liberapay / liberapay.com

Source code of the recurrent donations platform Liberapay
https://liberapay.com/
1.67k stars 215 forks source link

No License in the repo #564

Open elioqoshi opened 7 years ago

elioqoshi commented 7 years ago

There is currently no license in the repo, which technically can be misunderstood. Maybe you can add one saying that it's a Public Domain dedication / CC0 ?

revi commented 7 years ago

See #537 :p

elioqoshi commented 7 years ago

Well, that's wrong then. It's no personal preference, it's how you deal with licensing. If there is not a License file in the repo, it's not really valid, even if it is in the ReadMe

jorgesumle commented 7 years ago

License

CC0 Public Domain Dedication

That is not technically true if we have code in our repo that is not under the CC0 license. So at least we should further clarify and list the code in our repo that is under other licenses.

jorgesumle commented 6 years ago

@Changaco, we can make it better. Placing a license in the root of the Git repository is the standard way of licensing software. If someone gets a copy of the source code and reads the README, they only can see a link to CC0 Public Domain Dedication. What if they don't have Internet access? What if the Creative Commons website is censored, crashes or off-line? We can also mention the license information in the legal page, as there isn't any mention about the license or copyright of Liberapay in the whole website.

moba commented 6 years ago

How it's currently written it is also ambiguous, and could be read to mean only the README file is CC0 licensed.

Was the Gratipay code CC0 licensed? It is unusual to use Creative Commons licensing for code. It is actively discouraged by the folks at Creative Commons itself. A thread on Stackexchange goes into more detail.

  1. As a first step, I suggest a slight rewording to get rid of the ambiguity, like "All content of this repository is CC0 licensed, unless stated differently in the file or other accompanying documents."

  2. I strongly +1 the recommendation to add a LICENSE file that includes the full copy of the license.

  3. And then, I would even open the can of worms and discuss relicensing (or dual licensing) under a "proper" software license. After all, Liberapay is all about Free Software, and it leaves a bad taste.

Changaco commented 6 years ago

It is actively discouraged by the folks at Creative Commons itself.

If you'd read the FAQ you linked to carefully you'd have noticed this paragraph:

Also, the CC0 Public Domain Dedication is GPL-compatible and acceptable for software. For details, see the relevant CC0 FAQ entry.

revi commented 6 years ago

That CC0 FAQ has...

You should have received a copy of the CC0 Public Domain Dedication along with this software. (Snip)

It is also recommended that you include a file called COPYING (or COPYING.txt) containing the CC0 legalcode as plain text.

This means it’s usually preferred to have license in repo.

Changaco commented 6 years ago

If you listen to the some lawyers it's preferred to put a license notice in every file! Needless to say I stopped doing that many years ago, it's annoying and only wastes space.

elioqoshi commented 6 years ago

This approach is not very productive and getting feedback from the community and doing whatever you want anyway is also not very healthy. The way copyright works is that if it isn't stated, all copyright belongs to the author. I might see that your anarchistic views might interfere with the law here, but unless the law doesn't change, this is the situation. So there are a few options here.

Some contributors or companies might not feel comfortable touching the code considering it's not specified anywhere what license it has (or lack of license) and you could theoretically sue them because of that. Unless someone trusts you completely and are not in YOLO mode, they will refrain from touching the codebase. This will ensure that Liberapay will never become big and influencing outside the hardcore Free Software community.

If you listen to the lawyers it's preferred to put a license notice in every file!

There is a reason you write code, I do design and lawyers do law. If you want Liberapay to be successful let go and let other people do the job they know well. Unless you studied licenses and copyright I believe you should hang on a second and listen. Complying with licensing is not optional really and if you want to be taken seriously as a project, you should apply proper Free Software licensing as Mo suggested. At the least, I find it hard to believe that all code dependencies can be relicensed under CC0

Let's not go in circles here please or this might end up in someone forking Liberapay (again) and adjusting licensing.

elioqoshi commented 6 years ago

Regarding Gratipay: It has been actually relicensed from CC0 to MIT: https://github.com/gratipay/gratipay.com/commit/ad04480aa9cbfe98d42cd15edaefa401c50dc6cd

So supposed that Liberapay is using Gratipay code, this poses quite a few problems.

bearbin commented 6 years ago

This approach is not very productive and getting feedback from the community and doing whatever you want anyway is also not very healthy.

Your approach is also not very productive - although software licensing is important, in this case there is nothing actually wrong and you simply want the maintainers of this project to do everything your own way. Writing code, or even forking it and adjusting the licensing to work how you want it to (which is your freedom as Liberapay is in the public domain) would be a better use of everyone's time.

