Reviewer: Can evaluate open-source repo

[friedger]

To increase the engagement in the developer community, proprietary apps should be punished heavily.

[kkomaz]

I would love some input on this one @jeffdomke // @hstove // @larrysalibra

How important is it to make sure your app is open source? As apps become more developed I would hate for anyone to "steal" it and basically make a copy of your own app, submit to the app mining program, and have a higher score. (Very possible since the memory function)

[friedger]

We as a Developer Union should come to a conclusion as well.

If it happens that a cloned app appears in the app mining program the algorithm should stay and reward original work only. There were discussions in the past about cloned apps but without conclusions.

However, as both apps are open source, your app will benefit from the development of the other app as well. App mining should support the communal/decentralized development of an app.

On Thu, 21 Mar 2019, 16:31 Alexander Lee, notifications@github.com wrote:

I would love some input on this one @jeffdomke https://github.com/jeffdomke // @hstove https://github.com/hstove // @larrysalibra https://github.com/larrysalibra

How important is it to make sure your app is open source? As apps become more developed I would hate for anyone to "steal" it and basically make a copy of your own app, submit to the app mining program, and have a higher score. (Very possible since the memory function)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/blockstack/app-mining/issues/11#issuecomment-475278204, or mute the thread https://github.com/notifications/unsubscribe-auth/ABYcWQPVRC-ukQNqHWOQeAMJ8sXsPN78ks5vY6XRgaJpZM4act3j .

[stackatron]

@kkomaz seems like there are upsides and downsides. Suggest we add this dimension to digital rights since an open source project is more likely to defend a user from malicious code. Thoughts @larrysalibra ?

[friedger]

@kkomaz @jeffdomke I would say the advantages (of requiring that the app is open source as defined by the open source initiative ) outweigh the disadvantage.

Pros:

• Decentralizes the ownership of code
• Decentralizes hosting of the app
• Increases trust
• Increases innovation

Cons:

• Somebody might get higher rewards than the original app publisher

Let's open a new issue for this Con: https://github.com/blockstack/app-mining/issues/75

[stackatron]

@larrysalibra is free to include this in his reviewer whenever he feels like.

[larrysalibra]

I'm not sold at the moment that making open source as defined by the open source initiative a requirement makes sense. Would like to revisit this in the future. In the meantime, feel free to write more about why you think this requirement is or is not a good idea.

[larrysalibra]

When an app’s source code is available, it becomes easier for others to audit its behavior. It also makes it so that users can run their own copy of the app, reducing their dependence on the app developer.

We propose that developers self-declare their open source status at app mining submission time, provide a link to the source code and indicating the type of license it is under. App developers can choose to make their app's source code visible but continue to hold exclusive rights to its use. Alternatively, they can license the code under a license that grants use of the code.

We define “source available” as meaning that a generalist developer should be able to run their own copy of the app in a “reasonable” amount of time and code should not be obscured. Developers should make a good faith effort to meet this standard.

We reserve the right to spot check developer claims and propose a whistleblower system as the enforcement mechanism. That is to say, we will award points based on the developer’s claimed status with random spot checks and encourage community members or peers to reach out during the audit period if they think an app claims open source status for which is not qualified.

We propose the following scoring:

• No source code available/Commercial or unclear license: 0
• Source available - Non-OSI approved license or commercial license: 1
• Source available - OSI-approved license or public domain: 4

Since the community is subsidizing app’s development, we feel it makes sense to award apps that return the favor by contributing their code back to the community through an OSI-approved license.

A dry run of this new open source criteria will be conducted during the app review period that begins on December 1, 2019 (November 2019 cohort).

See the following forum issue for other proposed scoring and policy changes: https://forum.blockstack.org/t/november-2019-nil-scoring-proposals/9494?u=larry

[cuevasm]

• Somebody might get higher rewards than the original app publisher

By far not the only con. I'm generally in favor of open-source, however, I think we should consider how this impacts the teams and people that will consider participating in App Mining and building with Blockstack. You will have whole swaths of high-quality entrepreneurs awakening to decentralized apps and their possibilities in the very near future and I think they'll be unlikely to want to risk their business in that way. If we're fine essentially saying this isn't the program for you, all good, though I do think it would be a missed opportunity to bring in the right kind of people that can take Blockstack to the next level. These folks have the skills and networks to bring in scores of new people to the ecosystem, that, combined with sustainable businesses being built on Blockstack, are much more valuable in the long-term than whether or not someone wants to have their code open-source in my opinion. With clones of App Mining sure to popup and incentives from other networks competing with Blockstack, I fear people choosing these alternatives readily if made to share their hard-earned IP publicly (especially if they are backed by investors).

