
The Copyleft Bust Up - joeyespo
https://writing.kemitchell.com/2018/11/04/Copyleft-Bust-Up.html
======
confounded
Question for Kyle: Do you see the enterprise exploiting GPL loopholes often?

I work at a FAANG, and there’s pretty much a hard ban on any copyleft code
being a dependency outside of stuff installed via distro packages. The lawyers
are tough about it; the advice is always to get an enterprise license (or of
course, make your own cool BSD+patents library to ‘open source’ as marketing).

I hear similar things from friends at other FAANG companies.

Do you see/hear of this more from startups based around a specific technology,
containerizing copyleft code and calling it exempt? Any examples you can
share?

P.S. Great blog!

~~~
mr_toad
> I work at a FAANG, and there’s pretty much a hard ban on any copyleft code

I have trouble reconciling this with the existence of Android.

~~~
icebraining
Why? Android didn't have any copyleft code besides the Linux kernel, which
doesn't extend to the userland. The rest of the components were Bionic (BSD),
Dalvik (Apache) and Harmony (Apache).

They now use OpenJDK, but that was after getting sued.

------
mikekchar
The overwhelming thing I get from reading this article is that the author
fundamentally misunderstands the point behind software freedom. While many
people (even RMS) characterise it as a moral struggle, the situation is far
more nuanced than "doing it that way is bad and doing it this way is good".
It's much more that there are outcomes that are desirable and outcomes that
are not. Some people believe that the undesirable outcomes are immoral, but I
think it is disingenuous to characterise it simply as a moral issue without
discussing the various set of outcomes.

When we buy some physical object, like a screw driver, nobody tells us what we
can use the screw driver for. It doesn't come with a license agreement
forbidding you from opening paint cans with it. It doesn't say, "This screw
driver is licensed for your projects only. If you want to using it at your
friends house, you'll have to buy another screw driver". It doesn't say, "You
can't attach this screw driver to an electric drill, thereby fashioning an
electric drill". It doesn't say, "You can't sell or even give away this screw
driver to someone else. You can't sharpen the blade. You can't attach the
handle more securely. You certainly can't show someone else how to sharpen the
blade, or attach the handle more securely. You can't forge a copy of this
screw driver and give it to your friend. And you especially can't forge a copy
of this screw driver and sell it!".

In contrast, this is exactly the kind of thing we are told we must accept for
software. Of course, it isn't just software. This TV has no user serviceable
parts. We've jury-rigged this ink container so that it is a DMCA violation to
refill it ( _that_ was a WTF moment in customer abuse if there ever was one).
It's illegal to fix your tractor. You can't adjust the fuel/air ratios for
your car (and especially you can't sell a device that does it for the average
person!!!) The list goes on. We're just lucky that 35 years ago or so,
somebody realised what was happening and thought critically about it with
respect to software.

I totally understand that many companies want creative licenses that allow
them to more easily control the market place. I understand that they wish to
allow some of the 4 freedoms, but wish to curtail others. They feel that they
can't make a viable business plan without these controls. They don't want to
aid others in competing in their market. I'm not unsympathetic to that point
of view. I'm still not going to purchase their software/service if I have any
other choice. Especially as a programmer, I _value_ the 4 freedoms. I
_exercise_ those freedoms. I'm _willing to pay_ for those freedoms. Perhaps
not very many people agree with that, but I'll tell you that there are a hell
of a lot more these days than there were 35 odd years ago.

There is no need for the FSF to compromise. In fact, there is no reason that
they should. The only point for the existence of the FSF is to promote the 4
freedoms. The outcomes for the consumer are much better off with those
freedoms intact. If some companies what to make weird hybrid licenses, then
they are allowed to do it. If it is marginally better than the really abusive
crap that you sometimes get, then that's a plus. It's not a plus that the FSF
exists to pursue, though. The "Free As Long As It Doesn't Impact Our Bottom
Line Software Foundation" doesn't really roll off the tongue anyway. "We'll
only stop you from making full use of the software if doing so impacts our
ability to dominate the market. We promise" is just not something that needs
protecting or promoting.

