[RESOLVED, though may switch to another similar license again in the future] Consider xGPL-compatible license

[ignoramous]

Hi,

It is typical for blocklists to be embed with content blockers. For these lists, the content blocker that uses it would have to be relicensed under Common Public Attribution License making distributions of the content blocker itself incompatible with the xGPL-family of licenses. As someone who builds a FOSS content blocker, I thought I should let the project know about it.

Any relicensing is likely to require a consent from folks who have committed to this repository.

IANAL.

[bongochong]

I'll look into this. For my purposes, the clauses regarding attribution are already met simply by the resultant block lists being utilized at all, though I'll eventually take some time when I have it, to ensure consistency, and fulfillment of intended purpose (which is to use a FOSS-compatible license in all of my work that discourages monetization by entities without consent).

Edit: I should note that enforcement of the license is up to the original author, and I have no intent of nitpicking with any entity that modifies, or re-uses anything I release in full or in part, so long as it is not used for the purpose of increasing profits from a non-FOSS or non-OSS project. I chose the CPAL as a drop-in because I was not able to find another license which I could - in theory - use to ensure that open source projects can re-use, modify, and redistribute something I've made without repercussion, but that offers enough flexibility for me to use my own discretion in enforcing stricter compliance with entities that might be bad actors, with histories of not contributing back to projects they utilize, and things of that nature.

[ignoramous]

Thanks. Makes sense.

CPAL is incompatible with the xGPLs, which means any project that xGPLs their code (AdAway, Nebulo, for example; and pi-hole which uses the EU Public License) cannot legally use these lists.

...ensure that open source projects can re-use, modify, and redistribute something I've made without repercussion, but that offers enough flexibility for me to use my own discretion in enforcing stricter compliance with entities that might be bad actors, with histories of not contributing back to projects they utilize, and things of that nature.

This conundrum is the bane of the FOSS ecosystem. There's no good compromise, except perhaps AGPLv3. Strong copy-lefts like the Server Side Public License, and restrictive licenses like the Commons Clause, the Polyform Licenses, the Business Source License are not FOSS licenses, but do attempt to tackle issues you point out.

The consensus is that FOSS licenses must be permissive and not restrictive, though it is debatable whether that stance remains feasible in today's tech landscape.

Note that, license matters even if you chose to selectively enforce it, because anyone else (who contributes to this repository) can always enforce it, as they are also now the licensee just like you, the original author of the work.

[bongochong]

I have often thought that a conditional dual license might serve my needs better, but that's also controversial for a lot of people. When the Commons Clause started gaining some attention, I was actually considering that in particular, and it might simplify things. A lot to think about.

P.S. Licensing is a very challenging issue for hobbyists and enthusiasts such as myself. IMHO, open source development models and licenses have been a net positive for humanity, but as someone who has worked in corporate environments in various support and infrastructure capacities, I have seen first hand how large open source projects can be exploited for profit by entities who give nothing back to the ecosystem, which is very disappointing. My decision to use a more restrictive license was meant as a small gesture of protest against such exploitative practices. It's not lost on me that using GitHub itself, now a property of Microsoft, raises ethical issues and complications as well, so I have often considered moving to a different platform or self-hosting too.

P.P.S. I'll probably either make use of the Commons Clause, or switch to AGPLv3. I don't want to make any hasty decisions, so it might take a little bit of time. You have brought up some very interesting concerns.

[bongochong]

For now, I have added an exceptions clause to the CPAL for this repository, allowing for separate licensing of finished/compiled block lists (under the extremely permissive WTFPL). This gives me some room to either place all finished block lists under a less restrictive OSS or FOSS license, or transition to a completely different license for the entire repository.

[ignoramous]

I have often thought that a conditional dual license might serve my needs better

This may work (you could dual license it to certain projects explicitly; but know that, the projects receiving your work under that license have all the freedom that particular license affords, which includes distributing your work under the same license to anyone they please). Whatever you do, please do not roll out your own like DandelionSprout/adfilt did.

Interestingly, badmojr has left the license unspecified, as has nextdns. I've reached out to badmojr since I do use their lists in my content blocker project... In fact, I stumbled upon these lists from AdAway and wanted to see if I could use them too, but then the license caught my eye, and we are here discussing this (and for once, I am out of my depth).

When the Commons Clause started gaining some attention, I was actually considering that in particular, and it might simplify things. A lot to think about... P.P.S. I'll probably either make use of the Commons Clause, or switch to AGPLv3. I don't want to make any hasty decisions, so it might take a little bit of time. You have brought up some very interesting concerns.

I am not a fan of restrictive licenses in general because my understanding of FOSS is different than what source-available licenses seek to enforce. Btw, Commons Clause and BSL aren't compatible with the xGPLs. I merely mentioned them to only point out that there exist non-FOSS licenses that address the bad actors concerns you had.

I have added an exceptions clause to the CPAL for this repository, allowing for separate licensing of finished/compiled block lists (under the extremely permissive WTFPL)

You may want to consider CC-0. WTFPL doesn't absolve the authors of the work of liability and warranty. As an extreme example, consider someone's heart-rate monitor stopped working leading to complications because they used blocklists to block "ads" but it also blocked "a tracker" that the heart-rate companion application needed to connect to in order to function...

Besides, if you're bundling in other lists... then there's another matter of the final (dual / single) license being compatible with those as well. For example, One can use CC-0 in xGPL/MIT/Apache/BSDx/MPL/EPL codebases, but not the other way around.

You have brought up some very interesting concerns.

I try, but often folks label it fud or question my motives, so that's there too. (:

(ianal).

[bongochong]

The CC-0 does look good. I might switch to that for the lists in a future update. It would be much nicer to have a single license that works for everything in the repository though, so I now have a bunch of reading to do.

P.S. You're absolutely welcome to incorporate any of my lists into any open source projects you're working on. It slipped my mind for quite some time that the CPAL is unnecessarily restrictive when it comes to the finished lists, and I am hoping to eventually settle on a license that works for all content in the repository.

[ignoramous]

badmojr sent me this ref: https://github.com/AdroitAdorKhan/EnergizedProtection/issues/46

[bongochong]

All my lists are explicitly WTFPL now by the way, which feels comfortable enough, though I still hope to find a single GPL-friendly license for both the scripts and the lists. There's some good info in there regarding that, so thank you.

[ignoramous]

Hi bongochong,

To close the loop on this:

1. Per this stackoverflow answer: xGPL's virality may not affect "data" generated from (xGPLd) code, like the hostfiles, nor is it triggered when non-xGPL code uses it.
2. GFDL (The GNU Free Documentation License) is what one should use if they desire a xGPL-like license for "data" such as hostfiles.

So, you can safely ignore my concerns (: That's good news all around. That said, uBlockOrigin and Pi-Hole have (?) restricted use of blocklists under certain licenses either (what seems to be) out-of-principle or unfamiliarity or perceived incompatibility.

(of course, ianal).

[bongochong]

Thanks for the update! Neat info to come back to (just returned from a little trip with no internet access). Notes taken, and will read up a little bit more tomorrow.