Re: Dissident versus ASP
On Wed, 2003-03-19 at 17:24, Mark Rafn wrote: The written offer option stinks. Ok, that's a pretty weak counterargument, I'll think more about this. I'm pretty confident that if 3(a) were not part of the GPL (leaving only the written offer option), that the license would not meat the DFSG. The major reason is that keeping every version for _three years_ is a major burden on making and redistributing changes, and thus would fail DFSG 1 (and maybe DFSG 3). Thus, I feel, a written offer option can not be used to argue for the DFSG-freeness of a license. signature.asc Description: This is a digitally signed message part
Re: Dissident versus ASP
On 20030318T175843-0800, Thomas Bushnell, BSG wrote: I did. I formulated the dissident test long before I even *knew* of the ASP loophole. I therefore did not formulate it as some strategy for keeping people from closing it. Huh? As you know, logical connectives do not talk about intentions or reasons of formulation. -- %%% Antti-Juhani Kaijanaho % [EMAIL PROTECTED] % http://www.iki.fi/gaia/ %%% Taiteellisen ohjelmoinnin ystävien seura Toys - Ohjelmointi on myös taidetta http://www.cc.jyu.fi/yhd/toys/
Re: Dissident versus ASP
* Jeremy Hankins [EMAIL PROTECTED] [030318 16:54]: What if some small individual wants to start a server doing decss. Not sitting in the USA another place under the jurisdiction of the large media-industry, there might be nothing doable against him. If he has to expose the source, he would thereby importing a circumvention device to the USA, thus eliminating any chance to visit the US without beeing convicted. Fine, in this hypothetical if he's unable to provide the source to folks in the US, the license would not allow him to provide the service to folks in the US. Exactly analogous to someone trying to distribute deCSS binaries. Exactly what hurdle he would have to place in front of US users is up to him (and his lawyer). And as there is no secure way to restrict people from a country, he should not able to offer such services at all? What I merely want to say by this, is that distribution is not only a technical burden, but more. (Running a slightly modified webserver that sends out his sourcecode in Germany may expose one to liability for example. With the current GPL one can look at the modifications some months later and test them a bit better to get rid of any problems with that) I'm certainly not familiar with German law (I'm not even really familiar with US law). But does this same liability apply if you make changes to a CVS repository? IANAL, but as far as I understood it, you are liable for everything you distribute and all all-warenty-excluded statements are null and void like they were not part of anything (At least for distribution from Germans to Germans). While I think German law protects people giving things away for free, they are still liable for damage done willingly or because extreme lack of care. And putting two things together without looking at the parts was ruled extreme lack of care, I heard. So as German one is intrested to do the minimal qa, one would want everyone to do, before distributing anything one created. Hochachtungsvoll, Bernhard R. Link -- Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
Re: Dissident versus ASP
[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: Part of the point of free software is that everyone has a software publishing factory on their desk, and it is the noxious copyright regime that blocks them from using it. My server, even if over a tiny pipe, would be useful as an ASP provider for my friends, just as my CD-writer is useful as a software publishing factory for my friends. But if you don't have a CD-writer, or even a computer, how are you going to be able to distribute software? Surely there is some reasonable minimum of requirements we can assume people can meet. It's made even easier in this case because we're assuming they're already running a network service. Read my reply to Henning Makholm and let me know who can't meet the requirements I outlined there. How many people do you imagine will be running ASP services but will be completely unable to make a few k of compressed patch files available for users of the ASP service to download? -- Jeremy Hankins [EMAIL PROTECTED] PGP fingerprint: 748F 4D16 538E 75D6 8333 9E10 D212 B5ED 37D0 0A03
Re: Dissident versus ASP
Bernhard R. Link [EMAIL PROTECTED] writes: * Jeremy Hankins [EMAIL PROTECTED] [030318 16:54]: Fine, in this hypothetical if he's unable to provide the source to folks in the US, the license would not allow him to provide the service to folks in the US. Exactly analogous to someone trying to distribute deCSS binaries. Exactly what hurdle he would have to place in front of US users is up to him (and his lawyer). And as there is no secure way to restrict people from a country, he should not able to offer such services at all? I don't know, you'd have to ask a lawyer. There may be some reasonable effort you could make that would satisfy a court. But at any rate, this isn't a new thing. What you're describing is just as much a problem with the GPL. I'm certainly not familiar with German law (I'm not even really familiar with US law). But does this same liability apply if you make changes to a CVS repository? IANAL, but as far as I understood it, you are liable for everything you distribute and all all-warenty-excluded statements are null and void like they were not part of anything (At least for distribution from Germans to Germans). While I think German law protects people giving things away for free, they are still liable for damage done willingly or because extreme lack of care. And putting two things together without looking at the parts was ruled extreme lack of care, I heard. So as German one is intrested to do the minimal qa, one would want everyone to do, before distributing anything one created. In that case, how can one submit updates to a cvs repository in Germany? -- Jeremy Hankins [EMAIL PROTECTED] PGP fingerprint: 748F 4D16 538E 75D6 8333 9E10 D212 B5ED 37D0 0A03
Re: Dissident versus ASP