Some contributors or companies might not feel comfortable touching the code considering it's not specified anywhere what license it has (or lack of license) and you could theoretically sue them because of that. Unless someone trusts you completely and are not in YOLO mode, they will refrain from touching the codebase. This will ensure that Liberapay will never become big and influencing outside the hardcore Free Software community.

It is stated very clearly in the README file that the software is released into the public domain (in case it has escaped your attention, the README file is in the repository - there is nothing written in copyright law that says all copyright information must be reproduced in a LICENSE file).

There is a reason you write code, I do design and lawyers do law. If you want Liberapay to be successful let go and let other people do the job they know well. Unless you studied licenses and copyright I believe you should hang on a second and listen.

Although in some circumstances it may be neccessary or advantageous to include copyright information with each file (for example if it is specified in the license you use), this is not the case in general, and in particular with public domain code as there is no copyright and so no conditions to be passed on.

At the least, I find it hard to believe that all code dependencies can be relicensed under CC0

If there are any dependencies included in the repository, their licenses should be separately specified.

bearbin commented 6 years ago

Regarding Gratipay: It has been actually relicensed from CC0 to MIT: gratipay/gratipay.com@ad04480

So supposed that Liberapay is using Gratipay code, this poses quite a few problems.

This poses no problems - once code has been put into the public domain it cannot be taken back. In any case, this license change would only apply to modifications made after the date of the change.

elioqoshi commented 6 years ago

you simply want the maintainers of this project to do everything your own way.

No, this is not about tastes and not really a matter of opinions rather licensing practices which are not subjective. To want something to go "my way" is to push for GPLv3 while someone else wants CC0. That's their decision. This decision might not be license adhering though as voiced by others apart me as well.

It is stated very clearly in the README file

Sure. That's not the problem though. The problem here is that many people advocate for something and are brushed off. But hey, might be benevolent maintainership, right?

with public domain code as there is no copyright and so no conditions to be passed on.

Again, if the code here uses code of Gratipay pre MIT licensing and also is not dependent on any other dependencies under another license, that's totally fine technically. But that question hasn't been answered yet.

once code has been put into the public domain it cannot be taken back. exactly. I don't know if the code here is post or pre MIT license. Former is a problem.

bearbin commented 6 years ago

Regarding your concern about the Gratipay relicensing, Liberapay forked from Gratipay in 2015, and very few commits have been cherry-picked since then. As evidence, take this list https://github.com/liberapay/liberapay.com/commits/master?author=chadwhitacre which shows that no commits by the maintainer of Gratipay have been merged since 2016.

elioqoshi commented 6 years ago

Okay, thanks for the clarification.

I am still curious on how consensus is made in the project or if this is solely a decision by the maintainer. So contributors won't get their hopes up that they might contribute in the direction of the project if it's the latter. Assuming that doesn't seem far-fetched considering Liberapay is a source of income for many projects who rely on it.

jorgesumle commented 6 years ago

I am still curious on how consensus is made in the project or if this is solely a decision by the maintainer.

See https://github.com/liberapay/liberapay.org

techtonik commented 5 years ago

The right to produce public domain works needs to be defended. Otherwise we will end up with the situation that Linux foundation doesn't accept the existence of the right to opt-out from the copyright regulation altogether when sharing your code.

https://wiki.spdx.org/view/Legal_Team/Decisions/Dealing_with_Public_Domain_within_SPDX_Files

As a result of this ignorance snap packages in public domains look the same as snaps with proprietary licenses. Right now snap lists for them as unset licenses, but I expect other tools will be be eager to mark everything without a license as proprietary.

I was a proponent of Unlicense and CC-0 because there was no other way to get rid of copyright. And by using "LICENSE" file I automatically accept to play by copyright rules. Getting into the copyright law and cancelling it from within is inefficient, complicated and expensive practice, which needs a lot of lawyers to escape.

Maybe the word Libera in the name of this project connected the dots for me. We should aim for dedicated status of copyright denial for public domain, to make sure GitHub and software repositories respect that. There is kind of will shared by people that is universal and does not depend on country borders.

techtonik commented 5 years ago

Wrote a personal blog post about protecting public domain works. It seems long, emotional and lacking the structure, but I hope it passes the message. This is the best I can do. (

https://techtonik.rainforce.org/2019/03/please-protect-right-to-create-public.html

hopeseekr commented 5 years ago

See? This issue and how the maintainers respond to it is exactly why i do not wish to contribute code to this project.