While parts of this post is tongue in cheek, I hope it makes the situation
more clear. Businesses have genuine hardships when trying to create free
software businesses. It would be great if the FSF did more work to try to find
solutions to help those businesses within the confines of free software, they
aren't going to be doing anything useful by compromising on the 4 freedoms.
Free software is a movement on behave of the _consumer_. It would be like
CAMRA abandoning real ale as long as it was profitable for the breweries -- it
just doesn't make any sense.

~~~
tpaschalis
Your comment hit the nail on the head.

Even though Free Software Licensing might not be for everyone, we're all lucky
to have people as stubborn and uncompromising as RMS to be the figureheads of
the Free Software Movement.

Indeed, there is no need for the FSF to compromise, but rather keep shifting
the conversation focus towards the _user 's freedom_, show companies the way
that they can achieve their goals without malicious restrictions towards their
users.

~~~
rimliu
There is no user's freedom, just programmer's freedom. The whole concept was
created when software users were almost all programmers. If suddenly it become
legal to perform neurosurgery yourselves would you call that user's freedom?

~~~
mikekchar
I would certainly want to be able to inspect the code of a pacemaker and
modify it if I decided it was necessary. Performing neurosurgery on my self is
not possible regardless of legality. However, if I was having neurosurgery and
I was educated enough to understand, then I would definitely want to see what
the surgeon was planning to do.

------
comex
This post refers to the Commons Clause and SSPL as patching "loopholes".
Here's the reality:

\- The Commons Clause bans large categories of uses, including providing
"consulting/support services", or selling any "product or service whose value
derives, entirely or substantially, from the functionality of the Software".

\- The SSPL requires users who want to "offer[] a service that accomplishes
for users the primary purpose of the Software or modified version" to license
all relevant "monitoring software, backup software, storage software and
hosting software" under the terms of the SSPL – which is likely impossible if
that software is, say, licensed under the GPL.

The Commons Clause is not meant to prohibit the listed activities entirely,
but require people who want to do them to get a commercial license from the
original developer. However, this fundamentally leaves the ability to fork the
software at the mercy of that developer. If the developer refused to provide
commercial licenses for the forked version, or just disappeared, the community
could theoretically maintain the fork under the Commons Clause-adorned
license, but they'd be stuck with software that _nobody_ could provide
"consulting/support services" for.

You can argue that the definition of "open source" ought to be broader than
what the OSI or FSF would permit; maybe "freedom zero" isn't essential, maybe
broader-reaching copyleft rules are acceptable. Maybe. But the ability to fork
is fundamental. "Open source" you can't fork doesn't even remotely deserve to
be called that. That's not innovation in license terms; that's just taking
proprietary software and calling it something else.

As for the SSPL... I'm not sure whether the impractical/impossible
redistribution requirements are meant to effectively achieve the same outcome
as the Commons Clause – forcing users to get a commercial license – or if it
was just poorly drafted. At best, it seems like the idea that people might
actually take advantage of the license as written, and make derived works
without paying in return for open sourcing the whole thing, as more of an
afterthought compared to the commercial license route. Perhaps MongoDB will
come up with an updated version of the license that addresses some of the
concerns, but that remains to be seen. The broadness and vagueness of
"monitoring software, backup software, storage software and hosting software"
makes it a bit hard to see the license as a good faith offer, but I could be
wrong.

~~~
yorwba
Note: This comment was originally written in response to TAforObvReasons,
whose comment was deleted while I wrote this (no idea why, there were some
good points), so I moved it up one level.

I think the license people are looking for is not "source available for non-
commercial use" but a license that makes it possible for others to fork and
experiment with modifications (or simply fix some bugs), and if those
modifications turn out to be useful, they can be merged right back into the
original product. You're allowed to make a better mousetrap, so long as
everyone else also gets to improve on your design.

The GPL makes selling improved software a bad business model, because the
first sale turns any customer into a potential competitor. But you can still
sell _future_ improvements, if you have the credibility (e.g. as the creator
of the software).

The AGPL does exactly the same thing, but for software you access over a
network connection. The LGPL is for software you access by linking to a
library.

