Relicencing the core to LGPLv3 instead of GPLv3.

[irungentoo]

Does everyone agree?

[volb]

Another thing I'd like to mention. There are a lot of projects with permissive where no one cares about the non-free versions of the software. Why would a company have an interest in making a proprietary "botnet" service from something like Tox? I'm not saying it's impossible but there are better alternatives for shady organizations. I suppose they could take a permissively licensed version and try to spread malware.

[ghost]

Tox. Core. Does. Not. Need. To. Go. On. The. App. Store.

The GPL-licensed code doesn't need to go on the App Store. If someone else wants to use broken hardware, they should write some broken software with a broken license to go on the broken App Store of that broken hardware. As long as it's compatible with the GPL'd software, what's the problem?

Use IRC as an example. One of its strengths is that there are IRC clients for pretty much every platform you could want one on. There are hundreds of clients on every major platform. It doesn't matter to the protocol which client you use. There are IRC clients on the App Store, and they're distinct from the clients on desktop. The cores of those clients are different to the cores of clients on desktop.

Why not the same here? If someone wants to write iTox, I say go ahead! And someone else can write a client that they want, and someone else can write the client that they want. It doesn't matter. Nobody cares. Use whatever client you like, as long as it conforms to the open standard.

That's the right direction. If that's not feasible, then the project is DEMONSTRABLY WRONG. If Tox doesn't have an open standard, it's DEMONSTRABLY WRONG. If it can't support a wide variety of clients, it's DEMONSTRABLY WRONG. If the only way to put a Tox client on an iPhone is to use the code in this repo that's GPLv3'd, it's DEMONSTRABLY WRONG.

I don't see why you'd want to give an advantage to evil companies that don't support your freedom by LGPLing or BSDing this. I don't see why you'd want to give a competitive advantage to Apple over Ubuntu Phone, Firefox Phone, and Android.

[bbqsrc]

@mrout this is my preferred position, however, if the project determines that they want to allow an exception to get into FOSS-fearing binary repos, then the path of least resistance is what I suggested.

Open standards for the win.

[Rgqt]

@mrout

Thing is, in order to make Tox work, not just people who care about privacy need to use it, but also their friends who do not care about privacy. Obviously someone who is seriously worried about privacy is not going to use iOS, but to make this take off, it does need to be on the app store. And sure, someone could make iTox but I think leaving that possibility up to chance is not a smart move.

I think MPL 2.0 would be a good canidate, personally: It's still copyleft but compatible with the app store

[martijnarts]

@mrout: what @Rgqt is fairly important here. It's okay if Tox decides to keep the license at GPL, but we have to strongly consider that there need to be mobile Tox apps. As long as our main competitor (Skype, obviously) supports that platform and Tox wants to take over their userbase, Tox has to support that platform. Those include Android and iOS. While Apple may be, as you describe it, an "evil company", promoting software freedom and being all Stallman-activist about it is really not what Tox's goal is. Tox's goal is to provide everyone and their mother and their dog with an incredibly secure, easy to use communications platform. To do that, Tox will at least have to be available on Windows, Mac, Linux, iOS and Android.

If we're going to say that "if someone wants to write iTox, (...) go ahead", we are thereby increasing the chance that 1) there will not be an iTox or 2) the iTox client will suck. Sure, go GPL, but make sure there's going to be an iOS client too: Tox can't afford not to have it.

[hellekin]

Tox. Core. Does. Not. Need. To. Go. On. The. App. Store. +1 @TotempaaltJ so you and other AppStore supporters have a really good incentive to make a good iTox client.

I think @bbqsrc is right: the project developers could prepare a document of their proposed focuses for this project so people can better assess what's best for the project instead of just opining. Maybe the developers would prefer a larger user base to moral firmness. Who knows? I hope they choose the latter.

[volb]

Does it look like Tox can become a protocol?

[hellekin]

According to this table, it indeed looks like a different protocol.

According to that, IOS is also a different OS: iOS is a proprietary operating system whose source code is not available for auditing by third parties. You should entrust neither your communications nor your data to a closed source device. Supporting iOS is therefore contradictory with the objective of making a free replacement for Skype.

People should know about https://en.wikipedia.org/wiki/IPhone#Restrictions and if they still want to purchase iPhones, don't blame it on free software developers for not supporting their toys.

[Rgqt]

@hellekin The people who are interested in Tox at this stage all know what you are saying and agree with it. But as a realist, it's not about supporting a toy I don't give a shit about, it's about not digging our own grave. I just don't think it's a good idea to limit the userbase to people who don't have iphones from the get-go, seeing as how ubiquitous those are.

And in the end, because someone can hypothetically write iTox, or have a trojan, or a backdoor on their windows/mac os computer, yes, it always will be the case that if the platform of the person you are talking to is compromised that your communication with that person will also inevitably be compromised. This doesn't have anything to do with iOS or GPL or anything, that's a general fact for any platform that tox supports. If you cared about this, you wouldn't support windows or mac os either.

