
In defense of a third way in open software licensing - feross
https://blog.licensezero.com/2018/09/16/two-party.html
======
jmillikin
The article spends a lot of words to obfuscate the truth that their "third
way" is traditional proprietary software. Their online license store offers
two products:

* "Parity Public License" is a poorly drafted and extremely aggressive alternative to the AGPL, requiring users to "Contribute all source code for software you develop, deploy, monitor, or run with this software".

* "Prosperity Public License" is a proprietary shareware license with a 32-day free trial.

~~~
kemitchell
Traditional proprietary software is not publicly available in source form.
_That's_ the point of the post, and the "third way": make source available,
and develop it in the open, without giving a permissive public license that
defeats your other immediate needs. Transition to a permissive license later,
if and only if that meets your needs then.

Parity is a radical copyleft license. If "not perfectly clear in every case"
means "poorly drafted" to you, welcome to the wonderful world of legal
drafting. You might like to review:

[https://heathermeeker.com/open-source-faq/what-are-the-
most-...](https://heathermeeker.com/open-source-faq/what-are-the-most-
difficult-questions-in-open-source-licensing/)

[https://mjg59.dreamwidth.org/49370.html](https://mjg59.dreamwidth.org/49370.html)

[https://writing.kemitchell.com/2016/09/21/MIT-License-
Line-b...](https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-
Line.html)

Who bears the cost of the uncertainty in rules 1-3 of the Parity license? Does
that help or hurt the goals of the license? For more on Parity, and the
thought that went into it, see:

[https://blog.licensezero.com/2018/09/14/free-to-take-
freedom...](https://blog.licensezero.com/2018/09/14/free-to-take-freedom.html)

As for "shareware", the definition isn't rigorous. But almost all the
shareware I've used was distributed binary- or bytecode-only, and often
feature-incomplete, or limited by license-key-based software controls. Which
is the point again. Developers can publish source without giving open source
licenses.

~~~
detaro
The major mistake proponents of these licenses make is IMHO trying to get to
close to "Open Source" with their labeling/marketing. We have a quite clear
definition of what "Open Source" means, if your license is not compatible to
it and you market it as if it is this will dominate discussions of your
license and people will assume bad intentions. Don't call people insisting on
the meaning names.

Find a new term and establish it instead of trying to capitalize on an
existing one that means something else.

"Source available" is a fine term (if there's a more specific one for a
specific license, present that), and gets the entire meaning debate out of the
way, so one can discuss the merits of the license as it is, not purely in
comparison to something it somewhat pretends to be.

(this specific blog post is better at this than other messaging, but this at
least partially explains why the climate is so unfriendly)

~~~
kemitchell
Thanks for this. Very well taken. I agree with you on the need for a new
coinage, in the middle, so to speak.

Without meaning to overshadow that positivity, I'd offer two tiny quibbles:

The OSD is pretty clear ... if you ask easy questions. I tried and failed to
find the strongest copyleft license that OSI would approve. The main upshot of
that laborious process was that OSI wouldn't likely approve such a license,
even if it met the OSD.

As for creating confusion with an established "brand", I tried to address this
in the post, by analogy to vote splitting. That may have got buried too deep,
in the final edit. My point there is basically one I've made here on HN
before:

[https://news.ycombinator.com/item?id=17823328](https://news.ycombinator.com/item?id=17823328)

------
segphault
I have no problem with somebody deciding that a shareware or dual-licensing
model are the best choice for their business. But it's incredibly toxic for
the people pursuing those models to muddy and contort the accepted definition
of "open" in order to misrepresent what they are doing.

It's deeply disingenuous for this blog post to use the word "bullying" to
describe the community's rejection of software distributed under undesirable
or ill-considered terms. You can ship your code under whatever terms you want,
but don't act like users and contributors have an obligation to support you
when you make choices that don't serve their interests.

~~~
kemitchell
If you mean the Open Source Definition, I once shared your view. I can't any
longer. Most times I bring it up, my conversation partner has never heard of
it. When I explain, most times they don't care.