Now that there's a new category of software you access over the network on a
platform with customized support infrastructure, the SSPL was intended to
provide the same effect of "every user is a potential competitor".

------
ggm
I remember the original BSD licence, regents of the university and all the
hassle it was renewing it to get the 4.2 tapes. Same signatory had to re-sign.
What? we're a university: he moved on.. tough. no sign, no licence.

Beautiful piece of paper. I seem to recall they invested time and effort re-
creating the university logo in T/Roff. The one we had was the first US legal
paper I'd seen. I think it even had embossing for the crest.

 _I know you meant the BSD 4 clause hold harmless, but there was another
meaning of BSD licence, before this_

~~~
kemitchell
Every virtue of history is a sin of omission.

 _Not yet forgotten, but remind us why we should remember..._

------
zzzcpan
So, ideally Mongo and Redis Labs and everyone using AGPL would unite and get
FSF to embrace a new stronger user freedom protecting license. Strong user
freedom works well for companies that want to protect themselves from
megacorps. It's too bad that megacorps gained so much influence over FSF and
it's not true to its ideals anymore.

~~~
klez
> It's too bad that megacorps gained so much influence over FSF and it's not
> true to its ideals anymore.

Wait, what?

Can you please provide an example?

------
TheDong
Thank you for that wonderfully written piece.

I think the ontology of Free Software License users is a fascinating topic
that sees too little light.

This post highlights the following categories:

* BSD-school -- Copyright/IP shouldn't exist, people may do what they wish with code, share it or not, but credit should be given at least... Honestly, kinda libertarian. BSD, ISC, WTFPL, and similar

* BSD-school (radical) -- Copyright law shouldn't exist, and even a requirement to give credit where due is too much. Software anarchists. WTFPL, Unlicense, etc

* Businesses (permissive) -- PaaS and other companies that wish to drink from the stream of existing code, but not worry about making changes and not releasing them. Apache-2.0, second-choice of BSD, ISC, etc

* Free Software Activists -- The GNU school, everything is about user freedom to modify any software they use. AGPL, GPLv3, etc

* Businesses (Upstarts? Free-software weaponizers?) -- They use free software to lure in idealistic hackers, while also using it as a tool to negotiate with Businesses (permissive) to make money. Dual license SSPL/GPL+something permissive,

I think that's roughly the list discussed in the post. I would like to further
add a few categories to this list from my perspective:

* Free Software Activists (with outreach) -- GNU school of thought, but with a desire to do outreach; they believe in user freedom, but would rather their code be used copyleft than not used, thus settle for the LGPL. LGPL

* Open-source Advocate -- Developers who believe in open source as a means of collaboration and improvement of software, not as an ideal related to IP law. This interpretation stems largely from people working at Businesses (permissive) which use this sort of open source as a PR tool or attempt at free labour. Apache-2, BSD, etc

* Business (PR/Image) -- A company that publishes open source software to attract developers in any of the previous camps, to create PR, and/or to crowd-source free labour. Distinct from Business (permissive) because (permissive) is about taking and using software, not releasing it, but there is likely overlap. Apache-2, BSD, etc.

I'd like to hear any thoughts others might have on whether there are more
ontologies, whether any of these are inaccurate, or whether any of these are
poorly categorized.

~~~
yesenadam
I've studied philosophy for many years and still _ontology_ seems like much
too much a philosophy jargon word to use on HN. (You write as if everyone will
understand you.) Well, maybe programmers generally use/know it, sorry if so.

~~~
icebraining
It started in philosophy, but it has spread to the CS field. I doubt most
developers I work with would understand the word, but it's relatively common
if you work in certain areas (the Semantic Web, for example, has
[https://en.wikipedia.org/wiki/Web_Ontology_Language](https://en.wikipedia.org/wiki/Web_Ontology_Language))

~~~
yesenadam
Ahh ok, thank you! Hmm yeah, I'd never heard of all that
[https://en.wikipedia.org/wiki/Ontology_(information_science)](https://en.wikipedia.org/wiki/Ontology_\(information_science\))

------
kemitchell
A visual aid that I might edit into the post later:
[https://twitter.com/kemitchell/status/1059574111733657600](https://twitter.com/kemitchell/status/1059574111733657600)

------
zby
Not really about the article - but an idea I have been pondering for some time
now. How about a software business that would sell licenses for signed copies
but distribute everything unsigned under GPL?

