From d1955bd267a132c24d9e64dde7a1cdb8bd9fe9c5 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 2 Jul 2014 11:38:15 -0500 Subject: Imported Upstream version 1.2.6 --- docs/change-license-emails.txt | 272 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 272 insertions(+) create mode 100644 docs/change-license-emails.txt (limited to 'docs/change-license-emails.txt') diff --git a/docs/change-license-emails.txt b/docs/change-license-emails.txt new file mode 100644 index 0000000..7086089 --- /dev/null +++ b/docs/change-license-emails.txt @@ -0,0 +1,272 @@ +From: intrigeri +To: Isis! +Subject: AGPL library, really? +Date: Thu, 04 Jul 2013 17:38:46 +0000 + +Hi isis, + +I see on https://pypi.python.org/pypi/gnupg that you released this +library under AGPLv3. Is this correct? + +If it is, then you might be interested to have a look to this long +ongoing thread on debian-devel mailing-list where I've seen explained +(by people I trust on this topic) that AGPLv3 is really not well +suited for libraries -- to start with, quite some of its terms are +ambiguous when one tries to apply them to a library: +https://lists.debian.org/debian-devel/2013/07/msg00031.html + +Cheers, +-- + intrigeri + | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc + | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc + + +From: isis agora lovecruft +To: intrigeri +Subject: Re: AGPL library, really? +Date: Sun, 07 Jul 2013 04:20:13 +0000 + +Hi intrigeri! + +intrigeri transcribed 2.3K bytes: +> I see on https://pypi.python.org/pypi/gnupg that you released this +> library under AGPLv3. Is this correct? + +Yes, that it correct. + +> If it is, then you might be interested to have a look to this long +> ongoing thread on debian-devel mailing-list where I've seen explained +> (by people I trust on this topic) that AGPLv3 is really not well +> suited for libraries -- to start with, quite some of its terms are +> ambiguous when one tries to apply them to a library: +> https://lists.debian.org/debian-devel/2013/07/msg00031.html + +Okay, thanks! + +/me reads… + +I think this message better describes why AGPL is bad for libraries: +https://lists.debian.org/debian-devel/2013/07/msg00041.html or, at least, I +understood that one better than the first. + +I certainly do not want to make problems for Debian, and now that a bunch of +Tor, LEAP, CryptoParty, and Freebox projects, and perhaps soon Pip too, will +be depending on this, I *really* don't want to make anyone else's license hell +worse. + +Attached is an email from leap@lists.riseup.net where we had fisticuffs over +licensing opinions, wherein I explained my preference for AGPL for +everything. Essentially, I do not want people/corporations/etc. to use my work +in a closed source application and then potentially make changes to patch +found vulnerabilities without contributing those patches back to the main +codebase. + +Though, you're correct, this doesn't make sense for a library, as a +closed-source web-service frontend to this Python module likely isn't going to +get anyone exploited except the person running the service. So it doesn't make +as much sense. + +Do you know if it is okay for me to re-license it as regular GPL? + +Do you have any advice on which of GPLv(2|3)(\+)* that I should use? + +Thanks for pointing this out so quickly before it caused trouble, by the +way. :) + +-- + ♥Ⓐisis agora lovecruft +_________________________________________________________ +GPG: 4096R/A3ADB67A2CDB8B35 +Current Keys: https://blog.patternsinthevoid.net/isis.txt + +--Attachment 1-- + Date: Tue, 28 May 2013 04:13:56 +0000 + From: isis agora lovecruft + To: micah + Cc: leap@lists.riseup.net + X-GPG-Public-Key-URL: https://blog.patternsinthevoid.net/isis.txt + X-Louis-Lingg: In this hope do I say to you I despise you. I despise your + order, your laws, your force-propped authority. Hang me for it! + Subject: Re: [leap] license + + micah transcribed 1.3K bytes: + > Tomas Touceda writes: + > + > > On 05/13/2013 05:32 PM, elijah wrote: + > >> if you have any wisdom or opinions regarding the ever joyful and + > >> uncontroversial topic of free software licenses, then please deposit + > >> said wisdom or opinions in this wiki: + > >> + > >> https://we.riseup.net/leap/license + > >> + > >> in a nutshell, we need to decide on a license for the client. + > > + > > Does anybody have license knowledge a priori? Or should I get started + > > reading licenses? + > + > I'm supposed to have a more than zero knowledge of what constitutes free + > licenses due to my debian training, and debian is world-renknowned for + > having a particularly nasty debian-legal mailing list where licenses are + > chewed up and spit out... but I personally hate the topic and tend to + > avoid it as much as possible. + > + > So basically my opinons are: + > + > 1. no license that is incompatible with the DFSG[0] (debian free + > software guidelines) - it seems like we are probably in agreement about + > this? + + ACK + + > 2. BSD multi-claused licenses and MIT are confusing and annoying, so I + > tend to think they should be avoided due to this + > + + ACK + + > 3. openssl derived works require granting an exception with GPL licenses + > (an exception is trivial), so I prefer gnutls code where possible + > + + ACK + + > 4. it seems weird to make things