Open lukasubo opened 4 years ago
lukasubo
commented
4 years ago Here is their example. The cryptolib license is AGPLv3, and some quick searching indicates that it is compatible with GPLv3, and the AGPLv3 terms would apply to the distributed binary.
x0b
commented
4 years ago Thank you for your feature suggestion.
I'm well aware of Cryptomator and cryptolib. However, this app cannot include any copyrighted library or asset which when combined with the rest of the app requires any more restrictive terms than those of the MIT license.
The choice of (A)GPL is usually not an accident - we do it specifically to prevent closed source clones that don't contribute upstream, and the same is probably true for Skymatic GmbH. For me as a maintainer, I also have to consider the motivations of upstream library maintainers, i.e. they have a strong incentive to stop publishing further versions since their Android app's sales would probably suffer to some degree. They publish the library for marketing purposes, they do not work with outside contributors.
And for creating an independent implementation, as gary-kim said on rclone#1647:
I didn't realize Cryptomator is a constantly moving format and that just made it far more annoying to implement and the prospect of maintaining it not exactly appealing.
lukasubo
commented
4 years ago @x0b out of curiosity, why the restriction of only using MIT-licensed libraries for a GPL-licensed application like RCX? I see the CLA in the readme. I assume this is to be able to relicense the app in future versions?
I do see your point with the risk of Skymatic stopping support for the library, but considering they brag about Cyberduck using it on their website, and Cyberduck is GPLv3, I doubt they would. IMO it's not too likely many people (outside of rclone users) would switch from the official app to a 3rd party one that uses rclone anyways, especially since Cryptomator seems principally marketed as an easy to use solution. I doubt that Skymatic is too concerned about that.
x0b
commented
4 years ago @x0b out of curiosity, why the restriction of only using MIT-licensed libraries for a GPL-licensed application like RCX? I see the CLA in the readme. I assume this is to be able to relicense the app in future versions?
I wanted to maintain mergeability with RcloneExplorer, and that doesn't work if RCX contains third party code that I cannot relicense. And the MIT license conveys this intent much better than some crude CLA that boils down to "we can do with your code whatever we want, deal with it".
Also, Google Play is full with copycats. NewPipe for example is only able to do something since NewPipe is GPLv3 - with MIT, re-skinning and dropping it to Google Play is way to easy. From a purely ideological point of view, I would much rather prefer MIT, because it grants the users more freedoms.
...but considering they brag about Cyberduck using it on their website, and Cyberduck is GPLv3, I doubt they would.
Iterate GmbH, the developers of Cyberduck, have probably entered some commercial agreement with Skymatic, since they also support Cryptomator in Mountainduck. And since Cryptomator is free on desktop, and Iterate has no mobile offerings, no loss of sales == no strategic problem.
Edit I actually have been thinking about adding support for various third party encryption schemes (OpenPGP, Cryptomator, Boxcryptor, etc.) as a paid add-on in order to have some budget for project activities, e.g. supporting ncw, development infrastructure, etc. However, that idea is very hypothetical and very far in the future, if ever. For now, I'm working on improving compatibility with existing apps, instead of outright replacing them.
lukasubo
commented
4 years ago Iterate GmbH, the developers of Cyberduck, have probably entered some commercial agreement with Skymatic, since they also support Cryptomator in Mountainduck.
Likely, but since Cyberduck is also GPLv3, then as long as it's available under that license, so is Cryptolib.
I actually have been thinking about adding support for various third party encryption schemes (OpenPGP, Cryptomator, Boxcryptor, etc.) as a paid add-on in order to have some budget for project activities, e.g. supporting ncw, development infrastructure, etc. However, that idea is very hypothetical and very far in the future, if ever. For now, I'm working on improving compatibility with existing apps, instead of outright replacing them.
This sounds like a great feature, but I feel that a lot of people look for an open source solution. I'm not sure if there is a viable way of commercializing an open source Android app with no ongoing service charge (e.g. an account for a cloud service with an OSS client). Do you have any thoughts on that? On the other hand, some emulator apps have worked like that, and I think OsmAnd had a similar concept.
x0b
commented
4 years ago Likely, but since Cyberduck is also GPLv3, then as long as it's available under that license, so is Cryptolib.
I already looked this up yesterday, but my answer was getting to long. Weirdly enough, they reference Cryptolib under AGPL, so either they are in violation or Cyberduck's GPLv3 marker does not cover dependencies and/or they have negotiated exceptions. For the legal status, the license file does not matter much, and it is unclear whether Cyberduck/Iterate has both legal rights and intent to publish the whole set of all source files in Cyberduck under GPLv3.
In any case, this implementation of Cryptomator cannot be used in RCX, and that opinion is final (unless Cryptomator/Skymatic re-license their library of course).
I'm not sure if there is a viable way of commercializing an open source Android app with no ongoing service charge (e.g. an account for a cloud service with an OSS client). Do you have any thoughts on that?
I actually think that people pay for the convenience and assurance of automatic updates through Google Play (DAVx⁵ comes to mind), especially since RCX tends to degrade with time because of cloud provider or Android changes. However, that discussion is really a problem for another day - RCX is way to small currently to think about anything other than improving it & growing the community.
lukasubo
commented
4 years ago @x0b well, thanks for taking the time to answer and share your thoughts. It's a pretty great app you have here, and I'd like to find a way to help out if I can. I see in the readme you mention translations, and I cannot find any reference to French in the source code. If that would help, I can translate for you.
x0b
commented
4 years ago I've opened #77 with more details as to how you can join the translation team. I'd like to keep this issue for Cryptomator support.
Pre-Submission checklist
If no, please add a +1, and maybe a comment if you have more to add.
What version of RCX are you using (About -> App version)?
1.11.4
What problem are you trying to solve?
Cryptomator vaults are quite convenient, especially when sharing with someone else. In that use-case, rclone crypt is not great due to lack of GUI. Additionally, Cryptomator's crypto and related code have been audited, which may be an advantage to some.
What should RCX be able to do differently with help this problem?
Cryptomator's crypto library is available on their GitHub. Integration with RCX would provide a fully open source solution for those who wish to tinker.
https://github.com/cryptomator/cryptolib
Phenomenal app, by the way!