subject:"OSD DFSG \- different purposes"

On Mon, Mar 10, 2003 at 02:08:58PM +0100, Henning Makholm wrote:
 Scripsit Anthony Towns aj@azure.humbug.org.au
  it's about privacy, it's about the freedom to keep things private,
  it's about not fundamental rights 'til you're blue in the face, and
  even though every word of it's completely true, it's *not relevant*.
 You're wrong. It is relevant. It's one of the freedoms we're protecting.

No. It's not one of the freedoms we're protecting since we've already
let things like the QPL into the distribution. It's one of the things
that *you* would *like* to protect. It's not necessarily one of the
things I would like to protect. It's not one of the things that Debian
is protecting.

  Note that you do _not_ get to assume privacy is good and moral and a
  right of both individuals and corporations. Justify it in other terms,
 Why? Moral judgements can never be justified ex nihil.

Nonsense. I can justify every one of the DFSG's existing requirements
from nothing but a technical standpoint.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpxwrIiPqhFy.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

On Mon, Mar 10, 2003 at 09:16:08PM -0800, Thomas Bushnell, BSG wrote:
 Note Barak Perlmutter's newly proposed tentacles of evil test:
3. The Tentacles of Evil test.
   [...] The license cannot allow
   even the author to take away the required freedoms!

The license doesn't have to -- at least in Australia, castlaw allows
you to do this.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpTp88hMMQPa.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

On Mon, Mar 10, 2003 at 12:15:13PM -0800, Thomas Bushnell, BSG wrote:
 Anthony Towns aj@azure.humbug.org.au writes:
  Consider Frank the lawyer who takes some nice source code from a GPLed
  project, and adds some code his friend was telling him under NDA. He
  puts it up on the web, and suddenly gets demands for source code from
  the original author. What does he do, violate the NDA, or the copyright
  license??? What does he do?!?
 The GPL doesn't have such a rule.  

He puts the program up on the web. As in http://www.frankcorp.com/foo.exe.
People then download it. They then demand the source.

Yeesh.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpx620Yi89LP.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

On Mon, Mar 10, 2003 at 05:59:19PM -0500, David Turner wrote:
 On Sun, 2003-03-09 at 18:18, Anthony Towns wrote:
  In the dissident case, we're trying to protect the people from having to
  reveal their changes to the government they're protesting. But this just
  doesn't make any real sense: the code they're hacking on is the least of
  their worries - it's the contents of their databases, not their bugfix to
  select query processing that they need to keep private; and furthermore
 What about DeCSS?

What about it? Nobody was trying to keep DeCSS private. Nobody's trying
to keep quiet the existance of steganographic of cryptographic software
that might help reporters send out articles that haven't been edited or
censored by the Palestinian Authority. Some people might be trying to
keep the fact that _they_ use it quiet, but that's a different matter.

  it's the government's laws that will put them most at risk here -- of
  being accused of spying, eg -- not the copyright license. So from what
  I can see, we're protecting something of little value, and then doing
  a bad job of it.
 But in order that users may evade the government's laws, 

Uh, Debian's not here to help people evade their government's laws.

 For instance, consider a binary which is a game, unless it's called with
 the --dissident command-line option, in which case, it's DeCSS (or
 GPG).  Were the source code to this game revealed, it would show clearly
 the nature of the program.  But the gov't doesn't have time to reverse
 engineer the binaries (and anyway, DMCA2 prohibits it).  They do have
 the time, however, to follow up on GPL (3)(b) offers.  Can dissidents
 distribute binaries to everyone, and source code only to those they
 trust?  Not according to many Free Software licenses.  
 
 And I think the Dissident test as it now stands is clear on the above. 
 It's not dispositive on every issue, as the debate shows.

I have no idea what you're trying to say here.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpi6hAhtQZ3E.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

On Mon, Mar 10, 2003 at 09:15:22PM -0800, Thomas Bushnell, BSG wrote:
 Sample onerous conditions:
 1) Pay money.
 2) Send your changes back always.
 3) Pay money on request.

I'm broke and on a desert island, I can't do any of these.

 4) Send your changes back on request.

I'm broke and on a desert island, but I can do this if you cover my
 costs.

 We already reject (1), (2), and (3).  Why is (4) suddenly not rejected
 as onerous?  

Because it's not onerous if someone else covers your costs. In the same
way You must give me your sources at cost if you give me your binaries
isn't onerous.

 As the case of Fred the Lawyer makes clear, however, there are real
 people for which it is a real burden.

There are real people for whom the GPL is a real burden.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgp5BDvBAl5tb.pgp
Description: PGP signature

Re: Barriers to an ASP loophole closure (was Re: OSD DFSG - different purposes - constructive suggestion!)

On Mon, Mar 10, 2003 at 02:27:44PM -0500, Jeremy Hankins wrote:
 Anthony Towns aj@azure.humbug.org.au writes:
  Basically, as far as I can see, the dissident test is exactly equivalent
  to saying we don't want to close this ASP loophole thing.
 I don't think this is true, if you accept the substitution of users
 for copy holders.

Well, dissidents supposedly want to be able to keep their changes
private to a small group from among all the people who have any knowledge
of their software. ASP folks want to keep their software private to
themselves.

One possiblity would be to change the distribute-to-author requirement
to be something like If the author is aware of your modifications, and
requests them, you are required to provide them at cost, and require the
author to somehow positively demonstrate his awareness. If you're only
using the software locally, or amongst a few friends, the author can't
demonstrate any such awareness; if you provide a subscription service
to the public, one of your subscribers can mail the author and tell him
about it though.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpNrQNCuVy3V.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-11 Thread Richard Braakman

On Tue, Mar 11, 2003 at 06:31:05PM +1000, Anthony Towns wrote:
 On Mon, Mar 10, 2003 at 09:15:22PM -0800, Thomas Bushnell, BSG wrote:
  We already reject (1), (2), and (3).  Why is (4) suddenly not rejected
  as onerous?  
 
 Because it's not onerous if someone else covers your costs. In the same
 way You must give me your sources at cost if you give me your binaries
 isn't onerous.

Actually, I think the GPL would have serious problems if it didn't have
3(a).  Having to keep the source around for three years would be a
significant burden.  What keeps the GPL free is that you have the option
to offer sources and binaries together and be done with it, even if
the recipient elects to take only the binaries.

So yes, You must give me your sources at cost if you give me your
binaries is onerous.

Richard Braakman

Re: OSD DFSG - different purposes - constructive suggestion!

On Tue, Mar 11, 2003 at 11:46:03AM +0200, Richard Braakman wrote:
 Actually, I think the GPL would have serious problems if it didn't have
 3(a).  Having to keep the source around for three years would be a
 significant burden.  What keeps the GPL free is that you have the option
 to offer sources and binaries together and be done with it, even if
 the recipient elects to take only the binaries.
 
 So yes, You must give me your sources at cost if you give me your
 binaries is onerous.

Why wouldn't you include the cost of the source in the fee you charge
for including it?

Requiring you to keep the sources for three years is onerous, yes.

And the GPL specifically says you have to *accompany* your binaries
with the complete machine-readable source code. You can't offer it,
and hope they don't accept; you have to *give* it to them. Giving away
CDs at tradeshows that don't include source comes under 3(b). I suppose
you could arrange to give everyone both binary and source CDs, then ask
them to give the latter back to you.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpuBM23thqou.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-11 Thread Bernhard R. Link

* David Turner [EMAIL PROTECTED] [030311 00:46]:
 Because the four freedoms do talk about freedom to use the software, but
 don't say anthing about the freedom to *not* disclose source code under
 certain conditions.

I may not talk about freedom, but it talks about:
* The freedom to study how the program works, and adapt it to your needs.

Having to distribute one's modifications heavily limits this freedom.
Having to distribute (or offer) the source code together with the
binaries one distributes is not only a much more minor requirement
(as it just increases the things to distribute, not forces an act of
 its own), but also aims to keeping the freedom of the receivers of
the binary. 

Even http://www.fsf.org/philosophiy/free-sw.html, where the four
freedoms are written, talks about:
#You should also have the freedom to make modifications and use them
#privately in your own work or play, without even mentioning that they 
#exist. If you do publish your changes, you should not be required to 
#notify anyone in particular, or in any particular way.
#
#The freedom to use a program means the freedom for any kind
#of person or organization to use it on any kind of computer 
#system, for any kind of overall job, and without being required to
#communicate subsequently with the developer or any other specific entity.

The current discussion tends a bit to much to discuss, if a clause
forcing the users of the program to give the people interacting with
its output access to it, can be beneficial to free software in general.

Even if such a clause would be benefical (though I really doubt it,
as it has huge practical impacts, as many on this list noted),
this would still be no justification to remove such elementary freedom.

Hochachtungsvoll,
  Bernhard R. Link

-- 
Sendmail is like emacs: A nice operating system, but missing
an editor and a MTA.

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-11 Thread Brian T. Sniffen

Glenn Maynard [EMAIL PROTECTED] writes:

 On Mon, Mar 10, 2003 at 03:46:57PM -0500, Brian T. Sniffen wrote:
 As I said: existing mechanisms of licensing Free Software (e.g. GNU
 GPL and MIT/X11) provide an impetus for improvement.  A
 compulsory-sharing license, as might bring us closer to BrinWorld,
 removes much of the financial incentive for such improvement.  In such
 a world, the changes made, used, and later released by IBM, Red Hat,
 Akamai, Apple... all wouldn't have been made, and our software
 technology would be that much more primitive.

 The GPL removes much of the financial incentive for such
 improvement.  After all, you have to provide source and you can't
 restrict people you sell copies to from giving it away for free, so
 the entire sales model of selling individual programs on the shelf,
 and licensing software per-seat, goes completely out the window.

 I disagree with this argument, of course (as everyone here probably
 does: it's true that the same sales model doesn't work, but it
 certainly hasn't stopped innovation), but your argument seems to be
 exactly the same.  Why is this argument valid for web applications
 where it's clearly wrong for other software?

Two reasons: First, because the argument about web applications is a
reduction in the marginal use value of a software improvement, not in
its sale value.  Second, this can be taken out of the realm of theory:
in practice, private companies make improvements to software they have
under the GPL, keep some of those improvements secret, and release
others.  Those same companies pass up the opportunity to improve
software where they do not have the option of keeping their
improvements secret.

(Admittedly, I've seen short-sighted companies scrambling for
profitability start rewriting their code so they could sell licenses,
excising all the GPL'd bits).

 (To be clear, I'm firmly against forced-sharing; the GPL goes far enough.  I
 just don't think this particular argument is valid.)

 -- 
 Glenn Maynard

-- 
Brian T. Sniffen[EMAIL PROTECTED]
   http://www.evenmere.org/~bts/

Re: Barriers to an ASP loophole closure (was Re: OSD DFSG - different purposes - constructive suggestion!)

2003-03-11 Thread Stephen Ryan

On Tue, 2003-03-11 at 11:58, Steve Langasek wrote:

 I find this an acceptable compromise.  The GPL already implements
 something very close to this:  if you give someone a copy, they're able
 to pass it on to a third party who in some cases then has grounds for
 demanding source from the author.  Extending that to letting a PCH demand
 access to changes if someone tells him about them doesn't seem too much
 of a stretch.

Close; the case in question for the GPL only arises in the case where
someone actually makes a written offer valid for at least three years.
Have you *ever* seen such an offer?  I haven't.  Was the entity making
that offer still around three years later?  

Further, it would seem that anyone making such an offer would know about
it, since they do have to write it down, and that explicitly states that
the offer is valid to any third party.  In other words, I can only be
screwed over by that clause if I agree to it in writing.  Extending to
the case where that's a mandatory part of the license is a rather
different story.



I've been trying to write down my objections to re-classifying public
performance (a.k.a. ordinary use w.r.t. server type software) as
distribution, and I'm beginning to conclude that GPL'd software is
inappropriate for casual copying, even without the added burden imposed
by closing the ASP loophole.


3a) requires that I give the complete copy of the source along with the
binary; if public performance is classified as distribution, I'd be
forced to ship the complete source code for the Linux kernel, Apache,
PHP, and who knows what all else with every web page so as to be clearly
in compliance with this section.  Adding a link to the source on someone
else's site would be very hard to defend in court as falling under this
section; hosting the source code myself means I've just agreed to become
a kernel.org mirror.  As an aside, this might mean that binary-only
mirrors are in technical violation of the GPL, because the source code
must be distributed with the binaries, and distribution of the source
code by a different entity probably doesn't count (in the same place,
from the comments after section ).

3b) requires that I make a multi-year commitment to being reachable
*and* agreeable to working without profit during that time period.  I
have no control over how far my written offer will be propagated without
my knowledge, yet I must honor that written offer, as any weakening of
this clause will lead to even larger loopholes than the ASP loophole. 
If the at cost clause is interpreted strictly, then I'm unwilling to
make such an offer, since it means that I have to do charity work while
the bank comes in to foreclose on my house.  If it is interpreted
loosely, then someone from the music or movie industry comes in and says
that their costs are very high, and that you'll have to pay a million
dollars for the source code.  Per file.  Either way, I've never seen
such an offer, and there's no way that I'll ever agree to make such an
offer without having enough cash in hand to ensure that I can survive
those three years on at cost work.