AGPL that aren't webapps + > + + I started release everything I could AGPLv3 three years ago, after a + conversation with some other activist free-software devs: + + Me: "I want a license which says 'If you are part of any governing body or + corporation which contracts to any private or public military entity, then + you should go fuck youself. And no, you cannot use my software -- I will + sue your pants off.'" + + Them: "Isis, that is silly, and even na=C3=AFve. Universities are libraries are + often 'part of governing bodies', you don't want to exclude them, do you? + And also, you're like not going to see the blobs your code is included + in...it will get privately installed on custom military and law + enforcement hardware, and when they're done with it it'll go and rot + outside on a base or in a police confiscation parking lot somewhere." + + Me: "Hum. I hate talking about licenses anyway." + + Them: "Yeah, it sucks. But it's important for us to take this seriously, + because the tools we're working on have the potential for helping us + better organise at protests, as well as better help the cops kettle us + into paddy wagons." [one of the tools was a crisis mapping thing] + + Different one of them: "Perhaps you both should read AGPL, and see if that + helps. I don't think using law against them is going to work, because we + can't assume they will play by the rules, but if we're arguing licenses + anyway..." + + AGPL also seems useful when it seems possible that shady closed-source + startups are going to add a fancier UI or other feature to your code, and then + market it. This is especially worrying, not because they are "stealing users", + but because it's never clear if vulns discovered in your own code have been + fixed in theirs and vice versa. Or, it could get used in way that is + dangerous, or that it wasn't meant for. (For example, there is currently a + concern that a certain shell company is going to use OONI's code on these + little android-system-on-a-USB dongly thingies...and there are certain dangers + with Tor on Android that these people either don't understand or have no + intention of warning users about.) + + Anyway. There is my argument for AGPL. + + Though I also hate these discussions, don't care about laws, think reformism + is bunk, WTFPL is the only sane LICENSE, and all that jazz, so I'm going to go + stand over there -----------------------------------------------------------> + and watch everybody else duke it out. :) + + -- + ♥Ⓐ isis agora lovecruft + _________________________________________________________ + GPG: 4096R/A3ADB67A2CDB8B35 + Current Keys: https://blog.patternsinthevoid.net/isis.txt +--End Attachment 1-- + +From: intrigeri +To: Isis! +Subject: Re: AGPL library, really? +Date: Tue, 09 Jul 2013 18:30:46 +0000 + +Hi isis, + +isis agora lovecruft wrote (07 Jul 2013 04:20:13 GMT) : +> I think this message better describes why AGPL is bad for libraries: +> https://lists.debian.org/debian-devel/2013/07/msg00041.html +> or, at least, I understood that one better than the first. + +TBH, I've pointed you at the beginning of the thread because I was too +lazy to go fetch the best email in there. I'm glad it helps anyway. + +> Do you know if it is okay for me to re-license it as regular GPL? + +I've just re-read a bit to confirm, and my conclusion is that: yeah, +as the sole copyright holder (is this the case?) you can freely +re-licence to whatever you want. + +> Do you have any advice on which of GPLv(2|3)(\+)* that I should use? + +I usually do GPL-3+, but I would not be able to defend it seriously +against v2 or v2+. + +> Thanks for pointing this out so quickly before it caused trouble, by the +> way. :) + +Np. + +Cheers! +-- + intrigeri + | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc + | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc + +From: isis agora lovecruft +To: intrigeri +Subject: Re: AGPL library, really? +Date: Thu, 11 Jul 2013 09:24:12 +0000 + +intrigeri transcribed 2.6K bytes: +> isis agora lovecruft wrote (07 Jul 2013 04:20:13 GMT) : +> > Do you know if it is okay for me to re-license it as regular GPL? +> +> I've just re-read a bit to confirm, and my conclusion is that: yeah, +> as the sole copyright holder (is this the case?) you can freely +> re-licence to whatever you want. + +Hey intrigeri, + +I've decided to re-license with your recommendation of GPL3+. Is it okay to +credit you and/or publicly point to these emails as the basis for the +rationale for the switch? + +-- + ♥Ⓐ isis agora lovecruft +_________________________________________________________ +GPG: 4096R/A3ADB67A2CDB8B35 +Current Keys: https://blog.patternsinthevoid.net/isis.txt + +From: intrigeri +To: Isis! +Subject: Re: AGPL library, really? +Date: Sun, 14 Jul 2013 22:33:35 +0000 + +Hi isis, + +> Is it okay to credit you and/or publicly point to these emails as +> the basis for the rationale for the switch? + +Feel free to credit me if you wish, but I certainly don't feel it's +necessary. + +I feel a bit lazy to read this thread again to check if it's fine to +publish stuff from there, so if you don't mind, I'd rather skip this +part ;) + +Cheers, +-- + intrigeri + | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc + | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- cgit v1.2.3