Don't you realize that this project isn't really correctly licensed? and even if it were, that CC0 leaves the door wide-the-fork open for terrible entities to do terribly evil stuff with your code? with zero recourse?

I guess I may have been that... naive and crazy in my early twenties, but in my mid-thirties, I just can't get over the social irresponsibility of it.

Changaco commented 5 years ago

By putting this in the public domain, all authors + owners, including myself, would have zero legal recourse against any bad actors.

Copyright isn't the only legal tool in the world.

The OSI rejected the CC0 in 2012

More accurately, the OSI failed to reach a consensus regarding the CC0.

because of its patents clause could allow corporations to actually patent software released under the CC0, something that other public domain licenses (such as the Unlicense) proactively defend against

The Unlicense doesn't mention patents at all.

There would be zero legal attack possible against Terribly Bad Actors: Read malware enthusiasts, scammers, etc.

Copyright is neither needed nor designed to defend against people who are breaking other laws.

Don't you realize that this project isn't really correctly licensed?

I'll say this one last time: having a license file in the repository is merely a widely adopted convention, it has no special legal significance that I'm aware of. Some people believe that having a license file is sufficient, others believe that you should also put a license header in every file, I think all that is both insufficient and unnecessary. If a project's copyright and license really matters then the only way to protect it is to require that every contributor signs a Contributor License Agreement instead of relying on tacit agreements.

comradekingu commented 4 years ago

@Changaco When you seemingly uphold other legal tools as recourse against bad actors, what do you mean? Otherwise, to the same point, what are you answering?

Copyright is the only legally protective framework for works of intellectual endeavor in the functional part of the world.

However uncontroversial that might be, is it not so that every single one of the contributors to the Liberapay codebase is by default protected by copyright in doing anything of the sort by virtue of belonging to it as citizens of each respective and shared framework of copyright.

Calling CC0 or Liberapay "Public domain" is, as such, misguided. It is a copyright license, it is therefore under copyright. That is what "to the fullest extent possible under law" means. It will no doubt have taken contributions from individuals who can't waiver these rights away from themselves. Functional public domain software is the predicament excluding people for circumstances arbitrary to collaborating.

If the CC0 was adopted on the fork that is Liberapay after the fact, then the decision of what to license it befalls all contributors before doing so, from time of forking till time of licensing. Using their work effectively without permission is very traditionally illegal and legally enforceable for them in claiming compensation.

Public domain is a protection short of the protections to the author granted by copyright, in being libre software, those can effectively be extended beyond that of public domain, or in ensuring its continuation, making it copyleft libre software.

What is the argument for license here? That it is merely "acceptable" is justification asking for a rationale.

If you don't like some licenses, appreciate CC0 also "to the extent of law", is compatible with, for case of argument, the very worst one. CC0 avoids nothing. The conundrum of that will teach them-thinking stipulates picking the "cleanest" is also that of the widest possible field of potentially ill devised or "unclean" choices leading from it. So much for "staying away" from x.

CC0 also prevents inclusion of a lot of code from other licenses.

I would argue public domain (as it by its nature is made with older works in mind) protects those works more easily adapted, and not ephemeral at that. Control of software and the development of it is ultimately all it is worth in many cases. Liberapay being one of those examples. If the Gratipay codebase is up to par, it will find difficulty in catching up to Liberapay as a service, with its many followers doing that service onto each-other. A bad actor taking the fight in another arena to other realms is not a "code" issue, in the same way someone else running (away with) your libre software code and making it closed/proprietary isn't to do with "your code" insofar as you could just stop considering it to be. Pragmatically, I know nobody complains when that doesn't happen… And here we are doing a de-capo on that whole fruitless debate.

On the topic of pragmatism and things not being ideally aligned in this world. Software patents exist in vindjurisdictions (US) that Liberapay operates in. Is it not a good idea to be protected against their, (as I am sure you will agree) ill-doing, for the reasons they are bad? That there is a software patent portfolio protecting libre software may not be in the license, but the difference amounts to an insular view that amounts to distortion. Licenses don't see beyond what is in them. Some are partial to this view.

As for the practice of having the license file in the repo, that is ultimately convenient, at best. Where else would anything or anyone expect to find it? Using the readme for licensing does what exactly? Make it more difficult to keep track of licensing, and make the readme less versatile are drawbacks AFAIK.

IANAL, and legally speaking common practice is important; why not just comply with what is community preference even within Liberapay? Safeguarding with more than necessary red tape sets negative precedence wrt. common practice, sure. Further, CLAs are for example void when signed within the legal territory I reside in. There is no case to make as I am also a citizen of it. Bogus safeguards do not extend any bonus safeguards to this illogical extreme of your argument against due diligence.