As for "bullying", that very adequately describes behavior on GitHub, Twitter,
mailing lists, and news sites toward those behind React, Commons Clause
projects, and Lerna. "Failure to support" is a straw man.

~~~
HumanHater
> Most times I bring [Open Source Definition] up, my conversation partner has
> never heard of it.

That really doesn't matter. All they know about open source is based on this
definition. There millions of articles about open source on the internet that
use it. You are trying to invalidate all of them for no good reason. As a
consequence every opinion about open source they ever read prior to your
efforts would be outdated. Most people understand danger of these actions
which leads to behavior you described as "bullying".

~~~
kemitchell
> All they know about open source is based on this definition.

The Open Source Definition says nothing about source control, patch
submission, bug tracking, releases, versioning, dependencies, package
repositories, continuous integration, test coverage, style guides, codes of
conduct, and so on. There are also articles on the Internet that talk about a
"post-Open Source" GitHub generation, and articles that affirmatively reject
definitions of open source in terms of license conditions, rather than
community. OSI has been controversial since inception, and there's plenty
about that, too.

If the OSD were merely a descriptive framework, that would be one thing. "Here
is a class of licenses we can describe, and here are benefits we can correlate
with them." But OSD gets used far beyond that. It's used prescriptively. It's
used to sanction. Those are social functions of a movement, and the crux of a
movement is participation, not definition. It matters that people making open
source haven't heard of OSD, because they neither participated in its adoption
nor consented to its authority. It has no sway over them. The idea that a
mailing list could define their community rankles.

I don't consider debate about OSD, DFSG, or "What is free software?" bullying.
I do consider peer pressure on maintainers to adopt terms that don't advance
their goals, against their stated interests, bullying. I consider unfounded
legal FUD to the same effect bullying. Have a look at the Lerna GitHub issues,
or Twitter conversation about Commons Clause.

~~~
HumanHater
> The Open Source Definition says nothing about [very long list]

There is nothing in your list that is different for open-source and
proprietary software development. You could as well add countless articles
about OOP and functional programming because they mention some open-source
tools.

OSD is about answering three simple questions. Should I use some program or
library? Should I contribute to its development? Should I release my new
program or lib as open-source? OSD makes process of choosing the answer fairly
simple and helps developer avoiding all weird legal stuff. He doesn't need to
know OSD and read full texts of licenses as long as he uses most adopted like
MTI, BSD, GPL. Descriptions of pros and cons of every one of them in layman
terms are available on the internet. It's hard to say the same for the ill-
conceived licenses you mentioned.

I can't sell some project based on Lerna to [list of companies] ? OK. How am I
supposed to check that the company didn't change name? What if I am selling my
work to subcontractor? I would probably have to include this list in every
contract. What if every open-source project started banning some arbitrary
list of companies? Am I supposed to review the last commit to license every
time to make sure that my company wasn't included? All that looks, sounds and
smells like a lot of headache and any reasonable person would drop the project
with first sign of it.

Commons Clause was even worse. It was advertised as "MTI+CC", but nobody would
be able to figure out what "CC" part meant for them without a lawyer. And any
lawyer would advise to find something else.

~~~
kemitchell
> There is nothing in your list that is different for open-source and
> proprietary software development.

That's not right, even assuming full "Innersource".

My point was that OSD is a set of criteria for licenses, plus a source-
availability requirement. Those criteria don't predetermine all the practices
that make up open source development right now. Those practices have changed!
The OSD largely hasn't.

> OSD makes process of choosing the answer fairly simple and helps developer
> avoiding all weird legal stuff.

If you've managed to avoid all weird legal stuff so far, I'm glad for you. A
good portion of my legal career is addressing weird legal stuff, which crops
up even with MIT, BSD, and GPL, to use your list. The GPLs and other copyleft
licenses are chock full of weird legal stuff.