3c) requires that some other sucker has agreed to 3b) *and* that that
offer has been either made to me or relayed to me.  Furthermore, even if
I do have such an offer, I may not take advantage of it if I happen to
be engaged in commercial activity related to the distribution.  Right
now, I don't think that's much of a problem, but if public performance
is classified as distribution, then I think that it would be far too
easy to be engaged in commercial distribution -- e.g., any business
web site would be engaged in commercial distribution of Apache under
that definition.



I haven't yet gotten everything together in my head yet, but I'm afraid
that closing the ASP loophole will result in the possibility of being in
violation of the GPL-v3 simply by making a machine with too much
software on it accessible from the net.

Furthermore, if such a change is sloppily written, too much software
might mean a bare-bones bootable system, as responding to pings is a
service, too, and is hard to distinguish from software-that-cures-cancer
as an ASP (technically, that is; both receive network packets and
respond to them with other network packets; I am sure that there are
other protocols that aren't quite as trivial as ping but still far less
than something we'd actually call an ASP that could be used as an
example as well).  


-- 
Stephen RyanDebian Linux 3.0
Technology Coordinator
Center for Educational Outcomes
at Dartmouth College

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-11 Thread Thomas Bushnell, BSG

Anthony Towns aj@azure.humbug.org.au writes:

 On Mon, Mar 10, 2003 at 09:15:22PM -0800, Thomas Bushnell, BSG wrote:
  Sample onerous conditions:
  1) Pay money.
  2) Send your changes back always.
  3) Pay money on request.
 
 I'm broke and on a desert island, I can't do any of these.
 
  4) Send your changes back on request.
 
 I'm broke and on a desert island, but I can do this if you cover my
  costs.
 
  We already reject (1), (2), and (3).  Why is (4) suddenly not rejected
  as onerous?  
 
 Because it's not onerous if someone else covers your costs. In the same
 way You must give me your sources at cost if you give me your binaries
 isn't onerous.

It has been pointed out that the true costs are sometimes much higher
than the cost of media.

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-11 Thread Thomas Bushnell, BSG

Anthony Towns aj@azure.humbug.org.au writes:

 On Mon, Mar 10, 2003 at 12:15:13PM -0800, Thomas Bushnell, BSG wrote:
  Anthony Towns aj@azure.humbug.org.au writes:
   Consider Frank the lawyer who takes some nice source code from a GPLed
   project, and adds some code his friend was telling him under NDA. He
   puts it up on the web, and suddenly gets demands for source code from
   the original author. What does he do, violate the NDA, or the copyright
   license??? What does he do?!?
  The GPL doesn't have such a rule.  
 
 He puts the program up on the web. As in http://www.frankcorp.com/foo.exe.
 People then download it. They then demand the source.

Why does he put it on the web?  *THAT* was already violating the NDA.

Re: OSD DFSG - different purposes - constructive suggestion!

On Tue, 2003-03-11 at 11:33, Henning Makholm wrote:
 Scripsit David Turner [EMAIL PROTECTED]
  On Mon, 2003-03-10 at 08:04, Henning Makholm wrote:
 
   In that case you can simply choose to distribute the program only to
   people you trust. You can't do this if the license carries an
   obligation to distribute to a fixed third party, too.
 
  Interesting!  I am inclined to agree with this, and point out that the
  AGPL basically puts users in the category of people you have to trust. 
 
 Yes - and we don't want to accept licenses that do not allow people
 the freedom to chose who they want to trust.

You choose your users.

  Sniffen (who secretely wants to write proprietary software)
 
 I think you just lost your credibility in this discussion.

I hope not!  I'm going by his comments in another part of this thread
(or was it another thread), which you described as arguments against
Free Software (rather than arguments against AGPL-like licensing).

-- 
-Dave Turner Stalk Me: 617 441 0668

On matters of style, swim with the current, on matters 
of principle, stand like a rock. -Thomas Jefferson

Re: OSD DFSG - different purposes - constructive suggestion!

On Tue, 2003-03-11 at 00:11, Thomas Bushnell, BSG wrote:
 David Turner [EMAIL PROTECTED] writes:
 
  On Mon, 2003-03-10 at 16:00, Walter Landry wrote:
   Anthony Towns aj@azure.humbug.org.au wrote:
Arguments about practicality, that this makes doing legitimate things 
harder
or impossible in some situations for purely technical reasons (the 
stranded
on an island test does this), are valid, but I haven't really seen any.
   
   What about an ATM machine?  If the ATM machine communicated with the
   central database using code with this enforced distribution clause,
   then you have to distribute to the users of the ATM.  Modifying an ATM
   to distribute code in addition to cash seems rather onerous.
  
  Print a link on the reciepts.
 
 The license doesn't say that is sufficient, does it?

I don't know.  Maybe.

But certainly, a better-written version might, hence why I keep asking
for comments.

-- 
-Dave Turner Stalk Me: 617 441 0668

On matters of style, swim with the current, on matters 
of principle, stand like a rock. -Thomas Jefferson

Re: Barriers to an ASP loophole closure (was Re: OSD DFSG - different purposes - constructive suggestion!)

On Tue, 2003-03-11 at 14:51, Stephen Ryan wrote:
On Tue, 2003-03-11 at 11:58, Steve Langasek wrote:

I find this an acceptable compromise. The GPL already implements
something very close to this: if you give someone a copy, they're able
to pass it on to a third party who in some cases then has grounds for
demanding source from the author. Extending that to letting a PCH demand
access to changes if someone tells him about them doesn't seem too much
of a stretch.

Close; the case in question for the GPL only arises in the case where
someone actually makes a written offer valid for at least three years.
Have you *ever* seen such an offer? I haven't.

I've seen tons of them in my work in the GPL compliance lab. Lots of
companies who make firewall appliances prefer (3)(b) compliance to
(3)(a) compliance. I will point you to an example of one which was
*not* from a compliance lab client:

ftp://ftp.symantec.com/public/english_us_canada/products/symantec_gateway_security/manuals/sgs_install_config.pdf

Quote is:

The Excluded Software consists of the open source code software known as
Linux included with the Appliance. All Excluded Software is licensed
under the GNU General Public License, Version 2, June 1991, a copy of
which is included with the user documentation for the Appliance. The
license entitles You to receive a copy of the source code for Linux only
upon request at a nominal charge. If you are interested in obtaining a
copy of such source code, please contact Symantec Customer Service at
one of the above addresses for further information.

--
-Dave Turner Stalk Me: 617 441 0668

On matters of style, swim with the current, on matters
of principle, stand like a rock. -Thomas Jefferson

Re: OSD DFSG - different purposes - constructive suggestion!

On Tue, 2003-03-11 at 00:10, Thomas Bushnell, BSG wrote:
 David Turner [EMAIL PROTECTED] writes:
 
  Because the four freedoms do talk about freedom to use the software, but
  don't say anthing about the freedom to *not* disclose source code under
  certain conditions.
 
 Why is this different from:
 
 Because the four freedoms do talk about freedom to use the software,
 but don't say anything about the freedom to *not* disclose your IRS
 tax records?
 
 The license could say: You may copy this software, provided that you
 provide a true copy of your tax returns upon request by the original
 author of the software.  We would reject that as nonfree, right?

Hm.  Yes.

So, I think we have to go back to looking at which restrictions we
allow.  For instance, we allow the GPL's section 4, which prohibits
certain people (on account of their past actions) from copying,
modifying, or distributing GPL'd software.  Why?  One answer is that 
it's the only way the GPL can be reasonably enforced.  

In Jeremy Hankins's suggested possible future, some AGPL-like (but
better drafted) license is the only way we can keep Free Software as
Free Software.  So, let's move to that thread.

-- 
-Dave Turner Stalk Me: 617 441 0668

On matters of style, swim with the current, on matters 
of principle, stand like a rock. -Thomas Jefferson

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-11 Thread Thomas Bushnell, BSG

David Turner [EMAIL PROTECTED] writes:

 So, I think we have to go back to looking at which restrictions we
 allow.  For instance, we allow the GPL's section 4, which prohibits
 certain people (on account of their past actions) from copying,
 modifying, or distributing GPL'd software.  Why?  One answer is that 
 it's the only way the GPL can be reasonably enforced.  
 
 In Jeremy Hankins's suggested possible future, some AGPL-like (but
 better drafted) license is the only way we can keep Free Software as
 Free Software.  So, let's move to that thread.

Um, but this is a trick!  Suppose I became convinced that I needed to
know the tax returns of the leaders of IBM; in that way I might be
able to exert pressure on them to release more of IBM's code as free
software.  

Then it might be that the only way to keep Free Software is to
require the disclosure of tax returns.

Indeed, the people who want to ban flag burning see flag burning as
such a threat to the Republic, that they say the only way to to keep
free speech is to ban flag burning.  Ludicrous!

Section 4 has never been invoked (though it has been threatened), but
more to the point, it acts almost entirely to allow a court to give
*injunctive* relief for future acts.  

Jeremy Hankins hasn't explained well enough for me why in that future
we would be unable to make the kinds of free software we have now.

Re: OSD DFSG - different purposes - constructive suggestion!

On Tue, Mar 11, 2003 at 12:00:38PM -0800, Thomas Bushnell, BSG wrote:
 Anthony Towns aj@azure.humbug.org.au writes:
  Because it's not onerous if someone else covers your costs. In the same
  way You must give me your sources at cost if you give me your binaries
  isn't onerous.
 It has been pointed out that the true costs are sometimes much higher
 than the cost of media.  

Yes. Tools, media, postage, and your time (to a reasonable extent) are
all legitimate things to claim as part of your costs. If someone's
being overly obscene in their cost analysis, you can take them to court
and get an enforcable second opinion on what's reasonable.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpmVCVCp5z89.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

On Tue, Mar 11, 2003 at 12:02:06PM -0800, Thomas Bushnell, BSG wrote:
 Anthony Towns aj@azure.humbug.org.au writes:
  On Mon, Mar 10, 2003 at 12:15:13PM -0800, Thomas Bushnell, BSG wrote:
   Anthony Towns aj@azure.humbug.org.au writes:
Consider Frank the lawyer who takes some nice source code from a GPLed
project, and adds some code his friend was telling him under NDA. He
puts it up on the web, and suddenly gets demands for source code from
the original author. What does he do, violate the NDA, or the copyright
license??? What does he do?!?
   The GPL doesn't have such a rule.  
  He puts the program up on the web. As in http://www.frankcorp.com/foo.exe.
  People then download it. They then demand the source.
 Why does he put it on the web?  *THAT* was already violating the NDA.  

Lots of people distribute binaries that encode NDAed technologies.
Windows, etc.

Maybe it was a special case of some clever new advance in AI that looks
for flaws in contracts, and he only gives away copies to his clients
after getting $50 via paypal, which he splits 50:50 with his friend.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpggiazA1HnJ.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-11 Thread Branden Robinson

On Tue, Mar 11, 2003 at 12:44:15PM +0100, Bernhard R. Link wrote:
 Even http://www.fsf.org/philosophiy/free-sw.html, where the four
 freedoms are written, talks about:
 #You should also have the freedom to make modifications and use them
 #privately in your own work or play, without even mentioning that they 
 #exist. If you do publish your changes, you should not be required to 
 #notify anyone in particular, or in any particular way.
 #
 #The freedom to use a program means the freedom for any kind
 #of person or organization to use it on any kind of computer 
 #system, for any kind of overall job, and without being required to
 #communicate subsequently with the developer or any other specific entity.

Thanks for the cite; hopefully Mr. Turner will get that Ashcroft stuff
out of his system now.  ;-)

-- 
G. Branden Robinson|  I came, I saw, she conquered.
Debian GNU/Linux   |  The original Latin seems to have
[EMAIL PROTECTED] |  been garbled.
http://people.debian.org/~branden/ |  -- Robert Heinlein


pgpHXvaBUGQc4.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-11 Thread Branden Robinson

On Mon, Mar 10, 2003 at 06:14:44PM -0500, David Turner wrote:
 Thomas, I'm responding to your questions, but I'm actually directing my
 response to Branden Robinson, since I don't know your position on his
 DFSG-interpretation proposal.
 
 Branden, if the FSF's four freedoms are the consitution to DFSG's case
 law, they have a lot in common with the US constitution, in that they
 don't explicitly guarantee a right to privacy.  So, see below.

See my remark elsewhere about Debian possibly having Five Freedoms.

Reading the Ninth Amendment as meaningless because it doesn't enumerate
any rights is not a good way to score rhetorical points with me.

  The enumeration in the Constitution, of certain rights, shall not be
  construed to deny or disparage others retained by the people.

Modern jurisprudence appears to read this as follows:

  The enumeration in the Constitution, of certain rights, shall be
  construed to mean that the people have no others.

 Because the four freedoms do talk about freedom to use the software, but
 don't say anthing about the freedom to *not* disclose source code under
 certain conditions.
[...]
 Interestingly, neither the FSF's four freedoms, nor FDR's four freedoms
 (wink) include privacy. 

I don't think this is interesting at all.  It's a thoughtless oversight.

