[License-review] For approval: The Cryptographic Autonomy License (Beta 4)

[Bradley M. Kuhn]

This text quoted below from my previous post was included out-of-context in
a news article that insinuates that OSI is doing something wrong:
> the policy implications of OSI volunteers interactively drafting a very
> novel copyleft license with a for-profit entity's lawyer and then
> approving it quickly really concern me.

That was not the intent; I wrote poorly and was needlessly pithy.  I believe
everyone involved with evaluation of this license, including OSI Board
Members, License Committee and license-review list participants (whom I
meant to include collectively in the term "OSI volunteers"), have followed
the OSI license evaluation rules and behaved ethically and with integrity.
I apologize that my poor choice of words above made it seem that I was
saying otherwise.

I have better-written detail below to more explicitly explain what process
concerns I have here:

I believe the (relatively recent, given OSI's age) license-review rules do
not take fully into account (a) that substantial resources, effort and
politicking will be brought to bear when for-profit companies become license
drafting authorities and seek "OSI-approved", and (b) the wide array of
licenses (particularly just-drafted, far-reaching copyleft expansions) that
might be submitted.  As I said in 2018 during SS Public License evaluation,
the process works great for "minor tweak", highly permissive FOSS licenses
that have appeared in the wild and need urgent attention.  However, SS
Public License, IMO, showed the process was not adequate for newly drafted
copyleft expansion licenses.  Because MongoDB (thankfully) withdrew SS
Public License, there was no urgency for OSI to consider changing the rules
to prevent similar efforts to seek quick OSI approval for novel copyleft.

Because each license-review submission triggers the 60/30 day consideration
periods, there's much pressure to respond to each draft, which doesn't
encourage the slow discussion and consideration I think is necessary for
novel copyleft ideas.  I'll be explicit and frank: I simply *do not know* --
even after considering the original idea and studying everything available
in the hypothetical for almost a year -- whether or not the new terms in
Beta4§4 will advance or hinder software freedom, which, (regardless of
whether the draft seems like it meets OSD), is really *the* question. I feel
like I could flip a coin and be just as likely to answer that question
accurately. So, just speaking about how this has felt to me personally, all
last year, I felt the heavy weight of "figure it out quick, before the
license-review clock runs out".  Meanwhile, the only two
license-review-welcome results of that analysis seemed to be: encourage
approval or encourage rejection (i.e., is it "Open Source" or not?).  Some
current and past OSI board members told me they felt that pressure
intensely, too. I think there has to be an option (in the general case, not
only for this particular license) for the OSI to say "we don't know"
indefinitely and encourage the drafting authority to begin using the new
license without the OSI-approved label and see what happens.
-- 

Bradley M. Kuhn - he/him

Pls. support the charity where I work, Software Freedom Conservancy:
https://sfconservancy.org/supporter/