easily copypaste all of their user data is in fact a good alternative to provide this data.</div><div><br></div><div>IMO the Wordpress example rather strengthens Van's argument that for realistic scenarios the CAL requirements are not unreasonable. I agree that there's a discussion worth having about licensors with bad intent, but I don't support the idea that a license should be rejected based on rather theoretical corner cases. Especially when - as I illustrated in my previous email - same corner cases can be constructed for existing licenses like GPL.<br></div><div><br></div><div>henrik<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 12, 2019 at 7:26 AM Bruce Perens via License-review <<a href="mailto:license-review@lists.opensource.org" target="_blank">license-review@lists.opensource.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">If they hosted comments on their WordPress blog, and did not approve some comments but kept them in the approval queue, this would be sufficient to activate the data terms.<div dir="auto"><br></div><div dir="auto">I agree with Nigel.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 11, 2019, 8:53 PM VanL <<a href="mailto:van.lindberg@gmail.com" target="_blank">van.lindberg@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto">On Wed, Dec 11, 2019, 9:18 PM Nigel T <<a href="mailto:nigel.2048@gmail.com" rel="noreferrer" target="_blank">nigel.2048@gmail.com</a>> wrote:<br></div><div class="gmail_quote" dir="auto"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">A SaaS license is intended to be applied to software that is seen and used by third parties. <br><div><div><br></div><div>It is disingenuous for you to imply otherwise.</div><div><br></div><div>Many non-developers have set up their own content management system like Wordpress on their own servers. If Wordpress was CAL instead of GPL none of those users would be able to use WordPress because it’s unlikely that WordPress is fully compliant under the terms of 4.2. </div></div></div></blockquote></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">This is an illuminating example. If WordPress was CAL licensed, then all those people hosting their own blogs on WordPress would have to provide a link to or copy of the source code they were using, but that is it. Why? Because they would not be hosting the user data of random readers. The outcome would be essentially the same as the AGPL.</div><div dir="auto"><br></div><div dir="auto">Someone would only need to provide additional user data if they did more than host their own blog, but instead moved into the blog hosting business.</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Van</div><div dir="auto"><br></div><div class="gmail_quote" dir="auto"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto"><br></div></div>
</blockquote></div></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" rel="noreferrer" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr"><a href="mailto:henrik.ingo@avoinelama.fi" target="_blank">henrik.ingo@avoinelama.fi</a><br>+358-40-5697354 skype: henrik.ingo irc: hingo<br><a href="http://www.openlife.cc" target="_blank">www.openlife.cc</a><br><br>My LinkedIn profile: <a href="http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7" target="_blank">http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7</a></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div>