Hacker News new | past | comments | ask | show | jobs | submit login
Bruce Perens quits Open Source Initiative amid row over new crypto license (theregister.co.uk)
76 points by jrepinc 19 days ago | hide | past | web | favorite | 35 comments



I find this line in the CAL problematic:

> You also agree that either the Licensor or a Recipient (as an intended third-party beneficiary) may enforce the terms and conditions of this License against You via specific performance. (emphasis added)

CAL, section 2.3.

This line about specific performance may make this “license” into a legally-binding contract, because specific performance is a contract remedy. Usually, if you fail to meet a license condition, you just lose your license, which might make you liable for infringement (e.g., of copyright). Here, this line may mean that a court could force a “licensee” to comply with the condition instead of just paying monetary damages.


In UK law (I am not familiar with any other legal jurisdictions), that licence agreement isn't a contract at all — even with that line about specific performance included — because no consideration (something of value) has been given by the developer intending to use the software, the licensee.

If such a licence were to be subject to the jurisdiction of UK courts, I don't think the licensor (or the recipient as a third-party beneficiary) would win.


Re consideration, a promise to do or forego something in the future can be sufficient consideration to form a binding contract. In fact, most contracts are an exchange of promises (e.g., any sales contract where goods and payment will be delivered in the future).

Here, the CAL contains additional language indicating that the author intends for the CAL to be not just a license, but also an enforceable contract including the license conditions:

> In order to receive this License, You must agree to its rules. The rules of this License are both obligations of Your agreement with the Licensor and conditions to your License. You must not do anything with the Work that triggers a rule You cannot or will not follow. (emphasis added)

CAL section 2.


Ah, thank you for clarifying this for me. I'm aware that promise to do or forego something can be sufficient consideration but clearly I did not read the CAL sufficiently to identify what the licensee was going to do or forgo.


I too found that clause problematic, but for a different reason.

The license vs. contract thing doesn't bother me, because as far as I have been able to determine there is not much difference when it gets to court.

What bugs me about that clause is that specific performance (in common law systems...not sure about civil law systems) is from equity, not law. Equity is a set of remedies that some common law systems developed to address cases where the law couldn't really provide a just remedy for the litigants.

In other words, equity is sort of a meta law system that can be invoked by judges to handle things that the regular system cannot. I'm not sure that a contract, which is governed by that regular system, can invoke things from the meta system.


> I'm not sure that a contract, which is governed by that regular system, can invoke things from the meta system.

Of course it can. A contract can include whatever it wants, but whether a court will accept such a term as enforceable is another matter.


FWIW...

https://cr.yp.to/softwarelaw.html

> In the United States, once you own a copy of a program, you can back it up, compile it, run it, and even modify it as necessary, without permission from the copyright holder. See 17 USC 117.

> Once you've legally downloaded a program, you can compile it. You can run it. You can modify it. You can distribute your patches for other people to use. If you think you need a license from the copyright holder, you've been bamboozled by Microsoft. As long as you're not distributing the software, you have nothing to worry about.


Also in the United States, you usually do not own a copy of the software you used, you are merely licensed to use it and are subject to the terms of the EULA. Most EULAs expressly forbid reverse-engineering, decompilation, or modification. And yes, they are binding contracts; see Vernor v. Autodesk.



HN’s link detection has trouble with URLs that end with a period. Here it is with that period encoded.

https://en.wikipedia.org/wiki/Vernor_v._Autodesk,_Inc%2E


I have been wondering about this in regards to people claiming ownership of GPL code and wanting it removed despite priorly releasing said code under GPL what is the precedent there?


Interesting stuff. I think the CAL proposal shows that one can have all sorts of reasonable requirements around public performance of one's software, and as long as basic use cases remain "free" and there's no discrimination by field of endeavor (e.g. "only cloud companies" must do X, or whatever) or otherwise, there is a case that the conditions are still FLOSS. I wonder how the FSF would treat that license.


The FSF would note correctly that the license is burdensome and would declare it non-free.

This is a license that bakes in a lot of assumptions about who should be running the code and how. If you can afford to comply with them, you are probably a corporation.

There's a trend towards two(-or more) tier proprietary software licenses that formalize the difference between economic exploitation and consumer usage of software but that still want the cachet of being called "Open Source".

The CAL falls very clearly under this category, for all its apparent good intentions.


I have some limited experience with Lindberg, which lead me to the tentative conclusion that he was more interested in the legal aspects of open source licenses than the social contract issues of open source and free software.

I also got the feeling he was using rhetorical techniques to change the topic or blunt a inquiry, rather than as methods to resolve disagreements.