Last, an app being open-source doesn't make it inherently more 'Can't Be Evil' or worthy of being called a Blockstack app. It only makes it easier to audit, which is maybe valuable, but again, we're imposing somewhat of philosophy (again, that I agree with) here and I just want us to be aligned in how that will likely limit our future potential developer base. Good with rewarding this, but not to the level that not being open-source is prohibitive to success in the program.

This is one of those I think we should work up to and change hearts. minds, and norms over time vs. taking a hardline this early on in the development of this movement.

[friedger]

We have the rule that clones are not accepted by the program. This rule was already applied.

Close-sourced apps are still accepted.

[cuevasm]

I get that, but this model could be so prohibitive to closed-source apps being successful in the program, that we turn away a lot of really good builders. If we're fine with that, fine. Just saying, as a marketer trying to get high-quality people to build with Blockstack, this hurts my chances in a lot of successful circles.

[qqnoname]

How about complex apps that have complex algorithms? For example, what if someone will decide to develop an Awario-like app with Blockstack? As a result, they will need to open-source their backend and anyone could to create a clone just by changing UI. Moreover, the algorithms of their not-blockstack competitors always will be better and blockstack apps will not be able to compete with not-blockstack apps.

The open-source requirement will be a barrier for creating a stable business that is not addicted to App Mining.

[talhasch]

@qqnoname I think Runkod is one of the most complex Blockstack apps consists of 3 different code repository. 2 of them are server side.

We designed a new nginx + letsencrypt automation that never exists before. And a virtual file system for client side file browser. And much more..

We don't hesitate to share it as open source. Our competitors can check it and get inspired if they need.

Inspiring our conventional competitors with a Blockstack based application is another success. And this should have a price.

[hstove]

These licenses are so confusing to me. I never really get what GPL "means" as well as the others, except something more simple like MIT.

My question is, if an app releases their code as open source, with a license that only allows non-commercial uses, does that get a full score? I can never tell if GPL permits the developer to restrict to personal, non-commercial use only.

[hstove]

On the topic of open-source vs. not. I know there are pros and cons, but this is a "digital rights reviewer". It's pretty clear that open source is better for digital rights.

[cuevasm]

Not if we end up unintentionally pushing away a bunch of people from building amazing things for digital rights. I'd wager most entrepreneurs will run the other direction at that currently, but that is changing and I just think there are ways to reward open-source without hammering closed-source, there are legit reasons to stay closed-source imo

[hstove]

I just think there are ways to reward open-source without hammering closed-source, there are legit reasons to stay closed-source imo

This is a good sentiment, but rewarding someone can also be seen as punishing others, regardless of how you do it. If NIL ends up with many different criteria, like 6, then the "open source" criteria would only account for 1/18th of your score.

[larrysalibra]

These licenses are so confusing to me. I never really get what GPL "means" as well as the others, except something more simple like MIT.

My question is, if an app releases their code as open source, with a license that only allows non-commercial uses, does that get a full score? I can never tell if GPL permits the developer to restrict to personal, non-commercial use only.

Yeah I agree the licenses can be confusing.

Generally open source means that source code is both available AND people can use/modify/share it. Here is a good definitions here: https://opensource.org/osd-annotated.

Just posting your source code on the internet doesn't make something open source. Without a license, in many places in the world (like the usa) you have no legal right to use code that's just posted on the internet because the creator of it automatically holds a copyright on it. If you use code that isn't properly licensed you open yourself up to copyright infringement issues.

My proposal is that any of the licenses approved by the Open Sounce Initiative (OSI) (and there's a lot - I believe all of the commonly used ones are there) or putting your code in the public domain (giving up any copyright interest in the code) be treaded as open source and get full score: https://opensource.org/licenses/alphabetical

If an app doesn't want other people to use their code (in other apps, etc) they can still make their source code available in a human readable form - I call this "source available" vs "open source". This is good for users because they can at least more easily read or inspect the code if they so desire, they just can't use it for anything without potential copyright infringement issues.

To specifically answer your question @hstove, if an app releases their source code under one of these licenses https://opensource.org/licenses/alphabetical or in the public domain, they receive full score. If they provide their source code ("source available") but say something like "restricted to personal, non-commericial use only" they would only receive 1 point because this isn't an accepted open source license.