If contributing to the project employing it necessitates agreeing with its stated license is tacid, then the approach and argument of revolting (against) or skirting the issue in not posting it, (in what is a forked project in the larger and made possible ecosystem of libre software) is puny.

To the heart of the matter, why proliferate the amount of licenses users and contributors have to understand and take into consideration, if there is no stated benefit? Having all the "year" and "author" info in each file is a recommendation of the FSF, in the time of RMS, for CC0. As no authority on the matter, I don't pertain to know the full extent of what that does, nor am I convinced by this not even being addressed.

To me CC0 is a chicken-and-egg question employing a hammer and sore foot, when there is no need to deal with either.

Edit: As Liberapay is (libre) network software, the network protections for something like the AGPLv3+ seems suitable to me. That analogy runs deep.

@techtonik CC0 has no approachable network effect on the right to produce public domain works. That is another debate, for which I perhaps share your penchant that this should be granted to works earlier. To deal with your supposed causal effect in employing CC0, (in any respect). Neither of us actually has the right to produce works that don't enter the public domain I take it…

Snap packages in "public domains" is no different, and it seems your confusion is extended and may misdirect others in thinking publishing one way or the other is in isolated fashion the thing to tackle, (additional details on this in the above answer). Unlicense doesn't get rid of copyright either btw. It is precisely the kind of thing that leaves open the doors of potential legal troublesome things, for the reason functional libre software is a protection against that power. Ethics exercised to the extent and aim of their parole alone is an exercise in futility.

I wish you all the best in bringing this theoretical argument of disdain for copyright, (in its current form, or perhaps at all) to the correct fora, a discussion between you and your government. Or you could seek to leave its governance by seizing to be a citizen of it. When this is the root cause of your grievance, why enact it in very isolated terms of Liberapay licensing?

If you wish to take action against your government without lawyers, another tool the functional government relies on (to the point of offering it to you in many cases), more luck to you. To the end of the merits of libre software, you will find Unlicense or CC0 doesn't rid anyone of legality, it just positions you at odds with the ecosystem and other libre software and "libre" worded projects, finding yourself with less of a case than you could have.

The operation of GitHub is predicated on the functional collaboration on copyright. However agreeable you find this proposition ethically, maybe taking your concern to GitHub, now owned by Microsoft has some merit, as Microsoft, as with the OSI, has tried to hollow out the libre software licensing in model, methodology, and language.

I will not get into the etymology of "the word Libera", but you will find no choice in the appreciation of "proprietary" as antithetical to "libre sofware", in the way free software is not un-free software.

When no choice is possible, or even good, the answer is a given. The Occam's razor of why Snap package (or boilerplate metadata) licensing info doesn't have "public domain" is that it outside of academic polemetry (polemics+telemetry), it couldn't exist anywhere till at-least many decades in the future, or that the licensing info for your non-software license of choice is missing; because in turn no influential product uses it. This is poignant in that regard, because it begs the question of why one ultimately should want public domain software. Your writing: … that you could get smarter programmers to work on a Python project than you could to work on a Java project.

If you like public domain, don't plunder its meaning.

techtonik commented 4 years ago

However uncontroversial that might be, is it not so that every single one of the contributors to the Liberapay codebase is by default protected by copyright in doing anything of the sort by virtue of belonging to it as citizens of each respective and shared framework of copyright.

Can you rewrite this in simple English? Not everyone is a native English lawyer.

techtonik commented 4 years ago

@comradekingu I am quoting you.

If you like public domain, don't plunder its meaning.

However, I completely fail to understand where it comes from. I'd appreciate if you could sum them the explanation why for me in a simple list so that I could continue the discussion: 1. 2. 3.

comradekingu commented 4 years ago

@techtonik It is infeasible to put anything into actual public domain, short of just running out the clock. That would require the project to be dormant for 100+ years after (for example) the last Mexican author dies, for example. It is still very long just about anywhere else.

It could be possible to waive rights so that it enters public domain, but some of the copyright is mine, and that isn't the case in Norway, and that is the case for many jurisdictions. It could change, but making Liberapay CC0 isn't doing that.

It is further specifically impossible to put something in the public domain based on contributors (in what is a collaborative project) making changes from different jurisdictions, some of which prevent losing copyright completely, and certainly without compensation.

It isn't going to happen now, for a long time. Nor are the laws for actual contributors favourable for that to happen, and those laws specifically prevent it. Start at the right end, not from the other end, or hope for some miracle in the middle.

