from the click-to-agree-information-wants-to-be-free dept.
Software developer Bryan Cantrill has a second, more detailed, blog post on EULA plus Copyright frankenlicenses. The combination of the two appears to bring in a lot of baggage from both proprietary licensing and EULAs while being dressed up as FOSS. He writes a blog post in response to a longer discussion on HN and blog post from the CEO of Confluent. He discusses the situation, raises quite a few questions (three are quoted below), and concludes with an assessment on the seriousness of the problem and a call to action.
This prompts the following questions, which I also asked Jay via Twitter:
1. If I git clone software covered under the Confluent Community License, who owns that copy of the software?
2. Do you consider the Confluent Community License to be a contract?
3. Do you consider the Confluent Community License to be a EULA?
[...] To foundations concerned with software liberties, including the Apache Foundation, the Linux Foundation, the Free Software Foundation, the Electronic Frontier Foundation, the Open Source Initiative, and the Software Freedom Conservancy: the open source community needs your legal review on this! I don’t think I’m being too alarmist when I say that this is potentially a dangerous new precedent being set; it would be very helpful to have your lawyers offer their perspectives on this, even if they disagree with one another. We seem to be in some terrible new era of frankenlicenses, where the worst of proprietary licenses are bolted on to the goodwill created by open source licenses; we need your legal voices before these creatures destroy the village!
(Score: 4, Insightful) by Dr Spin on Saturday January 12 2019, @12:48PM (6 children)
Who is Bryan Cantrell, what is HN, who is merging EULAs and what is a copyright Frankenlicense?
Anyone can produce software with any license they like, if I don't use the software, it has no impact
on me. If, in this case, I might be using the software, then it could be worth telling me what software
is involved here. Is it an arcane version of Slashdot or the whole of Linux? Is it a Perl fork? Is it
Fortnite? Is it a twister? Who knows? Does anyone really care?
AFAICT, this is piece of worthless clickbait, and I refuse to go to the original article to find out if there is a story.
The whole point of editors is to make sure there is actually a story behind the headlines, and then present it in an intelligible form.
This is not that!
Warning: Opening your mouth may invalidate your brain!
(Score: 3, Informative) by Anonymous Coward on Saturday January 12 2019, @01:08PM
Bryan Cantrell is the author of the linked article. He is apparently some sort of software developer, but that seems largely irrelevant. HN is an abbreviation for HackerNews, a well known and popular software and technology discussion site (in case that question was not rhetorical). The summary makes it obvious that Confluent is the one "merging" EULA and Copyright licenses, which the author has dubbed a "frankenlicense", however a that should have been more clearly stated. It reads as though there were an earlier submission that was missed or not posted. The article is as much about a potentially worrying development in the FOSS ecosystem as any piece of software itself. Having read the article I still do not know what Confluent makes or which software packages are covered by this "Community License", but this is still something I am glad was posted just so that I am aware of the potential issues being raised.
(Score: 3, Interesting) by realDonaldTrump on Saturday January 12 2019, @01:25PM (1 child)
In the journal of ~fyngyrz there's the very special cyber for, someone writes "WTF, EULA FOSS HN AFAICT" and you don't know what it means. But, you touch it and this cyber tells you.
(Score: 1, Troll) by Gaaark on Saturday January 12 2019, @04:27PM
"But, you touch it and this cyber tells you."
Or, "But, you touch it and you have to defend yourself in court."
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by MichaelDavidCrawford on Saturday January 12 2019, @02:38PM
While of course I haven't read TFA the issue at hand is not a simple Free or Open Source License, but a freedom-preventing license that _claims_ to be a Free or Open Source license but is not.
You can't go far wrong if you use a license picked _specifically_ from the OSI approved ones, or the FSF's list of Free Software License. To claim that a turd is a rose doesn't make it smell nice.
Yes I Have No Bananas. [gofundme.com]
(Score: 5, Informative) by rleigh on Saturday January 12 2019, @05:00PM
Bryan Cantrill is an ex-employee of Sun microsystems, one of the primary authors of dtrace and one of the people responsible for getting Solaris open-sourced as OpenSolaris. He's one of the giants of the free software world, has done far more than most for championing free software, and is a highly-skilled developer as well as an excellent and entertaining public speaker. Check out some of his talks about dtrace and ZFS on youtube as well as conferences like Usenix.
