[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Nigel T nigel.2048 at gmail.com
Thu Dec 12 03:17:46 UTC 2019


A SaaS license is intended to be applied to software that is seen and used by third parties. 

It is disingenuous for you to imply otherwise.

Many non-developers have set up their own content management system like Wordpress on their own servers.  If Wordpress was CAL instead of GPL none of those users would be able to use WordPress because it’s unlikely that WordPress is fully compliant under the terms of 4.2.  

It is also unlikely that they could tell definitively whether or not it is in compliance.

They are not “clueless”, just not developers.  

This is not a “manufactured“ hypothetical but a large, real world, OSS user base composed of developers, non-developers and SaaS providers.

What you call “services” to make it seem that all SaaS software users are deep pocketed service providers is in reality just blog posts made by normal folks using open source software in the spirit it was intended to be used.

As written, I will continue to advocate against this license.  

It appears to me to be deeply flawed, dangerous, and against the spirit that open source software is intended for normal users and not just developers. 

It doesn’t even achieve the goal of user data independence for non-developers so I’m starting to wonder why it is written the way it is.

> On Dec 11, 2019, at 7:00 PM, VanL <van.lindberg at gmail.com> wrote:
> 
> 
> Hi Bruce,
> 
> You say:
> So they either are compelled to write an export facility, or do some sort of ad hoc export. 
> 
> No. They are not compelled to offer services to other people! They can run the software themselves.
> 
> If someone *chooses* to offer services to others, then they need to comply with the CAL.
> 
> Which, as you point out:
> 
>> Most operators, of course, have more than one customer, and in returning data to one customer, must be very careful to segregate it from anyone else's data. The penalties in Europe for failing to do that are potentially very significant, and we can expect them to get that way everywhere.
>> 
>> ... But they must be very careful about what data is released, and due diligence probably requires that they inspect the outgoing data manually.
> 
> 
> 
> If someone chooses to offer services to other people, they need to expect that there will be compliance burdens that they are taking on - far more substantial than the requirements of the CAL. It doesn't make sense to manufacture a "clueless operator" theory that requires someone to knowingly offer services, take on burdens they can't comply with, and then complain that the problem is the software license.
> 
> Thanks,
> Van
> 
>  
> _______________________________________________
> License-review mailing list
> License-review at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-review_lists.opensource.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/license-review_lists.opensource.org/attachments/20191211/3bf15628/attachment.html>


More information about the License-review mailing list