> Descriptions of pros and cons of every one of them in layman terms are
> available on the internet. It's hard to say the same for the ill-conceived
> licenses you mentioned.

I wrote one of the more popular guides to MIT in layman's terms:

[https://writing.kemitchell.com/2016/09/21/MIT-License-
Line-b...](https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-
Line.html)

I've also summarized the License Zero public licenses:

[https://guide.licensezero.com/#public-
licenses](https://guide.licensezero.com/#public-licenses)

The License Zero licenses are far easier to read, besides. That was part of
the point of writing them from scratch.

> What if every open-source project started banning some arbitrary list of
> companies?

Highly unlikely. And that is not the approach of the License Zero licenses,
React, Commons Clause, or most others that I mention.

If somehow this _did_ become popular---again, very hypothetical---I'd go into
npm and RubyGems and other package managers, and propose a package metadata
field for excluded entities, and perhaps standardized categorical exclusions.
This still sounds inconvenient, and I agree that it would be. But to give you
a sense of near current practice, some large companies prohibit use of open
source from specific competitors, even under permissive licenses, especially
when the patent terms of the license are weak or nonexistent. That would
include MIT, BSD, and GPLv2.

> And any lawyer would advise to find something else.

Or do a deal with Redis Labs. Which was the point, I think.

------
m1el
Maybe the reason there's not much "public-domain" "closed-source" software is
the same as there's not much "all rights reserved" "source-available"
software:

[https://i.imgur.com/bSdusjH.png](https://i.imgur.com/bSdusjH.png)

It's not about "two-party system", it's about the "natural" distribution of
software distribution models.

~~~
cperciva
Commercial "source-available" software is probably more common than you
realize -- it's more common in B2B and B2gov contexts than in B2C contexts
though. You can be sure that when the US military buys licenses for software,
they want to be able to audit the source code! Similarly, Tarsnap isn't open
source but I provide the source code (and actively encourage people to audit
it).

~~~
m1el
Well, then your comment dismantles the topic of the article.

~~~
antt
Not really. There are three main roles in todays software eco-system. The
developer, the administrator and the user. Each have interests that are
orthogonal to the interests others.

The developer wants to get paid to develop the source code.

The administrator wants to be able to modify and deploy the source code and be
paid for running the resulting program.

The user wants to be able to review the source code and administration logs.

Open source as currently defined covers 100% of the interests of the
administrators and none of the interests of the other groups.

The AGPL kind of covers some of the interests of the users.

Closed source protects the interests of the developer.

Being a member of all three groups I would be very interested in a license
that manages the trade offs so the admins, in the guise of google and amazon,
don't suck up all the money from developers and turn users into a commodity.

------
misterbowfinger
I'm still confused about the paranoia around AGPL.

If MongoDB is AGPL, why does everyone else throw a shit fit? Despite its
faults, MongoDB is still massively popular, so I assume it's used at many
enterprises.

Also, side note: can anyone point a blog post (preferably from a lawyer) that
explains why AGPL is so problematic?

~~~
jmillikin
Most open-source licenses are anchored in copyright law, which is "default
deny": you don't have the right to copy other people's works unless they grant
you permission. This is good because copyright law is well understood, but
means the license itself can only be used to restrict behavior that require
copyright permission.

The AGPL attempts to restrict behavior that does _not_ require copyright
permission. If I have MongoDB running on my server and it serves as a
datastore to my website, then no part of MongoDB is copied off my machine.
Copyright doesn't apply. So the only way the AGPL can exist is if it's _not_ a
copyright license.

But if the AGPL isn't a copyright license, what _is_ it? Is it a contract with
no consideration? Is it a copyright license _combined with_ a contract? Is it
like a EULA, and if so, how does it apply when the apparent end-user (the
person visiting my site) hasn't accepted the terms?