(Score: 2, Insightful) by Anonymous Coward on Saturday January 12 2019, @09:35PM
This is a pretty naive statement, much like "since I don't use Failbook it has no impact on me" or "because I'm not the owner of this boxing glove, it has no impact on me" etc. The network effect is sadly very real and the choices other people make (often horrible) have very real impact on the whole society.
(Score: 5, Informative) by sigterm on Saturday January 12 2019, @12:50PM (5 children)
I can't really see why the term FOSS is being mentioned at all in conjunction with the Confluent Community License (https://www.confluent.io/confluent-community-license ).
The license clearly restricts user freedom in that it doesn't allow the user to use the software to create any online service that might compete with a service or product sold by Confluent. As such, it's obviously a non-free license.
As for the first question regarding who "owns" the software, I think that's a bit of a red herring. The whole point of a license, including the GPL, is that the creator(s) keep ownership of the copyright, and thus get to dictate what other people may or may not do with the software. If the authors/creators didn't retain ownership, they obviously would be in no position to enforce a license of any kind.
I also fail to see the relevance of question 2. A license is a license, which is to say that it functions as voluntary contract with non-negotiable terms dictated by one side. If one chooses to be bound by it by using the software, it is then valid and enforceable to the extent that local laws permit.
EULAs, on the other hand, are exclusively directed towards End Users (hence the name), which often have already paid for the product prior to being confronted with the license terms. For this reason, the enforceability of EULAs is still a contested topic in legal circles. However, since in this case there's no prior purchase, and the users of the code aren't your typical end user (consumer), comparing the license to a EULA seems a bit odd.
(Score: 3, Interesting) by bradley13 on Saturday January 12 2019, @05:41PM (1 child)
Perhaps, but if you read TFA, there are some troubling aspects. This software is available for you to clone via Git. One file somewhere in the repository is a license. Are you presumed to have accepted this license by cloning? In that sense, it's even worse than a click-through EULA.
Also: The license, or EULA, or whatever it is states that you are free to do whatever you want with the source code, including modifying and redistributing it. But it also contains a clause that prohibits you from using the software to compete with Confluence's online services. That is just a really weird (and possibly contradictory) pair of clauses.
My impression, based on absolutely nothing more than a gut feel, is that Confluence doesn't quite know what they really want to do. They want kudos for being FOSS, but they don't want to actually walk the walk. Possibly a conflict between their lawyers and their management?
Everyone is somebody else's weirdo.
(Score: 2) by janrinok on Sunday January 13 2019, @10:46AM
EULA - End User License Agreement. If I haven't 'agreed' to it, it has no legal binding whatsoever. Show me where I agreed to it, and someone might have a point, but cloning it from a GIT repo does not constitute an agreement. I would have to download it in order to read it, and I'd have to read it to know whether I intended to 'agree' to its conditions. In Europe, it has absolutely no legal standing whatsoever.
(Score: 2) by rigrig on Sunday January 13 2019, @03:54PM (2 children)
Because it used to be licensed as Apache 2.0, but then Confluent decided to alter the deal [confluent.io], while pretending they didn't.
No one remembers the singer.
(Score: 2) by arslan on Sunday January 13 2019, @10:19PM (1 child)
Personally I don't see a big deal about it - in spirit they seem to just don't want folks to take their software and operate as a public commercial SaaS to compete with them; which would be quite ironic if you are in their shoes.
Of course IANAL so there's probably technical (legally) concerns in the way they've implemented said license, set precedents, yada yada yada...
(Score: 2) by rigrig on Monday January 14 2019, @01:20AM
Making their software non-free is not the big deal, lots of companies make proprietary software.
The big deal is that they took away freedom 0 "The freedom to run the program as you wish, for any purpose", and still pretend it is free software.
No one remembers the singer.
