A community that wants to put political restrictions on how their software is used isn't really an open source community. Maybe they should find a new name and new licenses for what they're doing?...
A community that wants to put political restrictions on how their software is used isn't really an open source community. Maybe they should find a new name and new licenses for what they're doing?
There's a contradiction between package distribution systems that allow authors to revoke releases and the open source spirit (where authors have no veto power), though it's rarely noticed since releases are seldom deleted.
But, completely removing the ability to revert a release has problems too. Go's new proxy server doesn't have any way to revert, resulting in some sticky issues: https://github.com/golang/go/issues/34189
I really don't think restricting the use of your software like that means it isn't 'open-source'. The only way the open source community can survive is by ensuring bad faith actors don't...
I really don't think restricting the use of your software like that means it isn't 'open-source'. The only way the open source community can survive is by ensuring bad faith actors don't infiltrate the community in ways that harms it as a whole. After all, it's not like FOSS has a history of corporate entities attempting to take control over said software so that they can privatize and profit off of it...
Otherwise, aren't we going back to the usual free speech argument? Where you're not truly a platform of 'free speech' unless you allow anyone to say anything, which results in platforms like Gab where the most virulent rule the site? If anything efforts like what Seth did is one of the most effective forms of protest you can do as a software engineer if you're writing popular open source code.
Are there licenses that give the creator/keeper of the code the ability to withhold and takedown the source at their own digression? GitHub can choose not to host code that it finds objectionable...
Are there licenses that give the creator/keeper of the code the ability to withhold and takedown the source at their own digression? GitHub can choose not to host code that it finds objectionable or illegal, so there is likely a precedent.
Most free and open source licences don't require hosting at all, except in certain circumstances. Many—for example, the GPL—don't require that the software even be free of charge or publicly...
Most free and open source licences don't require hosting at all, except in certain circumstances. Many—for example, the GPL—don't require that the software even be free of charge or publicly available.
As I'm most familiar with the GPLv2/v3, I will use it as an example. The author of a GPL work is under no obligation to make it available for free, or available to the public. The principle requirements of the GPL are two-fold, and are similar to most free software licences:
that, if the software is distributed in non-source form, the source be made available in some way (several are listed) to the licensee, and
that the licensee has the right to use, modify and redistribute the code under the same licence, subject to certain restrictions (eg, trademark, indemnification, and attribution considerations).
If the author had distributed non-source versions, then they would continue to be obligated to provide the source to people who had the non-source version. However, if the code is distributed in source form, as I expect was the case for this package, then there's no obligation to provide anything additional after the licensee has downloaded the code. The author can simply stop distributing it, with the caveat that prior licensees would still be able to distribute on their own. Similarly, the author could charge for copies of the software, or only distribute it to their friends, or only distribute it on physical media—all with the same caveat.
It's different because releasing something as open source means other people can archive and redistribute it. This is a legal right. Taking down your copy won't stop people for long. Seth's...
It's different because releasing something as open source means other people can archive and redistribute it. This is a legal right. Taking down your copy won't stop people for long.
Seth's protest is possible due to how gems are distributed. The server lets an author take down a package. But that's up to the distributor and they don't have to work that way.
Requirements around code review and any kind of change management in the Federal Govt being what they are, stuff like this can gum up the work longer than you might expect.
Requirements around code review and any kind of change management in the Federal Govt being what they are, stuff like this can gum up the work longer than you might expect.
How do you see this move as being at all connected with the licence they are using (Apache)? The author is not, unless I am mistaken, trying to revoke the licensing of the software to those who...
Maybe they should find a new name and new licenses for what they're doing?
How do you see this move as being at all connected with the licence they are using (Apache)? The author is not, unless I am mistaken, trying to revoke the licensing of the software to those who have it, or trying to prevent those who have copies from distributing or developing them under the same licence. They are only ceasing to distribute it themselves. That is perfectly within both free software and open source, and can also happen for many reasons other than political protest.
It's very unclear to me what you mean by "the open source spirit" including that "authors have no veto power," as well. Authors have no veto power over how people redistribute their code, but they certainly have veto power over how they distribute their code, whether on their own sites or on a distribution system where they administer the distribution of the code.