Consider the paragraph 'I don't think that's an appropriate characterization .. You'll see a lot of people jumping onto any pretext they can find in order to oppose it.' It starts off implying there are multiple sides to the issue, which puts you off-guard, then characterizes the opposition in stark black-and-white terms.

That sets up a sort of false dichotomy by leaving out those people who oppose it for non-pretextual reasons.


> He believes just three are necessary, AGPLv3, the LGPLv3, and Apache v2.

He being Bruce Perens.

I respectfully disagree, those licenses all have some negative component to them which make them not applicable in all cases. MIT/BSD do not have those same negatives (different of their own) and definitely are needed as well imho. Not saying those three aren’t important, just they shouldn’t be the only three.

Edit: clarified MIT / BSD are not without their own issues, just not the same as the other three.


> MIT/BSD do not

MIT/BSD do have some legal drawbacks for certain use cases; see the Boost license as an example of a reaction to perceived negatives of MIT/BSD. In particular Boost does not require a copy of the license to be distributed with a binary. Have you ever shipped a binary containing MIT-licensed code, but didn't also explicitly ship a copy of the MIT license along with it? If so, you're technically in violation of the license.


> MIT/BSD do have some legal drawbacks for certain use cases

Sure I think the OP you're replying to isn't implying that MIT/BSD is insufficient. He/she is saying that the three "AGPLv3, the LGPLv3, and Apache v2" are insufficient but these five "AGPLv3 + LGPLv3 + Apache2 + MIT + BSD" would be more sufficient.


> but these five "AGPLv3 + LGPLv3 + Apache2 + MIT + BSD" would be more sufficient

Correct, I’m saying you need at least all five for something like sufficiency.

The three Bruce points out aren’t enough imho.


> "[The debate] has proven contentious enough to prompt OSI co-founder Bruce Perens to resign from the organization, for a second time,"

I also recall when he proudly announced he'd GPL'd a copy of the Public Domain TIGER data files.


That's good, actually. The public domain doesn't apply everywhere, so a U.S. citizen licensing a public domain piece under a free software license allows people in countries with different approaches to the public domain to use it.


Yes, and Mr Perens is making a valid point here too. In such a way as to be regrettably easy to dismiss. I watched him instruct Linus Torvalds in how "the kernel project should be run" in 1998; he wasn't wrong but I'm sure I wasn't the only one who wanted to smack him rather than hear him out.

I say this in deepest sympathy for the man, I'm similarly non-charming but much much more repellent.


He's an anchor holding open source firmly attached to the ground, not letting immediate passions (in this case, crypto) get us lost.


But why would a license from Bruce Perens be valid? The copyright holder (from the point of view of a foreign country) would be the US government.


If it's public domain, there is no copyright holder, no?

https://fairuse.stanford.edu/overview/public-domain/welcome/

> The term “public domain” refers to creative materials that are not protected by intellectual property laws such as copyright, trademark, or patent laws

(my emphasis)


Yes, if it's public domain, there's no copyright holder, and it's impossible (and unnecessary) for anybody to license it.

This is about the situation that the US government is not permitted to obtain copyrights for their own work in the US, but there's apparently nothing to stop it being copyrighted in other countries.


Does anyone care what the opinion of OSI is anymore? If you care enough about whether an agreement is "open source", you probably care enough to read the agreement itself and make your own opinion.


I care that "open source" doesn't become a watered-down, meaningless term like "open" or "agile". Having a well-defined and well-understood meaning is valuable.


They should have picked a term that they could trademark if they wanted to do this! Rather than reusing an existing term and having to try to persuade people to use your definition.


This usage is over 20 years old and was uncontroversial for most of that time. I'm not sure there are many people around who even remember previous usage.

It seems like the problem these days is new people learning it from context and not knowing there is an official definition that was settled a long time ago.


In what sense is it ‘official’? The trademark office think the term is generic and didn’t allow the OSI to make any claim on it.


In the sense that there is a standards organization that published a standard definition. There isn't any legal basis for it, but we should support them.


I think official means endorsed by some authority. There’s no authority here at all - just some private people making up a definition and attaching it to an existing term.


authority does not necessarily mean with the threat of violence. It could mean influence. The OSI are an authority as demonstrated by every major tech company using their definition of opensource.


The only noteworthy "use an existing term" happening with it, is people using the term "Open Source" recently trying to fool people into thinking their not-Open-Source-licensed software is.


I care more about what debian thinks than OSI, but yes i do care.

I would read the agreement too, but IANAL nor am i an intellectual property expert. Legal agreements are tricky and can have non-intuitive consequences.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: