From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7D8DA138334 for ; Tue, 12 Feb 2019 19:40:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 273AAE0874; Tue, 12 Feb 2019 19:40:17 +0000 (UTC) Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8E9D7E0872 for ; Tue, 12 Feb 2019 19:40:16 +0000 (UTC) Received: by mail-lj1-x234.google.com with SMTP id q128so3087434ljb.11 for ; Tue, 12 Feb 2019 11:40:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gentoo-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=JXdRsg827BPWCnJNO5T275DYRVwrqINGlKity6WOjgM=; b=yNP/rpcz3rYYy/Op4WAsXLINSsw9DpYOpkV9XsBHbX2AvPT7Q3qRGC1xJbis5+QEaO 375xB3bPhyMNvey5TsPx6ahaKbzB7pcCWIY5QL8PzeFOzUM7ci6vub63vUriZ+b/WcaF mnvigniennQMwi7eEbZbqLuZ/ICo3M37/f+oTl0E8/8Nxzes/13GTvhzPkHfu1udkpnl 8qvX5I0jNAlmyGj/p3sqL7mfyfwvyHxGWleKYuDfwAfRndpDP+eS6UfN1mt3SlZQ57aU 6AeVFzBAtJdH3zjVo1+KRgMrLCbEqYNu288E4Vt8vtAetv1kMOd0ijGEnM4WTukgW01J kxqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=JXdRsg827BPWCnJNO5T275DYRVwrqINGlKity6WOjgM=; b=S0wV72JgGaFHXhEUgX8APGHvXgZ12Dzm3haJEQOe3oFtR6aRzvxEOI3D42lZ30Iwm6 FUzHxlyhXMlR+nFWJ/3ap+U7Hp6zNJnSeY6SO90RX01YsqsSr4xy6OBhLI9t6igZ7Ivs 3mW7ui+OCRMC+zWYqmOq3FG6y0rZGiFvzlc/Hetw9r/PmvGYoj+hGTG51IZM+fqTfI26 HVDRy+T/LXE6ExWTeIv2WiX6hnE9WOFGsgW+mu8glWo0GeTljaHX8eAipcFG9kKsIny5 j1zGnZRST3EsZhpl/DNrc85Rf1JKfae3tOCS3DW9aAXz6QVq5oaaZQQIgW7wC9r6JOXu bPBQ== X-Gm-Message-State: AHQUAuZ3ta55w468YMeQaIv5EqLOGY08GDUvZgvcBBKIP67LjqDWPmeK b5E9OwNpRpdXY4J31FIHWnwwZHcPHRgkbGgIGvX3H1ns X-Google-Smtp-Source: AHgI3Ib3z367t9czkY/5kMornmUvlKn2TPO6oNoWDT2Ycq0gxVyF5huyKxnQvzTYbJPE+jCgnbS2JBamtzIN5pxrYI8= X-Received: by 2002:a2e:9786:: with SMTP id y6-v6mr3241255lji.53.1550000413819; Tue, 12 Feb 2019 11:40:13 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 References: <18f615b4-dfd4-f0db-a5c4-93c97e7dcbb6@gentoo.org> In-Reply-To: <18f615b4-dfd4-f0db-a5c4-93c97e7dcbb6@gentoo.org> From: Alec Warner Date: Tue, 12 Feb 2019 14:40:01 -0500 Message-ID: Subject: Re: [gentoo-project] Re: What should the default acceptable licenses be? To: gentoo-project Content-Type: multipart/alternative; boundary="0000000000001160ec0581b798cc" X-Archives-Salt: 174bffba-0c8a-4d68-8f38-e9f9b23a3934 X-Archives-Hash: 450ac292ee07e066667d2139db3e666c --0000000000001160ec0581b798cc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Feb 5, 2019 at 6:49 PM Kristian Fiskerstrand wrote= : > On 1/26/19 10:04 PM, Kristian Fiskerstrand wrote: > > I would like to point the community at the following bug > > https://bugs.gentoo.org/676248: > > Bug 676248 - non-free licenses are accepted without user prompt > > > > In summary the question is whether non-free licenses should be accepted > > by default in Gentoo. today only licenses requiring EULA are not > > accepted by default. So this is a good opportunity to discuss whether w= e > > should deviate substantially from other distros like Debian. > > > > My personal opinion is we should have a default accepting FSF and OSI > > approved free/libre licenses and require acceptance for anything else > > though package.license / ACCEPT_LICENSE. Since we have this model > > already we don't need a separate repository like debian does for its > > binary packages, so any change has relatively minor impact on our users > > as long as it is presented properly and with a proper timeline. > > > > This topic has been discussed from time to time, including in 2013 in > > https://archives.gentoo.org/gentoo-project/message/b36af97cdf6172217974a3= afb30475bd > . However, context change and 6 years is likely enough time to permit a > new discussion. > > What constitute free software is a broad discussion, so for the context > of these discussions I recommend we keep to the FSF and OSI definitions. > These definitions protects the user's rights to copy/modify/use the > application without repercussions, and that is exactly why it should be > the default license. > So I think the TL;DR for me here is that I'd rather the Council have decided that "We interpret the social contract in a way whereby Gentoo should