[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

Richard Fontana rfontana at redhat.com
Thu Jan 2 03:37:40 UTC 2020

On Wed, Jan 1, 2020 at 9:29 PM Bradley M. Kuhn <bkuhn at ebb.org> wrote:

> Folks have shouted down Bruce as he wonders how Van's license will be used
> in practice.  I think Bruce has made a useful point on this thread: as a
> general matter, it's relevant that we consider how the license impacts
> users' *and* software publishers' software freedoms in *practice*, not
> merely *in theory*.
> In that regard, I'd like to know if the project that plans to use this
> license will be inbound=outbound (i.e., is the entity that's promulgating
> this new license willing to bound themselves by the license terms)?  Van,
> could you tell us, on behalf of your client (who appears to be the only
> potential licensor interested in this license), what their contribution
> plans are regarding this license?  Are they planning to accept contributions
> under this license, and thus be bound by it for their FOSS projects?
> If not, why not?

I would also like to know the answer to this question -- or, to put
the issue more directly, I am interested in knowing whether Holochain
plans to use this license in connection with a copyleft/proprietary
dual-licensing business model (what some call "proprietary

I know there is a difference of opinion on whether the actual or
anticipated license-employing business model of a license submitter
should matter at all for purposes of OSI approval. For me, if the
business model in question is some form of proprietary relicensing,
it's an easier question. OSI ought to take a clear position that
proprietary relicensing is a bad practice, and that licenses
principally designed for use in connection with proprietary
relicensing (whether this is obvious from the text of the license, or,
as will more often be the case, detectable as a matter of common sense
and known extrinsic facts) raise special OSD conformance concerns.

When Kyle Mitchell's L0-R was being discussed a couple of years ago, I
expressed the view on this list that the nature of the business model
of the entity associated with the license (Artless Devices) -- a kind
of proprietary-relicensing "vending machine" as I believe Kyle
described it -- was relevant when examining the license for
conformance to the OSD. This was in part because of the substantive
restrictive novelty of the license, and because the only foreseeable
user of the license would be a project engaged in a business deal with
Artless Devices. In the case of CAL, we have a complex copyleft
license with significant conditions not seen before in an open source
license, where the only foreseeable user is Holochain itself.

It matters whether proprietary relicensing is the primary use case for
at least a couple of reasons. First, there is the long general history
of this technique being used, in effect, as a disguised attempt to
inhibit software freedom, particularly for commercial users. Second,
and this goes to Bradley's comment, the proprietary relicensing use
case generally requires projects to adopt rules of governance that
result in concentration of licensing power in one entity and an
asymmetric, discriminatory approach to legally handling contributions,
which I would argue in the copyleft context conflicts with present-day
open source values which should inform how we interpret the OSD.


More information about the License-review mailing list