On Wed, 2003-03-19 at 14:52, Jeremy Hankins wrote: You may want to go back and reread the message in question, I have a feeling you saw the bit about folks with big pipes and didn't read on about folks with smaller pipes. I gave suggested several ways in which things could be made easier: * If no changes have been made to the source, a URL to upstream may be sufficient. * If changes have been made and upstream incorporates them, a URL may still be sufficient. * If upstream doesn't incorporate the patches, distribution of patches along with the URL of upstream may be enough. * If even distribution of patches is onerous, include a written offer option, ala the GPL. * Going yet farther, a license may include a time delay (of one month, for example) before source distribution is required. I don't see that combination of options an onerous, even for folks with small pipes. Do you? If you think so, tell me who's going to have trouble meeting *any* of these requirements. (I'm assuming we're still talking about a hypothetical future version of the GPL, since people who license under BSD/MIT/X type licenses aren't too likely to care about closing an ASP loophole.) The current GPL doesn't allow anything like these. No URLs, no patches-only, no pointers to someone else hosting the source. You (the party distributing the binaries) must also distribute the *full* source from the same place as the binaries, or you must provide a written offer, valid for at least three years to provide the full source at cost. Providing an ASP is often done commercially because bandwidth and hardware aren't free in either sense of the word, so the pass along option is forbidden to such people. Even if I'm just doing it for some friends and some of them pitch in some money to help cover the bandwidth bill, that probably counts as commercial. This isn't a matter of a few K of patch files. This is a matter of tens to hundreds of MBs of *full source*. The GPL FAQ explicitly states that pointers to upstream URLs are not a valid way of meeting the license demands, and gives (good) reasons as to why patches and pointers to other's copies of the source are not appropriate. -- Stephen RyanDebian Linux 3.0 Technology Coordinator Center for Educational Outcomes at Dartmouth College
Re: Dissident versus ASP
* Jeremy Hankins [EMAIL PROTECTED] [030319 21:21]: But at any rate, this isn't a new thing. What you're describing is just as much a problem with the GPL. No. Current GPL allows me the described scenario. Forced distribution would not. I'm certainly not familiar with German law (I'm not even really familiar with US law). But does this same liability apply if you make changes to a CVS repository? IANAL, but as far as I understood it, you are liable for everything you distribute and all all-warenty-excluded statements are null and void like they were not part of anything (At least for distribution from Germans to Germans). While I think German law protects people giving things away for free, they are still liable for damage done willingly or because extreme lack of care. And putting two things together without looking at the parts was ruled extreme lack of care, I heard. So as German one is intrested to do the minimal qa, one would want everyone to do, before distributing anything one created. In that case, how can one submit updates to a cvs repository in Germany? You tend to repeat yourself. I'm normaly using cvs commit to submit updates. Hochachtungsvoll, Bernhard R. Link -- Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
Re: Dissident versus ASP
On Wed, Mar 19, 2003 at 12:49:21AM +1000, Anthony Towns wrote: This is the harder way of doing it, of course; the easiest way is to say that it's not the employees who own the copy of the program but the company, and that all the work the employees do is a work for hire and copyright is owned by the company; then there's no question of the employees being able to distribute copies -- they don't own the copy they have so they have no rights at all -- cf the various sourceless beta tests of GPLed software that people have gotten away with. How about a clause that specifies that adds to the requirement to supply source to anyone who gets a binary a clause that requires supply of source under the GPL, with no further restrictions (such as NDAs) to anyone who has access to it? So anyone working on the code at any time can release it. Cheers, Nick -- Nick Phillips -- [EMAIL PROTECTED] Accent on helpful side of your nature. Drain the moat.
Re: Dissident versus ASP
On Wed, 19 Mar 2003, Stephen Ryan wrote: On Wed, 2003-03-19 at 14:52, Jeremy Hankins wrote: * If no changes have been made to the source, a URL to upstream may be sufficient. I don't think this is workable. First, it presumes the upstream allows you to (ab)use it's bandwith this way. Second, it makes you responsible for ensuring the service level of the upstream. There's also an issue WRT what changes to the source means in this context. It's almost impossible to install and run most software without modification. These are modifications you never distribute, but allow users to access via your service. They include configuration files, passwords, data, etc. * If changes have been made and upstream incorporates them, a URL may still be sufficient. * If upstream doesn't incorporate the patches, distribution of patches along with the URL of upstream may be enough. Same issues as above. * If even distribution of patches is onerous, include a written offer option, ala the GPL. The written offer option stinks. Ok, that's a pretty weak counterargument, I'll think more about this. * Going yet farther, a license may include a time delay (of one month, for example) before source distribution is required. This is interesting, but I don't understand what problem it solves. I don't see that combination of options an onerous, even for folks with small pipes. Do you? If you think so, tell me who's going to have trouble meeting *any* of these requirements. I will. The written offer is way to burdensome for me to even consider. The other options are not compatible with GPLv2. If I provide a low-bandwidth service which uses both GPLv2 and your proposal, I'd have to provide full source to just about everything on my box. When I get slashdotted, I might survive because I'm only sending small amounts of data to each visitor. If I try to provide source, I crash AND I infringe copyright because some people were able to use the service but not get source. Providing an ASP is often done commercially because bandwidth and hardware aren't free in either sense of the word, so the pass along option is forbidden to such people. Even if I'm just doing it for some friends and some of them pitch in some money to help cover the bandwidth bill, that probably counts as commercial. Any license that discriminates for or against commercial entities violates DFSG#6 anyway. This isn't a matter of a few K of patch files. This is a matter of tens to hundreds of MBs of *full source*. The GPL FAQ explicitly states that pointers to upstream URLs are not a valid way of meeting the license demands, and gives (good) reasons as to why patches and pointers to other's copies of the source are not appropriate. Further, attempts to show that this isn't a major inconvenience in the common case are irrelevant. It's a major inconvenience in some (perhaps) uncommon cases, and that is enough to keep such a requirement non-free. -- Mark Rafn[EMAIL PROTECTED]http://www.dagon.net/
Re: Dissident versus ASP
Bernhard R. Link [EMAIL PROTECTED] writes: IANAL, but as far as I understood it, you are liable for everything you distribute and all all-warenty-excluded statements are null and void like they were not part of anything (At least for distribution from Germans to Germans). In the US, for some states, there are implied warranties that you cannot disclaim, but there are others that you can disclaim, and so it's important to actually do that, or you have more liability than you want.