In my opinion userbase should be a big focus for this project. Of course I'm not in any position of authority though, so this is all just an opinion. I understand that some people are going to disagree, but it is something to at least be considered by the lead devs

[hellekin]

/me does not support neither Windows nor MacOS. But as far as Tox is concerned, neither MacOS nor Windows require changing the license for it to work on any of them. I'm sure you can appreciate the difference @Rgqt.

Moreover, technically, the license change is not even for gaining iOS support, but to gain access to Apple's proprietary AppStore. Hence, it's a marketing decision. Outside of the USA, where market growth is likely to be larger and longer, I don't see iOS as ubiquitous as you say it is, or will be. Android seems to get the market, and Ubuntu is going to get what Firefox won't. In the post-apocalypse of mass-surveillance, the people who will stick to Apple should accept the consequences of their political choice. The mobile market won't kill Tox for not being ubiquitous, but for not being better than Skype. The wrong of Skype is less technical than it is ethical.

I think I've said it all, and all I can add is a repetition. So, although I enjoy the argument, I will refrain from participating in this issue anymore. I wish the core developers would take position on that issue.

[volb]

I'm going to risk going slightly off-topic here as well as risk sounding like an Apple fanboy here (I'm not, Android user here who has experience with iOS). People outside of the nerd community don't equate privacy with free & open source necessarily. Apple was recently lauded by tech blogs for encrypting iMessages if you all remember.

I also don't think it's right to call an iPhone a toy if you haven't used it extensively. There are people I would consider fairly hardcore geeks who prefer it for various reasons.

To hellekin, I have to say how do you know Ubuntu and Firefox's mobile OSes are going to get popular? That sounds like pure speculation. I mean, I hope they do, but if Ubuntu Edge can't even beat the Pebble Watch's crowdfunding campaign, what does that say about its popularity?

A lot of people also equate privacy with payment, though this can definitely be false. You pay Apple a certain fee for say, email, and they won't search through your stuff (supposedly). You don't pay Google for email, and they search through your stuff (supposedly).

With the number of security exploits found in Android being greater than those found in closed platforms, I think quickly equating free software as being a good indicator of safety and privacy as foolish. Putting valuable data in closed platforms would be more foolish, but that doesn't mean both aren't. In one, the manufacturer can theoretically steal your info, while in the other a cracking expert can. So, automatically labeling iOS users as not caring about privacy feels inaccurate, especially if they are uninformed of the risks.

[74togo]

Please stay GPLv3, hold strong!

https://boards.4chan.org/g/res/35706858

[Todd102030]

Just going to post some of the thoughts I made in the Tox thread on /g/. I'm no expert on licensing, so maybe some of this is incorrect.

LGPL will allow people to make closed source clients for Tox, right? Can't those closed source clients do all sorts of malicious stuff with your data, ruining the point of Tox entirely?

Basically, this means that some corporation could put a shit tonne of funding into their malicious client, making it the most popular one, and then all Tox has done is make a nice gateway of info into the hands of a company who people think they can trust under the promise of security through Tox. Just sounds like a terrible idea.

Yes, Tox could say, "don't use this client, it's malicious", but take Facebook chat for example. How many people using Facebook do you think know they're actually using XMPP? Probably less than a couple percent of them. It doesn't mean shit if Tox itself is saying "don't using this proprietary program" because the end user likely won't even know what Tox is. The backend of the program is irrelevant to people. As far as the users are concerned, they only need to know the client, and whatever client can get the most advertising will likely be the most popular. Some huge company who wants to profit off your info will likely put the most effort into making their client popular.

tl;dr I think it's a bad idea, but I could just be stupid. I welcome your criticism.

[Mechazawa]

shotxxx all it does is restrict commercial use to some extent

[optimumtact]

AGPL has been suggested a lot

[volb]

Just because /g/ has suggestions doesn't mean they hold the copyright to choose. If you guys want to participate in this ticket, read the whole thing.

[hellekin]

@Mega1mpact how that?

@m3hr true, that's pure speculation. But that would be the first time my intuition about technology trends blows (hint to investors: go for Firefox OS). Famous Last Words :)

[Nixxi]

GPLv3 or bust!

[martijnarts]

@hellekin, if I had the time, knowledge and an iPhone, maybe I'd make iTox - I don't though. Freedom and whatnot is great and all, but I really don't think that's up to Tox to promote. Tox is here to create a secure alternative for Skype. We really should get the main developers to give their opinion, because we can sit here and discuss for ages and ages and not agree with each other: @irungentoo, we need you!