Lawyers don't like these sort of pseudo-contract legal constructs, they're the
law equivalent of a flaky hour-long integration test.

~~~
mikekchar
It's an interesting point, but I think you are looking at it from the wrong
point of view. As far as I understand, the AGPL kicks in on "propagation" \--
which in the important case means "making available to the public". The
license is with the _operator of the service_ , not with the end user of the
software.

The consideration is the software itself. In exchange, you are granted a
license. The license requires (in part) that you offer the source code to any
user that uses the software. As the service provider, it is copyright
infringement to make available the AGPL licensed software unless you agree to
the license.

The problem with MongoDB is that they are using the AGPL in a way in which it
wasn't intended to be used. This confuses the issue about what you are and are
not allowed to do.

~~~
jmillikin

      > As far as I understand, the AGPL kicks in on "propagation"
      > -- which in the important case means "making available to
      > the public".
    

That's the GPL, and more broadly, all copyright-based licenses. The AGPL was
invented to handle software that didn't need to be downloaded to be interacted
with. Think of an HTTP server -- the end user interacts with it, but doesn't
download the server binary itself. The AGPL is designed to let the end user
have access to the server's source code in that situation.

~~~
mikekchar
You're confusing propagation with conveyance (which is admittedly _very_ easy
to do). From the license:

\- To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for infringement
under applicable copyright law, except executing it on a computer or modifying
a private copy. Propagation includes copying, distribution (with or without
modification), making available to the public, and in some countries other
activities as well.

\- To "convey" a work means any kind of propagation that enables other parties
to make or receive copies. Mere interaction with a user through a computer
network, with no transfer of a copy, is not conveying.

They make the distinction in the AGPL (which I think they don't in the GPL)
for exactly the reason you state.

It's exactly the same with any proprietary server software. You can have a
copy of the software, but without a license to allow others to run it, then
you can't make it available on a network. These days most server software
explicitly allows unlimited use in their license, but in the old days it was
always per seat licencing.

If the AGPL is invalid, then so are all extant proprietary server licenses.

~~~
jmillikin

      > If the AGPL is invalid, then so are all extant proprietary server licenses.
    

I didn't say the AGPL is invalid, I only said it's not a copyright license.
Proprietary software sold by the seat uses a contract -- I pay money for
permission to have X concurrent sessions or Y unique users.

The GPLv3 does distinguish propagation and conveyance. This allows the license
to put fewer restrictions on certain types of copying that are relevant to
large organizations.

~~~
mikekchar
OK. I see where you are coming from now. I disagree with you that the AGPL and
prorietary software licenses are not copyright licenses. You only need a
license because otherwise you are not allowed to use the software in that way
-- because of copyright.

If I'm a server software producer and I sell you a copy of a piece of
software, you can't actually use it unless I also give you a license to use
it. This is unlike any other kind of machine that I might make and sell to
you. If I sell you my fancy coffee roaster, I literally can not force you to
use it in a specific way. This is actually why printer manufacturers put
software in the ink cartridges -- so that they can force you to agree to a
usage license.

The reasoning behind being able to extend copyright to running programs (which
I think is BS, personally, but I don't make up the laws) is that the computer
that runs the software must load, and therefore copy, the software. You only
have permission to do that if the copyright holder gives you permission to do
that.

This is where the license comes in. I give you a license to load the software
into running memory (and hence run it), on the provision that you follow the
rules I state. You don't have to agree to the license, but if you don't agree,
then you don't have a license, and you are forbidden by copyright law from
running the software.

With the AGPL, the license is given provided that you agree to give the users
a compatible license to the software. Again, the contract consideration is:
ability to run the software in exchange for agreeing to the terms.

You are right that the GPLv3 does reference propagation. I should have looked.
It mentions it specifically to state that the GPL does _not_ come into effect
on propagation, only conveyance (which is the main difference between it and
the AGPL).

Edit: spelling

------
marknadal
As an active maintainer of a popular 8.8K+ starred Open Source project, I can
attest to how hard and difficult it is to run, fund, finance, etc.

But, at the end of the day, there is no excuse - we cannot sacrifice our
ideals/values just because Open Source can be rough.

True Open Source is worth making the sacrifice for, but there are a __lot __of
new /old licenses trying to evangelize themselves as "Open Source" but are
secretly masked proprietary/cripple-ware. This needs to be stopped.

We had a good discussion about this on Twitter the other day:
[https://twitter.com/marknadal/status/1032763711008559104](https://twitter.com/marknadal/status/1032763711008559104)