~~~
ryacko
That’d be a subscription service.

My problem of the OSS ecosystem right now is under maintained dependencies
that just because they compile and work, means most programs by non-billion
dollar firms have a minefield of insecure code inside them.

~~~
zby
Subscription - yeah - but the point is that it limits the possibility of free
loading competition selling the same thing.

Has anyone heard about a business like this? In the past security was less
important than it is now - so perhaps this is a new opportunity window.

~~~
desdiv
Zammad is a good example: it's open source[0] and packaged binaries are
available if you want to self-host[1].

Corporations can:

1\. Self-host for free but hire their own engineers/sysadmins to maintain it

2\. Pay for a per-seat hosted version from Zammad[2]

3\. Self-host and pay for a support contract so that Zammad engineers can
maintain it for you[3]

[0] [https://github.com/zammad/zammad](https://github.com/zammad/zammad)

[1] [https://zammad.org/](https://zammad.org/)

[2] [https://zammad.com/pricing#hosted](https://zammad.com/pricing#hosted)

[3]
[https://zammad.com/pricing#selfhosted](https://zammad.com/pricing#selfhosted)

------
di4na
There is only one small ppint missing when ypu talk of business not caring if
community yells.

What if these upstarts needs the community contribution to go through the
first hump to adoption. And this break in trust between community and upstart
stop people from contributing?

Or if devs begin to walk away for personal disagreements with their company
license.

This is not that far stretch and it is what will cost these companies. The
value of open source for business is that the community participate and
developers were happy.

If that breaks... then you lose.

------
austincheney
This licensing nonsense is clearly people trying to force their political
opinions or business interests upon software consumption. To step aside from
the political nonsense and business liability I prefer the most militant
permissive license, CCO-1.0, in my own software.

[https://creativecommons.org/publicdomain/zero/1.0/deed.en](https://creativecommons.org/publicdomain/zero/1.0/deed.en)

~~~
Avamander
I prefer AGPLv3 on my software because I've been burned by non-GPL software
not respecting my wishes and I don't want any of my users to suffer the same
fate. Calling it nonsense is short-sighted.

~~~
austincheney
> non-GPL software not respecting my wishes

Why would you want to force your desires upon a consumer of your software?

~~~
Avamander
Why do car manufacturers force their desires upon customers and build
seatbelts into their cars?

~~~
austincheney
Bad analogy. Car manufacturers provide a legally mandated feature, but the
manufacturer does not dictate usage and is not obligated to. The user can
choose to not use the seatbelt, which is not going to change the design of the
car.

~~~
Avamander
So if software developing had a law that software must give the four essential
user freedoms then it'd be okay to give but otherwise it's not okay? Please.

~~~
austincheney
Then I provide the legally mandated requirements as an optional feature the
user can choose to avoid. This way I am still not forcing my (or anybody
else's) politics on my users.

This still doesn't answer the question of why I would want to force my
politics on my users.

------
cryptonector
> The BSD school of hackerdom rejects intellectual property and its hassles.
> Ideally, BSD school hackers wouldn’t use licenses at all. [...]

Uh, no, that's not true. "The BSD school of hackerdom" doesn't reject
intellectual property. What a ridiculous oversimplification.

Licensing terms are a business tool. The choice of license at any given point
depends on what goals one has, and also what constraints one has. Assuming no
constraints, I'd say that anything you feel you can monetize you should either
keep proprietary, or use GPL for, while anything you cannot monetize should be
licensed under BSD or MIT or similar. That's _my_ take, and it's a common take
for many of us who BSD license code or work on BSD licensed code.