Re: Dissident versus ASP
Jeremy Hankins [EMAIL PROTECTED] writes: [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: Part of the point of free software is that everyone has a software publishing factory on their desk, and it is the noxious copyright regime that blocks them from using it. My server, even if over a tiny pipe, would be useful as an ASP provider for my friends, just as my CD-writer is useful as a software publishing factory for my friends. But if you don't have a CD-writer, or even a computer, how are you going to be able to distribute software? Surely there is some reasonable minimum of requirements we can assume people can meet. It's made even easier in this case because we're assuming they're already running a network service. Right. My point is that already running a network service does *NOT* mean that they have a very wide pipe.
Re: Dissident versus ASP
First a general explanation of the post Henning replied to: The bottom half of that post is an attempt to disprove by counterexample the theory that the ASP loophole cannot be closed without causing unbearable impracticality or failing the dissident test. That counterexample is an overlong, kludgey, quickly hacked up, incomplete ASP loophole closing clause to be read in the context of a GPL-like license. The example is not intended to be used for real (I know at least one fatal flaw in it). It is simply intended to show that all the problems mentioned so far in this discussion could be overcome. In the example I simply enumerate all those problems as exceptions to the source distribution requirement or otherwise limit the scope to avoid them. Now back to replying to Henning's specific reply. On Tue, Mar 18, 2003 at 10:12:09AM +0100, Henning Makholm wrote: Scripsit Jakob Bohm [EMAIL PROTECTED] Here is one hypothetical text (TINLA, IANAL, IANADD): If you offer to one or more parties the service of running the Program in exchange for a monetary fee or other significant consideration, and the act of running the Program is in essence the service charged for not merely a means of providing another service, the parties who have actually paid for that service receive the right to obtain a copy of The Program as follows. That's a use restriction and will never be free in my opinion. Use restrictions are non-free. Period. By that definition, any form of closing the ASP loophole is a use restriction, and this whole big discussion is pointless. I did not include any kind of theory of law under which this might be enforceable text. But other people in this discussion has suggested several, including public performance. Those who argue that the ASP loophole *should* be closed if possible presumably make that argument on the theory that running an ASP is a form of distribution not covered by GPLv2. I was simply trying to define an ASP as narrowly as possible to limit the bad effects of this hypothetical clause. Still trying to help move this discussion forward Jakob -- This message is hastily written, please ignore any unpleasant wordings, do not consider it a binding commitment, even if its phrasing may indicate so. Its contents may be deliberately or accidentally untrue. Trademarks and other things belong to their owners, if any.
Re: Dissident versus ASP
Anthony Towns aj@azure.humbug.org.au writes: On Mon, Mar 17, 2003 at 04:31:48PM -0800, Thomas Bushnell, BSG wrote: Anthony Towns aj@azure.humbug.org.au writes: The claim is that: Dissident test + Practical objections == Can't close the ASP loophole and, furthermore that that equality goes both ways. That is that the Dissident test is just another way of saying that the only ways you're allowed to close the ASP loophole are ones which are practically unreasonable. Sorry, when I say I agree with this claim, I mean the = direction. The = direction is surely false; for example, I formulated the dissident test long before the ASP loophole (of any sort) had ever been pointed out to me. Huh? I never thought about a number bigger than 10^128, therefore a^b * a^c = a^(b+c) is surely false for numbers that large You're not making any sense. Because it's logical equivalence, not numerical equality. That is: I agree that the dissident test + the practical objections imply that there is probably no way to close any of the things called the ASP loophole. I do not agree with the claim that the dissident test is just another way of saying that the only ways your allowed to close the ASP loophole are ones which are practically unreasonable. Rather, the dissident test arises out of a serious attempt to explain why certain kinds of conditions (including, for example, the tax return provision) are not acceptible in a free software license. I certainly did not original compose the dissident test because I was worried about the ASP loophole. I know that I mentioned this test on December 16, which is before I ever heard of the ASP loophole. Moreover, the = direction suggests that the only reason for the dissident test would be to keep the ASP loophole open. I don't think so; there are plenty of other reasons for caring about that test. And, there might well be licenses which fail the dissident test, but are not ASP loophole closing licenses.
