License should guarantee that the code published is actually used during the elections

[boamaod]

By now the license doesn't guarantee that the code published here will also be used in servers during the elections. However, this is the most essential thing. Of course there could be other guarantees for that, but willingness to meet all relevant legal criteria would help to gain trust for the process.

The most obvious candidate for license guaranteeing that would be AGPL [1]. As far as I understand, this is the license that you should use for open source code which runs public services on Internet. If you fail to publish the code along with the service, you will be conveniently sued by the Free Software Foundation.

Showing that Election Committee is ready to take that risk would be a reasonable legal guarantee for the people that the actual code used during the elections is not modified for some partisan interest.

Of course using AGPL would require solving issues #1, #2, #3 too, but I think it's all worth it.

[1] http://www.gnu.org/licenses/agpl-3.0.html

[andris9]

@boamaod you are slightly wrong about your conlclusions with AGPL - as the original copyright holder, VVK does not need do comply to the AGPL requirements, this is only for the derivatives

[boamaod]

@andris9 I understand, but if they would also accept contributions from community, this would be a bit different though.

[andris9]

No, it wouldn't change anything. As the copyright holder they can attribute any license to the project simultanously (MIT, GPL, CC and so on) and additionally they also keep the original copyright. The license only applies to the ones that are copying but not to the owner. Only when you are copying the project you must choose one of the licenses given (if there's multiple, usually there's just one) and adhere to the conditions of this license.

If you contribute to a project (make a pull request or send a patch) then you give your rights for the commit to the project owner and the project owner can still share (or not) it as they will. If you do not make the pull request but only modify your own fork, then the rights are your own and if the original project wants to merge these updates they need to adhere to the license the project is using.

IANAL though and major projects usually require signed contracts from the commiters, about explicitly giving the rights to the project owner, before their commits land in the original repo.

[windo]

"If you contribute to a project (make a pull request or send a patch) then you give your rights for the commit to the project owner and the project owner can still share (or not) it as they will." <- This is incorrect in the general case. It is only the case if a copyright assignment agreement is in place. Very few major projects require such an agreement (notably GNU and several freecore projects do).

[Repentinus]

andris9, you are right that VVK does not need to comply with AGPL if they hold © to the code.

However, you are mistakely proposing that a pull request somehow equates copyright assignment. The author of the patch holds © to the patch by default according to Estonian copyright law. The author is able to assign the "property" rights to VVK if s/he so chooses, but such an assignment must be explicit in nature.

The situation with the full software becomes more complicated once the patch has been incorporated and is broadly regulated in AutÕS § 30. Basically, unless the authors have agreed otherwise, they have to make use of their rights jointly. Hence, they have to agree on the licence the full software is distributed under. If they do not and any single copyright holder takes unilateral action, then other © holders can sue him/her. I would say it is reasonable to assume that issuing a pull request constitutes implied consent to distribute the code under the licence currently in use by the project, but even that is up to the courts to decide.

[andris9]

@windo, @Repentinus thanks for pointing this out. Does Estonian copyright law apply if the code resides and pull requests/merges are done in a foreign server (eg. in GitHub) like in this case?

[Repentinus]

@andris9, if the patch is written in Estonia, then yes. However, while the holder of © is determined according to Estonian law in this case, the extent of restrictions VVK can place upon licencees varies from country to country because the extent of rights granted by copyright laws in different countries varies substantially.

I am not sure what happens when the patch is written in another country. It is most likely that the author of the patch will hold © to the patch itself, but the situation with the full work (the original & the incorporated patch) becomes more complicated and I have no idea whether it should be resolved according to the laws of the state of the person submitting the patch or according to the laws of the state of VVK (Estonia).

[WhyNotHugo]

The resulting work would be governed by the AGPL, and part of the copyright would belong to the original authors (the government), while the rest would belong to the contributor. Therefore, no-one, not even the original author can run this combined work without sharing the code to it's users.

However, it should be a non-issue having to share code with the users's since the code is already been shared now, and there's no harm in users being able to fork or re-use the code.

Anyhow, adopting the AGPL would not solve the current issue.

[diraol]

The current issue just could be solved by national laws, not by the software license.

Beside that question, i would recommend a different license for this project since Creative Commons is designed mostly for contents as media contents, articles, music, and so on, but not for software source codes.

I personally would recommend AGPL (v3 or later) as license.

Congrats for the effort in building a public and transparent world!

[WhyNotHugo]

AGPL would be of little use, since most other governments or similar organizations with similar proyects use MIT or ISC, making AGPL-licese code as useless as the current licese.

[ghost]

Affero license could help these guys out. Maybe.

On 2 August 2013 19:19, Hugo Osvaldo Barrera notifications@github.comwrote:

AGPL would be of little use, since most other governments or similar organizations with similar proyects use MIT or ISC, making AGPL-licese code as useless as the current licese.

— Reply to this email directly or view it on GitHubhttps://github.com/vvk-ehk/evalimine/issues/8#issuecomment-22020312 .

Fortuna audaces adiuvat -- hos solos ?

[kiniry]

I doubt any license choice will help, given they have illegally "borrowed" GPL code without attribution.

[ghost]

I am thinking about posting an article about this snafu on Slashdot or so: "How to Not-Open-Source Your Project and Shoot Yourself in the Foot", or a similar title.

On 12 August 2013 20:09, Joseph Kiniry notifications@github.com wrote:

I doubt any license choice will help, given they have illegally "borrowed" GPL code without attribution.

— Reply to this email directly or view it on GitHubhttps://github.com/vvk-ehk/evalimine/issues/8#issuecomment-22512966 .

Fortuna audaces adiuvat -- hos solos ?

[Repentinus]

@kiniry, can you please provide details of the allegation? Either here, in public, or via e-mail to repentinus (at) fsfe (dot) org. Thanks.

[JensRantil]

@kiniry, can you please provide details of the allegation? Either here, in public, or via e-mail to repentinus (at) fsfe (dot) org. Thanks.

Isn't this issue enough?

[Repentinus]

This issue, while unpleasant, does not even come close to establishing a prima facie case of GPL violation, as the issue is premised on information that the code released by VVK is licensed under CC-BY-NC-ND and VVK holds © to the code.

[ghost]

Total silence from the authors. I now consider this as not more and not less than "viewable source" ( see http://linuxmafia.com/faq/Licensing_and_Law/forking.html ).

[kiniry]

As a start, countLines comes from GNU's wc. I haven't had time to do a full code review from the point of view of provenance, but someone really should.

I gave a talk on our initial review of the system at VoteID (http://www.voteid13.org/) and EVT (https://www.usenix.org/conference/evtwote13) to the enjoyment of the audience. I'll post the slides at http://kindsoftware.com/documents/talks/ when I have the time.

[Repentinus]

I've taken a quick look at the latest version of coreutils source code and while wc source and count_lines.cpp look similar, I was unable to conclude that count_lines.cpp has been copied from wc.

Has anyone else spotted potential licence violations?