espouse free software and we believe we can do better here by setting the default ACCEPT_LICENSE to "-* @FREE". I think some of your comments below go further than that and I'm not sure that helps your case (and at least the comments concern me slightly.) I believe that irrespective of any ideology that @FREE does provide benefits, namely that: - The OSI and FSF are stewards of the OSD and they will vet and review licenses that meet the OSD. This is beneficial to end users who want a vetted and controlled licensing experience for such software. - Users trust the OSI and FSF (and by extension, licenses@gentoo.org, who populate the in-tree copy) with this task. Delegation is a useful tool that removes the burden from users who would have to vet on their own. > As soon as a user start using a non-free license the user needs to > make judgments on how it will impact on further choice, and likely need > to consult a lawyer for practicality if using it in any commercial contex= t. > > In particular in a scenario where the license change unexpectedly this > can be an interesting twist, as seen with MongoDB. To quote > > > http://lists.opensource.org/pipermail/license-review_lists.opensource.org= /2018-October/003739.html > : > "Developers don=E2=80=99t always pay attention and given they have stated= any > updates to older versions moving forward are SSPL a developer just > grabbing a security update suddenly means you=E2=80=99re not under AGPL a= nymore > but SSPL." > > The consequences for a user arise when using non-free licenses, so the > default should be to allow free licenses by default. > I mostly don't find this argument valuable. OSI and FSF have consequences to anyone who redistributes them, but somehow they are allowed by default (because freedom?) This is why I continue to advocate for a deliberate choice based on the social contract ("Gentoo is and will remain Free and thus the default should be "-* @FREE" rather than some kind of objective choice based on 'consequences'; which I think just muddle the point. > > A more puritan approach could be to not provide any approved license at > all, but the Gentoo Social contract says "Gentoo is and will remain free > software", which makes @FREE the natural choice. > I agree w/this FWIW. > > Most of the issues from the previous discussions have been solved by > now, increasing the value of re-opening the discussion, and the > user-impact is minimal for setting a default of @FREE given proper > documentation in the handbook. > I'm going to re-iterate william's comment here in that I don't think the council has a good idea of what the user impact is; however I suspect this is not an intractable issue and I don't think it blocks any decision (and as noted in the meeting, we can always make changes later.) -A > > -- > Kristian Fiskerstrand > OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net > fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 > > --0000000000001160ec0581b798cc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Tue, Feb 5, 2019 at 6:49 PM Kristi= an Fiskerstrand <k_f@gentoo.org>= ; wrote:
On 1/26= /19 10:04 PM, Kristian Fiskerstrand wrote:
> I would like to point the community at the following bug
> https://bugs.gentoo.org/676248:
> Bug 676248 - non-free licenses are accepted without user prompt
>
> In summary the question is whether non-free licenses should be accepte= d
> by default in Gentoo. today only licenses requiring EULA are not
> accepted by default. So this is a good opportunity to discuss whether = we
> should deviate substantially from other distros like Debian.
>
> My personal opinion is we should have a default accepting FSF and OSI<= br> > approved free/libre licenses and require acceptance for anything else<= br> > though package.license / ACCEPT_LICENSE. Since we have this model
> already we don't need a separate repository like debian does for i= ts
> binary packages, so any change has relatively minor impact on our user= s
> as long as it is presented properly and with a proper timeline.
>