Re: Dissident versus ASP
On Mon, Mar 17, 2003 at 10:26:47PM -0800, Thomas Bushnell, BSG wrote: Dissident test + Practical objections == Can't close the ASP loophole You're not making any sense. Because it's logical equivalence, not numerical equality. a^b * a^c = a^(b+c) is true, but a^b * a^c = a^(b+c) isn't true? Or are the rules different for ideas that conform to Peano's axioms, than ideas that prefer modus ponens? I agree that the dissident test + the practical objections imply that there is probably no way to close any of the things called the ASP loophole. No, you don't agree because that's not what I'm saying. The whole point of this is to get rid of probablys and work out what is _actually the case_. I do not agree with the claim that the dissident test is just another way of saying that the only ways your allowed to close the ASP loophole are ones which are practically unreasonable. That's nice. Disprove it. Unfortunately it looks like you don't have enough of a handle on logical argument to even understand what that means. Yeesh. Rather, the dissident test arises [...] It doesn't matter how it arises. It matters what it *implies*. In particular, that it limits the ways of solving the ASP loophole through licensing to those that are technically objectionable. Moreover, the = direction suggests that the only reason for the dissident test would be to keep the ASP loophole open. Nonsense. There was _no_ value judgement implied, and the only conclusion to be drawn is that *dropping* the dissident test is one of exactly two ways of allowing people to *close* the ASP loophole. Cheers, aj -- Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/ I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!'' pgpSx8UhPiqB8.pgp Description: PGP signature
Re: Dissident versus ASP
Scripsit Jakob Bohm [EMAIL PROTECTED] Here is one hypothetical text (TINLA, IANAL, IANADD): If you offer to one or more parties the service of running the Program in exchange for a monetary fee or other significant consideration, and the act of running the Program is in essence the service charged for not merely a means of providing another service, the parties who have actually paid for that service receive the right to obtain a copy of The Program as follows. That's a use restriction and will never be free in my opinion. Use restrictions are non-free. Period. -- Henning MakholmKurt er den eneste jeg kender der er *dum* nok til at gå i *ring* på et jernbanespor.
Re: Dissident versus ASP
On Tue, Mar 18, 2003 at 10:34:35AM +1000, Anthony Towns wrote: Huh? It seems meaningless to me: if you employ some people to work on your program, you put them under NDA so that they agree not to disclose the source code; if you work with other groups, you do likewise to them. The license would forbid this, just like the GPL's clause 6 would. If necessary, you do the NDAing at arm's length, something like: A changes the program E employs B under a contract that they don't distribute the program or its source, etc E asks A to give B a copy of the program A gives B a copy of the program This would leave A free to distribute the modifications. E isn't covered by the program's license since he never has anything to do with it. I don't think it would be remotely reasonable or enforcable (or in line with giving people more free software) to somehow stop A from giving the program to B, or to stop B from being able to give copies to people who E approves of. If the program were GPLed, it _would_ stop B from being able to give copies to anyone unless the copies were unrestricted. This doesn't seem to be a problem in practice, though IIRC it collided with US export restrictions at some point. I think the end result of your scenario is that only B is restricted. Richard Braakman
Re: Dissident versus ASP
On Tue, Mar 18, 2003 at 12:06:12PM +0200, Richard Braakman wrote: If necessary, you do the NDAing at arm's length, something like: A changes the program E employs B under a contract that they don't distribute the program or its source, etc E asks A to give B a copy of the program A gives B a copy of the program This would leave A free to distribute the modifications. Sorry, it would leave A free to distribute the original program, but the point is that it would leave B with a copy of the program to work on (presumably under E's direction), but unable to give copies of it to anyone else whenever he likes. You might consider E to be employing both A and B (and thus that A is already under similar restrictions). If the program were GPLed, it _would_ stop B from being able to give copies to anyone unless the copies were unrestricted. No, the GPL's satisfied here: ] 6. Each time you redistribute the Program (or any work based on the ] Program), the recipient automatically receives a license from the ] original licensor to copy, distribute or modify the Program subject to ] these terms and conditions. You may not impose any further ] restrictions on the recipients' exercise of the rights granted herein. ] You are not responsible for enforcing compliance by third parties to ] this License. The only person redistributing the program is A. The person imposing further restrictions is E -- not You. I think the end result of your scenario is that only B is restricted. That's the point though: you can end up stopping all your employees from distributing the code through fairly standard employment contract terms, and you're done - the ASP loophole's open again, and you can make your modifications and stick them in your CGI directory. If you want to generalise it, think of: A = www.debian.org B, C, D = employees E = agent for employer Each employee can download from A happily; each is under NDA with E, and E never downloads anything so isn't bound by the license. B, C and D can share their changes quite happily if they pass them around if diff --ed form. This is the harder way of doing it, of course; the easiest way is to say that it's not the employees who own the copy of the program but the company, and that all the work the employees do is a work for hire and copyright is owned by the company; then there's no question of the employees being able to distribute copies -- they don't own the copy they have so they have no rights at all -- cf the various sourceless beta tests of GPLed software that people have gotten away with. Cheers, aj -- Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/ I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!'' pgppf4wJVVaeX.pgp Description: PGP signature