-- 
G. Branden Robinson|Freedom is kind of a hobby with me,
Debian GNU/Linux   |and I have disposable income that
[EMAIL PROTECTED] |I'll spend to find out how to get
http://people.debian.org/~branden/ |people more of it. -- Penn Jillette


pgpt978GxS1lf.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

Anthony Towns aj@azure.humbug.org.au writes:

 Sure. Compare this to some code using the GPL; same sort of information,
 same problem with it: their trade secrets are woven into the functionality
 of the code itself. If one of your customers is a competitor, or a
 competitor buys out a user, any requirement to distribute source to your
 users makes it non-viable to use the software for certain applications
 which are, eg, protected by BSD-style licenses.

Except the GPL doesn't force you to share your secrets, ever.  You can
share them with exactly the people you want to share them with, and
you are never obligated to share them with person X just because you
shared them with person Y.

 Arguments about practicality, that this makes doing legitimate things harder
 or impossible in some situations for purely technical reasons (the stranded
 on an island test does this), are valid, but I haven't really seen any.

It's not about practicality; it's about freedom.  The question is:
should I get to control the behavior of that other person in the way
they modify and copy the software?  The default answer is no, and
any deviation from that needs defense.  Some deviations can be
defended as an augment to freedom (required change notices like those
the GPL has; requirement to distribute source with binarie).  Other
deviations cannot be defended as an augment to freedom.  Forcing the
distribution to any third party, it seems to me, is a deviation of the
latter sort.  

At least, I haven't heard of any defense of such a deviation, on any
other principle than it makes sure that they contribute back.  But
free software was never about forcing people to contribute back.  That
was always a happily hoped for by-product of the system.  Indeed, the
whole genius of the system is the way that it produces unforced
contributions back.

 Another possibility is that getting such clauses *right*, in a way that
 can't be abused by the author to harass the user, or otherwise create
 an undue burden on the user, is impossible -- that we haven't seen any
 examples which do this remotely well; but that the possibility remains
 that one day we would, and we'd be willing to accept that license into
 main. That is, there isn't anything fundamentally wrong with this,
 as long as the user's costs can be minimised [0].

For the time being, I think debating the details of wording is not
worth it, because I think there is a problem with the basic concept.
So let's talk about the basic concept.

 (And yes, I do realise I was arguing the other side of this just a day
 or two ago)

Aw, heck, once I was defending the GNU FDL.  We all learn and
change. :)

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Don Armstrong

On Mon, 10 Mar 2003, Anthony Towns wrote:
 Is there a _fundamental_ difficulty with such licenses?

I'm beginning to think that there is, as it restricts the use that an
individual can put a given bit of source to in his or her own home.

 First, does that cause any problems for Debian?

I don't think it would cause a problem with the majority of people who
are using or modifying Free Software, as (I would imagine) most of
them don't have anything to hide... but to someone who does?

 As a mental exercise, try replacing The Chinese Dissident Test with
 The Al Qa'ida Terrorist Test

Heh. It's funny that you mentioned this, as originally I was going to
use The Base instead of the proto anarchist of raisethefist,[1] but
decided that it would merely cloud the issue.

 The companies who want to include NDA'ed, patented or secret
 technology in programs have pretty much the same problem they'd have
 if they were using the GPL, and needed to distribute such programs to
 their customers;

True, but the knowledge that they can't distribute is a certainty.

I see that this could force people in such a situation to spend the
time that they might spend improving GPLed tools (whilst keeping the
NDAed portions secret) extending other tools instead. [Of course, you
could extend the same argument to distribute as well, but it seems
that experience has taught us that extenders of BSD code don't often
contribute their changes to the community.]

 A number of companies, and the FSF, want to see this loophole
 removed; I think we should be _very_ sure of our reasons before
 dismissing their attempts.

I agree completely, and I'm glad that we're discussing it as
thoroughly as possible. Regardless of the our eventual consensus, the
discussion will make the logic behind the eventual change (if any)
that much stronger.


Don Armstrong

1: http://www-2.cs.cmu.edu/~dst/raisethefist/
-- 
Filing a bug is probably not going to get it fixed any faster.
 -- Anthony Towns
 
http://www.donarmstrong.com
http://www.anylevel.com
http://rzlab.ucr.edu


pgpTJxl7DhuOG.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

Don Armstrong [EMAIL PROTECTED] writes:

 I don't think it would cause a problem with the majority of people who
 are using or modifying Free Software, as (I would imagine) most of
 them don't have anything to hide... but to someone who does?

I thought of a scenario, which seems entirely plausible, all above
board, and should give pause to any kind of forced publication
requirement.  No anarchists or terrorists, no repressive governments.

Consider Fred the Lawyer.  He has a number of clients, for whom he
drafts contracts.  The contracts are sensitive, and the Fred has a
legal obligation to preserve confidentiality in all his dealings with
his clients.  They have the right to tell people what goes on between
him and them, but he has no such right: he has, by contrast, an
ironclad obligation *not* to disclose any material fact about his
relationship with his clients.  The clients do complicated business
and financial deals, which depend on this secrecy.

Now some of his clients need to have a bunch of similar contracts.
Joe's Sheet Rock Company needs to write order contracts for materials,
and because of the tight competition in the sheet rock industry, the
details of the contracts he works out with his suppliers are kept
tightly guarded.  Similarly, Al's Brick Works and Dave's Lumber
Supply.  They all are in highly competitive fields, where they need to
have purchase contracts with suppliers, and the details of these
contracts are extremely sensitive.

Now Joe's Sheet Rock Company needs to be flexible in the deals it
makes with suppliers, but the contracts all fall into similar
patterns.  So the Fred the Lawyer thinks of a method for helping Joe's
while keeping unnecessary legal expenses down.  He'll write a computer
program, tailored specially for Joe's Sheet Rock; Joe can then input
the details of the particular arrangement, and most of the time, the
program can churn out a reliable contract for Joe and his supplier.
What a great system!

Fred wants to use a popular free software package which almost does
just the job: QNU Madlibs.  But QNU Madlibs is distributed under the
QPL.  What the Fred would like to do is make a special version of QNU
Madlibs for Joe, with the special details of Joe's contracts.  And
this is not mere change of data: Fred has a good programming staff,
and the logic of Joe's business practices is deeply embedded in the
logic of the program that the Fred's firm writes.

So the Fred modifies QNU Madlibs.  He gives Joe the program, along
with the source, and thinks wow, free software really is cool.  But
alas, he was using something under the QPL.  One day the author of QNU
Madlibs goes through the server logs for downloads, thinking I wonder
if anyone has any cool improvements on my program.  For each
download, he sends a formal request to give back their changes to the
sysadmin of the systed who downloaded.  Won't get perfect response,
but that's OK; he's just casting a wide net.

And the Fred the Lawyer has a talented technical staff.  They get the
request, and it lands on Fred's desk the next day.  

If Fred complies with the demand, he violates a duty of
confidentiality.  Whoops!  Fred was entirely happy to play by what he
thought were the rules of free software; he gave Joe's Sheet Rock the
source to the program (indeed, Joe is a programmer himself, and has
been working together with Fred on possible improvements: Joe is also
delighted at the requirements that source be given to him).  But alas,
since QNU Madlibs is distributed under the QPL, Fred and Joe are out
of luck.

If there were no copyrights, Joe and Fred would not be stuck.  But the
licensor has decided to use copyright restrictions to enforce a you
must share limitation on their freedom, which has materially hurt
them.

Thomas

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Anthony Towns

On Sun, Mar 09, 2003 at 09:48:22PM -0800, Thomas Bushnell, BSG wrote:
 Anthony Towns aj@azure.humbug.org.au writes:
  Sure. Compare this to some code using the GPL; same sort of information,
  same problem with it: their trade secrets are woven into the functionality
  of the code itself. If one of your customers is a competitor, or a
  competitor buys out a user, any requirement to distribute source to your
  users makes it non-viable to use the software for certain applications
  which are, eg, protected by BSD-style licenses.
 Except the GPL doesn't force you to share your secrets, ever.  

Yes, it does: it's quite possible to write code in such a way that when
compiled, it's near impossible to work out exactly what's going. There's
a whole swath of research on obfuscation. The GPL says well, sure,
go ahead, but you have to include the source code anyway, so you're not
going to succeed at hiding anything.

It certainly does force you to share your secrets. It forces you to share
your secrets only with your customers, though.

  Arguments about practicality, that this makes doing legitimate things harder
  or impossible in some situations for purely technical reasons (the stranded
  on an island test does this), are valid, but I haven't really seen any.
 It's not about practicality; it's about freedom.  

That's great, Thomas, but you're missing the point. You can say
it's about privacy, it's about the freedom to keep things private,
it's about not fundamental rights 'til you're blue in the face, and
even though every word of it's completely true, it's *not relevant*. We
don't guarantee every freedom we can, we guarantee the one's that are
important and useful.

 The question is:
 should I get to control the behavior of that other person in the way
 they modify and copy the software?  The default answer is no, 

Copyright law says that if you're the author, then the answer's yes. The
GPL says that abdicating too much of that control can be harmful.

 At least, I haven't heard of any defense of such a deviation, on any
 other principle than it makes sure that they contribute back.

It closes a loophole; that is, it means companies can't maliciously
take free GPLed software, make changes to it that they don't release,
and then cause users to rely on that software.

 But free software was never about forcing people to contribute back.  

No, but the GPL is about forcing people to pass the freedoms they have
onto their users.

Maybe try it this way: why is privacy a win? Imagine I'm from an
alternate universe, which we shall call BrinWorld [0] where we don't
have IP or privacy laws as such at all, and snooping technology exists
to the point where there's no point obfuscating your source, because I
can just lookup google or world.archive.org to find someone who flew a
microcam into your office as you were writing your code, and OCR an MPEG
of your monitor's image as you were hacking away. Okay, maybe that was too
much background, but imagine I'm from a world that doesn't bother with
privacy and copyright, and manages to allow universal access to pretty
much everything, and that still functions as a society. Convince me that
in this imperfect world, as we try to make things more transparent, and
give people more control and access over the software that affects them,
that being able to get access to the sourcecode for www.wherever.com
whether they want me to or not is a *bad* thing.

Note that you do _not_ get to assume privacy is good and moral and a
right of both individuals and corporations. Justify it in other terms,

Cheers,
aj

[0] _The Transparent Society_, David Brin; very interesting book

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgp4oBqlsbaZE.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Anthony Towns

On Sun, Mar 09, 2003 at 10:53:28PM -0800, Thomas Bushnell, BSG wrote:
 Consider Fred the Lawyer.  [...]

 He'll write a computer program, tailored specially for Joe's Sheet Rock;
 Joe can then input the details of the particular arrangement, [...]

 Fred wants to use a popular free software package which almost does
 just the job: QNU Madlibs.  But QNU Madlibs is distributed under the
 QPL.  What the Fred would like to do is make a special version of QNU
 Madlibs for Joe, with the special details of Joe's contracts.  [...]

Unfortunately, he realises he can't. Thus he writes his own program from
scratch. Or else he adds a macro facility into QNU Madlibs, or customises
it so it'll accept contract texts from a data file rather than hardcoding
it and makes sure that he only needs to accompany it with the original
contract forms for it to be a useful program. Maybe he does the latter,
then contributes the changes back upstream so his programmers don't have
to keep supporting it, and can work on other projects.

 If Fred complies with the demand, he violates a duty of
 confidentiality.  

Fred's pretty silly for not having looked into this in the first place.
Especially being a lawyer.

Consider Frank the lawyer who takes some nice source code from a GPLed
project, and adds some code his friend was telling him under NDA. He
puts it up on the web, and suddenly gets demands for source code from
the original author. What does he do, violate the NDA, or the copyright
license??? What does he do?!?

 If there were no copyrights, Joe and Fred would not be stuck.  

If there were no copyrights, Frank wouldn't be stuck either. If Fred
had spent a minute looking through the license, or even simply practised
good programming techniques he wouldn't be stuck, either.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpOkPsLK6CrC.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Mark Rafn

On Mon, 10 Mar 2003, Anthony Towns wrote:
   If you have created a modified version of the Work, and receive
a request by the Primary Copyright Holder, you must provide
a copy of your modifications as at the date of the request in
source form, at cost, to the Primary Copyright Holder.

I think there's a fundamental problem.  I'm leaning toward the opinion
that forced distribution is unfree.  Forced distribution to users, to 
viewers, to authors, or to the public.  None of it sits right.
--
Mark Rafn[EMAIL PROTECTED]http://www.dagon.net/

Re: OSD DFSG - different purposes - constructive suggestion!

Scripsit Anthony Towns aj@azure.humbug.org.au
 On Sun, Mar 09, 2003 at 10:19:16PM -0600, Steve Langasek wrote:

  I believe that there IS a fundamental difficulty with such licenses.
  Consider the case where a company's modifications encode certain business
  logic details. =20

 This doesn't make something more difficult; it makes you likely to
 choose not to base your work on that piece of software.

Yes, and that means that software licensed in that way should not be
considered DFSG-free. It's part of what we promise our users: You can
take software in Debian main and modify it to include your business
secrets, and - if we on d-l have done our job properly - not risk
being legally compelled to disclosing those secrets to someone you
don't want to disclose them to.

