Change licence to AGPL

[traverseda]

AGPL keeps it open source, but makes a lot more business sense.

It's harder for people to rip us off, and ensures the project remains libre.

Alternative title "Has licensing been discussed anywhere?"

[clone1018]

Eh, Gittip is all about open, AGPL is pretty restrictive. I don't see the pros/cons of switching from Public Domain.

[chadwhitacre]

Alternative title "Has licensing been discussed anywhere?"

179

[seanlinsley]

Gittip's code isn't so hugely complicated that a competent developer couldn't build a clone. Besides fraudulently pretending to be Gittip, how could someone do harm?

[MikeFair]

A label means something when there is integrity to where it's displayed. The US legal system enforces this through trademark and copyright protections that are honored by judges and law enforcement in the US courts.

The AGPL ensures that any site using the code grants its user's the ability to audit the code in use for that site. Public Domain provides no such assurances, and expressly grants permission to take it private and transform it.

By using the AGPL license and withholding usage of the name and/or logo unless certain policies and practices are followed; the integrity of what the symbols represent and the ability of users to audit the code in use are protected in a way that is enforceable by the US courts and law enforcement.

[traverseda]

Well said. Tightening up their trademark policy is the next thing I was going to get on them about.

Do you consider something more open if it ensures that the side has to be open, or if it lets people close it?

[seanlinsley]

By using the AGPL license and withholding usage of the name and/or logo unless certain policies and practices are followed; (...)

Save for impersonating Gittip itself, how would someone be able to use Gittip's brand in a harmful way? And how would a copyright license protect Gittip from trademark disputes?

[MikeFair]

I'd really not explore the fine print details on a public forum. I can give you some scenarios privately though if you really think they'd make a difference for you (how would I contact you?). Personal gain by outsiders isn't the only scenario to consider.

Public Domain means the recipient dictates their own terms of use and you have opted that no one should ever have any authoritative say in the matter (or said conversely; everyone has a total and equally authoritative say).

By reserving the copyright (and keep in mind we human beings made up this entire concept, so it's only valid because we made it up to be valid), the creators get to dictate the terms (within certain boundaries) by which others are allowed to use their work.

So logos might only be available to those who are members of a consortium; and membership requires adherence to certain standards and practices of behavior.

The code (AGPL specifically) would mean that any site providing the service based on the code could be audited at any time to ensure it's actually doing what people are entrusting it to do.

[wilkie]

The code is available here, so an audit of the code running the service is always possible without request. With the AGPL you'd only get a contractual agreement that the code is indeed the same, but that only goes as far as you trust the gittip maintainers anyway. You don't actually gain anything. You lose the allowance of outside parties to use the code in clever ways if they should want to.

Logo usage and name authority are not dictated by copyright, but rather by trademark law. You can't copyright a name. For instance, if somebody spoofs gittip for phishing attacks, you'll go after them for name misuse, fraud, and any provisions under the Anti-Phishing Act of 2004... not copyright infringement.

@MikeFair Are you a lawyer? I'm not. But this discussion can only continue through an expert on copyright law. If such a lawyer can come up with a situation where copyright liability is actually a concern for the code, then maybe it would be worth it to get everybody to sign off on a copyright change (not the easiest thing to do, I've gone through it, oddly enough to switch to a public domain license, which I believe directly inspired gittip's choice)... but, in my opinion, it is only worth that effort with a particularly strong argument.

@seanlinsley: Save for impersonating Gittip itself, how would someone be able to use Gittip's brand in a harmful way? And how would a copyright license protect Gittip from trademark disputes?

This remains unanswered.

[mvdkleijn]

The code is available here, so an audit of the code running the service is always possible without request. With the AGPL you'd only get a contractual agreement that the code is indeed the same, but that only goes as far as you trust the gittip maintainers anyway. You don't actually gain anything. You lose the allowance of outside parties to use the code in clever ways if they should want to.

Sorry, this is not true as far as I understand the AGPL license...

The AGPL is the same as the GPL but specifically for web based software, and it essentially says: "if you use this software (on the web as intended) and make alterations to the code, those alterations should be made available to the public.

