New license for P2P applications in the Open Source Initiative – why not everyone is happy with it
What else we have on Habré: materials about DNS history, IT regulation and network hardware.
Photo – Tim mossholder – Unsplash
Why did CAL appear
Some members of the open source community are not happy with the fact of reselling open solutions in the form of SaaS. In this case, the authors of the utilities remain out of work in terms of income distribution. Therefore, they are moving to new types of licenses. For example, Redis implemented RSAL. It prohibits the use of company solutions for the development of databases and search / caching engines. Similar initiatives implemented Confluent, Mongodb, Cockroachdb and Timescale.
In March, the organization Open source initiative approved another restrictive license for decentralized applications is Cryptographic Autonomy License (CAL) She was represented by Holochain and lawyer Van Lindenberg (Van lindberg) The goal of CAL is not only to limit the resale of open source solutions, but also to return users control over personal data.
Document Features
Cryptographic Autonomy License is Classic copyleft-license. It permits the use of source code for developing derivative applications and requires that a new project be distributed along the same lines. But CAL still contains a number of unique conditions. In particular, it covers not only the application code, but also the data it processes. Authors of distributed services are required to store encryption keys exclusively on users’ computers. Thus, the Cryptographic Autonomy License prohibits the creation of corporate P2P chats that store cryptographic keys on the company’s server. In the case of developing B2C applications, this approach give a chance automatically fulfill part of the GDPR requirements and gives users more control over personal data.
In this case, CAL has a mechanism, which allows you to write applications that are protected by several licenses. In particular, programmers modifying the code under the Cryptographic Autonomy License can release the corresponding changes (only them) with any other open license.
Disagreement in OSI
The CAL approval process was lengthy. The draft was rewritten at least four times. Several members of the organization opposed the inclusion of a license in the Open Source Initiative portfolio. One of the critics was OSI Co-Founder – Bruce Perens In his opinion, the Cryptographic Autonomy License restricts developer freedoms and contradicts the sixth paragraph in defining open source. By the way, Perens personally worked out the definition. This clause states that an open license should not restrict the use of applications – including commercial. And the requirements for local storage of keys can be perceived as an infringement of rights.
Bruce told, which is considered an important quality of Open Source Initiative licenses, their simplicity and transparency. If the developer does not modify the code, he may not read the text of the document at all. CAL destroys this model, imposing an additional burden associated with data processing. OSI co-founder noted that decentralized applications do not need additional licenses, they can do with standard ones AGPLv3, LGPLv3 and Apache v2.
Photo – Free to use sounds – Unsplash
The point of view of Bruce Perence is shared by his partner Eric Raymond (Eric Raymond). He called licenses that did not fulfill the requirement of the sixth paragraph “an attempt to revise the cultural foundations of open source software.”
Despite the arguments of the OSI founders, the board decided to include the Cryptographic Autonomy License in the organization’s portfolio. how writes The Register, it could not do without the influence of lawyer Van Lindenberg, who successfully lobbied for the ideas of CAL. Bruce Perens did not put up with this decision and left the company.
It is not yet clear what fate awaits the new license and whether there are companies that will use it. The fate of Bruce Perens also remains vague – although there is an opinion that he will soon return to the Open Source Initiative, since not the first time leaves the organization.
We at 1cloud.ru offer a service DNS hosting. Registered users get it for free.
What we write about in a corporate blog:
Situation: Do AdTech companies violate GDPR?
Prepared quick guide on work with DNS. They talked about how to manage resource records using our control panel or API.
