Gentoo Archives: gentoo-project

From: Alec Warner <antarus@g.o>
To: gentoo-project <gentoo-project@l.g.o>
Subject: Re: [gentoo-project] Re: What should the default acceptable licenses be?
Date: Tue, 12 Feb 2019 19:40:18
In Reply to: [gentoo-project] Re: What should the default acceptable licenses be? by Kristian Fiskerstrand
On Tue, Feb 5, 2019 at 6:49 PM Kristian Fiskerstrand <k_f@g.o> wrote:

> On 1/26/19 10:04 PM, Kristian Fiskerstrand wrote: > > I would like to point the community at the following bug > > > > Bug 676248 - non-free licenses are accepted without user prompt > > > > In summary the question is whether non-free licenses should be accepted > > by default in Gentoo. today only licenses requiring EULA are not > > accepted by default. So this is a good opportunity to discuss whether we > > should deviate substantially from other distros like Debian. > > > > My personal opinion is we should have a default accepting FSF and OSI > > approved free/libre licenses and require acceptance for anything else > > though package.license / ACCEPT_LICENSE. Since we have this model > > already we don't need a separate repository like debian does for its > > binary packages, so any change has relatively minor impact on our users > > as long as it is presented properly and with a proper timeline. > > > > This topic has been discussed from time to time, including in 2013 in > > > . However, context change and 6 years is likely enough time to permit a > new discussion. > > What constitute free software is a broad discussion, so for the context > of these discussions I recommend we keep to the FSF and OSI definitions. > These definitions protects the user's rights to copy/modify/use the > application without repercussions, and that is exactly why it should be > the default license. >
So I think the TL;DR for me here is that I'd rather the Council have decided that "We interpret the social contract in a way whereby Gentoo should espouse free software and we believe we can do better here by setting the default ACCEPT_LICENSE to "-* @FREE". I think some of your comments below go further than that and I'm not sure that helps your case (and at least the comments concern me slightly.) I believe that irrespective of any ideology that @FREE does provide benefits, namely that: - The OSI and FSF are stewards of the OSD and they will vet and review licenses that meet the OSD. This is beneficial to end users who want a vetted and controlled licensing experience for such software. - Users trust the OSI and FSF (and by extension, licenses@g.o, who populate the in-tree copy) with this task. Delegation is a useful tool that removes the burden from users who would have to vet on their own.
> As soon as a user start using a non-free license the user needs to > make judgments on how it will impact on further choice, and likely need > to consult a lawyer for practicality if using it in any commercial context. >
> In particular in a scenario where the license change unexpectedly this > can be an interesting twist, as seen with MongoDB. To quote > > > > : > "Developers don’t always pay attention and given they have stated any > updates to older versions moving forward are SSPL a developer just > grabbing a security update suddenly means you’re not under AGPL anymore > but SSPL." > > The consequences for a user arise when using non-free licenses, so the > default should be to allow free licenses by default. >
I mostly don't find this argument valuable. OSI and FSF have consequences to anyone who redistributes them, but somehow they are allowed by default (because freedom?) This is why I continue to advocate for a deliberate choice based on the social contract ("Gentoo is and will remain Free and thus the default should be "-* @FREE" rather than some kind of objective choice based on 'consequences'; which I think just muddle the point.
> > A more puritan approach could be to not provide any approved license at > all, but the Gentoo Social contract says "Gentoo is and will remain free > software", which makes @FREE the natural choice. >
I agree w/this FWIW.
> > Most of the issues from the previous discussions have been solved by > now, increasing the value of re-opening the discussion, and the > user-impact is minimal for setting a default of @FREE given proper > documentation in the handbook. >
I'm going to re-iterate william's comment here in that I don't think the council has a good idea of what the user impact is; however I suspect this is not an intractable issue and I don't think it blocks any decision (and as noted in the meeting, we can always make changes later.) -A
> > -- > Kristian Fiskerstrand > OpenPGP keyblock reachable at hkp:// > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > >


Subject Author
Re: [gentoo-project] Re: What should the default acceptable licenses be? Thomas Deutschmann <whissi@g.o>