In conclusion, for any measure of what a successful libre software project like this could be, trying to go public domain is not possible. Nor is it even something to aim for, but that is another matter.

To reiterate what you said:

The right to produce public domain works needs to be defended.

Sure, but you are about to claim CC0 is a way of doing so, when that is a copyright concept. Public domain is out of copyright. If you want to do something about it, your option is to take your issue to your government.

Otherwise we will end up with the situation that Linux foundation doesn't accept the existence of the right to opt-out from the copyright regulation altogether when sharing your code.

The Linux foundation has zero say in the matter. The Linux foundation isn't even a license authority. You can't opt-out, and you can't effectively share code if you try.

If you read (the extremely poorly written) https://creativecommons.org/share-your-work/public-domain/cc0/ you would find (near the end, and in passing describing something else):

it can be used to waive copyright and database rights to the extent you may have these rights in your work under the laws of at least one jurisdiction

And from their FAQ

Does CC0 really eliminate all copyright and related rights, everywhere? Please don’t take the 0 (zero) in the name “CC0” literally – no legal instrument can ever eliminate all copyright interests in a work in every jurisdiction.

and

Does CC0 really eliminate all copyright and related rights, everywhere? Please don’t take the 0 (zero) in the name “CC0” literally – no legal instrument can ever eliminate all copyright interests in a work in every jurisdiction.

CC0 doesn’t affect two very important categories of copyright and related rights. First, just like our licenses, CC0 does not affect other persons’ rights in the work or in how it is used, such as publicity or privacy rights. Second, the laws of some jurisdictions don’t allow authors and copyright owners to waive all of their own rights, such as moral rights. When the waiver doesn’t work for any reason CC0 acts as a free public license replicating much of intended effect of the waiver, although sometimes even licensing those rights isn’t effective. It varies jurisdiction by jurisdiction.

While we can't be certain that all copyright and related rights will indeed be surrendered everywhere, we are confident that CC0 lets you sever the legal ties between you and your work to the greatest extent legally permissible.

They just went to some extremes with their options, without considering what the actual ramifications are.

Creative Commons is in itself an unfortunate organization. They confuse libre and unfree software by having one non-free license in their portfolio, and they confuse public domain with their CC0 license and accompanying explanation.

Also, from their terms and conditions

  1. Online Analytics

We may use third-party web analytics services (such as Google Analytics) on our Services to collect and analyze the information discussed above, and to engage in auditing, research, or reporting. The information (including your IP address) collected by various analytics technologies described in the “Cookies and Other Tracking Technologies” section above will be disclosed to or collected directly by these service providers, who use the information to evaluate your use of the Services, including by noting the third-party website from which you arrive to our Site, analyzing usage trends, assisting with fraud prevention, and providing certain features to you.

And yes, they use Google Analytics on their website.

They also have https://opensource.creativecommons.org/community/code-of-conduct/

Authoritarian tools, with authoritarian measures in place.

https://github.com/creativecommons doesn't use CC licensing for their code (to their credit).

Furthermore, (and not anecdotally) a near zero projects are using CC0 licensing, and it works in fewer still…

Nobody is in this because of CC0 licensing.

nfitzen commented 4 years ago

@comradekingu Section 2 of CC0 is a public domain waiver. For countries where public domain does exist, CC0 is functionally equivalent to a public domain waiver.

What CC0 does is adds on to that if a jurisdiction doesn't have the concept of public domain. So yes, it does fall under copyright when that is the case. Until some countries are convinced that irrevocable copyright is dumb, that's the best solution we have for maximizing the permissions granted to use the work.

Also, this is kind of pedantic, but public domain is a fundamental part of copyright. Treating it like it's not can sometimes make it seem as if public domain is optional when implementing copyright law, or as if it's some kind of wastebasket of things nobody really cared about, instead of the place where ideas reside naturally and unencumbered, promoting freedom of expression.

(Sadly the wastebasket concept comes from copyright lifetime being way too long (i.e., >20 years), so the only way a work gets into the public domain is via a waiver.)

Edit: I guess that's basically what you said. I think my point was that CC0 is a copyright concept, but so is the public domain in a sense.

Also, CC0 is fine to use with software. Sure, it doesn't have copyleft on it, but that doesn't necessarily stop the website itself from being free. I do think something like the Apache 2.0 License would be better since any proprietary forks need to mention the project. Plus patent protections.

Edit 2: well, uh, yeah. About that. Preaching to the choir everyone. I guess I should read better. The project is functionally not public domain, yeah. There's probably at least 1 contributor who resides in a jurisdiction without public domain.