~~~
kemitchell
A noncommercial license like Prosperity differs from a permissive license like
MIT only in withholding permission for unlimited, free commercial use. If that
delta holds your value system, then your value system amounts to business
welfare, financed largely by individual sacrifices. That's a strange kind of
martyrdom.

There's no question that useful software that costs for commercial use
produces less economy-wide benefit than useful software that's always free of
charge. But the question isn't how much potential benefit open source can pump
out, but rather how much benefit open source can pump out for the cost, and
how that cost gets allocated.

I've never held Prosperity, or its predecessor, out as open source licenses in
the traditional sense. Others have called them so, even after I pointed out my
own opinion.

I have and do hold Parity out as an open source license. If copyleft licenses
don't meet your definition of open source, or only copyleft licenses with
known, practical software-freedom vulnerabilities, I can certainly square that
with your view of open source's purpose. But I can't square it with open
source's history, or with most stacks we call "open source".

~~~
zekevermillion
Commercial freedom is an important part of the "free" in free software, no?
The values you're calling strange are basically the ethics of RMS. Perhaps
there is a bit of a martyrdom to RMS' lifestyle, but I would hardly say that
his ethics are strange at this point.

I think it would work better to argue, open source is about leaving aside the
ethical considerations (which are highly charged topics) to focus on how
effective is code sharing as a development methodology, and within that, what
licensing regime under current law works best from a business perspective. And
the question is different for an academic talking about larger society, vs. an
individual business or developer who is choosing his/her/its own license.
Obviously your duty as an attorney is to grapple with the latter question.

Thus, while I personally am more or less with RMS on the ethical inquiry, I
see no reason why your L0 ideas should not be discussed within the context of
open source. I personally would not choose to use your license, but that is
irrelevant.

One point of errata in your essay: free software (I hope) does not depend on
copyright protection. Far from it. Free software viewpoint is that copyright
protection should not extend to software. Rather, the law should require
published software to be free software.

However, given that the law is not going to change anytime soon, the GPL was
written as a clever hack to use copyright to promote the values of software
freedom. This has been successful to some degree, so it is a perfectly fair
question to ask what we would do for software freedom if copyright protection
as we know it today did not extend to functional software. But this is
probably not a question that would be asked within the context of "open
source" I guess...

~~~
kemitchell
I can't speak for RMS. He can speak plenty well for himself! I do try to
understand him. On use restrictions and the limits of copyleft, I haven't
always been able to find answers:

[https://blog.licensezero.com/2018/09/14/free-to-take-
freedom...](https://blog.licensezero.com/2018/09/14/free-to-take-freedom.html)

I _can_ speak about APGL. They limit commercial freedom, specifically the
right to commercialize software incorporating AGPL code, and either distribute
it or provide it as a network service without source or a similar license. In
other words: the freedom to make and market software in the usual commercial
way. A limitation on Freedom 3 (to share changes)? The FSF says so. A
limitation on Freedom 0 (to run the software)? They don't say, but I think so.

I also think you're right that software freedom doesn't depend on copyright.
Copyright is merely a means to it, via copyleft. But if the law _required_
freeing of software, that would restrict commercial freedom _publicly_ in the
same way AGPL does by private ordering. Unfortunately, that law would also
have to require disclosure or publication of source code, and conformance on
all the other fronts where AGPL fights: patent law and DRM, for example.

That's a far more expansive legislative program than abolishing copyright.
Abolish copyright, and I can keep my code secret. And lock others' code down
with patents. And so on. Many laws affect software freedom!