(Score: 5, Informative) by Anonymous Coward on Saturday January 12 2019, @12:54PM (7 children)
I will let others weigh in on the Open Source Definition, but this Frankenlicense, as they call it, is certainly not Free-Software-Foundation-style Free Software. It contains this clause
Which clearly fails Freedom 0 [gnu.org]
(Score: 2, Disagree) by HiThere on Saturday January 12 2019, @05:09PM (5 children)
Since the concept of Open Source was split off from Free Software by commercial entities for commercial purposes, I'd say that if you can read the code, it counts as Open Source. I definitely agree that this doesn't make it Free Software. Now you need to parse FOSS. Is it a union of Free Software and Open Software or is it an intersection? I always find the term ambiguous, and avoid it. It often seems to be used by people who either don't want to think about the difference, or are trying to put something over on you. OTOH, some people seem to think it is clearly understood to be either an intersection or clearly understood to be a union. But they seem to disagree about which.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by exaeta on Saturday January 12 2019, @05:24PM (3 children)
Open Source and Free Software are a bit different. Open Source lacks one guarantee of free software: The ability to modify the software on the device it is installed on. Every other freedom of "Free Software" is required to be "Open Source".
E.g. a device with a signed bootloader which you cannot replace the software, but the software source is available, is "Open Source" because the sources are licensed freely but the software is not "Free Software" as installed because you can't modify it according to your liking.
In other words, "Open Source" is concerned only with the software license and source code availability, whereas "Free Software" is also concerned with practical issues like signed bootloadeders.
FOSS is the same as "free software" and is just to avoid confusing people who would interpret "free software" to mean "gratis software" (free as in $0) instead of "libre software" (free as in freedom).
Some people found that too ambiguous as well, so we got FLOSS (Free Libre Open Source Software).
Software which you can view the source code but without the required open source license is called "source available" or "source viewable" software, never "open source". This includes CC-BY-NC et al. which are not open source licenses and can be considered shareware licenses only.
The Government is a Bird
(Score: 2) by exaeta on Saturday January 12 2019, @05:32PM
The Government is a Bird
(Score: 2) by HiThere on Saturday January 12 2019, @07:11PM (1 child)
I agree that "Software which you can view the source code but without the required open source license is called \"source available\" or \"source viewable\" software", but based on experience I disagree with "never \"open source\"". You may feel that the terms *should* be used in the way that you describe, but they often aren't. And I'm not certain that all the groups that split off the term "Open Source" had the same reason for doing so. I accept that *some* of them had the reason that you are saying. I'm rather certain that some members of that group had very different reasons, that they considered not the best publicity to assert publicly.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by exaeta on Saturday January 12 2019, @09:15PM
The Government is a Bird
(Score: 1, Informative) by Anonymous Coward on Saturday January 12 2019, @06:09PM
The open source initiative disagrees with you https://opensource.org/ [opensource.org] . Microsoft for a while tried to popularize the software you describe as "shared source" https://en.wikipedia.org/wiki/Shared_Source_Initiative [wikipedia.org]
(Score: 3, Informative) by Pino P on Sunday January 13 2019, @03:58AM
The Open Source Definition [opensource.org] is materially identical to the Debian Free Software Guidelines [debian.org] in the Debian Social Contract. Item 6 of these definitions corresponds to item 0 of FSF's definition:
(Score: 3, Interesting) by lentilla on Saturday January 12 2019, @01:36PM (2 children)
Software licensing is like roll-your-own encryption - just don't do it.
As I see it, we have the pick of four licenses: proprietary (whatever the boss feels like), explicit public domain, BSD (public domain with attribution) and GPL (when you add the final per-cent and call it finished, all of it is available for the next advance).
Pick one of those four.
(Score: 2) by HiThere on Saturday January 12 2019, @05:14PM (1 child)
"Public domain" has become rather iffy as copyright laws have changed. I don't think you can explicitly put things into public domain, at least not reliably in all jurisdictions. That's the reason things like the "artistic license" and the "MIT license" were developed.
One thing that public domain requires is that there be no attribution of risk for use. But this seems to currently require either successfully anonymous creation or an insulating license. Or waiting until the copyright term runs out.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by fyngyrz on Saturday January 12 2019, @08:07PM
If a legal jurisdiction does not correctly handle public domain, then the citizens of that legal jurisdiction need to get after fighting it and fixing it. It's their responsibility.
There's an excellent case here for civil disobedience, one which has been clearly stated for a very long time:
I've written a bit about civil disobedience here, [fyngyrz.com] most of which is relevant to this issue.