This topic has been discussed from time to time, including in 2013 in
https://archives.= gentoo.org/gentoo-project/message/b36af97cdf6172217974a3afb30475bd
. However, context change and 6 years is likely enough time to permit a
new discussion.

What constitute free software is a broad discussion, so for the context
of these discussions I recommend we keep to the FSF and OSI definitions. These definitions protects the user's rights to copy/modify/use the
application without repercussions, and that is exactly why it should be
the default license.

So I think the TL;= DR for me here is that I'd rather the Council have decided that "W= e interpret the social contract in a way whereby Gentoo should espouse free= software and we believe we can do better here by setting the default ACCEP= T_LICENSE to "-*=C2=A0@FREE". I think some of your comments below= go further than that and I'm not sure that helps your case (and at lea= st the comments concern me slightly.)

I believe th= at irrespective of any ideology that=C2=A0@FREE does provide benefits, name= ly that:
=C2=A0- The OSI and FSF are stewards of the OSD and they= will vet and review licenses that meet the OSD. This is beneficial to end = users who want a vetted and controlled licensing experience for such softwa= re.
=C2=A0- Users trust the OSI and FSF (and by extension, licenses@gentoo.org, who populate the = in-tree copy) with this task.

Delegation is a usef= ul tool that removes the burden from users who would have to vet on their o= wn.

<= br> As soon as a user start using a non-free license the user needs to
make judgments on how it will impact on further choice, and likely need
to consult a lawyer for practicality if using it in any commercial context.=

In particular in a scenario where the license change unexpectedly this
can be an interesting twist, as seen with MongoDB. To quote

ht= tp://lists.opensource.org/pipermail/license-review_lists.opensource.org/201= 8-October/003739.html
:
"Developers don=E2=80=99t always pay attention and given they have sta= ted any
updates to older versions moving forward are SSPL a developer just
grabbing a security update suddenly means you=E2=80=99re not under AGPL any= more
but SSPL."

The consequences for a user arise when using non-free licenses, so the
default should be to allow free licenses by default.
<= br>
I mostly don't find this argument valuable. OSI and FSF h= ave consequences to anyone who redistributes them, but somehow they are all= owed by default (because freedom?) This is why I continue to advocate for a= deliberate choice based on the social contract ("Gentoo is and will r= emain Free and thus the default should be "-* @FREE" rather than = some kind of objective choice based on 'consequences'; which I thin= k just muddle the point.
=C2=A0

A more puritan approach could be to not provide any approved license at
all, but the Gentoo Social contract says "Gentoo is and will remain fr= ee
software", which makes @FREE the natural choice.
=
I agree w/this FWIW.
=C2=A0

Most of the issues from the previous discussions have been solved by
now, increasing the value of re-opening the discussion, and the
user-impact is minimal for setting a default of @FREE given proper
documentation in the handbook.

I'm = going to re-iterate william's comment here in that I don't think th= e council has a good idea of what the user impact is; however I suspect thi= s is not an intractable issue and I don't think it blocks any decision = (and as noted in the meeting, we can always make changes later.)
= =C2=A0
-A



--
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

--0000000000001160ec0581b798cc--