 Sure. Compare this to some code using the GPL; same sort of information,
 same problem with it: their trade secrets are woven into the functionality
 of the code itself.

In that case you can simply choose to distribute the program only to
people you trust. You can't do this if the license carries an
obligation to distribute to a fixed third party, too.

 What's the difference? Why should Debian choose to ensure one company
 can merge in their trade secrets into any part of Debian, but not ensure
 the other company can do likewise?

Your analogy is flawed, that's the difference.

 The argument not requiring public access is important because privacy
 is important is circular, so invalid.

Privacy is important is not an argument - it's an axiom.

-- 
Henning Makholm  Det är alldeles för ansvarsfullt att skaffa en
flickvän. Det är ju som att skaffa en hundvalp.

Re: OSD DFSG - different purposes - constructive suggestion!

Scripsit Anthony Towns aj@azure.humbug.org.au

 It certainly does force you to share your secrets. It forces you to share
 your secrets only with your customers, though.

Nonsense. It is perfectly possible to use a modified GPLed program
internally and never tell one's customers about it.

 That's great, Thomas, but you're missing the point. You can say
 it's about privacy, it's about the freedom to keep things private,
 it's about not fundamental rights 'til you're blue in the face, and
 even though every word of it's completely true, it's *not relevant*.

You're wrong. It is relevant. It's one of the freedoms we're protecting.

 We don't guarantee every freedom we can, we guarantee the one's that
 are important and useful.

And privacy is an important and useful freedom.

  But free software was never about forcing people to contribute back. =20

 No, but the GPL is about forcing people to pass the freedoms they have
 onto their users.

No. The GPL is about forcing people to pass the freedoms they have
onto the ones they give the program. If you don't give the program
away, or decide only to give it to your brother, you don't have to
give the freedoms to anyone else.

 Note that you do _not_ get to assume privacy is good and moral and a
 right of both individuals and corporations. Justify it in other terms,

Why? Moral judgements can never be justified ex nihil.

-- 
Henning Makholm   Jeg mener, at der eksisterer et hemmeligt
 selskab med forgreninger i hele verden, som
 arbejder i det skjulte for at udsprede det rygte at
  der eksisterer en verdensomspændende sammensværgelse.

Re: OSD DFSG - different purposes - constructive suggestion!

Scripsit Nick Phillips [EMAIL PROTECTED]

 Were you to say that the teachers may only take the software under the terms
 of the BSD license, and that everyone else may only take it under the terms
 of the GPL, then I don't believe we would have such a clear consensus.

 It would make me uneasy, at least.

Me too. I think our principle is that we're happy if there is *some*
set of free terms that apply to *everyone*. Otherwise it would be
discriminating IMO.

-- 
Henning Makholm That's okay. I'm hoping to convince the
  millions of open-minded people like Hrunkner Unnerby.

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Brian T. Sniffen

Anthony Towns aj@azure.humbug.org.au writes:
 It certainly does force you to share your secrets. It forces you to share
 your secrets only with your customers, though.

I don't believe this is the case: I have code which is a proprietary
typesetting package based on GPL'd works.  My customers give me paper
and I give them paper back; sometimes i give them PDF files for
proofing.  These files contain *their* proprietary information.

 It closes a loophole; that is, it means companies can't maliciously
 take free GPLed software, make changes to it that they don't release,
 and then cause users to rely on that software.

One of the advantages I've seen in the GPL is that it promotes the
use-value of software over its sale-value.  This sort of change --
requirements that an author distribute his changes more widely than he
wishes -- seems to remove much of the use value as well.

 Convince me that in this imperfect world, as we try to make things
 more transparent, and give people more control and access over the
 software that affects them, that being able to get access to the
 sourcecode for www.wherever.com whether they want me to or not is a
 *bad* thing.

* It makes certain kinds of crimes easier to commit, though much
  harder to conceal.

* Identity theft, in particular, becomes much easier.

* There's less incentive to develop new changes: unless you can afford
  a stable of developers large enough to deploy new features faster
  than your competitors can copy them, you gain no competitive
  advantage from innovation.  Software gets developed only to scratch
  personal itches.

-Brian

-- 
Brian T. Sniffen[EMAIL PROTECTED]
   http://www.evenmere.org/~bts/

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Glenn Maynard

On Mon, Mar 10, 2003 at 11:23:26AM -0500, Brian T. Sniffen wrote:
  Convince me that in this imperfect world, as we try to make things
  more transparent, and give people more control and access over the
  software that affects them, that being able to get access to the
  sourcecode for www.wherever.com whether they want me to or not is a
  *bad* thing.

 * There's less incentive to develop new changes: unless you can afford
   a stable of developers large enough to deploy new features faster
   than your competitors can copy them, you gain no competitive
   advantage from innovation.  Software gets developed only to scratch
   personal itches.

This sure sounds like a (poor) argument against open source in general.

-- 
Glenn Maynard

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Brian T. Sniffen

Glenn Maynard [EMAIL PROTECTED] writes:

 On Mon, Mar 10, 2003 at 11:23:26AM -0500, Brian T. Sniffen wrote:
 * There's less incentive to develop new changes: unless you can afford
   a stable of developers large enough to deploy new features faster
   than your competitors can copy them, you gain no competitive
   advantage from innovation.  Software gets developed only to scratch
   personal itches.

 This sure sounds like a (poor) argument against open source in general.

Not at all.  Open-source is great for infrastructure software --
Linux, Apache, Emacs.  Many companies have private modifications to
Linux or Apache which they use internally; some of these get released,
some don't.  Everybody benefits by contributing to the common good.
For example, several network infrastructure companies use Linux on
their embedded devices, release kernel changes and improvements, and
keep their core technology in-house.  It's not that it's under a
proprietary license, just that it's not distributed at all.  This
model works wonderfully for the free software community and for those
companies.

-Brian

-- 
Brian T. Sniffen[EMAIL PROTECTED]
   http://www.evenmere.org/~bts/

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Joe Moore

Thomas Bushnell, BSG said:
 Anthony Towns aj@azure.humbug.org.au writes:

 Sure. Compare this to some code using the GPL; same sort of
 information, same problem with it: their trade secrets are woven into
 the functionality of the code itself. If one of your customers is a
 competitor, or a competitor buys out a user, any requirement to
 distribute source to your users makes it non-viable to use the
 software for certain applications which are, eg, protected by
 BSD-style licenses.

 Except the GPL doesn't force you to share your secrets, ever.  You can
 share them with exactly the people you want to share them with, and you
 are never obligated to share them with person X just because you shared
 them with person Y.

I don't quite understand how you get this from the GPL.

(Assumption: you give binaries to Y, but only a written offer for source,
since it's your secret.  You'll give them to Y if they ask for them)

The offer to any third party in Clause 3 seems to mean that if Y gives
your binaries to X (in a non-commercial manner), you must give the source
to X (sharing your secrets)

If you try to restrict Y's freedom to give the binaries away, then you run
afoul of Clause 6 (no other restrictions)

--Joe

Barriers to an ASP loophole closure (was Re: OSD DFSG - different purposes - constructive suggestion!)

2003-03-10 Thread Jeremy Hankins

Anthony Towns aj@azure.humbug.org.au writes:

 This detailed wrangling is really missing the point that I'm interested
 in, though. Is there a _fundamental_ difficulty with such licenses?

Is it users of programs or owners of copies of programs that should
have freedom?  As far as I can see the answer is clearly users.
Currently those two groups are roughly the same, and the second group
is *much* easier to draw a line around.  So we use ownership of a copy
to pin freedoms to.

But if we imagine a world out of an ASP nightmare we're no longer
giving users freedoms because there's no distribution of software to
those who use the software.  Say someone makes a version of latex that
will transparently read and reproduce Word documents (substitute
whatever killer feature you like).  They put it behind a web interface
that allows you to edit documents and save them on their server, and
outputs obfuscated postscript so you can print them out.  This is
pretty clearly not the intention of the copyright holders, and it's
clear that a standard copyleft license wont help them.

I hope this world (where most software use follows the pattern of the
latex example above) doesn't happen, and I honestly don't think it
will.  But reasonable people can and do disagree.  If they can find a
way to tie the freedoms of the DFSG to users of software rather than
possessors of copies of software, should that make their software
non-DFSG-free?

It's clear that's hard, and it may be so hard it's not possible in a
free license.  But if someone could jump all the hurdles:

* Find a way of laying out who the users of software are that matches
  our intuitions on the subject (we'd have to think very carefully
  about edge cases here),

* Find a way of safeguarding the important freedoms (including access
  to source) for these users,

* And do all this without increasing the burden on the distributor (or
  software provider) beyond that which the GPL already places (e.g.,
  passes the dissident test, no restrictions on modification, etc).

If all of this could be done, would the license be DFSG free?  For
what it's worth, I don't think AJ's snippet does it (for reasons
others have enumerated).

I think the answer is yes.  It's *users*, not copies, that should have
freedoms.  But I admit I'm not clear how it could be done.

But plenty of people are going to continue to try to close the ASP
loophole.  And that's not a bad thing -- the community's simply
working in parallel.  But in the process they're going to come up with
a lot of bad, non-DFSG-free licenses.

So we have three meta-options:

* Decide that freedoms *should* attach to copies rather than users

* Decide that there's no way over the hurdles I listed above, so we
  should just hope (and maybe do more than hope) that the ASP
  nightmare never happens.

* Think about how or whether the hurdles could be jumped.  If we can
  come up with a way, we should tell folks about it.  Otherwise we
  should be prepared to look at the licenses that attempt it on a
  case-by-case basis.

I'm for option 3, or possibly option 3 followed by 2.

[snip]

 Basically, as far as I can see, the dissident test is exactly equivalent
 to saying we don't want to close this ASP loophole thing.

I don't think this is true, if you accept the substitution of users
for copy holders.  With the GPL distributors have an obligation to
people they've given a copy to.  With an ASP-loophole-closing license
that worked, copy holders, or folks that make their software available
for others to use, would have an obligation to people that use their
software (on their server, not the same software on some other server,
of course).  But they would have no obligation to folks who use
software provided by someone else's server, or don't use the software
at all, nor would they have an obligation to let anybody use the
software on their server.

-- 
Jeremy Hankins [EMAIL PROTECTED]
PGP fingerprint: 748F 4D16 538E 75D6 8333  9E10 D212 B5ED 37D0 0A03

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Glenn Maynard

On Mon, Mar 10, 2003 at 01:37:54PM -0500, Brian T. Sniffen wrote:
  * There's less incentive to develop new changes: unless you can afford
a stable of developers large enough to deploy new features faster
than your competitors can copy them, you gain no competitive
advantage from innovation.  Software gets developed only to scratch
personal itches.
 
  This sure sounds like a (poor) argument against open source in general.
 
 Not at all.  Open-source is great for infrastructure software --
 Linux, Apache, Emacs.  Many companies have private modifications to
 Linux or Apache which they use internally; some of these get released,
 some don't.  Everybody benefits by contributing to the common good.
 For example, several network infrastructure companies use Linux on
 their embedded devices, release kernel changes and improvements, and
 keep their core technology in-house.  It's not that it's under a
 proprietary license, just that it's not distributed at all.  This
 model works wonderfully for the free software community and for those
 companies.

I'm not disagreeing with this. I'm saying that your argument (top quote) can
be applied to open source in general, and we all know it to be false in that
case; so how are web apps so different?

-- 
Glenn Maynard

Re: OSD DFSG - different purposes - constructive suggestion!

Anthony Towns aj@azure.humbug.org.au writes:

 Fred's pretty silly for not having looked into this in the first place.
 Especially being a lawyer.

That's not the point.  The point is that demanding disclosure is like
demanding payment: it's NOT FREE.  The point is not that Fred is
trapped; it's that he *would* be trapped, he's NOT FREE, he is
*BOUND*. 

 Consider Frank the lawyer who takes some nice source code from a GPLed
 project, and adds some code his friend was telling him under NDA. He
 puts it up on the web, and suddenly gets demands for source code from
 the original author. What does he do, violate the NDA, or the copyright
 license??? What does he do?!?

The GPL doesn't have such a rule.  The GPL doesn't force him to honor
such a demand.  The GPL is a free software license.

Re: OSD DFSG - different purposes - constructive suggestion!

Joe Moore [EMAIL PROTECTED] writes:

 I don't quite understand how you get this from the GPL.
 
 (Assumption: you give binaries to Y, but only a written offer for source,
 since it's your secret.  You'll give them to Y if they ask for them)
 
 The offer to any third party in Clause 3 seems to mean that if Y gives
 your binaries to X (in a non-commercial manner), you must give the source
 to X (sharing your secrets)

Right, but you aren't ever required to use that clause.  If you don't
want to have to worry about the offer to any third party clause,
then you just give the actual source, and not just the written offer.

Re: OSD DFSG - different purposes - constructive suggestion!

Anthony Towns aj@azure.humbug.org.au writes:

 Yes, it does: it's quite possible to write code in such a way that when
 compiled, it's near impossible to work out exactly what's going. There's
 a whole swath of research on obfuscation. The GPL says well, sure,
 go ahead, but you have to include the source code anyway, so you're not
 going to succeed at hiding anything.
 
 It certainly does force you to share your secrets. It forces you to share
 your secrets only with your customers, though.

