Bruce Perens quits Open Source Initiative amid row over new data-sharing crypto license: 'We've gone the wrong way with licensing'

Re: Admittedly a fan of a new license

I don't have an objection to this license per se, but I don't see the merits you have described. It seems about as easy to read as other similarly-sized licenses, and more complex than many shorter ones. Furthermore, I note the following potential problems.

First, there is a clause allowing the original author to dual-license the thing, letting a proprietary version exist. This may sound fine in that a company is unlikely to pay someone for something they can get for free, but it might also allow them to produce an increasing number of different versions under different licenses that will prove in future to be a pain to reintegrate. Worse still, it's not exactly clear who gets the right to dual license. Theoretically, only the original author gets that right. But since this license applies to all parts of a derived work a la GPL, what happens if I update the work of someone else. I might be able to dual license my additions while keeping the original code open, or I might be in violation if I try. I'm almost certainly not allowed to dual license the whole thing, but if I'm able to dual license my additions, I could be able to effectively nullify the requirement to release them under the same license by applying two licenses and then not distributing a version under the original license.

Second, you have expressed that you like the sunset clause. That clause reads as follows: "The conditions in sections 2 through 5 no longer apply once fifteen years have elapsed from the date of My first Distribution of My Work under this License." This looks problematic to me. What does "first distribution" mean? If I release an update, does that count as a subsequent distribution of the original thing or does it start the clock over again? These questions may seem pointless, but it's this type of difficulty with licensing that can hamper innovation or rights to source. If I don't know whether or not I can do something, I'm less likely to work on a project, and companies who wish to take open source and turn it proprietary will jump on a license that has problems allowing them more leeway than was originally intended.

Re: Admittedly a fan of a new license

Before people settle on pros and cons, take a step back and ask...

"...distributed peer-to-peer software needs a license that addresses cryptographic key rights"

Mmmm... does it?

Medeco has patents and controls on their key blanks, but if you want a blank, you can buy one second hand along with an angle cutter to cut them. It's a pain for the average "peer" as all they want is a copy of the damn key, and not in a few weeks. Meanwhile in those few weeks, the only non-peers with access to YOUR door are the official "distributors" and the so called bad guys until the paperwork is finished.

Re: Am I missing something ?

I was puzzled by this too. However, I think it may be related to the following, if I have understood it correctly (which should not be taken as given)...

The issue at hand seems to be a sort of peer-to-peer cloud: the intention is that you put some data into it and it gets processed somewhere, perhaps in multiple different places. Other nodes may also get to validate the processing or data to check that participants aren't running rogue software.

This means that your data may end up in the hands of people you don't know and who you haven't explicitly authorised to receive it. The licence appears to be intended to ensure that, if you run the software, you have a GDPR-like obligation to anyone whose data you have processed.

It seems to me that the biggest problem here isn't the licence, but the entire concept. Clearly, there's a potential benefit in theory if you can have a sort of Bittorrent for lambda functions which might mean you're not at the mercy of your IoT provider's server infrastructure. Legally and practically, it seems like a complete nightmare - how do you even know who might have seen your data, never mind actually use the software licence (issued by a third party) to enforce your personal rights. And who would want to participate in such a network if they were potentially having to work out whose data they might have and whether any request to access it came from its legitimate owner.

IAN, fortunately, AL, but this doesn't sound to me like the kind of problem a software licence can usefully resolve.

Re: BSD

Yes, I particularly object to the exclusion of the BSD license.

Re: BSD

Erm, what? Who is ignoring the BSD licence, and how?

Agreed, BSD is easygoing - though one might argue MIT is better still if you want lawyer-free. But that's nothing to do with this article. And ironically I don't think they're actually lawyer-free at all: rather they're a lawyer's minimum conditions for releasing source while covering an institutional arse against being sued.

If you mean the "we only need three licences" comment, I read that as making a point about duplication in the proliferation of licences. Not about the licences themselves. I could speculate that it hints at "Apache is the modernised BSD", but to say that's what he meant would be putting words in his mouth. And I wouldn't entirely agree, but then I still think GPLv2 was a work of genius - in part because it kicked off the whole debate, but also because it's a lawyer-free work that's since held up in court against lawyer attacks.

@LDS - Re: When you put ideology into software licenses....

And this is absolutely normal. Just pick and use the license you feel comfortable with and let others have their choice.

Re: What does vaccination have to do with software licencing?

It means you can only use the software if you, your family and your staff are not walking biological weapons. Which I think is entirely reasonable. Some of the people who created software would not have lived long enough to do so without the benefits of modern medicine.

Re: What does vaccination have to do with software licencing?

I have a hard time seeing the vaccination requirement as anything but unenforceable. Coincidentally, so does Bruce Perens.

Re: What does vaccination have to do with software licencing?

This is an answer to the above question "why do we need an OSI at all?"

A hundred approved licences may sound like approximately 95 too many, but think how much worse it could be if there were nobody to filter out nonsense like this.

Re: What does vaccination have to do with software licencing?

I agree. I'm extremely pro-vaccination and consider it a societal duty. But I would never accept a license like this, because I think this sort of thing has no place in software licenses.

Re: What does vaccination have to do with software licencing?

these people are deciding they can interfere in others' lives

No they aren't. They're imposing a requirement on people who want to use the product of their labor. Those who don't like that requirement aren't obliged to use the software.

They may be providing an incentive for the behavior they prefer, but they're not "interfering" in any substantial way.

Re: From the Article

Google, Amazon, Facebook & C. do it with the GPL as well. As long as they don't redistribute code to third parties they don't have to release the source code. All of them use internally a lot of modified code you won't ever see published, even when it's fully used to deliver external 'services'. All open source license were designed against COTS software, just all Xaas models bypass the old delivery method so they are free to exploit open source code and let them publish only what is needed to fully support their business model and profits.

Re: Mixing freedom and money - or obligation

I'm not disagreeing with you, but there are also reasons people choose to use less permissive licenses. Linux is GPL, for example, to keep the community benefiting from the code that was given away; the original authors aren't demanding anything from users, but if their work is extended, they ask that the results are similarly given away. I frequently find it irritating to decide exactly what license I should put on some code, and I often feel, after reading some license comparisons, a desire to simply release the thing, say "do what you want with it", and call it good. Unfortunately, that approach usually doesn't work because potential users are unsure about what is allowed without a specific license and I haven't included those indemnifications that every standard license has.

Re: Mixing freedom and money - or obligation

> Personally I just give my stuff away - I got the value out of it by using it myself, and simply ensuring no one else can take my own stuff from me or prevent me from using it, claiming it's their IP. seems like a worthwhile setup.

Me too.

I basically stopped using OSS licenses years ago, for a whole lot of reasons. Now, my software falls into one of three categories, licensing-wise. Most software I write is released into the public domain outright. Some software I release with a license that is generally along the lines of OSS licenses, but is of my own devising. I also release a small amount of software under a closed-source license (although source is always available to customers).

If I were $PARTY2 I'd want to be included in those disclaimers as well.