Re: Dissident versus ASP
Bernhard R. Link [EMAIL PROTECTED] writes: * Jeremy Hankins [EMAIL PROTECTED] [030317 17:31]: Folks who are providing an ASP-style service generally are going to have big web servers and lots of bandwidth anyway; I'm not convinced that distribution of source would be a significant burden for them. Note the generally. You are aware that you imply, that only such persons should have the possibility to do so? I'm saying that in the most typical case, these folks will have big servers big pipes. I'm certainly not saying that it's ideal that only folks with big servers and big pipes be able to provide ASP services. Am I misunderstanding you? I'm simply trying to divide the problem space up a bit. The other two scenarios described situations where ASP-providers didn't have big servers or big pipes. What if some small individual wants to start a server doing decss. Not sitting in the USA another place under the jurisdiction of the large media-industry, there might be nothing doable against him. If he has to expose the source, he would thereby importing a circumvention device to the USA, thus eliminating any chance to visit the US without beeing convicted. Fine, in this hypothetical if he's unable to provide the source to folks in the US, the license would not allow him to provide the service to folks in the US. Exactly analogous to someone trying to distribute deCSS binaries. Exactly what hurdle he would have to place in front of US users is up to him (and his lawyer). What I merely want to say by this, is that distribution is not only a technical burden, but more. (Running a slightly modified webserver that sends out his sourcecode in Germany may expose one to liability for example. With the current GPL one can look at the modifications some months later and test them a bit better to get rid of any problems with that) I'm certainly not familiar with German law (I'm not even really familiar with US law). But does this same liability apply if you make changes to a CVS repository? -- Jeremy Hankins [EMAIL PROTECTED] PGP fingerprint: 748F 4D16 538E 75D6 8333 9E10 D212 B5ED 37D0 0A03
Re: Dissident versus ASP
[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: Jeremy Hankins [EMAIL PROTECTED] writes: Folks who are providing an ASP-style service generally are going to have big web servers and lots of bandwidth anyway; I'm not convinced that distribution of source would be a significant burden for them. But the proposals for closing the loophole apply not only to the big nasty people with the wide pipes, but also to the people, who, say, stripped out the source-downloading feature because they are over a satellite link to Antartica, and the changes were published anyhow in the lab back in Chicago. Yes. Which is why I didn't end my message with the bit you quoted, and went on to talk about such folks. And for what it's worth, I've never advocated the Affero bit (i.e., the quine-like functionality). I think that the only way the requisite flexibility can be maintained would be to describe the need (and permissible mechanisms) to provide source in the license text. -- Jeremy Hankins [EMAIL PROTECTED] PGP fingerprint: 748F 4D16 538E 75D6 8333 9E10 D212 B5ED 37D0 0A03
Re: Dissident versus ASP
On Mon, Mar 17, 2003 at 07:30:44PM +1000, Anthony Towns wrote: If your program is not distributed to anyone, then the license cannot require you to distribute it to anyone (no matter how many people use it or for what purpose, etc). Instinctively, this seems a reasonable test to apply to a license. Can anyone think of any currently-accepted-as-DFSG-free licenses that would fail this test? If not, I propose we consider adding this to our battery of tests; maybe we could call it the Towns Test, which is nicely alliterative. :) -- G. Branden Robinson|I have a truly elegant proof of the Debian GNU/Linux |above, but it is too long to fit [EMAIL PROTECTED] |into this .signature file. http://people.debian.org/~branden/ | pgp6d0FKqsPLN.pgp Description: PGP signature
Re: Dissident versus ASP
Scripsit Jeremy Hankins [EMAIL PROTECTED] I'm saying that in the most typical case, these folks will have big servers big pipes. I'm certainly not saying that it's ideal that only folks with big servers and big pipes be able to provide ASP services. What you seem to be saying is that you consider it OK if a (purportedly free) license effectively prevents people *without* big servers and big pipes from using/modifying the software. Well, that's probably not what you mean, but it's the consequence of the this is free enough, because it will not be hard to satisfy for people who do have sexy hardware line of reasoning. -- Henning Makholm*Vi vil ha wienerbrød!*
Re: Dissident versus ASP
Anthony Towns aj@azure.humbug.org.au writes: On Mon, Mar 17, 2003 at 10:26:47PM -0800, Thomas Bushnell, BSG wrote: Dissident test + Practical objections == Can't close the ASP loophole You're not making any sense. Because it's logical equivalence, not numerical equality. a^b * a^c = a^(b+c) is true, but a^b * a^c = a^(b+c) isn't true? Or are the rules different for ideas that conform to Peano's axioms, than ideas that prefer modus ponens? = does not mean equal to or greater than; it means implies. I do not agree with the claim that the dissident test is just another way of saying that the only ways your allowed to close the ASP loophole are ones which are practically unreasonable. That's nice. Disprove it. I did. I formulated the dissident test long before I even *knew* of the ASP loophole. I therefore did not formulate it as some strategy for keeping people from closing it.
Re: Dissident versus ASP
Branden Robinson [EMAIL PROTECTED] writes: On Mon, Mar 17, 2003 at 07:30:44PM +1000, Anthony Towns wrote: If your program is not distributed to anyone, then the license cannot require you to distribute it to anyone (no matter how many people use it or for what purpose, etc). Instinctively, this seems a reasonable test to apply to a license. Can anyone think of any currently-accepted-as-DFSG-free licenses that would fail this test? If not, I propose we consider adding this to our battery of tests; maybe we could call it the Towns Test, which is nicely alliterative. :) I think the principle is a good one. Heretofore, our tests have been thought experiments which demonstrate why a particular license term would be harmful. I would suggest reformulating this in such terms; as it sits, it's really just like an extra DFSG section.
Re: Dissident versus ASP
Jeremy Hankins [EMAIL PROTECTED] writes: Bernhard R. Link [EMAIL PROTECTED] writes: * Jeremy Hankins [EMAIL PROTECTED] [030317 17:31]: Folks who are providing an ASP-style service generally are going to have big web servers and lots of bandwidth anyway; I'm not convinced that distribution of source would be a significant burden for them. Note the generally. You are aware that you imply, that only such persons should have the possibility to do so? I'm saying that in the most typical case, these folks will have big servers big pipes. I'm certainly not saying that it's ideal that only folks with big servers and big pipes be able to provide ASP services. Am I misunderstanding you? I'm simply trying to divide the problem space up a bit. The other two scenarios described situations where ASP-providers didn't have big servers or big pipes. Hardly! Part of the point of free software is that everyone has a software publishing factory on their desk, and it is the noxious copyright regime that blocks them from using it. My server, even if over a tiny pipe, would be useful as an ASP provider for my friends, just as my CD-writer is useful as a software publishing factory for my friends.
Re: Dissident versus ASP
Anthony Towns aj@azure.humbug.org.au writes: We've established that you can't require someone who lets other people use a program, but who doesn't distribute copies of it normally, to give out copies of changes made to the source to any user who asks, too, since that'd require you to keep source available permanently and make it accessible, or maintain an out-of-band distribution mechanism, which are all overly impractical. Which is to say: You should never be forced to give your source changes (and/or rights to use/modify them) to people who merely use your program (but don't already receive copies). Is this established? I'm aware that some folks are arguing that position, but I didn't know it had been settled. Folks who are providing an ASP-style service generally are going to have big web servers and lots of bandwidth anyway; I'm not convinced that distribution of source would be a significant burden for them. Further, I see no reason that folks who haven't made modifications should have to host the source if it's available elsewhere. They can simply provide a link. So we're looking at the intersection of folks who have made changes and who have small servers/tight budgets. For people like this a license could require (for example) that either patches or source be made available for the currently running version within a months time. This gives them a chance to either try and get it submitted to upstream, or get a patchfile hosted someplace. (It also would give a business lead time, of course, but I'm not personally too concerned about that.) Since even these folks are (by definition) running a server of some sort, I really don't see how this is a horrible burden. A burden, yes, but not a horrible one. No different from having to provide source in addition to binaries on a web page (or on CD, or whatever). For purposes of the dissident test, dissidents could exchange floppies with patches on them occasionally. -- Jeremy Hankins [EMAIL PROTECTED] PGP fingerprint: 748F 4D16 538E 75D6 8333 9E10 D212 B5ED 37D0 0A03
Re: Dissident versus ASP
* Jeremy Hankins [EMAIL PROTECTED] [030317 17:31]: Folks who are providing an ASP-style service generally are going to have big web servers and lots of bandwidth anyway; I'm not convinced that distribution of source would be a significant burden for them. Note the generally. You are aware that you imply, that only such persons should have the possibility to do so? What if some small individual wants to start a server doing decss. Not sitting in the USA another place under the jurisdiction of the large media-industry, there might be nothing doable against him. If he has to expose the source, he would thereby importing a circumvention device to the USA, thus eliminating any chance to visit the US without beeing convicted. What I merely want to say by this, is that distribution is not only a technical burden, but more. (Running a slightly modified webserver that sends out his sourcecode in Germany may expose one to liability for example. With the current GPL one can look at the modifications some months later and test them a bit better to get rid of any problems with that) For purposes of the dissident test, dissidents could exchange floppies with patches on them occasionally. And with any policeman using their photo-prcessing automatons[1] they place in their shops to communicate secretly? Hochachtungsvoll, Bernhard R. Link -- Sendmail is like emacs: A nice operating system, but missing an editor and a MTA.
Re: Dissident versus ASP
Jeremy Hankins [EMAIL PROTECTED] writes: Folks who are providing an ASP-style service generally are going to have big web servers and lots of bandwidth anyway; I'm not convinced that distribution of source would be a significant burden for them. But the proposals for closing the loophole apply not only to the big nasty people with the wide pipes, but also to the people, who, say, stripped out the source-downloading feature because they are over a satellite link to Antartica, and the changes were published anyhow in the lab back in Chicago.
Re: Dissident versus ASP
Anthony Towns aj@azure.humbug.org.au writes: If your program is not distributed to anyone, then the license cannot require you to distribute it to anyone (no matter how many people use it or for what purpose, etc). Which is to say that, if accepted, the Dissident test and the practical concerns we have about providing source over SMS and such, imply that no free license can ever close the ASP loophole. Since there are fifteen things floating around, each of which gets called the ASP loophole, it's hard to be certain. But with suitable caveats, I think you are probably right. I agree that the people who might exploit the ASP loophole are big nasties, the problem is that I can think of a jillion little cases of people who are *not* big nasties, who get massively hampered by the proposed closures. (See my recent Antartic research example.)