No.  It forces you to share *with the person who gets the program*.
That's it, and the point is to preserve *THAT* person's right to
modify the program which they have.  

 That's great, Thomas, but you're missing the point. You can say
 it's about privacy, it's about the freedom to keep things private,
 it's about not fundamental rights 'til you're blue in the face, and
 even though every word of it's completely true, it's *not relevant*. We
 don't guarantee every freedom we can, we guarantee the one's that are
 important and useful.

The point is that it is about *freedom*.  You are saying that this
restriction is ok.  Why then is not a restriction this software
cannot be used by bigots not OK?  Why should we prohibit that
restriction in free software?

 No, but the GPL is about forcing people to pass the freedoms they have
 onto their users.

No, not to the users, but to the people who have the program.  They
may be a different set from the users.

 Note that you do _not_ get to assume privacy is good and moral and a
 right of both individuals and corporations. Justify it in other terms,

That's not the assumption.  I'm not saying privacy is good, so we
should make room for it.  We should make room for bigots too, but
they aren't good.  

I'm saying privacy is an aspect of freedom, and so we should make
room for it.

Re: Barriers to an ASP loophole closure (was Re: OSD DFSG - different purposes - constructive suggestion!)

Jeremy Hankins [EMAIL PROTECTED] writes:

 Is it users of programs or owners of copies of programs that should
 have freedom?  As far as I can see the answer is clearly users.
 Currently those two groups are roughly the same, and the second group
 is *much* easier to draw a line around.  So we use ownership of a copy
 to pin freedoms to.

What about my list of software that I am a user of?  The software my
dentist uses to track patient records?  The software the University
uses to track my grades?  The software that Congress uses to track
legislation?  I'm a user of all of that, at least, to the extent that
I'm a user of the software that implements a web site I visit.

 I hope this world (where most software use follows the pattern of the
 latex example above) doesn't happen, and I honestly don't think it
 will.  But reasonable people can and do disagree.  If they can find a
 way to tie the freedoms of the DFSG to users of software rather than
 possessors of copies of software, should that make their software
 non-DFSG-free?

Because we have traditionally thought that the freedom attaches to the
possessor, and you would be reducing that freedom, in order to
increase the freedom of users.  Nor would it work!

Remember RMS's little printer software story about how he first
realized the importance of free software?  I *cannot* change the
program that implements my dentist's billing records, or the software
that backs a popular web site: I *cannot*.  EVEN if I have the
source.  This is because I'm merely the user, and not the possessor.

Free software preserves the possessor's legal liberty to change the
software, something that only legal limitation was previously blocking
him in.  But forced publication at all: how does this increase the
user's liberty to change the software?

 I think the answer is yes.  It's *users*, not copies, that should have
 freedoms.  But I admit I'm not clear how it could be done.

Even if there were *no* legal limitations of any kind on the copying
and modification of any software, there would *still* be no way to
give that liberty to users, since (when user and possessor are
different folks), the user is not the one who decides what software to
use (paradoxically).  The user can't change the software at all.

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Brian T. Sniffen

Glenn Maynard [EMAIL PROTECTED] writes:

 On Mon, Mar 10, 2003 at 01:37:54PM -0500, Brian T. Sniffen wrote:
  * There's less incentive to develop new changes: unless you can afford
a stable of developers large enough to deploy new features faster
than your competitors can copy them, you gain no competitive
advantage from innovation.  Software gets developed only to scratch
personal itches.
 
  This sure sounds like a (poor) argument against open source in general.
 
 Not at all.  Open-source is great for infrastructure software --
 Linux, Apache, Emacs.  Many companies have private modifications to
 Linux or Apache which they use internally; some of these get released,
 some don't.  Everybody benefits by contributing to the common good.
 For example, several network infrastructure companies use Linux on
 their embedded devices, release kernel changes and improvements, and
 keep their core technology in-house.  It's not that it's under a
 proprietary license, just that it's not distributed at all.  This
 model works wonderfully for the free software community and for those
 companies.

 I'm not disagreeing with this. I'm saying that your argument (top quote) can
 be applied to open source in general, and we all know it to be false in that
 case; so how are web apps so different?

As I said: existing mechanisms of licensing Free Software (e.g. GNU
GPL and MIT/X11) provide an impetus for improvement.  A
compulsory-sharing license, as might bring us closer to BrinWorld,
removes much of the financial incentive for such improvement.  In such
a world, the changes made, used, and later released by IBM, Red Hat,
Akamai, Apple... all wouldn't have been made, and our software
technology would be that much more primitive.

-Brian

-- 
Brian T. Sniffen[EMAIL PROTECTED]
   http://www.evenmere.org/~bts/

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Walter Landry

Anthony Towns aj@azure.humbug.org.au wrote:
 Arguments about practicality, that this makes doing legitimate things harder
 or impossible in some situations for purely technical reasons (the stranded
 on an island test does this), are valid, but I haven't really seen any.

What about an ATM machine?  If the ATM machine communicated with the
central database using code with this enforced distribution clause,
then you have to distribute to the users of the ATM.  Modifying an ATM
to distribute code in addition to cash seems rather onerous.

Regards,
Walter Landry
[EMAIL PROTECTED]

Re: Barriers to an ASP loophole closure (was Re: OSD DFSG - different purposes - constructive suggestion!)

2003-03-10 Thread Nick Phillips

On Mon, Mar 10, 2003 at 12:25:02PM -0800, Thomas Bushnell, BSG wrote:

[ more good argument snipped]

 Even if there were *no* legal limitations of any kind on the copying
 and modification of any software, there would *still* be no way to
 give that liberty to users, since (when user and possessor are
 different folks), the user is not the one who decides what software to
 use (paradoxically).  The user can't change the software at all.

I think you may be spot-on.

-- 
Nick Phillips -- [EMAIL PROTECTED]
Don't tell any big lies today.  Small ones can be just as effective.

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Glenn Maynard

On Mon, Mar 10, 2003 at 03:46:57PM -0500, Brian T. Sniffen wrote:
 As I said: existing mechanisms of licensing Free Software (e.g. GNU
 GPL and MIT/X11) provide an impetus for improvement.  A
 compulsory-sharing license, as might bring us closer to BrinWorld,
 removes much of the financial incentive for such improvement.  In such
 a world, the changes made, used, and later released by IBM, Red Hat,
 Akamai, Apple... all wouldn't have been made, and our software
 technology would be that much more primitive.

The GPL removes much of the financial incentive for such improvement.
After all, you have to provide source and you can't restrict people you
sell copies to from giving it away for free, so the entire sales model of
selling individual programs on the shelf, and licensing software per-seat,
goes completely out the window.

I disagree with this argument, of course (as everyone here probably does: it's
true that the same sales model doesn't work, but it certainly hasn't stopped
innovation), but your argument seems to be exactly the same.  Why is this
argument valid for web applications where it's clearly wrong for other
software?

(To be clear, I'm firmly against forced-sharing; the GPL goes far enough.  I
just don't think this particular argument is valid.)

-- 
Glenn Maynard

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Branden Robinson

On Mon, Mar 10, 2003 at 05:39:40PM +1000, Anthony Towns wrote:
 On Sun, Mar 09, 2003 at 10:53:28PM -0800, Thomas Bushnell, BSG wrote:
  Fred wants to use a popular free software package which almost does
  just the job: QNU Madlibs.  But QNU Madlibs is distributed under the
  QPL.  What the Fred would like to do is make a special version of QNU
  Madlibs for Joe, with the special details of Joe's contracts.  [...]
 
 Unfortunately, he realises he can't. Thus he writes his own program from
 scratch. Or else he adds a macro facility into QNU Madlibs, or customises
 it so it'll accept contract texts from a data file rather than hardcoding
 it and makes sure that he only needs to accompany it with the original
 contract forms for it to be a useful program. Maybe he does the latter,
 then contributes the changes back upstream so his programmers don't have
 to keep supporting it, and can work on other projects.

If he should have just used software with a different license instead[1],
then perhaps we should be asking ourselves what is valuable about the
licensing of the alternative.

I am not sure there is anyway to reconcile the difference of opinion in
this thread.  Most people appear to be clinging to privacy as a right,
and you don't.  You don't perceive a freedom where other people do,
and thus it is going to be impossible at a philosophical to justify a
defense of that freedom via the DFSG.

For me, _The Transparent Society_ might more closely resemble a
dystopian novel than a utopian one.  I acknowledge that your mileage may
vary.  ;-)

(Maybe Debian needs a Fifth Freedom.)

[1] or written his own, or written his patches more cleverly, etc.
-- 
G. Branden Robinson| No math genius, eh?  Then perhaps
Debian GNU/Linux   | you could explain to me where you
[EMAIL PROTECTED] | got these...   PENROSE TILES!
http://people.debian.org/~branden/ | -- Stephen R. Notley


pgpVgP8Ub9Z0D.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-10 Thread Branden Robinson

On Sat, Mar 08, 2003 at 07:46:18PM -0700, Barak Pearlmutter wrote:
 I've edited that nascent DFSG FAQ and put it at
 
  http://www-bcl.cs.unm.edu/~bap/dfsg-faq.html
 
 I'd appreciate comments.  Especially from the OSD/DFSG WE MUST UNIFY
 folks, who might perhaps be able to use some of this material to
 clarify their OSD into conformance with Debian practice, ie to reject
 licenses they previously felt obliged to accept but which Debian
 rejects.
 
 Also, should this go somewhere on the Debian web site?  (If someone
 thinks it should please just take it over from me and put it up.)

Wow, great work, thanks.

I've been wanting to write a DFSG FAQ myself for a long time (remember
my proposed interpretive guidelines? :) ), and now you've gone and
saved me the trouble.

If you run out of time to maintain this I'd be delighted to host it at.
http://people.debian.org/~branden/

Thanks again for assembling this document.

-- 
G. Branden Robinson| Why do we have to hide from the
Debian GNU/Linux   |  police, Daddy?
[EMAIL PROTECTED] | Because we use vi, son.  They use
http://people.debian.org/~branden/ |  emacs.


pgpLYmI1kOiVf.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

Scripsit Branden Robinson [EMAIL PROTECTED]

 For me, _The Transparent Society_ might more closely resemble a
 dystopian novel than a utopian one.

Perhaps Yevgeny Zamyatin's We, wherein the perfect number-citizens
of a future totalitarian world-state live in apartment blocks with
completely transparent (inner and outer) walls?

-- 
Henning Makholm*Her* sidder jaj  har *ild* bå cigarren
*imens* Pelle Jönsson i Nordnorge har mavepine.

Re: OSD DFSG - different purposes - constructive suggestion!

On Sun, 2003-03-09 at 18:18, Anthony Towns wrote:
 In the dissident case, we're trying to protect the people from having to
 reveal their changes to the government they're protesting. But this just
 doesn't make any real sense: the code they're hacking on is the least of
 their worries - it's the contents of their databases, not their bugfix to
 select query processing that they need to keep private; and furthermore

What about DeCSS?

 it's the government's laws that will put them most at risk here -- of
 being accused of spying, eg -- not the copyright license. So from what
 I can see, we're protecting something of little value, and then doing
 a bad job of it.

But in order that users may evade the government's laws, Free Software
must allow certain freedoms (although Thomas Bushnell and I may disagree
on what they are).  

But the dissident test require licenses to allow every possible tactic
for evading laws which restrict certain activities.

For instance, consider a binary which is a game, unless it's called with
the --dissident command-line option, in which case, it's DeCSS (or
GPG).  Were the source code to this game revealed, it would show clearly
the nature of the program.  But the gov't doesn't have time to reverse
engineer the binaries (and anyway, DMCA2 prohibits it).  They do have
the time, however, to follow up on GPL (3)(b) offers.  Can dissidents
distribute binaries to everyone, and source code only to those they
trust?  Not according to many Free Software licenses.  

And I think the Dissident test as it now stands is clear on the above. 
It's not dispositive on every issue, as the debate shows.

-- 
-Dave Turner Stalk Me: 617 441 0668

On matters of style, swim with the current, on matters 
of principle, stand like a rock. -Thomas Jefferson

Re: OSD DFSG - different purposes - constructive suggestion!

On Mon, 2003-03-10 at 08:04, Henning Makholm wrote:
  Sure. Compare this to some code using the GPL; same sort of information,
  same problem with it: their trade secrets are woven into the functionality
  of the code itself.
 
 In that case you can simply choose to distribute the program only to
 people you trust. You can't do this if the license carries an
 obligation to distribute to a fixed third party, too.

Interesting!  I am inclined to agree with this, and point out that the
AGPL basically puts users in the category of people you have to trust. 
The question is, who needs to be in this category?  Do users?  Sniffen
(who secretely wants to write proprietary software) and Bushnell (whose
heart is in the right place) say no.  I think Towns says yes (as do I).


-- 
-Dave Turner Stalk Me: 617 441 0668

On matters of style, swim with the current, on matters 
of principle, stand like a rock. -Thomas Jefferson

Re: OSD DFSG - different purposes - constructive suggestion!

On Mon, 2003-03-10 at 16:00, Walter Landry wrote:
 Anthony Towns aj@azure.humbug.org.au wrote:
  Arguments about practicality, that this makes doing legitimate things harder
  or impossible in some situations for purely technical reasons (the stranded
  on an island test does this), are valid, but I haven't really seen any.
 