Before the AGPL, people licensing their webbased software under the GPL could find that someone had changed the code of the application but since it wasn't "distributed", just "used", the changes were never made public. The AGPL prevents that by effectively considering "use as a web site" (for example) the same as "distribution", effectively forcing the changed code to be made available.

The AGPL does not, contractually or otherwise, guarantee that "the code is the same"... just that the "changed code is made public". Small but distinct difference. People can still use the code in any way they want (even sell if) as long as they comply with the "source should be available" part.

Copyright in this discussion is there mostly to allow people to have a say in licensing changes.

---

All license specific discussions aside, this whole topic is more about what we want people to be able to do (or not). The license is merely a legal way to cover that.

• Do we want the Gittip code to be publicly available to all?
• Do we want to force people to make their changes to the code publicly available?
• Do we want to allow people to close the source? (which for example public domain would allow)
• Do we want to allow people to sell the source?
• Do we want to allow people to use the Gittip logo & name to promote themselves? example: "We're a Gittip approved reseller, give us your money!" after which they run with the money
• Do we want to allow people to pretend to be Gittip?
• etc.

By answering these questions, we'll arrive at the proper choice of license & trademarking automatically.

[wilkie]

The AGPL does not, contractually or otherwise, guarantee that "the code is the same"... just that the "changed code is made public".

It means both of those things. Trivially, in fact. There is no more need to educate anybody about what the AGPL says.

There is already a copyright license in effect. This is not the place to discuss what license to use. That has been decided already at #179. This is a discussion of whether or not there is something to gain from changing to the AGPL or whether or not there is a devastating flaw that could get us all in trouble. Basically, somebody needs to answer @seanlinsley's request above.

[clone1018]

We've already answered this questions though @mvdkleijn . That's why we currently have a public domain license, Gittip and it's contributors are fully aware of what the public domain license, or lack there of implies and legally translates to. Gittip and it's contributors are also aware that by being in the public domain, someone could steal the entire site, rebrand and close source it. And that's okay. We're okay with that.

I think this ticket is a bit wasteful of our time, we've already had a license discussion, and this ticket doesn't show any real benefit of switching to AGPL or considering switching to anything else. For now Gittip is in the public domain and since it fits very nicely with the open company ideal, I wouldn't hold your breath for it to change.

[rummik]

The only change I think is worth making is adding a license that kind of adds a Public Domain equivalent in countries that don't have it (read: WTFPL-like) -- I've been told in the past that there could otherwise be legal issues with contributions from people in those countries

[traverseda]

then maybe it would be worth it to get everybody to sign off on a copyright change

Actually, you wouldn't. The CC0 is permissive enough that I can slap another license on top of it. Relicensing is as easy as creating a new repository with the new licensing.

by being in the public domain, someone could steal the entire site, rebrand and close source it. And that's okay. We're okay with that.

I'm not a lawyer, but with how you have it set up now I don't think they'd need to rebrand it. You have a bunch of trademark related material under the CC0, which implies that you're giving up that trademark. You lose a trademark if you don't take reasonable precautions to protect it.

I think this ticket is a bit wasteful of our time, we've already had a license discussion

From the contributing readme

If you are opening a new issue or submitting a pull request, go for it! Don't be afraid that it's a dumb idea or a duplicate of another issue or an unwanted change or whatever. Maybe it is! We're still glad to have you! :^)

If you're going to take a "wasting time" stance, you might want to change your FAQ to reflect that.

Copyright assignments are always a tricky ideal. What it comes right down to is that someone stealing the entire site and close sourcing it hurts the stated goal of "redeeming the economy so that it's characterized by trust and love".

Tracking complicated arguments is really hard on github. What I'd really love is threaded comments, so you can split these things into trees debating all the individual points in depth, without being too concerned by brevity.

[seanlinsley]

Tangentially related to this discussion: #1668

[chadwhitacre]

If you're going to take a "wasting time" stance, you might want to change your FAQ to reflect that.

Sorry, making this ticket was fine, but I should probably have nipped this in the bud sooner. My fault.

We're not going to change to AGPL. We decided to use CC0 for Gittip. For libraries (Aspen, etc.) we're using MIT.

