[License-review] For approval: The Cryptographic Autonomy License (Beta 2)

Mon Aug 19 20:54:01 UTC 2019

Hi Josh,

Thanks for the questions.

On Mon, Aug 19, 2019 at 3:31 PM Josh Berkus <josh at berkus.org> wrote:

>
> ### 2.2. Offer and Acceptance
>
> - I cannot make heads or tails of this paragraph.  What is it supposed
> to mean?  Would there be a way to state that in language that would be
> clearer to a layman?
>

This paragraph is legalese that helps establish enforceability.

Briefly, there are a couple different ways that a license can be enforced -
under IP laws, under contract laws, or both. There is a long history of
cases that indicate that certain formulations have certain legal effects.
This paragraph includes some of those historical incantations.

Think of it as the legal equivalent of Java's "public static void
main(String[] args)"

Patent Clauses:
>
> - These are very clear and well-stated.  I don't know how they do
> legall, but as a developer I find them very straightforwards.
>
> #### 4.2.1. No Withholding User Data
>
> - Again, I don't have any opinion on enforcability, but the meaning here
> is quite clear to me.
> - For my part, I find this clause a natural extension of copyleft
> principles, and as such not a violation of the OSD.
> - Even further, as a database geek, I would love to see more
> user-data-protection licenses.
>

Thanks!

> #### 4.2.2. No Technical Measures that Limit Access
>
> - This paragraph seems ripe for inadvertent violation.  For example, a
> strict interpretation of this seems to read that you're not allow to
> place any copy of the code under private-key encryption, even for your
> own organization's use.  I'd love to see some of the "withold" or other
> intent language here.
>

I would point you to the language near the end of this clause: "You may
not... limit a Recipient’s ability to access any functionality present* *in
Recipient's independent copy** of the Work, or to deny* *a Recipient** full
control of the **Recipient’s User Data*.*"

What you do with your copy is your business; this clause makes clear that
you cannot restrict what a Recipient can do with their independent copy of
the work.

Regarding business use, I would also point you to the "Affiliates" clause
in 7.1. Anyone inside your own organization is not a "Recipient." Private
use inside an organization, including for serving employees and dedicated
contractors, is unrestricted.

Do these points address your concerns?

> #### 4.2.3. No Legal or Contractual Measures that Limit Access
>
> - Do we need an exemption here for government action? Not everyone has a
> choice about some of these laws (like anti-circumvention).
>

I don't think so. We do presume that everyone will obey the law. What this
does is it restricts the availability of certain causes of action between
private parties.

> ### 5.3. Termination Due to Litigation
>
> - Do you want to limit this to patent infringement?  What about other
> types of legal action, such as claims for damages?
>

Right now I am inclined to say no. First, patent litigation seems
especially damaging, and worth calling out specifically. Second, some types
of claims we want to allow (such as trademark claims).

>
> ### 7.2. Choice of Jurisdiction and Governing Law
>
> - This seems like it could be used to circumvent some of the provisions
> of the license.  Comment?
>

No, I don't think so. This applies to a licensee (the person receiving the
software) suing the licensor (the contributor). The licensor has the
ability to bring a claim wherever necessary.

Thanks,
Van
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20190819/ba3079f4/attachment.html>