I can understand the concern about licence restrictions on use: more distressing to me than political disputes, which rarely end up enshrined in the licence itself, are the "source-available" abominations that have been recently popular and controversial, where the code is developed as though it is open source, but then use is restricted such that many users will actually have to pay for licences.
However, this case appears to have nothing to do with licence restrictions: the company involved has actually already made a mess of trying to fork the code.
While an author is within their rights to stop hosting the code, this will be ineffective in the long run because other people can still distribute the code, and there is no legal way of stopping...
While an author is within their rights to stop hosting the code, this will be ineffective in the long run because other people can still distribute the code, and there is no legal way of stopping them.
So, it seems to me that if an author wants to be effective at preventing people they don't like from using their code, they will need to switch to a different license?
I'll also point out the collateral damage to unrelated developers from letting authors do this as a protest. It seems like Chef was under pressure to step in to keep it from breaking other customers, and screwed it up.
Redistributors who are thinking ahead rather than doing things in a rush like Chef will actually host the code themselves and disallow taking it down. This is basically what Go is doing with their new proxy server.
Also, other people can host their own proxy servers, so even if you got the Go team to take down a release, it wouldn't affect the other proxies.
I don't think it was meant to be effective in the long run, only to start a broader conversation about FOSS code being used in "evil" situations. Protests generally do inconvenience people. It's...
this will be ineffective in the long run
I don't think it was meant to be effective in the long run, only to start a broader conversation about FOSS code being used in "evil" situations.
I'll also point out the collateral damage to unrelated developers from letting authors do this as a protest.
Protests generally do inconvenience people. It's how they get noticed and the word is spread.
When do you say it isn't and is acceptable to remove code then? What if terrorists or other enemies of the state are using it? Just because something is open source doesn't mean it's not still the...
When do you say it isn't and is acceptable to remove code then? What if terrorists or other enemies of the state are using it? Just because something is open source doesn't mean it's not still the property of the person who created it and Just because something is open source doesn't mean that it's creator has an obligation to maintain it indefinitely either. Removing it is no different than projects that have become deprecated or downright broken due to their age.
Terrorist would still use the code, you can only remove it AFTER you know that they do. And then what? Either everyone AND the terrorists get the code, or nobody does, however the terrorists would...
Terrorist would still use the code, you can only remove it AFTER you know that they do. And then what? Either everyone AND the terrorists get the code, or nobody does, however the terrorists would still have the old code. This means nothing, and they would only get the same code that everyone else does. It's the same argument that three letter agencies are using when they are claiming a perfect encryption should not exist and that the public should not get to use secure encryption - because the terrorists would use it too! That's insanely flawed argument.
Open-sourcing the project literally means that you surrender most of your property rights over it to the public. Sure, you get to have some nice things depending on the license, like people having to mention you as the original author or maybe making further updates to the code public as well, but you no longer have any control over it. You hosting it is another topic, and sure, you don't have to maintain it, but once you surrender your ownership you can't just take it back.
Yes, but, as in this example, it made the people who were using his code for evil's lives harder and caused an entire discussion around ethical use of code/associations among companies. I don't...
Terrorist would still use the code, you can only remove it AFTER you know that they do. And then what? Either everyone AND the terrorists get the code, or nobody does, however the terrorists would still have the old code.
Yes, but, as in this example, it made the people who were using his code for evil's lives harder and caused an entire discussion around ethical use of code/associations among companies.
You hosting it is another topic, and sure, you don't have to maintain it, but once you surrender your ownership you can't just take it back.
I don't really see anyone here "taking back" ownership of their code. They're just refusing to distribute it on their own Github, which just so happens to be where most people get it from.
You mentioned property, that's why I had to clarify ownership here. Now if we go to my opinion - he took down code that had been automatically fetched via a build system, am I getting this right?...
You mentioned property, that's why I had to clarify ownership here.
Now if we go to my opinion - he took down code that had been automatically fetched via a build system, am I getting this right? He even mentions that he is sorry to anyone who's code got broken.
