Re: The sad decline of copyleft software licenses? :(

[Eric Schultz]

   On Tue, Sep 22, 2020 at 11:04 AM Marinus Savoritias
   <[1]marinus.savoritias@disroot.org> wrote:
   >
   > 2. The main argument for GPL is that it protects the freedom of the
   user
   > by restricting the freedom of the developer a little bit. Same with a
   > company that has to keep trade secrets. Having something like the
   > Hipocratic license or CNVPL does the same thing. And on my personal
   > opinion better.
   I get this point of view but please consider that the Hippocratic
   license and other "ethical licenses" are quite harmful.
   (I will use the term "ethical licenses" here not because I agree that
   they're ethical but it's a commonly understand term)
   I've discussed this at length elsewhere but a few topics you should
   consider:
   1. They're legally suspect. Additionally, they almost inherently
   guarantee you will put more people at risk of
   violating copyright and being sued. Consider the following scenario:
   * A piece of software is under the Hippocratic license. They use
   inbound=outbound licensing so every contributor has
   copyright on a portion of the software.
   * A human rights group with a controversial viewpoint like being
   pro-abortion rights or LGBTQ rights or union rights or a sex worker
   advocacy group uses the software.
   * One of the contributors to the software feels that the human rights
   group is actually violating human rights. As an example,
   many anti-abortion opponents think abortion is a human rights
   violation.
   * The contributor sues the human rights group for copyright
   infringement.
   * Copyright infringement is very severely punished in some countries
   and they need a judge to enforce it.
   While one could say "oh, that's unlikely to happen", I would respond
   that it's not really your place to decide what is an acceptable legal
   risk
   for others. I can't possibly understand every user's experience, their
   viewpoints, their fears or the risks they have. You're opening up a
   possible legal quagmire for people who are already marginalized. I
   think that's wrong.
   2. They prevent integration with software used by nonprofits, human
   rights and international development groups. Significant pieces of
   software including CiviCRM, Mastodon and CiviCRM are under copy-left
   licenses.These ethical licenses have restrictions which can't
   be combined with copyleft licenses like the GPL or AGPL. Therefore,
   your Hippocratic licensed software can't be integrated into a CiviCRM
   plugin.
   I barely avoided this problem at my work. As background, I happen to
   work on the Houdini Project which is nonprofit fundraising software.
   The backend is under the AGPL and
   the front-end is under the LGPL. Through my employer CommitChange, we
   host a slightly modified version of Houdini for nonprofits in the US.
   We help these nonprofits raise almost $10 million a year to assist
   their missions. At one point, the project was using VCR, a Ruby gem for
   providing automated testing. In February, the VCR creator unilaterally
   relicensed the software under the Hippocratic license. When I read
   this,
   I panicked: I thought we used VCR and I knew we wouldn't be able to use
   new versions of VCR. Was I going to waste weeks ripping this out?
   What would I tell our customers? That some external party decided they
   weren't ethical enough without even knowing them? When I got back to
   the office, I checked and realized I had removed VCR previously. We had
   moved to some new testing and had forgotten that all the test code
   for VCR was commented out. I didn't have to set all of my work projects
   aside and waste weeks ripping software out but this was a real risk.
   Additionally, many international development organizations, like the UN
   Foundation, the Gates Foundation
   and others, are requiring that software they fund be licensed under OSI
   or FSF approved licenses (preferably approved by both) and support open
   standards. This is becoming
   a basic requirement for international development software going
   forward. Who is helped by your software not being usable for fighting
   poverty? Or improving public health?
   3. This isn't going to stop really big companies. Don't get me wrong,
   big companies want to use and support FOSS software, preferably under
   permissive licenses. It saves them
   money and reduces training costs for potential new developers. That
   said, companies like Amazon, Facebook, Microsoft, and Google truly do
   not need your software.
   They can spend their way out of these restrictions and work around
   them. It's pretty likely in fact that they'll release their
   replacements under permissive licenses. The
   only people who will be significantly harmed by ethical licenses are
   smaller groups who simply can't afford to build their own workarounds.
   4. These licenses are almost entirely written by highly paid software
   developers, all of whom speak English and most of whom are people of
   European descent. They
   don't represent the interests of the marginalized or end-users, they
   represent the interests of the globally powerful. Everything needs to
   be placed into that context.
   We've seen this problem already in the traditional copy-left route,
   already. I think it's pretty obvious that part of the massive
   development around LLVM and
   Clang is because their license is more permissive than the license for
   GCC and friends. A lot of companies just don't want to have to comply
   with the GPL so they'll do what it takes to
   avoid it.
   In summary, I think ethical licenses are far from ethical and are
   downright dangerous. I do however feel quite strongly about many of the
   concerns ethical source advocates
   speak about. I think we should do what it takes to discourage bad
   actors, whether organizations who don't give back or who violate human
   rights, from benefiting from our labor.
   From my point of view, licenses are not appropriate for this, either
   practically or morally. On the other hand, I advocate for projects and
   developers to develop sustainable communities
   with clear policies on who may participate in them, something like a
   code of conduct on steroids. Houdini is in the early stages of making
   it clear that certain bad actors are not welcome in the community, they
   may not
   file bug reports or feature requests, any they do file will be deleted
   without consideration, they may not join project chat rooms, they may
   be called out in the software and documentation,
   and they are not allowed to participate in events in any manner. In an
   extreme case, we may consider removing features that are most of use to
   them (this has to be done selectively of course)
   We can't, and won't, ban them from using the software if they receive
   it with a license. But under no circumstances will we provide
   additional labor or support for them through the project.
   Our tentative initial plan is to start with banning organizations
   listed as hate groups by the Southern Poverty Law Center. Over time, we
   will likely expand it as necessary. This happens to be a MAJOR
   advantage of using an aggressive code of conduct over a license: it can
   be changed by the project at any time with no legal costs. Need to add
   an org to the list? Made a mistake and need to remove an org?
   Both are extremely straightforward to do, you just follow the project's
   policy. Once a license is in the wild though, it's basically written in
   stone. It's hard to amend and costs a ton to do it well.
   I strongly recommend those of us who value a place for free software
   and digital autonomy in social justice to advocate for these type of
   changes to their projects.
   Eric
   --
   Eric Schultz, Developer and FOSS Advocate
   [2]wwahammy.com
   [3]eric@wwahammy.com
   @wwahammy
   Pronouns: He/his/him

References

   1. mailto:marinus.savoritias@disroot.org
   2. http://wwahammy.com/
   3. mailto:eric@wwahammy.com