diff options
Diffstat (limited to 'docs/change-license-emails.txt~')
| -rw-r--r-- | docs/change-license-emails.txt~ | 437 |
1 files changed, 437 insertions, 0 deletions
diff --git a/docs/change-license-emails.txt~ b/docs/change-license-emails.txt~ new file mode 100644 index 0000000..c73ff17 --- /dev/null +++ b/docs/change-license-emails.txt~ @@ -0,0 +1,437 @@ +Return-path: <intrigeri@boum.org> +Envelope-to: isis@patternsinthevoid.net +Delivery-date: Thu, 04 Jul 2013 11:38:58 -0600 +Received: from pattern7 by box658.bluehost.com with local-bsmtp (Exim 4.80) + (envelope-from <intrigeri@boum.org>) + id 1UunUg-0005CD-4Y + for isis@patternsinthevoid.net; Thu, 04 Jul 2013 11:38:58 -0600 +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on box658.bluehost.com +X-Spam-Level: +X-Spam-Status: No, score=0.0 required=7.0 tests=AWL,BAYES_00,RDNS_NONE, + T_MIME_NO_TEXT,UNPARSEABLE_RELAY shortcircuit=no autolearn=no version=3.3.1 +Received: from [204.13.164.192] (port=50585 helo=boum.org) + by box658.bluehost.com with esmtps (TLSv1:CAMELLIA256-SHA:256) + (Exim 4.80) + (envelope-from <intrigeri@boum.org>) + id 1UunUf-0005B2-OL + for isis@patternsinthevoid.net; Thu, 04 Jul 2013 11:38:57 -0600 +Received: from localhost (unknown [10.36.27.20]) + by boum.org (Postfix) with ESMTP id C051A44543 + for <isis@patternsinthevoid.net>; Thu, 4 Jul 2013 19:38:55 +0200 (CEST) +Received: from boum.org ([10.36.27.29]) + by localhost (censure.boum.org [10.36.27.20]) (amavisd-new, port 10024) + with ESMTP id EzLEA-Rb12Hz for <isis@patternsinthevoid.net>; + Thu, 4 Jul 2013 19:38:55 +0200 (CEST) +Received: from [127.0.0.1] (localhost [127.0.0.1]) + with ESMTPSA id D9A8F4447E +Received: from localhost (localhost [127.0.0.1]) + by localhost (Postfix) with ESMTP id 75BE2721E69 + for <isis@patternsinthevoid.net>; Thu, 4 Jul 2013 19:38:46 +0200 (CEST) +Message-Id: <85ehbep6mx.fsf@boum.org> +From: intrigeri <intrigeri@boum.org> +To: Isis! <isis@patternsinthevoid.net> +Subject: AGPL library, really? +Date: Thu, 04 Jul 2013 19:38:46 +0200 +MIME-Version: 1.0 +Content-Type: multipart/encrypted; boundary="=-=-="; + protocol="application/pgp-encrypted" +X-Identified-User: {3202:box658.bluehost.com:pattern7:patternsinthevoid.net} {sentby:spamassassin for local delivery to identified user} + +--=-=-= +Content-Type: application/pgp-encrypted + +Version: 1 + +--=-=-= +Content-Type: application/octet-stream + +-----BEGIN PGP MESSAGE----- +Version: GnuPG v1.4.12 (GNU/Linux) + +hQIMA1DJjYe0ARAPARAArgElYh6OQGZF7I5iJkKuseLEWy0C4wZ+K36Drm4mEoIN +N/3Tp08wf2czaYPYkXH2n5z9eCuCX8Ec0hAozmOHeA3pFsus5bRpVyEBnGMP8cFZ ++rpEig1xURd0GoWypWtRQSakf5bpAk9VKiSK9iJpZ3iqtkl/zWEyj13MfD6KEN34 +pnDf1m6JZLjUrFa8k2dy8lohubTzl32HiFKcdP04fV+ZhlWNAYoiriDEKzpY4Aoy +XFx3HnM5vp3KkqOZM7seFZhXLupCn2F87JMzbEILOwbsJlLkKf/y/Cba+MQSPkSx +7ZE1NVyMQIckRFSrsrZuAR7nZToblQ0/TpcqCYSUUalGF8simW026rFma9c7l6vL +p0fKzMzHd0jUucMUpeAbdVkLFeZq3mBcLiyrNZVO2KLMZDnHyipTU6DkelTD+SS4 +v6GbUPuELGFRV+CJvc/bPz6SGkmqaANmVXuhSHJEEb2feCliXduxBJsycM+2mxp6 +U9W8YmfyCDIb7rJ2Y1HVPGjbRHWmAE+TrXS/7YVtCtWiNQCa13ccbT0Wkc8INjkQ +iRZQEI0CxfqMFaLpb33jVKVzUvU5OEERO4DTTDHDnXxAGnNlVAUQGKk6ES7pc4NY +aolhj7BkkttLElVZMeL6InhxNTi3oFE4sCTABN2CCqqvVh77IqJmAo9tGUlKxfSF +AgwDT1xlSpP5dskBD/oC8Bhvki4E8s/Q1CggPbwfCrHCDzFTjTXxipp8WkReaXE4 +lZTNymG0JWrcmVbuhDy3NQH+GgpYk2PkVq1771FJtNqrfzEZN2IPtyK1GxeAYLEi +pRBInrej05EH96dhM1xMMlXWEe6svIkm3d05ETdeGuvOByXBuDHg60dgGXsjsrV1 +/Duwu1Q90Yhz3XMeRVTNsOUGKZAdsz20REs7yZSiqwrm71Q0cf8RUOF4F/u2jsle +kkL6jrLhEt/jhukR9VlpYegxAbluuCM5PslfoNYY/jLagif4akJ0cyGAmNrROtWt +g0n/gdc56TFvutci1/f1zkPlqGgZWANOFVnDsv9Em9Ew3dJ2GDMk4ERFKCBV5X/C +/tuble7M2GR6gFnJstH+uTsyX+2R+LlI+6HdrTfkEm4+S4buqV62XZg6EHMraE7a +QRsgKSa9a9Kd/D0pAo7njvuev7TH9JFvJO1fXG1DARsQYBdxDwJtOHfGnsr4Kc5U +4IKdHKwytwcGC9ulKIBPZ7NN+LJxYFaKwjTfXbS7PARJ35AvN3XL/YJQCk/JKt63 +LDQyT+LxeExq+uwUQxRrZQHJm07TqCMgIctLCz/VQrBOe3QMbHCooe+2D8rAR48f +bsdShnh7UuuqV7eKVeYf9lWcaeKQSmg4FxrxApnW6bHglF4d2/sMPsT8ZdxItNLB +KgE3MIRxtV2C2aWIjhAgiJh/0lBVjls0PaMQhMRYOk1CytiuLQ5ixAme4ptba+qv +fGz/pnD0lQd51ZtdDWVXNJM/AagJc+hUNHiDC3DIZw8jEqZqBUke5agHSmzNh+2C +8xQ4jg92p8jnYBkT+AA6oXvudoRpi2Nx+q8jX8fsxpFmgzWAPXyyEDHRmLNLrMhR +CIpHWpPkqH+c0/vz0lVV04LJfP2kGrIUupn2AhVDYRFjbHCOL62cNJJpu9WLCkdR +auurGi78EqVBqea58a0aE+FwGQH47UaMdDUl/eQOooCpzVb9O83HbWWkqm8buJgj +PHSf9AEa+FhnZsrUWwngiiH40ifHfwDQWSzNS2zs5OYG0DbHrESuc+bjOGZ6IOB+ +ywIR7z2v4x+XN8bN74eEMK4uIqxv7Thv1BGgGGumqrMDgkrOw1yojUQTC8wRnoiB +uZQspyeVbs5iNOdWiiGzscFXW1+QqHfxtdDLqjJdyvPHhVj2JUxG6w/FggXj8nUJ +trco39vZKaLfp/Dcimok1INr2IEvzUdhV6vrtrO7w+4waNBY7d/uJtT2DLl80Y4R +MIyDeMKhw9q//u1mMOG7Ce7n9iwzX2Bf2t8TSRmM5fqwXtjxcDBl5fceCilIyfCL +fMT2Dws+/n9Y2YQ= +=jcmz +-----END PGP MESSAGE----- +--=-=-=-- +Content-Type: text/plain + +Hi, + +I see on https://pypi.python.org/pypi/gnupg that you released this +library under AGPLv3. Is this correct? + +If it is, then you might be interested to have a look to this long +ongoing thread on debian-devel mailing-list where I've seen explained +(by people I trust on this topic) that AGPLv3 is really not well +suited for libraries -- to start with, quite some of its terms are +ambiguous when one tries to apply them to a library: +https://lists.debian.org/debian-devel/2013/07/msg00031.html + +Cheers, +-- + intrigeri + | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc + | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc +Content-Type: text/plain + +Hi isis, + +isis agora lovecruft wrote (07 Jul 2013 04:20:13 GMT) : +> I think this message better describes why AGPL is bad for libraries: +> https://lists.debian.org/debian-devel/2013/07/msg00041.html +> or, at least, I understood that one better than the first. + +TBH, I've pointed you at the beginning of the thread because I was too +lazy to go fetch the best email in there. I'm glad it helps anyway. + +> Do you know if it is okay for me to re-license it as regular GPL? + +I've just re-read a bit to confirm, and my conclusion is that: yeah, +as the sole copyright holder (is this the case?) you can freely +re-licence to whatever you want. + +> Do you have any advice on which of GPLv(2|3)(\+)* that I should use? + +I usually do GPL-3+, but I would not be able to defend it seriously +against v2 or v2+. + +> Thanks for pointing this out so quickly before it caused trouble, by the +> way. :) + +Np. + +Cheers! +-- + intrigeri + | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc + | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc +Content-Type: text/plain + +Hi isis, + +> Is it okay to credit you and/or publicly point to these emails as +> the basis for the rationale for the switch? + +Feel free to credit me if you wish, but I certainly don't feel it's +necessary. + +I feel a bit lazy to read this thread again to check if it's fine to +publish stuff from there, so if you don't mind, I'd rather skip this +part ;) + +Cheers, +-- + intrigeri + | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc + | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc +Content-Type: multipart/mixed; boundary="LwW0XdcUbUexiWVK" +Content-Disposition: inline + + +--LwW0XdcUbUexiWVK +Content-Type: text/plain; charset=utf-8 +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +intrigeri transcribed 2.3K bytes: +> I see on https://pypi.python.org/pypi/gnupg that you released this +> library under AGPLv3. Is this correct? + +Yes, that it correct. + +> If it is, then you might be interested to have a look to this long +> ongoing thread on debian-devel mailing-list where I've seen explained +> (by people I trust on this topic) that AGPLv3 is really not well +> suited for libraries -- to start with, quite some of its terms are +> ambiguous when one tries to apply them to a library: +> https://lists.debian.org/debian-devel/2013/07/msg00031.html + +Okay, thanks! + +/me reads=E2=80=A6 + +I think this message better describes why AGPL is bad for libraries: +https://lists.debian.org/debian-devel/2013/07/msg00041.html +or, at least, I understood that one better than the first. + +I certainly do not want to make problems for Debian, and now that a bunch of +Tor, LEAP, CryptoParty, and Freebox projects, and perhaps soon Pip too, will +be depending on this, I *really* don't want to make anyone else's license h= +ell +worse. + +Attached is an email from leap@lists.riseup.net where we had fisticuffs over +licensing opinions, wherein I explained my preference for AGPL for +everything. Essentially, I do not want people/corporations/etc. to use my w= +ork +in a closed source application and then potentially make changes to patch +found vulnerabilities without contributing those patches back to the main +codebase. + +Though, you're correct, this doesn't make sense for a library, as a +closed-source web-service frontend to this Python module likely isn't going= + to +get anyone exploited except the person running the service. So it doesn't m= +ake +as much sense. + +Do you know if it is okay for me to re-license it as regular GPL? + +Do you have any advice on which of GPLv(2|3)(\+)* that I should use? + +Thanks for pointing this out so quickly before it caused trouble, by the +way. :) + +--=20 + =E2=99=A5=E2=92=B6 isis agora lovecruft +_________________________________________________________ +GPG: 4096R/A3ADB67A2CDB8B35 +Current Keys: https://blog.patternsinthevoid.net/isis.txt + +--LwW0XdcUbUexiWVK +Content-Type: text/plain; charset=utf-8 +Content-Disposition: attachment; filename=to-intrigeri +Content-Transfer-Encoding: quoted-printable + +=46rom leap-owner@lists.riseup.net Tue May 28 04:14:29 2013 +Date: Tue, 28 May 2013 04:13:56 +0000 +=46rom: isis agora lovecruft <isis@patternsinthevoid.net> +To: micah <micah@riseup.net> +Cc: Tomas Touceda <chiiph@riseup.net>, leap@lists.riseup.net +Message-ID: <20130528041356.GL14793@patternsinthevoid.net> +Reply-To: isis@patternsinthevoid.net +References: <51914DF8.2020507@riseup.net> + <51A38709.5050408@riseup.net> + <87a9ng74wn.fsf@muck.riseup.net> +MIME-Version: 1.0 +Content-Type: text/plain; charset=3Dutf-8; x-action=3Dpgp-signed +Content-Transfer-Encoding: 8bit +In-Reply-To: <87a9ng74wn.fsf@muck.riseup.net> +X-GPG-Public-Key-URL: https://blog.patternsinthevoid.net/isis.txt +X-Louis-Lingg: In this hope do I say to you I despise you. I despise your + order, your laws, your force-propped authority. Hang me for it! +X-Virus-Scanned: clamav-milter 0.97.8 at willet +X-Virus-Status: Clean +Subject: Re: [leap] license +X-Loop: leap@lists.riseup.net +X-Sequence: 404 +Errors-to: leap-owner@lists.riseup.net +Precedence: list +Precedence: bulk +X-no-archive: yes +List-Id: <leap.lists.riseup.net> +List-Help: <mailto:sympa@lists.riseup.net?subject=3Dhelp> +List-Subscribe: <mailto:sympa@lists.riseup.net?subject=3Dsubscribe%20leap> +List-Unsubscribe: <mailto:sympa@lists.riseup.net?subject=3Dunsubscribe%20le= +ap> +List-Post: <mailto:leap@lists.riseup.net> +List-Owner: <mailto:leap-request@lists.riseup.net> +List-Archive: <https://lists.riseup.net/www/arc/leap> + +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +micah transcribed 1.3K bytes: +> Tomas Touceda <chiiph@riseup.net> writes: +>=20 +> > On 05/13/2013 05:32 PM, elijah wrote: +> >> if you have any wisdom or opinions regarding the ever joyful and +> >> uncontroversial topic of free software licenses, then please deposit +> >> said wisdom or opinions in this wiki: +> >>=20 +> >> https://we.riseup.net/leap/license +> >>=20 +> >> in a nutshell, we need to decide on a license for the client. +> >>=20 +> > +> > Does anybody have license knowledge a priori? Or should I get started +> > reading licenses? +>=20 +> I'm supposed to have a more than zero knowledge of what constitutes free +> licenses due to my debian training, and debian is world-renknowned for +> having a particularly nasty debian-legal mailing list where licenses are +> chewed up and spit out... but I personally hate the topic and tend to +> avoid it as much as possible. +>=20 +> So basically my opinons are:=20 +>=20 +> 1. no license that is incompatible with the DFSG[0] (debian free +> software guidelines) - it seems like we are probably in agreement about +> this? +>=20 + +ACK + +> 2. BSD multi-claused licenses and MIT are confusing and annoying, so I +> tend to think they should be avoided due to this +>=20 + +ACK + +> 3. openssl derived works require granting an exception with GPL licenses +> (an exception is trivial), so I prefer gnutls code where possible +>=20 + +ACK + +> 4. it seems weird to make things AGPL that aren't webapps +>=20 + +I started release everything I could AGPLv3 three years ago, after a +conversation with some other activist free-software devs: + + Me: "I want a license which says 'If you are part of any governing body= + or + corporation which contracts to any private or public military entity, t= +hen + you should go fuck youself. And no, you cannot use my software -- I will + sue your pants off.'" + + Them: "Isis, that is silly, and even na=C3=AFve. Universities are libra= +ries are + often 'part of governing bodies', you don't want to exclude them, do yo= +u? + And also, you're like not going to see the blobs your code is included + in...it will get privately installed on custom military and law + enforcement hardware, and when they're done with it it'll go and rot + outside on a base or in a police confiscation parking lot somewhere." + + Me: "Hum. I hate talking about licenses anyway." + + Them: "Yeah, it sucks. But it's important for us to take this seriously, + because the tools we're working on have the potential for helping us + better organise at protests, as well as better help the cops kettle us + into paddy wagons." [one of the tools was a crisis mapping thing] + + Different one of them: "Perhaps you both should read AGPL, and see if t= +hat + helps. I don't think using law against them is going to work, because we + can't assume they will play by the rules, but if we're arguing licenses + anyway..." + +AGPL also seems useful when it seems possible that shady closed-source +startups are going to add a fancier UI or other feature to your code, and t= +hen +market it. This is especially worrying, not because they are "stealing user= +s", +but because it's never clear if vulns discovered in your own code have been +fixed in theirs and vice versa. Or, it could get used in way that is +dangerous, or that it wasn't meant for. (For example, there is currently a +concern that a certain shell company is going to use OONI's code on these +little android-system-on-a-USB dongly thingies...and there are certain dang= +ers +with Tor on Android that these people either don't understand or have no +intention of warning users about.) + +Anyway. There is my argument for AGPL. + +Though I also hate these discussions, don't care about laws, think reformism +is bunk, WTFPL is the only sane LICENSE, and all that jazz, so I'm going to= + go +stand over there ----------------------------------------------------------= +-> +and watch everybody else duke it out. :) + +<(A)3 +isis agora lovecruft + +- --=20 +GPG: 4096R/A3ADB67A2CDB8B35 +Current Keys: https://blog.patternsinthevoid.net/isis.txt +-----BEGIN PGP SIGNATURE----- + +iQJuBAEBCgBYBQJRpC8DBYMB4TOASxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRo +ZXZvaWQubmV0MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIz +NQAKCRCjrbZ6LNuLNVkVD/9NVDCeFvMbAeGSCbXt/gMlyZ/OJfQcS2WwuegaRR8B +BtfujOIKEA/D9zywCTJYpk9gVQo1TqG7EiTdG25FU9cVnlf4/E0Dp/6vKS4q4T9j +Bba+lxMjoZ0ivC+nVIf2pQS1YK0PtiGZDLj4cVh5UuYcSZA0kxCh4KamqrEq/WdE +iYyd1WWvNFDYaWhsB5+DlqRi7PNs7IF7mxegGOpkqVR31NrFu9WxThFpiFKmT7m+ +cEHzdGmVfa8iz2yTDrh8D01rw54GHIam8OdLp/SuyBsaaSD6UZsYXEc8L6ePR8Xa +QkO/n9PZAo2vm5Ph+ASIOKwRX5DdiiTawJ7sBb9/e0QIwsiQ0Q9nrB7Qbbv053ko +S7Bqu37hZiCjO2aPDCAF2r4UMGJw1Qy/FJme3TYEav1qL61sOYKCVwhfF2/IWzA+ +kO8+4Ei4AKcoLkc6cQUDrQBgwRqEd9qzDSL5/JLJOW7Gkc5rBAADVJcPbFKuMpPr +evqdtjFXdej3KsrqdvnNRA6Q8t1XDv2CUxoK8/YK3CzPa8GbqjwS5J1pIDgA2tl9 +RRYoPgfgXcYf3sQJSJUoPGUOQAqduu0WeLJFHi/kXRqzQf4nGFCUg/mi6lsGswcF +pBguGmO8deoRi59ddhek2Pgpi9hUE2cjasAgZb1B54XmjYYkDqe+owfvWDOKXOZa +AQ=3D=3D +=3DUxwA +-----END PGP SIGNATURE----- + +--LwW0XdcUbUexiWVK-- +Content-Type: text/plain; charset=utf-8 +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +intrigeri transcribed 2.6K bytes: +> isis agora lovecruft wrote (07 Jul 2013 04:20:13 GMT) : +> > Do you know if it is okay for me to re-license it as regular GPL? +>=20 +> I've just re-read a bit to confirm, and my conclusion is that: yeah, +> as the sole copyright holder (is this the case?) you can freely +> re-licence to whatever you want. + +Hey intrigeri, + +I've decided to relicence with your recommendation of GPL3+. Is it okay to +credit you and/or publicly point to these emails as the basis for the +rationale for the switch? + +--=20 + =E2=99=A5=E2=92=B6 isis agora lovecruft +_________________________________________________________ +GPG: 4096R/A3ADB67A2CDB8B35 +Current Keys: https://blog.patternsinthevoid.net/isis.txt +Content-Type: text/plain; charset=utf-8 +Content-Disposition: inline +Content-Transfer-Encoding: quoted-printable + +intrigeri transcribed 2.6K bytes: +> isis agora lovecruft wrote (07 Jul 2013 04:20:13 GMT) : +> > Do you know if it is okay for me to re-license it as regular GPL? +>=20 +> I've just re-read a bit to confirm, and my conclusion is that: yeah, +> as the sole copyright holder (is this the case?) you can freely +> re-licence to whatever you want. + +Hey intrigeri, + +I've decided to relicence with your recommendation of GPL3+. Is it okay to +credit you and/or publicly point to these emails as the basis for the +rationale for the switch? + +--=20 + =E2=99=A5=E2=92=B6 isis agora lovecruft +_________________________________________________________ +GPG: 4096R/A3ADB67A2CDB8B35 +Current Keys: https://blog.patternsinthevoid.net/isis.txt |