(and any other core devs, but I can't recall from the top of my head who they are)

[Rgqt]

@hellekin I can appreciate the difference indeed. I would like to also point out that I am in favor of MPL2 rather than LGPL, because as I understand it (and I am not an expert, so anyone is free to correct me here), the MPL2 means that people can't take the tox core and distribute it with a closed source client, but still would allow entrance into the app store. Incidentally I am german and iphones are still pretty ubiquitous here, not 100% of the market, but more than enough that they matter a lot.

[weedy]

If we want to take mobile seriously Mozilla Public License 2.0 looks like the way to go. Until that point stay GPL

[Rgqt]

@weedy "Until that point, stay GPL" is not really a wise move. As time goes on, the list of contributors will grow. If you change your license, every contributor needs to agree to that, or their code needs to be removed and re-done. This decision has to be made now. Anything else will lead to a clusterfuck of work and reaching people who aren't active anymore/rewriting code.

[fhahn]

I think using GPL for the core library is a bad idea, because to license of the core library should be as permissive as possible in order to increase reuse, integration and adoption by other projects

[nickodell]

irungentoo, I give you permission to re-license my changes however you want.

But I vote LGPL.

[Rgqt]

@nickodell Just curious, why LGPL? Do we really want closed source clients? I agree that LGPL is better than GPL, but I think MPL2 is better yet

[nickodell]

@Rgqt

Do we really want closed source clients?

Would that be so bad? There's already a closed source messaging client which logs chats for the NSA. It's called Skype. If users have a choice between a closed source client and an open source one, they will pick the open source one. If they choose a closed source one, that implies that they have no other choice.

As for why I picked LGPL specifically: There are a huge number of possible licenses. I don't see the differences between LGPL and MPL as very significant.

[Niduroki]

If users have a choice between a closed source client and an open source one, they will pick the open source one.

So everyone is using mumble, SIP and XMPP instead of skype now?

Edit: Or Pidgin/any other free XMPP client instead of Facebook™ Chat or Google™ Talk?

[ollieh]

Why are people even suggesting LGPL? It doesn't allow us to do anything GPL doesn't, it's not app store compatible. I don't understand dual licensing under Apachev2 or similarly permissive licenses, wouldn't anyone who wanted to make a proprietary version be able to using the apachev2 source? It completely undermines the GPL doesn't it, or am I misunderstanding how dual licensing works? To those suggesting MPL, it looks good for the iOS app store, but the windows phone app store is even more restrictive, any license that requires distribution of the code is not allowed. I think the ideas in this thread about having an open protocol and iOS and Windows phone clients having to implement their own core themselves makes the most sense.

[ghost]

So... why can't you just dual license with GPL3 and Apache2? I'm no lawyer, but is there a reason you can't say "This program is licensed under the GPLv3, or, in the case of so-and-so implementation, the Apache 2.0 license," so that this can be guaranteed to stay free, and still be put in stupid proprietary app stores?

I honestly think that's the only way to make everyone happy.

[ghost]

@ollieh, I believe that most people have agreed that the Windows RT marketshare is so insignificant that it's not worth anybody's time at least for now.

On Saturday, August 3, 2013 at 9:46, ollieh wrote:

Why are people even suggesting LGPL? It doesn't allow us to do anything GPL doesn't, it's not app store compatible. I don't understand dual licensing under Apachev2 or similarly permissive licenses, wouldn't anyone who wanted to make a proprietary version be able to using the apachev2 source? It completely undermines the GPL doesn't it, or am I misunderstanding how dual licensing works? To those suggesting MPL, it looks good for the iOS app store, but the windows phone app store is even more restrictive, any license that requires distribution of the code is not allowed. I think the ideas in this thread about having an open protocol and iOS and Windows phone clients having to implement their own core themselves makes the most sense.

— Reply to this email directly or view it on GitHub (https://github.com/irungentoo/ProjectTox-Core/issues/58#issuecomment-22055962).

[Rgqt]

@nfkd I am not a lawyer but i am pretty sure that clause you came up with doesn't make any legal sense

[Zanthas]

@nfkd Has that right idea about dual licensing. Or even going full MPL if that's too much of a legal problem.

Either way, Tox /needs/ to be in as many places as it can be if its going to be a Skype replacement.

[ghost]

Seriously, what's the big deal with moving to solely the Mozila Public license? It protects the name and artwork of the project and permits the Stallmanites to fork it if they want something "more free". Thunderbird for instance has a nonfree fork called Postbox yet it's impact is completely negligible. If Tox becomes a name in the software world we'll be fine.

On Saturday, August 3, 2013 at 18:46, Zanthas Shadekieh wrote:

@nfkd (https://github.com/nfkd) Has that right idea about dual licensing. Or even going full MPL if that's too much of a legal problem. Either way, Tox /needs/ to be in as many places as it can be if its going to be a Skype replacement.

— Reply to this email directly or view it on GitHub (https://github.com/irungentoo/ProjectTox-Core/issues/58#issuecomment-22064208).

