You are reading content from Scuttlebutt
@andrestaltz %OvnLYWbU8tPjztMhNkbCdbGNDcv5TXFdrdI9X4LG6V0=.sha256
Re: %4SexIxPRp
  1. what licenses do you publish with for SSB work?

MIT, LGPL, AGPL, MPL.
MIT for the most part.

  1. why have you chosen what you’ve chosen?

MIT for libraries because that's what most core SSB libraries already chose.

LGPL for ssb-ngi-pointer work, for the reasons arj already explained. It's a bit like MIT, but it basically says "virally spread this license when forking the library, but no need to virally spread when using the library in an app"

AGPL for ssb-room (1.0) because it's server infrastructure and the A in AGPL seemed suitable.

MPL for Manyverse because I wanted something copyleft that makes it difficult for companies to fork, slap some ads on it, and publish and profit. I originally went with GPL-3.0, as @Rabble said, but that's a license that makes it hard to be App Store compliant.

  1. what experiences have you had as a result of license choices?

AGPL-3.0 is really problematic for P2P. @memo is the only one who brought up the issue: basically in P2P we have peers acting as both client and server, so whenever Bob is providing new updates for Alice to replicate, Bob is providing a service over the network, and in that instance Bob needs to disclose the source code and the changes made to the source code. So, as memo said, any time modification and you basically should legally disclose that. I think none of us are complying with that part of AGPL. Curiously, in the Manyverse roadmap we have the feature "View source for remote peers" coming up precisely for this. I'm not excited to build it.

Which brings up the topic: how do we even enforce this stuff when someone breaks the terms of the license? How many of us know exactly how to proceed if someone breaks the license? Which lawyer do we contact? What country do we use for the suing? I literally have no idea how I would go about it. Currently the best recourse we have is public shaming, also known as Twitter shitstorms. I think that was actually the case, that some company forked Patchwork but forgot to disclose the changes to the source code. We didn't sue them, we just tweeted about it. There has to be a better recourse than that. Really, means of enforcing compliance are important, otherwise we're just discussing for nothing.

I'm ambivalent about copyleft. On the one hand, YES, I do not want companies forking our stuff to add closed source modifications and profit. On the other hand, to make FOSS effective, I don't want to lean on the (often USian) legal system that in turn depends on vultures and violence.

Honestly, I think FOSS doesn't give good enough tools to protect us from companies. The compliance enforcement is one reason, but the other reason is that companies could still choose to keep the source code open and still profit. Here's a hypothetical: some dirty company forks Manyverse, puts a bunch of ads in it, adds a few more features (say, Stories), and puts it on the app store. All the while, they keep the source code open, just not "obviously open", it's just somewhere there on their website. And then they dump huge amounts of money into internet marketing to pump up their growth hacking of the user base. I said this in other threads: attention is truly the most valuable resource type on the internet, and marketing is a way they could steal a lot of attention for their fork of Manyverse with ads. This could be sufficient to drown Manyverse out of sufficient attention to compete with the fork. And there you go, an AGPL-compliant fork that extracts profit.

For this and other reasons, I've been fond of public domain licenses, although I haven't yet tried them out fully (I don't know how it works for source code). Ever since @xj9 mentioned it, it's been on my mind. For an abundant resource such as information, public domain seems to me like the most commons-friendly and non-violent anarchist solution there is. It's also cybercommunist and lets go of the "property" in intellectual property.

Back to pragmatic terms, I would highly recommend that SSB libraries use permissive libraries like the classical MIT (used for muxrpc, secret-handshake, and all sorts of critical things) or midly copyleft like LGPL.

Join Scuttlebutt now