So the ultimate takeaway here for me is the one you would hear often - downstream packaging and distribution is essential to ensure safe and reliable deployment. Just imagine someone's day at the job following this:
"Ey boss, sorry, all our 3000 servers are broken and we can't deploy anything right now because one guy on GitHub had problem with inner US politics, isn't it great that we are using open source software in this company? By the way, there are 50 more dependencies in our package so oh boy, I sure hope no other developers would have issues with how someone else somewhere else uses their code!"
Sorry for the confusion, I'm not the guy who said property. Yes, absolutely. Mirroring from public repos is essential to large installations. Then maybe corporations should either consider the...
Sorry for the confusion, I'm not the guy who said property.
he took down code that had been automatically fetched via a build system, am I getting this right? He even mentions that he is sorry to anyone who's code got broken.
So the ultimate takeaway here for me is the one you would hear often - downstream packaging and distribution is essential to ensure safe and reliable deployment.
Yes, absolutely. Mirroring from public repos is essential to large installations.
"Ey boss, sorry, all our 3000 servers are broken and we can't deploy anything right now because one guy on GitHub had problem with inner US politics, isn't it great that we are using open source software in this company? By the way, there are 50 more dependencies in our package so oh boy, I sure hope no other developers would have issues with how someone else somewhere else uses their code!"
Then maybe corporations should either consider the morality of their business decisions or not freeload off of FLOSS without giving back to the community?
Corporations are giving back the code, most of the great open souce projects like Linux, Android, Clang and so on are the direct result of corporations giving back. I don't know how you suppose a...
Then maybe corporations should either consider the morality of their business decisions or not freeload off of FLOSS without giving back to the community?
Corporations are giving back the code, most of the great open souce projects like Linux, Android, Clang and so on are the direct result of corporations giving back. I don't know how you suppose a corporation should be considering the morality of something that happens elsewhere far beyond the reach of this corporation. This action potentially broke a lot of things for people who may be as removed from the whole US as possible.
Chef didn't have to enter into the agreement with ICE. That's the point here. The world is so hyper-connected in this day and age, that's highly unlikely.
I don't know how you suppose a corporation should be considering the morality of something that happens elsewhere far beyond the reach of this corporation
Chef didn't have to enter into the agreement with ICE. That's the point here.
This action potentially broke a lot of things for people who may be as removed from the whole US as possible.
The world is so hyper-connected in this day and age, that's highly unlikely.
It's true, they didn't have to do it, but there are two sides here - the progmatic and realistic one and a hot-headed and otrageous one. The progmatic one is to ask yourself what is better for...
Chef didn't have to enter into the agreement with ICE. That's the point here.
It's true, they didn't have to do it, but there are two sides here - the progmatic and realistic one and a hot-headed and otrageous one.
The progmatic one is to ask yourself what is better for everyone here? Chef is a public distribution system, anyone gets to clone code via it. It is also open souce, hence everything Chef as a company contributes to the Chef the software benefits everyone. So having an extra source of income for Chef is good, because their efforts get to be shared and their work is public anyway.
And then there is a way of the outrage, which is to drag a nneutral company into political polarization. Willingly or not, this guy forced Chef into a posotion that they can only loose from - now they can either retire the contract, loose money this way and potentially futher contracts with people who would view their actions as an anti-US action, or keep it and loose on the other end for being a pro-US company and take a hit in their public image. However regardless of these two options that would mean that the US agency still gets to use all the code that it wants to.
TL;DR: This guy tries to hurt an organisation he doesn't like but ends up hurting anything but the organization in question.
The pragmatic one is to ask what is the more moral choice, the choice that is likely to stage an effective protest and get people talking about Chef's readiness to cozy up to evil organizations....
The progmatic [sp] one is to ask yourself what is better for everyone here?
The pragmatic one is to ask what is the more moral choice, the choice that is likely to stage an effective protest and get people talking about Chef's readiness to cozy up to evil organizations.
So having an extra source of income for Chef is good, because their efforts get to be shared and their work is public anyway.
Chef is a large enough company that a small contract with ICE doesn't make much of a difference in their bottom line. This is a flawed argument.
And then there is a way of the outrage, which is to drag a nneutral company into political polarization.
They dragged themselves into it by selling their services to ICE and refusing any objections made by their employees or contributors.