Aside: how does one get compensated for BSD-licensing? Easy: a) other people's
BSD-licensed sources, b) credit and reputation. Both are a big deal.

~~~
kemitchell
The BSD school I referred to is only related to BSD license terms, not defined
by them. Many BSD school hackers use MIT or ISC or even Apache. I also mention
FPL (0BSD), Unlicense, and especially WTFPL as distinctively BSD-school
licenses.

The ideological wing that chooses those licenses, despite knowing businesses
won’t accept them, wouldn’t choose GPL for personal work. It’s not a pragmatic
position. It’s an activist one.

~~~
skissane
I think the attribution requirements of BSD-style licenses can be burdensome.
If you use 50 permissively licensed open source libraries in your program, you
could potentially have to ship 50 different copyright notices and license
texts (all with slight differences in terms or wording) in any binary
distribution. A lot of boilerplate and busywork. And then remember to take
them out again if you don't use that library any more, or update them if the
next version changes them a bit, etc.

This is why I see Unlicense, WTFPL, CC0, etc., as appealing.

If I was to develop something that other people ended up using, I'd like to be
acknowledged, and I like to think people will do it – just out of common
decency, not out of legal obligation. But, I don't really want to burden
people with legal obligations to reproduce oodles of copyright notices and
license texts.

(Disclaimer: These are just my personal opinions, not those of my employer.
I'm really talking about 'what license should I choose as a hobbyist for a
personal project?', not what licenses a corporation should choose as a
business strategy.)

~~~
kemitchell
I think you might find this post interesting, especially the "Attribution
Doesn't Mean Credit" section:

[https://writing.kemitchell.com/2018/08/28/Unhappy-
Coincidenc...](https://writing.kemitchell.com/2018/08/28/Unhappy-
Coincidences.html)

You might also like to look at the tools that have been written for front-end
JavaScript bundlers, like Browserify and Webpack, that automatically assemble
and concatenate license notices. That's not a complete solution for all
projects, but it shows what tools can do with workable license metadata.

[https://www.npmjs.com/search?q=webpack+licenses](https://www.npmjs.com/search?q=webpack+licenses)

~~~
skissane
Are you able to explain why one needs a "no warranty" disclaimer on software
you are giving away for free?

All consumer protection laws I've seen are predicated on a sale, and so I
would not expect them to apply to gifts. A warranty is a contract term, an
implied warranty is an implied contract term, but if someone distributes open
source software without charge, there is no exchange, no consideration, no
contract–so how can there be any warranties, express or implied?

~~~
kemitchell
You should get accountable legal advice for any specific project you may be
involved in. This is not that.

Consider that at least common law countries don’t require _payment_ to honor
contracts. They require legal _consideration_ , which can include mere
promises in return. Have a look at Jacobsen v. Katzer and more recently
Artifex v. Hancom. Both copyright and contract claims.

There are other interpretations. I’m not aware of any US case law on warranty
claims against open source contributors. I’d expect to see it first in
jurisdictions with laws limiting broad disclaimers, like Germany.

------
manicdee
TL;DR: a twenty minute discussion of the permissive vs copyleft dichotomy and
why it puts a division between activist- and business-developers. Food for
thought rather than answers or questions.

From the article:

Ask people affiliated with the Open Source Initiative about free software, and
many will tell you that it isn’t really any different from open source. Free
software just preached too much fire and brimstone, missed the rebrand, and
lost mindshare.

Ask folks affiliated with the Free Software Foundation about open source, and
many will jump to tell just how different it is. Open source strips free
software of its values, pandering to the nonfree industry with promises of
better, cheaper code, which doesn’t happen without unifying community spirit.

~~~
kemitchell
Did you get past the part about existing divisions, to the discussion of how
hybrid terms like SSPL appeal exclusively to business use cases, without
activist support?

------
callekabo
Copyfree, but still lawyer-y:

[http://coil.apotheon.org/](http://coil.apotheon.org/)

~~~
icebraining
Seems a nice effort, but the "necessarily infringed" seems awkward (if there's
a license, there's no infringement!). Has it been reviewed by an IP lawyer?

~~~
callekabo
Dunno, but I think so. It's on this list:

[http://copyfree.org/standard/licenses](http://copyfree.org/standard/licenses)

I'm sure the people on ##copyfree over at irc.freenode.net know more than I
do.