Re: Dissident versus ASP
On Mon, Mar 17, 2003 at 10:42:34AM -0800, Thomas Bushnell, BSG wrote: Anthony Towns aj@azure.humbug.org.au writes: If your program is not distributed to anyone, then the license cannot require you to distribute it to anyone (no matter how many people use it or for what purpose, etc). Which is to say that, if accepted, the Dissident test and the practical concerns we have about providing source over SMS and such, imply that no free license can ever close the ASP loophole. Since there are fifteen things floating around, each of which gets called the ASP loophole, it's hard to be certain. Name one that it doesn't apply to? Cheers, aj -- Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/ I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!'' pgpmNbgC6IPxK.pgp Description: PGP signature
Re: Dissident versus ASP
Anthony Towns aj@azure.humbug.org.au writes: On Mon, Mar 17, 2003 at 10:42:34AM -0800, Thomas Bushnell, BSG wrote: Anthony Towns aj@azure.humbug.org.au writes: If your program is not distributed to anyone, then the license cannot require you to distribute it to anyone (no matter how many people use it or for what purpose, etc). Which is to say that, if accepted, the Dissident test and the practical concerns we have about providing source over SMS and such, imply that no free license can ever close the ASP loophole. Since there are fifteen things floating around, each of which gets called the ASP loophole, it's hard to be certain. Name one that it doesn't apply to? Of the ones that I've seen, as far as I can tell, it would apply to all the proposed methods of closing the ASP loophole.
Re: Dissident versus ASP
On Mon, Mar 17, 2003 at 07:30:44PM +1000, Anthony Towns wrote: The Dissident test is equivalent to saying (or, at least, implies): You should never be forced to give your source changes (and/or rights to use/modify them) to anyone but the users of your program. We've established that you can't require someone who lets other people use a program, but who doesn't distribute copies of it normally, to give out copies of changes made to the source to any user who asks, too, since that'd require you to keep source available permanently and make it accessible, or maintain an out-of-band distribution mechanism, which are all overly impractical. Which is to say: You should never be forced to give your source changes (and/or rights to use/modify them) to people who merely use your program (but don't already receive copies). Together, those say that: If your program is not distributed to anyone, then the license cannot require you to distribute it to anyone (no matter how many people use it or for what purpose, etc). Which is to say that, if accepted, the Dissident test and the practical concerns we have about providing source over SMS and such, imply that no free license can ever close the ASP loophole. Cheers, aj I certainly aggree with the first test (even though RMS does not). Not because people should be allowed to take free software proprietary, but because there are many reasons why the contents, existence or whereabouts of a regionally modified program is likely to imply some information which can be considered reasonably private for other reasons. The dissident test expresses one situation where all 3 are very private. I do not aggree with the second test in general. A big service provider, whose primary service is to let people run a copy of a piece of free software can be reasonably required to provide the patches / sources to *that* program in a way similar to the current GPLv2 ways (immidiate access from a designated place, proactive provisioning to users, reference to public source if not modified or an implied offer to provide current version at distribution cost). For instance someone providing a $1 SMS service with no web server at all could send it out on CD-Rs at cost *if and when requested*. They could even offer to send it out on SMS charging $1 per 140 chars, but that would be stretching it. Someone running their company out of Antarctica could charge the transmission cost for the source download if someone insists on getting it. But the time-sharing company requirement must be written so it does not extend beyond that scenario at all. Someone running a small-time server should not be required to reveal source (but see DFSG 6). Someone who provides a different service altogether but happens to use a piece of free software to do so should not be required to reveal source. Someone who provides a time-sharing service and uses a piece of free software which is not the service should not be required to reveal that source. Example: A company whose service is to calculate paychecks and initiate the resulting money transfers and accounting transactions would be using many crucial pieces of software: The program that figures out all the strange laws and published aggreements regarding paycheck calculations could be subject to a GPLv3 publishing requirement if it was under the GPLv3. This would be a real pain, but also a real freedom (such companies often bark at implementing new payment schemes). If the company wants this to be kept proprietary they must keep that piece of code free of GPLv3 code. If they share they must share alike. The program or data which knows the secrets of some peoples private job and salary situations should remain private even if indirectly under GPLv3 (so there must be a personal information exception allowing those details to be weeded from the released patch). However it could be force requested by the individual receiving or paying that particular paycheck. The program which talks to the money transfer interfaces of various banking systems would (at most) be GPLv3 obliged with those banks as users. The program used to validate incoming requests as reasonable is not the primary service and should be exempt. There might also be a general exception for code implementing provider specific security checks, similar to the personal information exception. The kernel, compiler, shell, backup software, console I/O etc. of the computers running the system are definitely not the primary service and should be exempt. The system used to compute and track the charges incured by users of the service is not the primary service and should be exempt. The cgi script providing a web interface to the service is a borderline case (assuming the script contains GPL cgi code and also assuming that there are other ways to talk to the service (paper mail etc.)). The web server hosting that
Re: Dissident versus ASP
