Discuss open source license options

[maeutic]

We need to discuss what kind of license we want to use to release the source under. GPL, MIT, Apache, etc.

[Revencher]

1) I want to make sure that all nonprofits have access and the ability to use this software.

2) I want to make sure that we can stop any nefarious activity that this platform could be used for.

I am currently trying to find an intellectual property lawyer that will help us make sure the licensing we use is correct for us. Mac also has done a bit of research into the matter and I would definitely be interested in what Mac and everyone else has to side?

[shonore]

We brought this up in the 6/30 team meeting. Amelia and I know very little about this and need to be research before we can make any decisions. Vinay said GPL is "copyleft". Geoff wants the licensing to prevent bad actors from using the product, but it defeats the purpose of open source license. Geoff is going to reach out to a lawyer regarding this

[maeutic]

Here are a couple of threads on softwareengineering.stackexchange.com that discuss restrictive open source licenses:

https://softwareengineering.stackexchange.com/questions/319308/software-license-which-discriminates-on-ethical-grounds?noredirect=1&lq=1

https://softwareengineering.stackexchange.com/questions/319308/software-license-which-discriminates-on-ethical-grounds?noredirect=1&lq=1

The consensus seems to be that any ethical restriction a) is against the spirit of libre software, b) is likely unenforceable legally, and c) will almost certainly prevent any code released under such a license from being broadly used or integrated into other projects using common open source licenses like GPL.

That said, below are some licenses mentioned/linked in those threads Geoff may want to review. However, unlike many more common open source licenses, none of these has been legally tested as far as I know.

• http://www.crockford.com/javascript/jsmin.c includes:

  The Software shall be used for Good, not Evil.

• The Peaceful Open Source License includes:

  4. This software may not be used to cause deliberate harm to any individual, either directly or indirectly, in any form.

• The Just World License includes:

  4. This software must not be used by any organisation, website, or product that: a) lobbies for, promotes, or derives a majority of income from actions that support or contribute to: pornography, sex trafficking, human trafficking, slavery, indentured servitude, gambling, tobacco, adversely addictive behaviours, nuclear energy, warfare, war crimes, violence (except when required to protect public safety), burning of forests, deforestation, hate speech or discrimination based on age, gender, race, sexuality, religion, nationality. b) lobbies against, or derives a majority of income from actions that discourage or frustrate: peace, universal access to human rights, peaceful assembly and association (including worker associations), a safe environment, or action to curtail the use of fossil fuels or prevent climate change.

The definitions of open source and free software in this thread may also be helpful in understanding the issues, @Revencher: https://softwareengineering.stackexchange.com/questions/21907/open-source-but-not-free-software-or-vice-versa?rq=1

[maeutic]

We also need to consider the licenses of react, etc., to ensure we comply with those terms.

[shonore]

Still discussing this. We are debating if this should be a SaaS where there is a free option and paid option https://nationbuilder.com/ is a resource to reference. This may be an open core project

[shonore]

Here is another reference http://www.collectionspace.org/. Geoff is still trying to reach out to a lawyer. Suggested reaching out to a law student or law school to find a resource to assist with this.

[shonore]

Possible solution is to get standard Open Source license and then having terms of agreement on the website prohibiting abuse of the website

[shonore]

From Jeff and Ameilia's research, the more custom and restrictive the license, the less likely this project can be integrated with other open source projects. Geoff is still concerned with the product being misused. Vinay believes that anything that is non-standard could be a legal liability

[shonore]

Revisited this today and the final decision was that we are going to use a standard open source license. We still need to decide what particular open source license to go with. Stephanie and Vinay do not have a particular preference on what type of open source license to use. We are leaning towards the GPL license, but we need to consult a lawyer before we can start setting this up.

[shonore]

Geoff is going to reached out to some lawyers that Amelia suggested

[maeutic]

Here are a couple of resources to compare open source licenses:

https://choosealicense.com/licenses/

https://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_licenses

[shonore]

We revisited this today and these are the following reasons why we would to get a lawyer: 1.) Do we want to have this completely open source and free? 2.) Do we want a free, open source and commercial option as well? 3.) Do we want third-parties to take the IP and have the ability to make a profit off of it?

@maeutic did you say previously that you had a friend/acquaintance that was a lawyer? If so, could this person be contacted to possibly assist us with consultation regarding the open source license?

[shonore]

If we are not able to get in touch with a lawyer then we will just use the standard GPL license

[shonore]

Amelia said she sent Geoff the name(s) of a few lawyers he could get in connect with to possibly reach out to. Amelia sent the list to our slack channel.

Geoff will reach out to them to see if anyone can assist us.

[maeutic]

@Revencher and @shonore, Geoff has suggested the GNU AGPL 3. I have several concerns about the selection of this license after researching it.

The GNU AGPL 3 is considered among the most restrictive open source licenses, and includes provision 13. Remote Network Interaction which specifically addresses SaaS. The preamble discloses:

The GNU Affero General Public License is a free, copyleft license for software and other kinds of works, specifically designed to ensure cooperation with the community in the case of network server software.

We need to make sure that the licenses for react.js, node.js, and any other languages, frameworks, etc. that we use are compatible with GNU AGPL 3. This license is not among the most commonly used, and may act as a barrier in development and collaboration. For example, Google explicitly prohibits its developers from using any code licensed under this license.

This is also a controversial license, with some passionate arguments both for and against it. E.g., The quietly accelerating adoption of the AGPL and the rebuttal Don't believe the hype, AGPL open source licensing is toxic and unpoplular

Geoff has also said that he wants "to get that license rewritten specifically for this project." The GNU AGPL 3 states, "Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed." I believe this means that we cannot legally modify this license, nor can we modify it and release code under a modified license and call the modified license GNU AGPL 3. Licensing is tricky stuff, and the benefit of using a common open source license is that it's been developed and tested. The GNU AGPL 3 was upheld in court last year. If we change something, we may unwittingly introduce language that would cause the license terms to be not upheld as legally binding if an infringement suit was brought.

[shonore]

Geoffrey is still researching this. No updates on this right now.

[shonore]

Amelia was going to add the text for the license to the project. Here is the link to the template https://www.gnu.org/licenses/agpl-3.0.en.html

Amelia tried to add it to the repo and it is not showing up in GitHub ... We need to try adding it again

[vinaygopinath]

Closing this issue for now - The frontend and backend repositories now use the GNU AGPL v3 license. We may need to reopen this issue later to allow integration into systems with incompatible licenses or to explore dual-licensing for other reasons.