 What about an ATM machine?  If the ATM machine communicated with the
 central database using code with this enforced distribution clause,
 then you have to distribute to the users of the ATM.  Modifying an ATM
 to distribute code in addition to cash seems rather onerous.

Print a link on the reciepts.

-- 
-Dave Turner Stalk Me: 617 441 0668

On matters of style, swim with the current, on matters 
of principle, stand like a rock. -Thomas Jefferson

Re: OSD DFSG - different purposes - constructive suggestion!

Thomas, I'm responding to your questions, but I'm actually directing my
response to Branden Robinson, since I don't know your position on his
DFSG-interpretation proposal.

Branden, if the FSF's four freedoms are the consitution to DFSG's case
law, they have a lot in common with the US constitution, in that they
don't explicitly guarantee a right to privacy.  So, see below.

On Mon, 2003-03-10 at 15:17, Thomas Bushnell-san wrote:
  That's great, Thomas, but you're missing the point. You can say
  it's about privacy, it's about the freedom to keep things private,
  it's about not fundamental rights 'til you're blue in the face, and
  even though every word of it's completely true, it's *not relevant*. We
  don't guarantee every freedom we can, we guarantee the one's that are
  important and useful.
 
 The point is that it is about *freedom*.  You are saying that this
 restriction is ok.  Why then is not a restriction this software
 cannot be used by bigots not OK?  Why should we prohibit that
 restriction in free software?

Because the four freedoms do talk about freedom to use the software, but
don't say anthing about the freedom to *not* disclose source code under
certain conditions.

 I'm saying privacy is an aspect of freedom, and so we should make
 room for it.

Interestingly, neither the FSF's four freedoms, nor FDR's four freedoms
(wink) include privacy. 

-- 
-Dave Turner Stalk Me: 617 441 0668

On matters of style, swim with the current, on matters 
of principle, stand like a rock. -Thomas Jefferson

Re: OSD DFSG - different purposes - constructive suggestion!

David Turner [EMAIL PROTECTED] writes:

 On Mon, 2003-03-10 at 16:00, Walter Landry wrote:
  Anthony Towns aj@azure.humbug.org.au wrote:
   Arguments about practicality, that this makes doing legitimate things 
   harder
   or impossible in some situations for purely technical reasons (the 
   stranded
   on an island test does this), are valid, but I haven't really seen any.
  
  What about an ATM machine?  If the ATM machine communicated with the
  central database using code with this enforced distribution clause,
  then you have to distribute to the users of the ATM.  Modifying an ATM
  to distribute code in addition to cash seems rather onerous.
 
 Print a link on the reciepts.

The license doesn't say that is sufficient, does it?

Re: OSD DFSG - different purposes - constructive suggestion!

David Turner [EMAIL PROTECTED] writes:

 But in order that users may evade the government's laws, Free Software
 must allow certain freedoms (although Thomas Bushnell and I may disagree
 on what they are).  
 
 But the dissident test require licenses to allow every possible tactic
 for evading laws which restrict certain activities.

No.  It simply says that the *software license* may not infringe my
copying of the license by attaching to it onerous conditions.

Sample onerous conditions:

1) Pay money.
2) Send your changes back always.
3) Pay money on request.
4) Send your changes back on request.

We already reject (1), (2), and (3).  Why is (4) suddenly not rejected
as onerous?  Perhaps because it wasn't realized that real people might
find it a real burden, as opposed to a trivial requirement.  

As the case of Fred the Lawyer makes clear, however, there are real
people for which it is a real burden.

 For instance, consider a binary which is a game, unless it's called with
 the --dissident command-line option, in which case, it's DeCSS (or
 GPG).  Were the source code to this game revealed, it would show clearly
 the nature of the program.  But the gov't doesn't have time to reverse
 engineer the binaries (and anyway, DMCA2 prohibits it).  They do have
 the time, however, to follow up on GPL (3)(b) offers.  Can dissidents
 distribute binaries to everyone, and source code only to those they
 trust?  Not according to many Free Software licenses.  

Right.  The dissident test does *not* require licenses to allow every
possible tactic; you have mischaracterized my objection quite
seriously.

Thomas

Re: OSD DFSG - different purposes - constructive suggestion!

David Turner [EMAIL PROTECTED] writes:

 On Mon, 2003-03-10 at 08:04, Henning Makholm wrote:
   Sure. Compare this to some code using the GPL; same sort of information,
   same problem with it: their trade secrets are woven into the functionality
   of the code itself.
  
  In that case you can simply choose to distribute the program only to
  people you trust. You can't do this if the license carries an
  obligation to distribute to a fixed third party, too.
 
 Interesting!  I am inclined to agree with this, and point out that the
 AGPL basically puts users in the category of people you have to trust. 
 The question is, who needs to be in this category?  Do users?  Sniffen
 (who secretely wants to write proprietary software) and Bushnell (whose
 heart is in the right place) say no.  I think Towns says yes (as do I).

Note Barak Perlmutter's newly proposed tentacles of evil test:

   3. The Tentacles of Evil test.

  Imagine that the author is hired by a large evil corporation
  and, now in their thrall, attempts to do the worst to the users
  of the program: to make their lives miserable, to make them stop
  using the program, to expose them to legal liability, to make
  the program non-free, to discover their secrets, etc. The same
  can happen to a corporation bought out by a larger corporation
  bent on destroying free software in order to maintain its
  monopoly and extend its evil empire. The license cannot allow
  even the author to take away the required freedoms!

Re: OSD DFSG - different purposes - constructive suggestion!

Richard Braakman [EMAIL PROTECTED] writes:

 On Sat, Mar 08, 2003 at 07:46:18PM -0700, Barak Pearlmutter wrote:
  I've edited that nascent DFSG FAQ and put it at
  
   http://www-bcl.cs.unm.edu/~bap/dfsg-faq.html
  
  I'd appreciate comments.
 
 It seems a bit eager about the GPL.  I'd much prefer if it gave equal
 time to the GPL and the BSD camps.  Better yet, recommend the two
 licenses without trying to summarize them (people ARE supposed to
 read licenses before applying them, after all!), and just state the
 advantages of using standard licenses: they're better understood by
 the community, they've been written by actual lawyers, people don't
 have to spend time figuring them out before using the program or
 helping with development, and they make it easier to share code
 between your project and others.

Yes, I agree.  I'm an unashamed total GPL fan, but I think this
document might give a very brief description of the basic merits and
then leave it at that.

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Henning Makholm

Scripsit Glenn Maynard [EMAIL PROTECTED]
 On Fri, Mar 07, 2003 at 05:49:28PM -0500, Joe Moore wrote:

  It has been suggested that this test be referred to as simply as the
  Dissident test.

 /me grumbles about wasting time with excessive PC noises, rejects this
 suggestion and continues to call it the same thing

Ditto. If and when it so happens that the Chinese people achieves
freedom of speech and thought, we can always start looking for another
totalitarian regime to use in the test. If at that point we find none
available, we'll hold a party and worry about rewording the test
afterwards.

-- 
Henning Makholm  I know how to apply drugs which shall have
either a heating or a cooling effect, and I can give
  a vomit and also a purge, and all that sort of thing.

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Henning Makholm

Scripsit Richard Braakman [EMAIL PROTECTED]

 It seems a bit eager about the GPL.  I'd much prefer if it gave equal
 time to the GPL and the BSD camps.

Yes. In particular the reasons for choosing BSD are not limited to I
want people to be able to take my software proprietary. In the free
software world, I think a more common reason would be, for example, I
want my code to be reuseable in all free software projects, no matter
which license they use, and I'm willing to accept as a necessary evil
the risk that somebody takes it proprietary.

 (people ARE supposed to read licenses before applying them, after all!),

I agree completely. The emphasized part If you want your software to
be as successful... should definitely go away. We should *not*
encourage people to use GPL (or any license) without worrying about
it. Severe difficulties for all the parties involved could result if
the author later decides that he don't want, say, people to use the
program in a business - and then feel cheated because he assumed that
our advise took care of whatever his expectations were.

-- 
Henning Makholm  So? We're adaptable. We'll *switch missions*!

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Henning Makholm

Scripsit Barak Pearlmutter [EMAIL PROTECTED]

 I've edited that nascent DFSG FAQ and put it at

  http://www-bcl.cs.unm.edu/~bap/dfsg-faq.html

 I'd appreciate comments.

Cool. I like question 5 especially. :-)

Add to the desert island test that it also explains why postcardware
(or emailware) is non-free.

Some time ago I started working on a FAQ but never got it beyond the
doodling stage. You can find my abandoned draft at
http://www.diku.dk/~makholm/whatnot.html. It's mosty a list of
frequently committed errors that I think should be described in such a
FAQ. Feel free to borrow descriptions or one of the few explanations
I've had time to write yet.

-- 
Henning Makholm   Larry wants to replicate all the time ... ah, no,
   all I meant was that he likes to have a bang everywhere.

Re: OSD DFSG - different purposes - constructive suggestion!

On Sun, Mar 09, 2003 at 07:20:36PM +0100, Henning Makholm wrote:
 Scripsit Glenn Maynard [EMAIL PROTECTED]
   It has been suggested that this test be referred to as simply as the
   Dissident test.
  /me grumbles about wasting time with excessive PC noises, rejects this
  suggestion and continues to call it the same thing
 Ditto. If and when it so happens that the Chinese people achieves
 freedom of speech and thought, [...]

Personally, if we're going to document this and use it as an official test
rather than a helpful rule of thumb, I don't think we need to be insulting
a country that's potentially going all pro-Linux while we need to do it.

Correcting it is a five word change that loses no meaning:

 b. The Dissident test.
Consider a dissident in a totalitarian country who
wishes to share a modified bit of software with other
dissidents, but does not wish to reveal his own identity as 
the modifier, or directly reveal the modifications
themselves, to the government. Any requirement for sending   
source modifications to anyone other than the recipient of
the modified binary---in fact any forced distribution at all,
beyond giving source to those who receive a copy of the 
binary---would put the dissident in danger. For Debian to
consider software free it must not require any such excess 
distribution.

I'm inclined to wonder about the point of this test anyway; in such a
regime, the government's going to be in a stronger position to demand
access to the modifications than the copyright holder anyway, so the
license conditions seem a bit irrelevant.

The FSF's privacy freedom is:

   You should also have the freedom to make modifications and use them
   privately in your own work or play, without even mentioning that they
   exist. If you do publish your changes, you should not be required to
   notify anyone in particular, or in any particular way.

which doesn't imply the dissident test. The key point's always been not
having to go to any effort just to use the program, and not having to go
to too much effort just to pass it around to some friends; so is the QPL's
clause really that evil? Would a clause in the RPSL to the effect of:

(a) If this program generates HTML pages, they must include
a comment in the HTML source that they were generated by
this program and include its copyright notice.

(b) If asked by the authors, you must provide them with a copy
of your changes to the source code changes at cost.

really be that evil? I can't see how it would put a significant burden
on people using the code, and with some care, it could solve the ASP
loophole.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpiqEoewvvem.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

Anthony Towns aj@azure.humbug.org.au writes:

 Personally, if we're going to document this and use it as an official test
 rather than a helpful rule of thumb, I don't think we need to be insulting
 a country that's potentially going all pro-Linux while we need to do it.

So what you're saying is, as long as China claims to stand for free
software, it doesn't much matter to you how many people they kill and
jail for actually trying to exercise any freedom?

The PRC has an extraordinarily repressive attitude towards the use of
computers; they want the technology but they don't want to be told
that their citizens might have a natural human right to read what they
wish and write what they wish, and they stamp out those who try to
assert and use either of those rights.

It shames me no end that the United States will play ball with China
and turn a blind eye to such gross and immoral violations of freedom,
provided only there's a buck to be made.  When I get upset that France
will support any repressive regime, provided only they promise to keep
speaking French, the words choke in my throat, since my own country
will tolerate such horrid abuses as long as we make a buck.

Now you're saying that we must be nice and polite to the PRC.  Let's
all be friends!  (And not pay attention to the people crushed by the
tanks.)  I remember Tianenmen Square; it seems that the world has
mostly forgotten.

 I'm inclined to wonder about the point of this test anyway; in such a
 regime, the government's going to be in a stronger position to demand
 access to the modifications than the copyright holder anyway, so the
 license conditions seem a bit irrelevant.

Sure, and the desert island test also is kind of silly and extreme.  I
don't know if we need to codify them in a FAQ or not; Barak seemed to
think it was a good idea, and I don't see any reason to think it's a
bad idea.

 The FSF's privacy freedom is:
 
You should also have the freedom to make modifications and use them
privately in your own work or play, without even mentioning that they
exist. If you do publish your changes, you should not be required to
notify anyone in particular, or in any particular way.
 
 which doesn't imply the dissident test. The key point's always been not
 having to go to any effort just to use the program, and not having to go
 to too much effort just to pass it around to some friends; so is the QPL's
 clause really that evil? Would a clause in the RPSL to the effect of:

Well, the FSF's privacy freedom *does* seem to imply the Chinese
Dissident test, to me.  

