<div dir="ltr"><div dir="ltr"><div>On Thu, Dec 12, 2019 at 3:17 PM VanL <<a href="mailto:van.lindberg@gmail.com">van.lindberg@gmail.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>I think you are complicating the issue. It started out as "no one could self-host WordPress." That is false. Self-hosting WordPress is allowed, and the compliance is just the same as the AGPL, because in the basic self-hosting instance, the operator is not holding any user data.</div></div></blockquote><div><div style="color:rgb(0,0,0)"><br></div><div style="color:rgb(0,0,0)">Blogs often has comments. This isn't hypothetical.</div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Then the hypothetical expanded to self-hosted comments, so that there was some minimal user data being held. In this case, I agree that the comments would need to be provided, should they be requested. But there are reasonable, semi-automatic ways by which this data is provided (HTML, RSS feeds). I would also note that a SQL dump would also work, and I don't think that copy+pasting a SQL select from the internet is beyond the capabilities of even a non-technical user (should the comments be requested).</div></div></blockquote><div><br></div><div>Here is an example of the steps you have to go through if you can't go through phpMyAdmin (which isn't always installed).</div><div><br></div><div>1) have ssh enabled on your server, with SSH username, password, port number and hostname.</div><div>2) have your Wordpress database username, password and hostname</div><div>3) have the right tools to interact with SSH (putty, pscp, etc)</div><div>4) run your ssh package with your SSH credentials.</div><div>5) at the ssh command line connect to mysql using your username, password, etc</div><div>6) find and select right database</div><div>7) cut and paste the SQL statement you<b> found on the internet </b>and hope it actually works and doesn't do something sinister.</div><div><br></div><div>Having the non-technical user do things in a database via SQL statements from the internet is a recipe for really screwing up the system. In any case, many folks not used to the command line would be lost on step 1...and arguably most WordPress users wouldn't want to do any SQL via phpMyAdmin either. If that's the cost of compliance they just wouldn't use WordPress.</div><div><br></div><div>Again, if user export is not implemented as part of the original software then compliance with 4.2 becomes very hard for non-technical users for any but the most trivial case. </div><div><br></div><div>Arguing that users can just do SQL queries is essentially saying that OSS software need only be designed for developers.</div><div><br></div><div>No.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>The hypothetical then expanded again to user accounts, memberships, badges, user content, etc - the whole WordPress ecosystem. I can't say that the whole WordPress ecosystem would be able to easily comply. But you yourself identify that the information is stored in the database or the filesystem, and it is accessible, so compliance is possible. I would also note plugins like WP-all-export.</div></div></blockquote><div> </div><div>These specifics were provided to refute Henrik's assertion that WordPress has been 4.2 compliant for years. These are not "expanded hypotheticals" but counter-examples.</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div></div><div>But then the hypothetical expands to a non-admin user - and that's where it breaks again. If someone starts a WordPress hosting business, where they are hosting other people's blogs, I don't think it is unreasonable to say that they are taking upon themselves substantial additional compliance requirements, of which the CAL's requirements are usually a subset.</div></div></blockquote><div><br></div><div>Wordpress sites allow visitors to register to gain different levels of access. This isn't a "Wordpress hosting business"...it's just letting folks do things on your site...like make comment, set avatars, contribute posts, moderate other visitor comments, view premium content, etc. </div><div><br></div><div>At no point have I ever brought up someone starting a Wordpress hosting business. Folks host their own site and let visitors contribute to the site in various ways to build up their community...they aren't starting a "hosting business". The scenario breaks down because your license terms are broken, not because they are a SaaS hosting provider.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Thanks,<br></div><div>Van<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 12, 2019 at 1:17 PM Nigel T <<a href="mailto:nigel.2048@gmail.com" target="_blank">nigel.2048@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">If the users do not have admin privs they don't get to see wp_usermeta data unless it's explicitly exposed in some form. Given that plugins and forms can store user input in wp_usermeta or in other areas of the database (like wp_commentmeta) it is easy to show that Wordpress is not fully 4.2 compliant.<div><br></div><div>To argue that Wordpress is CAL 4.2 compliant because you can see your comments ignores that there are many other interactions possible with Wordpress like upvoting, voting in polls, answering questions on forms, internal storage of data generated for the user, file uploads, badges, memberships, payment data, comment tags, guest posts, etc. </div><div><br></div><div>And to say that because a user can copy/paste from HTML pages generated by Wordpress that compliance with 4.2 is trivially achievable makes a mockery of the desire for user data accessibility.