1 |
On Tue, Feb 5, 2019 at 6:49 PM Kristian Fiskerstrand <k_f@g.o> wrote: |
2 |
|
3 |
> On 1/26/19 10:04 PM, Kristian Fiskerstrand wrote: |
4 |
> > I would like to point the community at the following bug |
5 |
> > https://bugs.gentoo.org/676248: |
6 |
> > Bug 676248 - non-free licenses are accepted without user prompt |
7 |
> > |
8 |
> > In summary the question is whether non-free licenses should be accepted |
9 |
> > by default in Gentoo. today only licenses requiring EULA are not |
10 |
> > accepted by default. So this is a good opportunity to discuss whether we |
11 |
> > should deviate substantially from other distros like Debian. |
12 |
> > |
13 |
> > My personal opinion is we should have a default accepting FSF and OSI |
14 |
> > approved free/libre licenses and require acceptance for anything else |
15 |
> > though package.license / ACCEPT_LICENSE. Since we have this model |
16 |
> > already we don't need a separate repository like debian does for its |
17 |
> > binary packages, so any change has relatively minor impact on our users |
18 |
> > as long as it is presented properly and with a proper timeline. |
19 |
> > |
20 |
> |
21 |
> This topic has been discussed from time to time, including in 2013 in |
22 |
> |
23 |
> https://archives.gentoo.org/gentoo-project/message/b36af97cdf6172217974a3afb30475bd |
24 |
> . However, context change and 6 years is likely enough time to permit a |
25 |
> new discussion. |
26 |
> |
27 |
> What constitute free software is a broad discussion, so for the context |
28 |
> of these discussions I recommend we keep to the FSF and OSI definitions. |
29 |
> These definitions protects the user's rights to copy/modify/use the |
30 |
> application without repercussions, and that is exactly why it should be |
31 |
> the default license. |
32 |
> |
33 |
|
34 |
So I think the TL;DR for me here is that I'd rather the Council have |
35 |
decided that "We interpret the social contract in a way whereby Gentoo |
36 |
should espouse free software and we believe we can do better here by |
37 |
setting the default ACCEPT_LICENSE to "-* @FREE". I think some of your |
38 |
comments below go further than that and I'm not sure that helps your case |
39 |
(and at least the comments concern me slightly.) |
40 |
|
41 |
I believe that irrespective of any ideology that @FREE does provide |
42 |
benefits, namely that: |
43 |
- The OSI and FSF are stewards of the OSD and they will vet and review |
44 |
licenses that meet the OSD. This is beneficial to end users who want a |
45 |
vetted and controlled licensing experience for such software. |
46 |
- Users trust the OSI and FSF (and by extension, licenses@g.o, who |
47 |
populate the in-tree copy) with this task. |
48 |
|
49 |
Delegation is a useful tool that removes the burden from users who would |
50 |
have to vet on their own. |
51 |
|
52 |
|
53 |
> As soon as a user start using a non-free license the user needs to |
54 |
> make judgments on how it will impact on further choice, and likely need |
55 |
> to consult a lawyer for practicality if using it in any commercial context. |
56 |
> |
57 |
|
58 |
> In particular in a scenario where the license change unexpectedly this |
59 |
> can be an interesting twist, as seen with MongoDB. To quote |
60 |
> |
61 |
> |
62 |
> http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-October/003739.html |
63 |
> : |
64 |
> "Developers don’t always pay attention and given they have stated any |
65 |
> updates to older versions moving forward are SSPL a developer just |
66 |
> grabbing a security update suddenly means you’re not under AGPL anymore |
67 |
> but SSPL." |
68 |
> |
69 |
> The consequences for a user arise when using non-free licenses, so the |
70 |
> default should be to allow free licenses by default. |
71 |
> |
72 |
|
73 |
I mostly don't find this argument valuable. OSI and FSF have consequences |
74 |
to anyone who redistributes them, but somehow they are allowed by default |
75 |
(because freedom?) This is why I continue to advocate for a deliberate |
76 |
choice based on the social contract ("Gentoo is and will remain Free and |
77 |
thus the default should be "-* @FREE" rather than some kind of objective |
78 |
choice based on 'consequences'; which I think just muddle the point. |
79 |
|
80 |
|
81 |
> |
82 |
> A more puritan approach could be to not provide any approved license at |
83 |
> all, but the Gentoo Social contract says "Gentoo is and will remain free |
84 |
> software", which makes @FREE the natural choice. |
85 |
> |
86 |
|
87 |
I agree w/this FWIW. |
88 |
|
89 |
|
90 |
> |
91 |
> Most of the issues from the previous discussions have been solved by |
92 |
> now, increasing the value of re-opening the discussion, and the |
93 |
> user-impact is minimal for setting a default of @FREE given proper |
94 |
> documentation in the handbook. |
95 |
> |
96 |
|
97 |
I'm going to re-iterate william's comment here in that I don't think the |
98 |
council has a good idea of what the user impact is; however I suspect this |
99 |
is not an intractable issue and I don't think it blocks any decision (and |
100 |
as noted in the meeting, we can always make changes later.) |
101 |
|
102 |
-A |
103 |
|
104 |
|
105 |
> |
106 |
> -- |
107 |
> Kristian Fiskerstrand |
108 |
> OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
109 |
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
110 |
> |
111 |
> |