   (a) If this program generates HTML pages, they must include
   a comment in the HTML source that they were generated by
   this program and include its copyright notice.

Such a forced publication requirement doesn't violate the Chinese
Dissident test; it's a problem for an entirely different reason: it
outright prohibits certain kinds of modification, which isn't at all
connected with maintaining the copyright and license status of the
program. 

   (b) If asked by the authors, you must provide them with a copy
   of your changes to the source code changes at cost.

If you do publish your changes, you should not be required to notify
anyone in particular.

Thomas

Re: OSD DFSG - different purposes - constructive suggestion!

On Sun, Mar 09, 2003 at 12:46:39PM -0800, Thomas Bushnell, BSG wrote:
 Anthony Towns aj@azure.humbug.org.au writes:
  Personally, if we're going to document this and use it as an official test
  rather than a helpful rule of thumb, I don't think we need to be insulting
  a country that's potentially going all pro-Linux while we need to do it.
 So what you're saying is, as long as China claims to stand for free
 software, it doesn't much matter to you how many people they kill and
 jail for actually trying to exercise any freedom?

No, I'm saying Debian's about free software, not about your favourite
set of politics. We don't have a problem with the United States using
Debian to aim their nuclear weapons, nor China using Debian to track
down the Falun Gong.

  I'm inclined to wonder about the point of this test anyway; in such a
  regime, the government's going to be in a stronger position to demand
  access to the modifications than the copyright holder anyway, so the
  license conditions seem a bit irrelevant.
 Sure, and the desert island test also is kind of silly and extreme.  

The whole point is to make the test be extreme, that's how you get
clarity.  But it still has to make sense. It's entirely plausible that me
and a friend could be stuck with our solar powered laptops on a desert
island, and get bored and decide to hack on some free software. Not
_likely_, maybe, but believable, and a generalisation of a lot of
similar situations.

  The FSF's privacy freedom is:
 You should also have the freedom to make modifications and use them
 privately in your own work or play, without even mentioning that they
 exist. If you do publish your changes, you should not be required to
 notify anyone in particular, or in any particular way.
  which doesn't imply the dissident test. The key point's always been not
  having to go to any effort just to use the program, and not having to go
  to too much effort just to pass it around to some friends; so is the QPL's
  clause really that evil? Would a clause in the RPSL to the effect of:
 Well, the FSF's privacy freedom *does* seem to imply the Chinese
 Dissident test, to me.  

It doesn't: a dissident can quite happily not mention that their software
exists, and not notify anyone about any changes or publication that
they're undertaking; and _still_ be required to give up their changes
when someone (whether it be the police, the government, or the original
author).

  (a) If this program generates HTML pages, they must include
  a comment in the HTML source that they were generated by
  this program and include its copyright notice.
 Such a forced publication requirement doesn't violate the Chinese
 Dissident test; it's a problem for an entirely different reason: it
 outright prohibits certain kinds of modification, which isn't at all
 connected with maintaining the copyright and license status of the
 program. 

Uh, it's exactly equivalent to the GPL's interactivity requirement;
except it applies to HTML generation, not interactive programs, and that
it's less in your face when you're using it.

  (b) If asked by the authors, you must provide them with a copy
  of your changes to the source code changes at cost.
 If you do publish your changes, you should not be required to notify
 anyone in particular.

Yes. Are you misunderstanding what the word notify means?

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpeBmDclU6l2.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Edmund GRIMLEY EVANS

Thomas Bushnell, BSG [EMAIL PROTECTED]:

 Now you're saying that we must be nice and polite to the PRC.  Let's
 all be friends!  (And not pay attention to the people crushed by the
 tanks.)  I remember Tianenmen Square; it seems that the world has
 mostly forgotten.

Worse things have happened since, and will happen soon.

The trouble with talking about Chinese dissidents rather than just
dissidents in general is that by targeting a particular regime you
distract people from the general principle of freedom of speech.

It would be similar if we were to talk just about Saudi Arabian and
Egyptian dissidents, for example.

I liked the sound of Chinese dissident test (it sounds a bit like
the Chinese Room argument) but on balance I think it's better to be
regime-neutral.

Edmund

Re: OSD DFSG - different purposes - constructive suggestion!

Anthony Towns aj@azure.humbug.org.au writes:

 No, I'm saying Debian's about free software, not about your favourite
 set of politics. We don't have a problem with the United States using
 Debian to aim their nuclear weapons, nor China using Debian to track
 down the Falun Gong.

China is opposed to *free software*.  Didn't you know that?

 The whole point is to make the test be extreme, that's how you get
 clarity.  But it still has to make sense. It's entirely plausible that me
 and a friend could be stuck with our solar powered laptops on a desert
 island, and get bored and decide to hack on some free software. Not
 _likely_, maybe, but believable, and a generalisation of a lot of
 similar situations.

Sure!  But those people on the island: if they disregard the license,
nothing bad will happen.  It's the converse to your point about the
Chinese Dissident test: that the copyright owner's license is the
least of the dissidents' worries.  Sure, no argument from me there!

The point is that there are plenty of less extreme cases which have
the same problems.  Our tests have generally been framed in the most
extreme terms, precisely because in that way we know we are including
all the less extreme (but more likely, and more relevant) cases.  

So the question is: when that dissident visits the US, are they going
to be liable for copyright infringement?  We want to make sure the
answer is no.  And there *are* dissidents in China, using free
software *right now*.  Which makes that test a whole lot more actually
relevant than the desert island test, where I'm willing to say that I
don't think there is anybody lost on a desert island sharing software
with their friends.

  Well, the FSF's privacy freedom *does* seem to imply the Chinese
  Dissident test, to me.  
 
 It doesn't: a dissident can quite happily not mention that their software
 exists, and not notify anyone about any changes or publication that
 they're undertaking; and _still_ be required to give up their changes
 when someone (whether it be the police, the government, or the original
 author).

I think my intuition behind the test is that the dissident shouldn't
be dependent on the good graces of the author.  If the author demands
the changes, and is then a bastard (say, the PRC offers him a big
bribe if he'll spill his secrets---the US seems happy to take such
bribes), the users' cooperation with copyright law should not end up
getting them killed.

 Uh, it's exactly equivalent to the GPL's interactivity requirement;
 except it applies to HTML generation, not interactive programs, and that
 it's less in your face when you're using it.

I'm not entirely happy about the GPL's interactivity requirement, but
the only thing that makes me think it's reasonable is that it is (in
some places) the only way to have the no-warranty clause be honored by
the courts, and the original author should be able to limit his
warranty damages.  The forced-ad-on-web-pages doesn't meet any purpose
except the author's vanity.

 (b) If asked by the authors, you must provide them with a copy
 of your changes to the source code changes at cost.
  If you do publish your changes, you should not be required to notify
  anyone in particular.
 
 Yes. Are you misunderstanding what the word notify means?

Under that clause (b), the authors can say to anyone: I hereby
request you to provide me the source for any changes you have made or
ever make in the future.

Re: OSD DFSG - different purposes - constructive suggestion!

On Sun, Mar 09, 2003 at 01:44:23PM -0800, Thomas Bushnell, BSG wrote:
 Anthony Towns aj@azure.humbug.org.au writes:
  The whole point is to make the test be extreme, that's how you get
  clarity.  But it still has to make sense. It's entirely plausible that me
  and a friend could be stuck with our solar powered laptops on a desert
  island, and get bored and decide to hack on some free software. Not
  _likely_, maybe, but believable, and a generalisation of a lot of
  similar situations.
 Sure!  But those people on the island: if they disregard the license,
 nothing bad will happen.  It's the converse to your point about the
 Chinese Dissident test: that the copyright owner's license is the
 least of the dissidents' worries.  Sure, no argument from me there!

Uh, no. The difference is here that we want to allow the people to do
free software development on the island, assuming they already have the
abilitiy to. The copyright license is the sole worry we have here --
nothing else affects what they're permitted to do.

In the dissident case, we're trying to protect the people from having to
reveal their changes to the government they're protesting. But this just
doesn't make any real sense: the code they're hacking on is the least of
their worries - it's the contents of their databases, not their bugfix to
select query processing that they need to keep private; and furthermore
it's the government's laws that will put them most at risk here -- of
being accused of spying, eg -- not the copyright license. So from what
I can see, we're protecting something of little value, and then doing
a bad job of it.

  Uh, it's exactly equivalent to the GPL's interactivity requirement;
  except it applies to HTML generation, not interactive programs, and that
  it's less in your face when you're using it.
 I'm not entirely happy about the GPL's interactivity requirement, but
 the only thing that makes me think it's reasonable is that it is (in
 some places) the only way to have the no-warranty clause be honored by
 the courts, and the original author should be able to limit his
 warranty damages.  The forced-ad-on-web-pages doesn't meet any purpose
 except the author's vanity.

Nonsense: its purpose is to make the following requirement effective in
ensuring people contribute their changes back to the community. You know,
closing the ASP Loophole, and all that.

(b) If asked by the authors, you must provide them with a copy
of your changes to the source code changes at cost.
   If you do publish your changes, you should not be required to notify
   anyone in particular.
  Yes. Are you misunderstanding what the word notify means?
 Under that clause (b), the authors can say to anyone: I hereby
 request you to provide me the source for any changes you have made or
 ever make in the future.

If you receive a request like that, then you can provide them with a
copy of your current changes after receiving payment for your costs in
doing so, and you've not only satisfied the license, you've probably
successfully confused them so they won't ask you again in future. When
you make further changes, you're not obligated to do anything until you
receive another request. I can play word games just as easily as you.

If you want the possible term defined more precisely, consider something 
more like:

If you have distributed a modified version of The Work, then if
 you receive a request by the Primary Copyright Holder (named
 above), you must provide a copy of your modifications as at the
 time you receive the request, at cost, to the Primary Copyright
 Holder.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpwVwAg2IiOa.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

Anthony Towns aj@azure.humbug.org.au writes:

 Uh, no. The difference is here that we want to allow the people to do
 free software development on the island, assuming they already have the
 abilitiy to. The copyright license is the sole worry we have here --
 nothing else affects what they're permitted to do.

Yes, I agree.  I'm not saying there is no difference.

 In the dissident case, we're trying to protect the people from having to
 reveal their changes to the government they're protesting. But this just
 doesn't make any real sense: the code they're hacking on is the least of
 their worries - it's the contents of their databases, not their bugfix to
 select query processing that they need to keep private; and furthermore
 it's the government's laws that will put them most at risk here -- of
 being accused of spying, eg -- not the copyright license. So from what
 I can see, we're protecting something of little value, and then doing
 a bad job of it.

I don't think we can expect a free software license to fix the world.
And it's important to realize that the test is a standin for a less
extreme situation.

For example, consider the person who doesn't want the fact that they
work on free software to be public knowledge for many reasons--perhaps
it would be personally or professionally embarrassing.  We should not
force this person to do the development in the open.

It is in this respect that I said the two tests were similar: both use
an extreme case, but only really as a stand-in for much more frequent
cases. 

  I'm not entirely happy about the GPL's interactivity requirement, but
  the only thing that makes me think it's reasonable is that it is (in
  some places) the only way to have the no-warranty clause be honored by
  the courts, and the original author should be able to limit his
  warranty damages.  The forced-ad-on-web-pages doesn't meet any purpose
  except the author's vanity.

 Nonsense: its purpose is to make the following requirement effective in
 ensuring people contribute their changes back to the community. You know,
 closing the ASP Loophole, and all that.

I overspoke.  I should have said that it doesn't meet any purpose that
I find is legitimate.  Free software does *not* require contributions
to the community.  It never has in the past, at least.  The GPL does
*not* require you contribute your changes to the community.  I'm all
for the community, but free software is about *freedom*, not about
communitarianism.

Mind you--I'm a great fan of communitarianism.  But I want even the
nasty evil non-communitarians to have freedom.  

One can certainly use a license like this to enforce communitarianism,
but then one might as well use the license to enforce all the other
social goods I care about.  We could require contributions to the Red
Cross, or prohibit the use of the software by racial bigots.  But I
don't want that in a free software license, because it would impinge
freedom, even though the end sought is a good end.  In other words,
even things which might promote the cause of free software can still
be impingements on freedom.

It happens that one very happy by-product of free software licensing
has been communitarianism, and I'm entirely pleased with that result.
But as soon as it becomes an *enforced* result, rather than a
byproduct of free software, the software ceases to be free.

Rather like free speech: One consequence of free speech is that it's
harder to get away with all kinds of lies.  But as soon as you
prohibit the publication of lies, you no longer have free speech.  So
we must let the Nazis march in Skokie, not because we like the Nazis,
but because if we prohibit them, we have given in to the Nazis.

 If you receive a request like that, then you can provide them with a
 copy of your current changes after receiving payment for your costs in
 doing so, and you've not only satisfied the license, you've probably
 successfully confused them so they won't ask you again in future. When
 you make further changes, you're not obligated to do anything until you
 receive another request. I can play word games just as easily as you.

I see nothing in the license that you are entitled to require costs.
Nor does the license restrict itself to past changes at the time of
the request.  If it did, it wouldn't be nearly as problematic--it
might even be fine; I haven't thought about that case.  But the
license as it sits has no such limitation on the original author's
right to obtain your changes from you.

