License Question GNU-AGPL-3.0
Mark Essel (@victusfate)
I've read over some of the licenses, but am always confused by the
motivations for one over another.
Can companies host seeds but put up ads or charge revenue?
Are there any restrictions for other software sending and receiving
data from Diaspora seeds? (status.net stuff etc)
Steve Klabnik
Dreamcat4
> If you change the code to Diaspora, you have to publish your changes so that
> everyone else can use them. That's it.
Yeah - but using a stick approach (and not a carrot) simply switches
people away from contributing / investing in the first place. Its
easier to win people over, rather than alienate them with complex
licensing terms.
Thats why i am generally opposed to contributing to any projects which
adopt the GPL licensing model. And thats why many other professional
developers are too. Thats entirely the reason we are asking this
question.
dreamcat4
drea...@gmail.com
Alex Andrews
> adopt the GPL licensing model. And thats why many other professional
> developers are too. Thats entirely the reason we are asking this
> question.
Why? The GPL was designed to further the rapid development of projects
for the common/public good by requiring people to contribute back and
preventing commercial hoarding and enclosure. Don't you see why a
project like Diaspora is under such a license? Can't you see the
obvious advantages of such collaboration for it?
Alex
Dreamcat4
Perhaps if you hadnt misquoted me and cut off the top paragraph I
might have even bothered to say something good about the Afero LGPL.
Oh well...
Anyway, you consider yourself as the centre of this community, right?
Well then you shouldnt really have anything to be afraid of. At least
in the long run, one your software has become a bit more mature.
If a company secretly developed and released a new feature, then
how could it possibly work in conjunction will all the other existing
diaspora seeds? They would have a vested interest to contribute
(that feature) back upstream to you guys i would have thought.
Well, I like to think that beside the point anyway. Its about the
"soft sense" implications to your project here. If you are scared
about someone taking away your ideas, the GPL license can seem
appealing.
But down the road, a decision to later switch over to some BSD style
license may instead widen participation and build further trust.
Thats the real message here. Once your software is more mature, please
take a step back to think about the license again. Its no harm surely.
A GPL license is not actually whats making your software great
software. Its the confidence and community of Disapora you are
building around yourselves. Its the human aspect. The open community
participation.
dreamcat4
drea...@gmail.com
Alex Andrews
happens to be pretty militant about open source licenses. This isn't
my software by any means and I don't know how I gave the impression
that it was. I will be contributing however as much as time and energy
permits.
In your final paragraph you recognise that its the confidence and
community around Diaspora, as well as the enthusiasm of people for it
that will make it great. I totally agree, not to mention the millions
of lay users who would love this all to work out and actually replace
Facebook in their day to day lives in a manner analogous to the
revolution (for better or worse) of Napster did more music files. What
the GPL does is legally protect this community and the software that
surrounds it. It requires companies to contribute back. You say this
should be voluntary, but I see no reason why companies would have a
vested interest in kicking back up the line, and plenty of instances
of large companies doing just this, enclosing the software. Sure, they
occasionally release bits and pieces but the core technologies, ie the
really important stuff, remains behind closed doors, despite the fact
it depends wholesale on FOSS - from the software they have adapted to
the compilers to the very standards of the language and protocols it
interoperates with. If open community participation is the key, then
the GPL increases this to the nth degree.
With Diaspora there is also the issue of privacy - what would prevent
a BSD licensed bit of software hacking in some nasty data collection
rackets? With GPL, in theory, the code would have to be sufficiently
public for people to be aware of these kinds of things before they
signed up to any service. This is why I think the guys have licensed
as they did.
Other people may have different opinions on this, of course, but this
is my two cents. I understand this a complex and political issue and
there are going to be disagreements. There is no harm in consider
issues, as you say.
Best regards
Alex
Ori Pekelman
this argument. We know the code because it is AGPL, so it can not do
anything evil. But if it were BSD it might.
If the underlying design of Diaspora does not assume that all nodes
are hostile, then, hmm well, not a very good idea. Or otherwise said:
a very very very bad idea. The only privacy/security you can expect
are those guaranteed by:
1. The protocol
2. Nothing else
If I can run a data collection racket because the protocol is poorly
designed, someone will. So AGPL/GPL I don't really care (oh I haven't
seen that many AGPL projects succeed in having a large contributor
base, usually this is just for people afraid of someone proposing a
better hosted version), but the security argument, is well,
frightening.
John Favorite
Alex Andrews
of code ensures its security as if by magic? No, but I do believe that
at least, with the proper work around it, open source software can be
very secure.
This said, I do agree with the 'all nodes are hostile until proven
otherwise' model - just as you would do with any web facing script
where you assume any input can be malicious.
All the best
Alex
Ori Pekelman
their uses. All are good. We are part of a large community, with
honesty and good will to spare. Believe it or not my current trolling
mood is of a deep good will. I am very much attached to the open
social world and appreciate a lot the possible good Diaspora has done
this cause.
But quoting: "what would prevent a BSD licensed bit of software
the code would have to be sufficiently public for people to be aware
of these kinds of things before they signed up to any service."
secure in a distributed environment, you do not know what code is
running in the next node. Be the underlying code GPL, BSD or anything
else. Yes GPL, when you run it from a locally compiled source, after
having verified the signatures is inherently more secure then closed
source. Of course. Well BSD is too. More Libre less Libre, if many
eyes have seen the same code, well evil is shallow. This has nothing
to do with distributed systems. You can not, ever, know what version,
real version it runs. There is no cryptographic magic that does that.
Signed executables, hidden secrets, don't work. If you are root on a
node, you are root.
So, there are license questions that remain. But regarding those, this
argument should not be used.
On Sep 17, 5:56 pm, Alex Andrews <awgandr...@gmail.com> wrote:
> Did I in any way imply that bestowing a particular license on a piece
> of code ensures its security as if by magic? No, but I do believe that
> at least, with the proper work around it, open source software can be
> very secure.
>
> This said, I do agree with the 'all nodes are hostile until proven
> otherwise' model - just as you would do with any web facing script
> where you assume any input can be malicious.
>
> All the best
>
> Alex
>
Alex Andrews
made code secure, secure code makes code secure and nothing else.
Cheers.
Alex