</div><div><br></div><div>Wordpress is great because the user of the software can export their site and import it into another Wordpress server....that's the desired goal for access to your own content. It, however, doesn't do that for individual viewers of the site that interact with and respond to the content provided. So it isn't CAL 4.2 compliant for the non-technical user.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 12, 2019 at 3:06 AM Henrik Ingo <<a href="mailto:henrik.ingo@avoinelama.fi" target="_blank">henrik.ingo@avoinelama.fi</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>If there was a request from a user to get their user data, then the clueless operator could also easily publish or approve the queued comments, and they would be in compliance. This is a first class feature in the Wordpress GUI, and requires zero coding skills from the operator.<br></div><div><br></div><div>For those who are not intimately familiar with Wordpress... It has been CAL compliant 13 years ago: <a href="https://en.blog.wordpress.com/2006/08/14/my-comments/" target="_blank">https://en.blog.wordpress.com/2006/08/14/my-comments/</a></div><div><br></div><div>Admittedly the CAL maybe implies data should be exported in some other format than a HTML page, such as a mysqldump, json, or xml file. But it doesn't explicitly mandate a specific data format. In the case of the clueless Wordpress operator presumably administering a fairly low volume site, it could be argued that a HTML page from where a user can easily copypaste all of their user data is in fact a good alternative to provide this data.</div><div><br></div><div>IMO the Wordpress example rather strengthens Van's argument that for realistic scenarios the CAL requirements are not unreasonable. I agree that there's a discussion worth having about licensors with bad intent, but I don't support the idea that a license should be rejected based on rather theoretical corner cases. Especially when - as I illustrated in my previous email - same corner cases can be constructed for existing licenses like GPL.<br></div><div><br></div><div>henrik<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Dec 12, 2019 at 7:26 AM Bruce Perens via License-review <<a href="mailto:license-review@lists.opensource.org" target="_blank">license-review@lists.opensource.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="auto">If they hosted comments on their WordPress blog, and did not approve some comments but kept them in the approval queue, this would be sufficient to activate the data terms.<div dir="auto"><br></div><div dir="auto">I agree with Nigel.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 11, 2019, 8:53 PM VanL <<a href="mailto:van.lindberg@gmail.com" target="_blank">van.lindberg@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto">On Wed, Dec 11, 2019, 9:18 PM Nigel T <<a href="mailto:nigel.2048@gmail.com" rel="noreferrer" target="_blank">nigel.2048@gmail.com</a>> wrote:<br></div><div class="gmail_quote" dir="auto"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="auto">A SaaS license is intended to be applied to software that is seen and used by third parties. <br><div><div><br></div><div>It is disingenuous for you to imply otherwise.</div><div><br></div><div>Many non-developers have set up their own content management system like Wordpress on their own servers. If Wordpress was CAL instead of GPL none of those users would be able to use WordPress because it’s unlikely that WordPress is fully compliant under the terms of 4.2. </div></div></div></blockquote></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">This is an illuminating example. If WordPress was CAL licensed, then all those people hosting their own blogs on WordPress would have to provide a link to or copy of the source code they were using, but that is it. Why? Because they would not be hosting the user data of random readers. The outcome would be essentially the same as the AGPL.</div><div dir="auto"><br></div><div dir="auto">Someone would only need to provide additional user data if they did more than host their own blog, but instead moved into the blog hosting business.</div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Van</div><div dir="auto"><br></div><div class="gmail_quote" dir="auto"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="auto"><br></div></div>
</blockquote></div></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" rel="noreferrer" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr"><a href="mailto:henrik.ingo@avoinelama.fi" target="_blank">henrik.ingo@avoinelama.fi</a><br>+358-40-5697354 skype: henrik.ingo irc: hingo<br><a href="http://www.openlife.cc" target="_blank">www.openlife.cc</a><br><br>My LinkedIn profile: <a href="http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7" target="_blank">http://fi.linkedin.com/pub/henrik-ingo/3/232/8a7</a></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div>
_______________________________________________<br>
License-review mailing list<br>
<a href="mailto:License-review@lists.opensource.org" target="_blank">License-review@lists.opensource.org</a><br>
<a href="http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org" rel="noreferrer" target="_blank">http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org</a><br>
</blockquote></div></div></div>