There is also no limitation how the author makes the request.  From
the license terms, a publicly posted message directed to the world
would be sufficient; as soon as you became aware of the request, you
would be obligated to send your changes.  (If you didn't know about
the request, then it seems to me that you wouldn't have any
obligation.)  Nothing in the license says that the request has to be
individually generated or directed at some specific person.

 If you want the

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Don Armstrong

On Mon, 10 Mar 2003, Anthony Towns wrote:
 If you want the possible term defined more precisely, consider
 something more like:
 
   If you have distributed a modified version of The Work, then
if you receive a request by the Primary Copyright Holder
(named above), you must provide a copy of your modifications
as at the time you receive the request, at cost, to the
Primary Copyright Holder.

Unfortunatly, this clause has the distribution versus deployment
problem, and thus fails to close the ASP loophole.

Furthermore, the clause doesn't distinguish between your
modifications and the modified version you are distributing. This
could allow the following interpretation:

   I distribute modification set A which I didn't even develop.

   I generate modification set B which I've merged with proprietary
   code, or code under NDA, or any other form of non-freely
   distributable code.

   The Primary Copyright Holder requires from me modification set B in
   accordance with the license, even though I haven't distributed that
   set.

Assuming this problem was cleared up, there is still yet another
issue:

   I'm an anarchist dissident (who runs RaiseTheFist), and for reasons
   known only to me, I have altered a web based forum to encode
   messages to other dissidents in the source code of the forum
   software itself. The PCH knows that I am using his software, and
   requests the modifications for cost. Now the PCH can recover all of
   the messages I've been sending to other dissidents.

It seems to me that compulsory provision of source code to people to
whom the modified version has not been distributed, or are not in the
distribution path, is wrought with danger. 

Don't get me wrong, I dislike the idea of seeing GPLed code utilized
in ASP where there is little to no contribution of modifications to
the community, but perhaps we should concentrate on using social
pressure against those who would avoid distributing source versus
legal pressure?


Don Armstrong

-- 
N: It's a ploy.
B: What?
N: This drug money funds terror, it's a ploy.
B: Ploy?
N: A manipulation. I mean why should I believe that?
B: Because it's a fact.
N: Fact?
B: F, A, C, T... fact
N: So you're saying that I should believe it because it's true. 
   That's your argument?
B: It IS true.
-- Ploy http://www.mediacampaign.org/multimedia/Ploy.MPG

http://www.donarmstrong.com
http://www.anylevel.com
http://rzlab.ucr.edu


pgpKlalMA6f2r.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Nick Phillips

On Fri, Mar 07, 2003 at 05:49:28PM -0500, Joe Moore wrote:

 Q: What about licenses that grant different rights to different groups? 
 Isn't that discrimination, banned by DFSG#5/6?
 A: For Debian's purposes, if all the different groups can exercise their
 DFSG rights, it's OK if there are other people who can do more.
For example, if a work were licensed under the 3-clause BSD license
 only to elementary school teachers, but the GPL to everyone else, it
 would be DFSG-Free.

I suggest that you may be mistaken here; in fact what makes the hypothetical
package you describe free is that all a free to take the software under the
terms of the GPL. The fact that some may choose to use the BSD license is then
irrelevant.

Were you to say that the teachers may only take the software under the terms
of the BSD license, and that everyone else may only take it under the terms
of the GPL, then I don't believe we would have such a clear consensus.

It would make me uneasy, at least.

Any comments, anybody?


Cheers,


Nick
-- 
Nick Phillips -- [EMAIL PROTECTED]
After your lover has gone you will still have PEANUT BUTTER!

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Nick Phillips

On Sun, Mar 09, 2003 at 08:19:33PM -0500, Don Armstrong wrote:

I'm an anarchist dissident (who runs RaiseTheFist), and for reasons
known only to me, I have altered a web based forum to encode
messages to other dissidents in the source code of the forum
software itself. The PCH knows that I am using his software, and
requests the modifications for cost. Now the PCH can recover all of
the messages I've been sending to other dissidents.

Well, you'd be a bloody idiot. And there's no way we can possibly account
for everything that every bloody idiot is going to get into trouble with,
and nor should we.


Cheers,


Nick

-- 
Nick Phillips -- [EMAIL PROTECTED]
Go to a movie tonight.  Darkness becomes you.

Re: OSD DFSG - different purposes - constructive suggestion!

On Sun, Mar 09, 2003 at 08:19:33PM -0500, Don Armstrong wrote:
 On Mon, 10 Mar 2003, Anthony Towns wrote:
  If you want the possible term defined more precisely, consider
  something more like:
  If you have distributed a modified version of The Work, then
   if you receive a request by the Primary Copyright Holder
   (named above), you must provide a copy of your modifications
   as at the time you receive the request, at cost, to the
   Primary Copyright Holder.
 Unfortunatly, this clause has the distribution versus deployment
 problem, and thus fails to close the ASP loophole.

Yes, you're right, that shouldn't've been there.

This detailed wrangling is really missing the point that I'm interested
in, though. Is there a _fundamental_ difficulty with such licenses?

If you have created a modified version of the Work, and receive
 a request by the Primary Copyright Holder, you must provide
 a copy of your modifications as at the date of the request in
 source form, at cost, to the Primary Copyright Holder.

Assume that's interpreted in the obvious manner -- I write a program,
you use it extensively and generate some local modifications, I come
along, give you $100 for the time and materials cost, you give me the
changes you've made. Ignoring corner cases, and so forth.

First, does that cause any problems for Debian? I think we already satisfy
it quite readily.

Does it make it anything you might want to do with free software
technically any more difficult? I don't think so -- you have to be asked
by the original author, and they have to cover your costs in fulfulling
the request.
 
 It seems to me that compulsory provision of source code to people to
 whom the modified version has not been distributed, or are not in the
 distribution path, is wrought with danger. 

That seems a, uh, somewhat overwrought description.

The dissidents can just move their crypto keys to /etc/cryptokey,
instead of including it in the source, and simply not have a problem. (As
a mental exercise, try replacing The Chinese Dissident Test with
The Al Qa'ida Terrorist Test)

The companies who want to include NDA'ed, patented or secret technology
in programs have pretty much the same problem they'd have if they were
using the GPL, and needed to distribute such programs to their customers;
so I don't really see that as a big problem either.

 Don't get me wrong, I dislike the idea of seeing GPLed code utilized
 in ASP where there is little to no contribution of modifications to
 the community, but perhaps we should concentrate on using social
 pressure against those who would avoid distributing source versus
 legal pressure?

A number of companies, and the FSF, want to see this loophole removed;
I think we should be _very_ sure of our reasons before dismissing their
attempts.

Basically, as far as I can see, the dissident test is exactly equivalent
to saying we don't want to close this ASP loophole thing. What
I'm not seeing is a justification for this; and, generally, I don't
see that as being any different to the BSD versus GPL debate. Is the
ability to distribute software without letting the recipients modify it
important? Maybe, maybe not, either answer is okay. Is the ability to
derive from free software and run a business off it, without having any
risk of having to contribute your changes back to anyone else important?
I can see reasons to say yes, and reasons to say definitely not; I can't
see why we can't leave this up to the developers of individual programs.

Cheers,
aj

-- 
Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
you are now certified as a Red Hat Certified Engineer!''


pgpe6o2wQjhuH.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

Nick Phillips [EMAIL PROTECTED] writes:

 On Sun, Mar 09, 2003 at 08:19:33PM -0500, Don Armstrong wrote:
 
 I'm an anarchist dissident (who runs RaiseTheFist), and for reasons
 known only to me, I have altered a web based forum to encode
 messages to other dissidents in the source code of the forum
 software itself. The PCH knows that I am using his software, and
 requests the modifications for cost. Now the PCH can recover all of
 the messages I've been sending to other dissidents.
 
 Well, you'd be a bloody idiot. And there's no way we can possibly account
 for everything that every bloody idiot is going to get into trouble with,
 and nor should we.

I think Don's is an excellent example.  What makes it a bloody
idiot?  The point is that once the PCH asks, the site ends, whether
he divulges the secret or not.

Re: OSD DFSG - different purposes - constructive suggestion!

Anthony Towns aj@azure.humbug.org.au writes:

 This detailed wrangling is really missing the point that I'm interested
 in, though. Is there a _fundamental_ difficulty with such licenses?
 
   If you have created a modified version of the Work, and receive
a request by the Primary Copyright Holder, you must provide
a copy of your modifications as at the date of the request in
source form, at cost, to the Primary Copyright Holder.

This is certainly better than the QPL or the Affero thing.  But it's
not really good enough.  

It amounts to you may not bury any secrets in this source code, no
matter what, and I think that's a problem.  Perhaps the anarchist
with coded messages example is better here than the Chinese Dissident
(thanks go to Don Armstrong for noting it).

So the anarchist: are you saying that forced publication is really no
big deal to him?  It seems to me that saying that the anarchist is
obligated to divulge his secrets as a consequence of using the
software is an unnacceptible condition.

Also, talking about this only if requested part is really a red
herring, I think.  I do understand the point behind it, but any
suitably public announcement will count as a request; indeed, I could
simply post spam requests and blather them across the net.  Maybe I
might miss once in a while, but this is so close to you must divulge
the source if you ever read a public network.

Thomas

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Steve Langasek

On Mon, Mar 10, 2003 at 12:52:48PM +1000, Anthony Towns wrote:
 On Sun, Mar 09, 2003 at 08:19:33PM -0500, Don Armstrong wrote:
  On Mon, 10 Mar 2003, Anthony Towns wrote:
   If you want the possible term defined more precisely, consider
   something more like:
 If you have distributed a modified version of The Work, then
  if you receive a request by the Primary Copyright Holder
  (named above), you must provide a copy of your modifications
  as at the time you receive the request, at cost, to the
  Primary Copyright Holder.
  Unfortunatly, this clause has the distribution versus deployment
  problem, and thus fails to close the ASP loophole.

 Yes, you're right, that shouldn't've been there.

 This detailed wrangling is really missing the point that I'm interested
 in, though. Is there a _fundamental_ difficulty with such licenses?

   If you have created a modified version of the Work, and receive
a request by the Primary Copyright Holder, you must provide
a copy of your modifications as at the date of the request in
source form, at cost, to the Primary Copyright Holder.

 Assume that's interpreted in the obvious manner -- I write a program,
 you use it extensively and generate some local modifications, I come
 along, give you $100 for the time and materials cost, you give me the
 changes you've made. Ignoring corner cases, and so forth.

 First, does that cause any problems for Debian? I think we already satisfy
 it quite readily.

 Does it make it anything you might want to do with free software
 technically any more difficult? I don't think so -- you have to be asked
 by the original author, and they have to cover your costs in fulfulling
 the request.

I believe that there IS a fundamental difficulty with such licenses.
Consider the case where a company's modifications encode certain business
logic details.  The information they want to keep secret isn't something
that can simply be moved out of the code; their secrets are woven into
the functionality of the code itself.  If the original author is a
competitor, or a competitor buys off the original author, any you must
provide your changes when asked condition makes it non-viable to use
this software for certain applications which are otherwise protected by
current free software licenses.

-- 
Steve Langasek
postmodern programmer


pgpJYacnoNBXK.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!

2003-03-09 Thread Steve Langasek

On Mon, Mar 10, 2003 at 03:11:29PM +1300, Nick Phillips wrote:
 On Fri, Mar 07, 2003 at 05:49:28PM -0500, Joe Moore wrote:

  Q: What about licenses that grant different rights to different groups? 
  Isn't that discrimination, banned by DFSG#5/6?
  A: For Debian's purposes, if all the different groups can exercise their
  DFSG rights, it's OK if there are other people who can do more.
 For example, if a work were licensed under the 3-clause BSD license
  only to elementary school teachers, but the GPL to everyone else, it
  would be DFSG-Free.

 I suggest that you may be mistaken here; in fact what makes the hypothetical
 package you describe free is that all a free to take the software under the
 terms of the GPL. The fact that some may choose to use the BSD license is then
 irrelevant.

 Were you to say that the teachers may only take the software under the terms
 of the BSD license, and that everyone else may only take it under the terms
 of the GPL, then I don't believe we would have such a clear consensus.

 It would make me uneasy, at least.

 Any comments, anybody?

I'm having a hard time answering this question for myself, one way or the
other.  It seems to be a tenet that a license is ok if it provides
*additional* freedoms to a limited class of users.  Arguably, most
licenses give the copyright holder himself preferential treatment, in
that he retains certain rights that are not granted to others.  If it's
ok to give some people more freedom with your license so long as everyone
enjoys the freedoms we require, why can't this be done using two separate
licenses?

Note that the limits you're placing in your example (group x can have
this license, group y can have this license) mean that neither the
3-clause BSD nor the GPL is actually in effect -- you've modified both
licenses by limiting who's eligible.  I'm not sure if this makes it
non-free; if the license is worded such that a teacher receiving the
source under the BSD license can't redistribute modifications under the
BSD license to *non*-teachers, then it's certainly non-free.

-- 
Steve Langasek
postmodern programmer


pgpIywomsxoCP.pgp
Description: PGP signature

Re: OSD DFSG - different purposes - constructive suggestion!