CC0's applicability outside the U.S. isn't a major concern because Gittip isn't designed to be used as a library or hosted somewhere else. If we get a specific request to relicense the code we'll deal with that when it happens (SQLite handles this case by offering a paid license). The bigger concern is tightening up copyright assignments from contributors to Gittip, LLC, which is what #1668 is about.

I'm not worried about trademarking anything. If someone starts using our logo and then sues us for trademark infringement, we'll change our logo.

[tshepang]

This is quotable:

I'm not worried about trademarking anything. If someone starts using our logo and then sues us for trademark infringement, we'll change our logo.

I like the attitude.

[clone1018]

I don't, it's important to build a brand along with your product.

[seanlinsley]

I'm also concerned that Gittip wouldn't protect its trademark. Isn't that something worth defending?

[chadwhitacre]

Isn't that something worth defending?

No, if "defending" means legal battles. If someone's fucking with us to the extent that they're stealing our trademark and then suing us for it, then we've got deeper relational issues with that person, and if I can at all help it I'll address those issues directly than get sucked into zero sum legal battles. See also https://github.com/gittip/www.gittip.com/issues/1683#issuecomment-30820309.

[traverseda]

Paraphrasing a bit.

"There was a man once named Mohandas Gandhi. He thought the government of Britain shouldn't rule over his country. And he refused to fight. He convinced his whole country not to fight. Instead he told his people to walk up to the British soldiers and let themselves be struck down, without resisting, and when Britain couldn't stand doing that any more, we freed his country. I thought it was a very beautiful thing, when I read about it, I thought it was something higher than all the wars that anyone had ever fought with guns or swords. That they'd really done that, and that it had actually worked. Only then I found out that Gandhi told his people, during World War II, that if the Nazis invaded they should use nonviolent resistance against them, too. But the Nazis would've just shot everyone in sight. And maybe Winston Churchill always felt that there should've been a better way, some clever way to win without having to hurt anyone; but he never found it, and so he had to fight. Winston Churchill was the one who tried to convince the British government not to give Czechoslovakia to Hitler in exchange for a peace treaty, that they should fight right away. Saying violence is evil isn't an answer. It doesn't say when to fight and when not to fight. It's a hard question and Gandhi refused to deal with it, and that's why I lost some of my respect for him."

It's not godwins law when I'm comparing you to gandhi :-P

Why is linux more successful then BSD? Why is microsoft office beating libreoffice, and open source in general?

There's not doubt that open source is more productive. So why aren't we winning across the board?

It's an example of the dove hawk game from evolutionary game theory.

[chadwhitacre]

It's not godwins law when I'm comparing you to gandhi :-P

Hah!

Saying violence is evil isn't an answer. It doesn't say when to fight and when not to fight. It's a hard question and Gandhi refused to deal with it, and that's why I lost some of my respect for him.

Hmmm ...

Good quote, hadn't seen it. Thanks.

Source?

[traverseda]

Harry potter and the methods of rationality. It's a decent story, but basically a long tract by the people behind lesswrong. A lot of people find the protagonist very unlikable.

Lesswrong is a rationality group, and it has some strange beliefs. It's also not good at keeping the kind of things it wants to teach separate from its culture. They have a lot of useful things to teach, but they can be pretty offputting.

[chadwhitacre]

Thanks. I've been around the edges of Lesswrong before. Seems like a thing.

[tshepang]

By around the edges, do you mean you've read an article or two @whit537?

[tshepang]

@traverseda what are you paraphrasing in that Gandhi story?

[traverseda]

@tshepang Chapter 77 of hpmor. I removed the references to muggles, and dumbledores lines. Search for

"There was a Muggle once named Mohandas Gandhi," Harry said to the floor

[mvdkleijn]

I don't, it's important to build a brand along with your product.

:+1: and to protect that brand... in Gittip's case not for Gittip itself but for its users.

If someone sets up an exact Gittip clone (including branding) and somehow manages to steal the domain name (yes, that can happen) or manages to setup an eerily similar domain name, Gittip might not be hurting, but its users would be.