> I see no reason why your L0 ideas should not be discussed within the context
> of open source.

I agree.

In terms of open development as a production system, my point is largely here:
[https://blog.licensezero.com/2018/09/16/two-
party.html#swing...](https://blog.licensezero.com/2018/09/16/two-
party.html#swing-voters)

If making software in the open made sense to more people, we'd get more of it.
Many of those projects might start as source-available, and end up copyleft or
permissive open source. But instead of paving that path, we shame it as
proprietary, and lump it in with Windows.

Open source orthodoxy is right about transaction costs and efficiency on the
consumer side, but totally abdicates the supply side of software production.
I've read on their mailing list that if you have to ask how you're going to
make money making open source, you're the wrong person to be making open
source, and that OSI doesn't owe any cycles on any business model.

> And the question is different for an academic talking about larger society,
> vs. an individual business or developer who is choosing his/her/its own
> license. Obviously your duty as an attorney is to grapple with the latter
> question.

I can't tell you how much it means to read that. Thank you for acknowledging.
It gets lost.

~~~
zekevermillion
Thank you for this thoughtful response! I have been following your work with
interest for awhile. These are all hard questions, and I don't see many people
coming up with new ideas here, not to mention implementing them in elegant
software.

~~~
kemitchell
If you haven't already:

* Heather Meeker (Fair Source, Commons Clause) * Tidelift (Luis Villa)

------
ddingus
Would we have this discussion if the authors of powerful software powering
multi billion dollar enterprises benefited more?

I wonder what happens when these peolle are given financial security?

As an investment in the future, the returns could be amazing! Many, if not
all, authors really care and it shows.

Would making sure they are free to care, live well, maybe create more be such
a bad thing?

Secondly, with that on the table, I wonder about the quality, and drive to
create like that. We may see amazing tools.

Re: Open Source

Being able to see the source is high value. Being able to build on others work
is high value.

Arguably, high enough value to trigger this kind of mess.

Pay them. Seriously.

Is the problem one of ego? AwesomeSauce.com wants to be recognized and get
value from their work. Is recognizing CantLiveWithout DB or Language, Toolkit,
etc... taking away from all that somehow?

Is it one of confusion?

AwesomeSauce.com paid, only to see AlsoAwesomeSauce.com not pay?

Does that matter, if bazillions are being made?

Seems to me this all can be litigated to our mutual detriment, or it can be
handled as a family struggle, or worse.

Have to say, I do not blsme people looking hard at billion dollar enterprises,
and their many big fix, support requests with a jaded eye, maybe a hungry one.

Fixing that scenario may well be ultra cheap compared to the mess and
opportunity costs to come.

I put this here to stimulate some discussion, not as judgement, or anything
aimed at anyone.

Really open licenses are a good thing. Really, really good thing. Many of us
know the story. Pick up some code, any computer we can find and just build.

Breaking that seems extreme. Maybe it just does not need to be that way.

Maybe it should not.

What is worth what here?

Perhaps those conversations go far easier than the current ones will, and it
is not like tech as a whole can't afford a solution.

Again, not a negative, or statement against anyone. Just thinking out loud
here.

~~~
zzzcpan
There is some resistance in these discussions though. Some people don't seem
to like the idea of not being able to commercially benefit from free software
for free, while working at organizations abusively dominating markets. Sort of
oxymoron, restricting freedoms using unrestricted freedoms. The supply of
unrestricted will dry out of course, as somebody has to pay for all of this.
Either way changes are inevitable.

~~~
ddingus
Sadly, you may be right.

Still, opportunity costs on this are likely huge relative to settling
financials on a merit basis.

------
true_religion
A license for only people within one group is simply a proprietary license. It
does not matter how easy it is to join or leave that group.

I would never put such a license in the same category as the MIT or Apache
licence.

------
ChristianBundy
The world needs more License Zero, I'm always happy to see this important work
on tha the ttop of HN.