[joehillen]

To everyone who thinks the core should be re-licensed under the MPL, just write your own. Write your own iphone app in objective-C and release it under whatever license you want, just don't use the core.

Problem solved!

Asking everyone to relicense code you didn't write is pointless.

[Rgqt]

@joehillen sounds like someone didn't read who this issue was started by

[ghost]

A chunk of the coding team supports switching the license as well you imbecile. Where the hell did you even come from? I've never seen you respond to anything before. Don't voice your opinion on things you don't understand.

On Saturday, August 3, 2013 at 21:53, Joe Hillenbrand wrote:

To everyone who thinks the core should be re-licensed under the MPL, just write your own. Write your own iphone app in objective-C and release it under whatever license you want, just don't use the core. Problem solved! Asking everyone to relicense code you didn't write is pointless.

— Reply to this email directly or view it on GitHub (https://github.com/irungentoo/ProjectTox-Core/issues/58#issuecomment-22065828).

[untitaker]

@TheAustinHowell Congratulations on derailing the discussion completely.

[nickodell]

@joehillen This is an excellent way to create clients that are incompatible with the normal Tox-Core in numerous and frustrating ways.

[joehillen]

@nickodell I disagree. I think the key to success of a protocol is the number of independent implementations of that protocol, like bittorrent for example. A bug in the core could cause instability in the entire network, where that would be unlikely with multiple implementations. It also helps to have several people approach it from different angles to find flaws in the protocol itself. It's not fragmentation if everyone is trying to remain compatible with the existing network.

[ollieh]

@joehillen Really that seems like the best and sanest option. Once we settle on something that has a stable protocol it wouldn't be much effort for someone to implement something in Objective C for iPhone. It saves all the headaches about licensing, and much more.

[ChlorideCull]

If having others make their own cores, we must set a strict protocol which must be followed to be Tox-compliant, else we will in the end have 6 non-free cores with their own clients, all using different standards, codecs and extensions to the protocol (and either telling other clients they should get their client OR just showing garbled data).

[fqlx]

@ChlorideCull It works for IRC. I'm just worried we'll have the same issues websockets had, the protocol specs changing frequently. Tox will just need good documentation. Possibly include its version number in the handshake like socks4/5. That's the best path forward.

[ghost]

@ChlorideCull @joehillen @ollieh

I really do think that the IRC model works best. Everyone knows that competition in markets is a good thing, and nowhere is that more true than in chat clients. Do you think "the IRC client" would have as many features as all existing IRC clients combined if there was only ever one of them?

A Tox protocol standard is probably what we're really after. There's no reason why we can't have a GPLv3'd reference implementation, either. If the protocol is built to allow non-standard extensions and revisions of the standard, then there shouldn't be a problem.

An RFC is probably a good idea. Perhaps we should come up with a new name with a nice long acronym? Even better if it's recursive. (I'm only half kidding.)

[y2bd]

Just a side note because I see contradicting information being said a couple of times: I'm pretty sure that the windows phone marketplace allows for both the Apache 2 license as well as the MPL (http://blogs.windows.com/windows_phone/b/wpdev/archive/2011/03/08/an-update-on-windows-phone-marketplace-new-tips-policies-and-regional-access-program.aspx, check under policies). I have no idea about the win8 marketplace though, but although I doubt it would be much different, as said above, the market share is freakishly small.

Hopefully that makes things slightly easier if dual-licensing is resorted to.

[ChlorideCull]

@mrout @juryben

IRC still had a specified protocol, but it was designed so that it could be extended, which allowed the creation of CTCP as we know it (and other, less publicly known protocols). We have to have some protocol documentation lined up, else all other core implementations will have to interpret the reference core, which can cause small but fatal errors in other implementations.

So yes, an RFC is a good idea.

[rodneyrod]

Has any progress been made in this area? I only say this because the list of contributors has grows significantly since this issue was posted and if the developers want to transition to a different license to the GPLv3 then they will have to act now in case developers are unable to be contacted or refuse to relicense their work.

[volb]

Do we have to get permission from people who only edit the README? That includes myself and some other contributors. I guess the text is under the license too.

[ChlorideCull]

@m3hr Yes, the README.md is also under license.

[ghost]

@rodneyrod It seems at the moment unlike that we'd relicense, but if we did, and all the major contributors agreed, then minor contributions could just be rewritten.

[rodneyrod]

@mrout I would still advise the developers that if they ever wanted to see a license change for components of Tox to allow its distribution in other less GPL friendly markets, then it should happen sooner rather than later when the contributor pool grows to the point where it would infeasible to change the license at all. And then there's the potential problem of a major contributor not giving permission for a license change, and plans put in place in case there isn't consensus. It would also be good to see where the developers stand on this, particularly @irungentoo. They have been particularly quiet about this issue for a while.