On Mon, Mar 17, 2003 at 07:30:44PM +1000, Anthony Towns wrote: [ASP condition] You should never be forced to give your source changes (and/or rights to use/modify them) to people who merely use your program (but don't already receive copies). Hmm, I wonder if this could be softened so that it _in practice_ has the same effect, but does not put a burden on anyone. This would be similar to the GPL's approach to charging high prices: it's allowed, but in practice it doesn't become a problem because of the GPL's other effects. I'm thinking of a license that extends the proposed DMCA-subversion clauses, in such a way that everyone who has access to the source also has permission to copy it. Then, if you add something similar to GPL's clause 6 (You may not impose any further restrictions...), you get the effect that a network service that uses this software can only keep its modifications secret if all the developers involved agree to keep them secret. This will work for single developers and small groups, as well as for highly motivated groups (such as dissidents who risk their lives if the modifications are published), but rapidly becomes unstable for large groups and corporations. There are two factors that work against this scheme: - The no further restrictions clause would have to butt heads with confidentiality agreements in employment contracts. This may make it unusable in practice. Also, a restriction such as We'll fire you if you publish this code is not necessarily written down anywhere, but could be effective just the same. - If a company makes a lot of money from its service, then this could make even a large group of developers highly motivated to keep the source secret. This assumes that the profit is shared with these developers :) IIRC, similar cases have occurred with the GPL, where all the customers of a software development company decide that it's in their best interest not to publish the software that they paid good money for. Still, an approach like this might slip past Anthony's assumptions and close the ASP loophole indirectly. Richard Braakman
Re: Dissident versus ASP
On Mon, Mar 17, 2003 at 02:41:49PM -0800, Thomas Bushnell, BSG wrote: Anthony Towns aj@azure.humbug.org.au writes: On Mon, Mar 17, 2003 at 10:42:34AM -0800, Thomas Bushnell, BSG wrote: Anthony Towns aj@azure.humbug.org.au writes: If your program is not distributed to anyone, then the license cannot require you to distribute it to anyone (no matter how many people use it or for what purpose, etc). Which is to say that, if accepted, the Dissident test and the practical concerns we have about providing source over SMS and such, imply that no free license can ever close the ASP loophole. Since there are fifteen things floating around, each of which gets called the ASP loophole, it's hard to be certain. Name one that it doesn't apply to? Of the ones that I've seen, as far as I can tell, it would apply to all the proposed methods of closing the ASP loophole. *sigh* We're not talking about _methods_ of closing the ASP loophole, we're talking about _instances_ of the ASP loophole. Name one that isn't instantiated by someone making the program accessible to people for purposes, but not distributing it to them. Or else stop fudging around the topic. The claim is that: Dissident test + Practical objections == Can't close the ASP loophole and, furthermore that that equality goes both ways. That is that the Dissident test is just another way of saying that the only ways you're allowed to close the ASP loophole are ones which are practically unreasonable. The point of the syllogism is to make it clear that that claim isn't just an opinion, nor an exaggeration, but a reasonable and accurate restatement in all circumstances. Cheers, aj -- Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/ I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!'' pgpR27LRvoyJE.pgp Description: PGP signature
Re: Dissident versus ASP
On Tue, Mar 18, 2003 at 01:25:25AM +0200, Richard Braakman wrote: I'm thinking of a license that extends the proposed DMCA-subversion clauses, in such a way that everyone who has access to the source also has permission to copy it. Then, if you add something similar to GPL's clause 6 (You may not impose any further restrictions...), you get the effect that a network service that uses this software can only keep its modifications secret if all the developers involved agree to keep them secret. This will work for single developers and small groups, as well as for highly motivated groups (such as dissidents who risk their lives if the modifications are published), but rapidly becomes unstable for large groups and corporations. Huh? It seems meaningless to me: if you employ some people to work on your program, you put them under NDA so that they agree not to disclose the source code; if you work with other groups, you do likewise to them. If necessary, you do the NDAing at arm's length, something like: A changes the program E employs B under a contract that they don't distribute the program or its source, etc E asks A to give B a copy of the program A gives B a copy of the program E isn't covered by the program's license since he never has anything to do with it. I don't think it would be remotely reasonable or enforcable (or in line with giving people more free software) to somehow stop A from giving the program to B, or to stop B from being able to give copies to people who E approves of. Cheers, aj -- Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/ I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!'' pgpVUKLWzb5b8.pgp Description: PGP signature
Re: Dissident versus ASP
Anthony Towns aj@azure.humbug.org.au writes: Or else stop fudging around the topic. The claim is that: Dissident test + Practical objections == Can't close the ASP loophole and, furthermore that that equality goes both ways. That is that the Dissident test is just another way of saying that the only ways you're allowed to close the ASP loophole are ones which are practically unreasonable. I'm not fudging, I'm saying that, in all the cases I've thought about, I agree with your claim. I can't make statements about cases that I haven't thought about.
Re: Dissident versus ASP
Anthony Towns aj@azure.humbug.org.au writes: The claim is that: Dissident test + Practical objections == Can't close the ASP loophole and, furthermore that that equality goes both ways. That is that the Dissident test is just another way of saying that the only ways you're allowed to close the ASP loophole are ones which are practically unreasonable. Sorry, when I say I agree with this claim, I mean the = direction. The = direction is surely false; for example, I formulated the dissident test long before the ASP loophole (of any sort) had ever been pointed out to me.
Re: Dissident versus ASP
On Mon, Mar 17, 2003 at 04:31:48PM -0800, Thomas Bushnell, BSG wrote: Anthony Towns aj@azure.humbug.org.au writes: The claim is that: Dissident test + Practical objections == Can't close the ASP loophole and, furthermore that that equality goes both ways. That is that the Dissident test is just another way of saying that the only ways you're allowed to close the ASP loophole are ones which are practically unreasonable. Sorry, when I say I agree with this claim, I mean the = direction. The = direction is surely false; for example, I formulated the dissident test long before the ASP loophole (of any sort) had ever been pointed out to me. Huh? I never thought about a number bigger than 10^128, therefore a^b * a^c = a^(b+c) is surely false for numbers that large You're not making any sense. Cheers, aj -- Anthony Towns [EMAIL PROTECTED] http://azure.humbug.org.au/~aj/ I don't speak for anyone save myself. GPG signed mail preferred. ``Dear Anthony Towns: [...] Congratulations -- you are now certified as a Red Hat Certified Engineer!'' pgpV5TLcKxisH.pgp Description: PGP signature