TL;DR: It's not the concept of public domain that's broken. It's the law. It's up to us to refuse to obey the evil bus driver and the system he is goose-stepping to. [wikipedia.org]
--
My sense of humor is my primary defense against the
creeping tide of idiocy taking over my country
(Score: 4, Touché) by Runaway1956 on Saturday January 12 2019, @02:56PM
To paraphrase this license: You may use the software unless and until there is some chance that you might make money from it. When you start to make money, we want it back. If you've improved our software while using it, we want the improvements as well. Feel free to do anything you like with our software, except to make money.
(Score: 2) by exaeta on Saturday January 12 2019, @05:05PM
I'm not a lawyer, but I suppose you could consider me a paralegal as I have (some) experience with the legal system.
First, these contracts of adhesion are sometimes enforced, such as in warranty agreements, where you seek a benefit from the contract. I.e. the warranty. In other cases, they have not been enforced, even by the same court such as the 11th circuit and even with regard to the same subject matter (warranties). Reasoning is pretty simple though, contract law varies between different states, and is usually a fact intensive inquiry that broad statements aren't very applicable to.
Some states have stricter requirements as far as what constitutes "accepting" a contract. In some, you might be considered to "implicitly accept" a contract if you A) have notice of the contract's existence and that it applies to the transaction and B) you continue with the transaction. This "implied acceptance" can get murky fast, as you can say, for example, if you purchased some good you have an implied right to use the good without accepting the "contract" and thus your use doesn't constitute implied acceptance.
So for instance, when trying to enforce a warranty in Florida, the 11th circuit found an arbitration shrinkwrap agreement valid, most likely because they were trying to utilize the manufacturer warranty which came with those terms. But in other cases courts have neglected to find the arbitration part enforceable. I suspect this was because the manufacturer in the latter case may have advertised the warranty on the outside packaging, thus creating an implied contract for warranty but not an arbitration agreement that was accepted and became enforceable when the buyer purchased the product, and the later shrinkwrap contract didn't need to be accepted to utilize the warranty.
In general, contracts need three elements to be enforceable:
What exactly constitutes accepting a contract varies a lot depending on jurisdiction. Obviously if you sign a physical contract, you "accept" it, but when an "implied acceptance" is created is another issue. Duress and lack of consideration can also be defenses to contractual formations.
As far as software goes, you generally don't need to accept the license to software that you buy, however depending on your jurisdiction, you might "modify" the contract by accepting the EULA. Your best recourse is (probably) to file a lawsuit against the seller for declaratory judgment after purchasing but before accepting the EULA alleging breach of implied warranty of fitness for a particular purpose, breach of implied contract, or some similar grounds. In some cases, you might be able to get away with "accepting" the EULA if there is a "lack of consideration" by accepting it because all the rights it gave you were already implied rights from the purchase or transaction. The exact circumstances of whether or not you can "accept" the EULA without being bound by it depends on facts and your jurisdiction.
EULA are contracts, and there's no difference between a "contract" and a "license". In the sense, an "EULA" is a contract which gives you a license to replicate a copyrighted work. However, you (generally) don't need copyright permission to use software. Even a few courts that issued ridiculous rulings, such as the 9th Circuit's decision that running software requires copyright license because the software is copied in RAM, overruled itself later. The only thing to watch out for, as far as I'm aware, is the Court of Appeals for the Federal Circuit, which unfortunately a well crafted dispute can appeal to from any jurisdiction. If you were in the unfortunate position of being appealed into the federal circuit, expect most of your rights not to apply. What I would do is cite as many copyright cases from your numerically assigned circuit and then appeal to the Supreme Court pointing out any differences between Nth circuit law and the Federal Circuit's monstrosities of precedents. A circuit split should give you a decent chance of getting certiorari (which is still unlikely, unfortunately).
Ultimately, the Federal Circuit seems to have little regard for nuances of state contract law, and is well known for completely disregarding Supreme Court precedent, so there's not much you can do apart from ask the Supreme Court to overrule them (which it does on a regular basis). In my opinion, we should remove Federal Circuit jurisdiction over non-patent issues, or just eliminate it (the court is known for issuing terrible rulings).
The Confluent Community License Version 1.0 is definitely a non-free license. It prohibits use as a service. You need permission to prepare derivative works of a copyrighted work, thus it seems like it would be mostly enforceable. I give it two thumbs down.
The Government is a Bird
(Score: 0) by Anonymous Coward on Sunday January 13 2019, @07:17PM
confluence has always been "open source friendly" slaveware peddlers.