On Sun, 2003-06-15 at 06:05, Dylan Thurston wrote: > In article <[EMAIL PROTECTED]>, Adam Warner wrote: > > Branden, perhaps the term "information disclosure" would better suit > > you/us than "privacy"? That is we propose a DFSG-free licence cannot > > mandate information disclosure of anything but the information forming a > > distributed and derived work. > > But surely "privacy" is exactly when you have when "information > disclosure" is not forced on you? Could you please elaborate on the > difference?
A guideline of privacy could be read as a positive obligation that DFSG-free software licences protect against information disclosure. My concern is that a guideline expressed in this way could impact upon no discrimination against fields of endeavour. No mandatory information disclosure is expressed as a negative. A licence can't mandate information disclosure beyond the source for a distributed and derived work. No obligation to protect privacy arises. To my mind privacy is too likely to tie the information test to the licence (e.g. is it good policy that a licence can demand my credit card number?). A prohibition against information disclosure ties the test to each distributed and derived work (e.g. if an author uses his credit card number as a key to unlock what would otherwise be copylefted information then the credit card number must be disclosed). Branden's fifth freedom can be read as a right because it is written in a way that mirrors the FSF's four fundamental freedoms of (as Branden writes) "freedoms intended to apply to non-public-domain works in general". That is it is most relevant as a copyleft principle. When the principle is applied to DFSG-free software which also distributes public domain and permissively licensed software it has to be recast as a negative. That's what I have done by suggesting a test of no mandatory information disclosure beyond the information provided by the source of a distributed and derived work. Though I would go further to suggest that a copyleft software licence that mandated certain privacy protections (where all derived works had to be distributed under the same licence) would not be DFSG-free because it could discriminate against persons, groups or fields of endeavour. Consider a copyleft licence mandating that any software distributed under the licence cannot collect email addresses as a privacy protection against spam. We arrive at such thorny issues because privacy is given the opportunity to exist as a fundamental free software freedom. I can immediately think of two potential implications to recognising that a DFSG-free licence can't mandate information disclosure beyond the source for a distributed and derived work: * The APSL becomes clearly non-DFSG free (but it already clearly discriminates against fields of endeavour when determining whether something is considered internal or personal use): <http://opensource.org/licenses/apsl.php> 1.4 "Deploy" means to use, sublicense or distribute Covered Code other than for Your internal research and development (R&D) and/or Personal Use, and includes without limitation, any and all internal use or distribution of Covered Code within Your business or organization except for R&D use and/or Personal Use, as well as direct or indirect sublicensing or distribution of Covered Code by You to any third party in any form or manner. 2.2 You may use, reproduce, display, perform, modify and Deploy Covered Code, provided that in each instance: ... (c) You must make Source Code of all Your Deployed Modifications publicly available under the terms of this License, including the license grants set forth in Section 3 below, for as long as you Deploy the Covered Code or twelve (12) months from the date of initial Deployment, whichever is longer. You should preferably distribute the Source Code of Your Deployed Modifications electronically (e.g. download from a web site); and * Debian could be more reluctant to accept that any licences that attempt to close the so-called ASP (Application Service Provider) loophole are DFSG-free. With a no mandatory information disclosure guideline a licence could not force source disclosure without distribution. Though I wonder how far the issue of distribution of a derived work could already extend under existing copyleft licences. Say a program that also includes artwork is distributed under the GPL and one modifies the program, allows access to it via a website ASP model and also modifies the artwork and displays it on the website. As one is distributing a derivative of the artwork via the website could that also mean one is required to supply the source to the entire GPLed work that also includes the modified program? Regards, Adam