| 1 |
On Tue, Feb 5, 2019 at 6:49 PM Kristian Fiskerstrand <k_f@g.o> wrote: |
| 2 |
|
| 3 |
> On 1/26/19 10:04 PM, Kristian Fiskerstrand wrote: |
| 4 |
> > I would like to point the community at the following bug |
| 5 |
> > https://bugs.gentoo.org/676248: |
| 6 |
> > Bug 676248 - non-free licenses are accepted without user prompt |
| 7 |
> > |
| 8 |
> > In summary the question is whether non-free licenses should be accepted |
| 9 |
> > by default in Gentoo. today only licenses requiring EULA are not |
| 10 |
> > accepted by default. So this is a good opportunity to discuss whether we |
| 11 |
> > should deviate substantially from other distros like Debian. |
| 12 |
> > |
| 13 |
> > My personal opinion is we should have a default accepting FSF and OSI |
| 14 |
> > approved free/libre licenses and require acceptance for anything else |
| 15 |
> > though package.license / ACCEPT_LICENSE. Since we have this model |
| 16 |
> > already we don't need a separate repository like debian does for its |
| 17 |
> > binary packages, so any change has relatively minor impact on our users |
| 18 |
> > as long as it is presented properly and with a proper timeline. |
| 19 |
> > |
| 20 |
> |
| 21 |
> This topic has been discussed from time to time, including in 2013 in |
| 22 |
> |
| 23 |
> https://archives.gentoo.org/gentoo-project/message/b36af97cdf6172217974a3afb30475bd |
| 24 |
> . However, context change and 6 years is likely enough time to permit a |
| 25 |
> new discussion. |
| 26 |
> |
| 27 |
> What constitute free software is a broad discussion, so for the context |
| 28 |
> of these discussions I recommend we keep to the FSF and OSI definitions. |
| 29 |
> These definitions protects the user's rights to copy/modify/use the |
| 30 |
> application without repercussions, and that is exactly why it should be |
| 31 |
> the default license. |
| 32 |
> |
| 33 |
|
| 34 |
So I think the TL;DR for me here is that I'd rather the Council have |
| 35 |
decided that "We interpret the social contract in a way whereby Gentoo |
| 36 |
should espouse free software and we believe we can do better here by |
| 37 |
setting the default ACCEPT_LICENSE to "-* @FREE". I think some of your |
| 38 |
comments below go further than that and I'm not sure that helps your case |
| 39 |
(and at least the comments concern me slightly.) |
| 40 |
|
| 41 |
I believe that irrespective of any ideology that @FREE does provide |
| 42 |
benefits, namely that: |
| 43 |
- The OSI and FSF are stewards of the OSD and they will vet and review |
| 44 |
licenses that meet the OSD. This is beneficial to end users who want a |
| 45 |
vetted and controlled licensing experience for such software. |
| 46 |
- Users trust the OSI and FSF (and by extension, licenses@g.o, who |
| 47 |
populate the in-tree copy) with this task. |
| 48 |
|
| 49 |
Delegation is a useful tool that removes the burden from users who would |
| 50 |
have to vet on their own. |
| 51 |
|
| 52 |
|
| 53 |
> As soon as a user start using a non-free license the user needs to |
| 54 |
> make judgments on how it will impact on further choice, and likely need |
| 55 |
> to consult a lawyer for practicality if using it in any commercial context. |
| 56 |
> |
| 57 |
|
| 58 |
> In particular in a scenario where the license change unexpectedly this |
| 59 |
> can be an interesting twist, as seen with MongoDB. To quote |
| 60 |
> |
| 61 |
> |
| 62 |
> http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-October/003739.html |
| 63 |
> : |
| 64 |
> "Developers don’t always pay attention and given they have stated any |
| 65 |
> updates to older versions moving forward are SSPL a developer just |
| 66 |
> grabbing a security update suddenly means you’re not under AGPL anymore |
| 67 |
> but SSPL." |
| 68 |
> |
| 69 |
> The consequences for a user arise when using non-free licenses, so the |
| 70 |
> default should be to allow free licenses by default. |
| 71 |
> |
| 72 |
|
| 73 |
I mostly don't find this argument valuable. OSI and FSF have consequences |
| 74 |
to anyone who redistributes them, but somehow they are allowed by default |
| 75 |
(because freedom?) This is why I continue to advocate for a deliberate |
| 76 |
choice based on the social contract ("Gentoo is and will remain Free and |
| 77 |
thus the default should be "-* @FREE" rather than some kind of objective |
| 78 |
choice based on 'consequences'; which I think just muddle the point. |
| 79 |
|
| 80 |
|
| 81 |
> |
| 82 |
> A more puritan approach could be to not provide any approved license at |
| 83 |
> all, but the Gentoo Social contract says "Gentoo is and will remain free |
| 84 |
> software", which makes @FREE the natural choice. |
| 85 |
> |
| 86 |
|
| 87 |
I agree w/this FWIW. |
| 88 |
|
| 89 |
|
| 90 |
> |
| 91 |
> Most of the issues from the previous discussions have been solved by |
| 92 |
> now, increasing the value of re-opening the discussion, and the |
| 93 |
> user-impact is minimal for setting a default of @FREE given proper |
| 94 |
> documentation in the handbook. |
| 95 |
> |
| 96 |
|
| 97 |
I'm going to re-iterate william's comment here in that I don't think the |
| 98 |
council has a good idea of what the user impact is; however I suspect this |
| 99 |
is not an intractable issue and I don't think it blocks any decision (and |
| 100 |
as noted in the meeting, we can always make changes later.) |
| 101 |
|
| 102 |
-A |
| 103 |
|
| 104 |
|
| 105 |
> |
| 106 |
> -- |
| 107 |
> Kristian Fiskerstrand |
| 108 |
> OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
| 109 |
> fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
| 110 |
> |
| 111 |
> |
Archives