[License-review] For approval: The Cryptographic Autonomy License (Beta 4)
josh at berkus.org
Thu Dec 12 22:31:27 UTC 2019
On 12/11/19 1:05 PM, VanL wrote:
> Hi Josh,
> Ok, this puts Nigel's concern into clearer focus, and I am glad to see
> Nigel confirming it. Nevertheless, I am not convinced. Reasoning below:
> On Wed, Dec 11, 2019 at 2:08 PM Josh Berkus <josh at berkus.org
> <mailto:josh at berkus.org>> wrote:
> 1) You create some software that has no data export functionality and
> license it under the CAL.
> This is the first big problem. Is the distribution of the software
> compliant? If so, there is *some* data export functionality, even if it
> is not polished for non-technical operators. So starting by saying
> "there is software with *no* data export functionality" is starting by
> saying "if I receive a non-compliant distribution, then my own
> subsequent distribution will be non-compliant."
Such software can be compliant if it contains/requires no user data to
operate. Or it can have a way to get the user data for one area of the
program, but not for others.
> 2) I use your software as the basis for some other application.
> 3) I am now compelled, under the terms of the license, to *write* a user
> data export feature that didn't exist in the software that I copied from
> you under the CAL.
> This is where the logic chain really falls apart.
> If a person wants to use the CAL-licensed software, for their own
> private purposes, then they can do so. They don't need to write any
> features, they don't need to provide any data to any other person. You
> are missing step 2.5: You decide to use the software (either the
> original application or your derived application) to provide services to
> another third party.
> If someone wants to offer services to someone else, then they are
> already choosing to take upon themselves various burdens. If part of the
> additional burden that they choose to take on involves providing the
> software and data to users, then they are choosing that.
People build applications in layers. Imagine the sofware I'm copying is
a CAL-licensed database, but what I'm building is some node.js-based
> I would also push back on the idea that even if there isn't a polished
> "data export" functionality, then that means that the data isn't
> available. I would also suggest that if they are offering services to
> third parties, but they don't have the necessary skills to
> operate/troubleshoot the software, they are already in a bad position.
Um, have you ever worked in the web or mobile applications fields?
There are pretty good reasons why front-end and back-end are generally
> 4) As a corollary, this means that if I am not a programmer (and don't
> have $$$$), I cannot use the software you created in (1).
> I hope you see the logical errors now:
> - You *can* use the software, as a non-technical user, as long as you
> are using it for private purposes.
I don't care about "private purposes". Any OSS license is OK with
private usage; if the CAL wasn't, we'd be blocking it for that reason.
I'm talking about downstream users who are supplying a service or
software to someone else.
> If you choose to use the software to provide services to others, *yes*,
> you must comply with the terms of the CAL. But you can't assume that the
> distribution you received is going to be non-compliant in the first place.
> - If the distribution you received is compliant, then this issue doesn't
> - If the software distribution *you* received is not compliant, or some
> other software that you built on top of CAL-licensed software is not
> compliant, then yes, you must invest time or money to be compliant if
> you wish to use that software to provide services to others.
Seems like you understand the novelty factor here; this is it in a
nutshell. The new factor doesn't necessarily mean that the licence is
not acceptable, but it *is* something that needs to be hashed out.
Do you understand, now, why Nigel was suggesting symmetry as a solution
for this, even if you don't agree with it?
More information about the License-review