Willingly or not, this guy forced Chef into a posotion that they can only loose from - now they can either retire the contract, loose money this way and potentially futher contracts with people who would view their actions as an anti-US action,
It's literally impossible to calculate any and all future contract losses, and that's one hell of a spin for choosing not to contribute to a US organization that cruelly separates families for no good reason and throws kids in cages. Oh, and the whole "indefinite detention while not providing basic healthcare, all but ensuring people will die" bit.
or keep it and loose on the other end for being a pro-US company and take a hit in their public image.
It's interesting that you don't think that being a "pro-US" company (another bit of spin, as it's really pro-ICE and pro-cruelty), wouldn't lose them contracts or money...
However regardless of these two options that would mean that the US agency still gets to use all the code that it wants to.
But they wouldn't receive support and they would have a harder time doing it.
This guy tries to hurt an organisation he doesn't like but ends up hurting anything but the organization in question.
By your same logic, however he didn't really hurt anyone, did he?
For most licences, authors retain considerable property rights, and do not surrender ownership. They retain the ability to license the code however they wish, under any other licence, and also may...
Open-sourcing the project literally means that you surrender most of your property rights over it to the public. Sure, you get to have some nice things depending on the license, like people having to mention you as the original author or maybe making further updates to the code public as well, but you no longer have any control over it. You hosting it is another topic, and sure, you don't have to maintain it, but once you surrender your ownership you can't just take it back.
For most licences, authors retain considerable property rights, and do not surrender ownership. They retain the ability to license the code however they wish, under any other licence, and also may retain other rights (trademark, restriction of marketing use of attribution, etc). For most licences, authors don't even need to make the software free of charge or publicly available. The only right, for the most part, that they give licensees is the right to use the software, obtain the source, modify the software, and redistribute the software, often only under the same licence terms.
This is not at all the same as surrendering ownership, eg, through copyright transfer or something like CC0.
It all boils down to what is your defenition of ownership is, because to me having a code under any open source license is akin to letting the gene out of the bottle - yes, you can re-license the...
It all boils down to what is your defenition of ownership is, because to me having a code under any open source license is akin to letting the gene out of the bottle - yes, you can re-license the code to a third party or make a new version under a new license, but the code that is already made public is not going to be affected - it's out and it's done. You can sell open software, but our topic athand concerns middleware, so that's a bit irrelevant. IMO you don't really own any open sourced code, since ownership is, by defenision, exclusive, and while there are some strings attached to some licenses exclusivity is ruled out as long as redistribution is free and open.
That is not even close to the same argument, for starters one is a private individual, the other is the government. as far as open sourcing, it doesn't have a strict legal definition, anyone can...
That is not even close to the same argument, for starters one is a private individual, the other is the government.
as far as open sourcing, it doesn't have a strict legal definition, anyone can call their software open source. So yes, if you offered your software under some open source license you cannot then revoke it's use from someone, however you're free to delete it or render it otherwise useless by some other means.
Why would a terrorist care about the license? If the license has "no terrorists or institutions I dislike, please", why would an organisation whose existence is illegal and/or immoral care at all?...
Why would a terrorist care about the license? If the license has "no terrorists or institutions I dislike, please", why would an organisation whose existence is illegal and/or immoral care at all? Who defines evil?
The amount of ignorance and call to emotions rhetoric here is saddening.
Unless you already had it installed, which you do, because you were already using it. All you did was shoot future users in the foot, The Bad will continue to Bad.
Unless you already had it installed, which you do, because you were already using it. All you did was shoot future users in the foot, The Bad will continue to Bad.
I think you'd have to limit forking and distribution, so that only the author can publish the code. Then they could publish it on servers that allow them to set and revoke permissions. This is how...
I think you'd have to limit forking and distribution, so that only the author can publish the code. Then they could publish it on servers that allow them to set and revoke permissions.
This is how copyright law normally works. When you publish some of your writing, people can't legally redistribute it unless you allow it. (With caveats for fair use, etc.)
Or maybe do something like the creative commons non-commercial license?
Most companies that have done open-core or gone closed-source will leave up the older releases that were under a free/open source license. Or if they don't, a mirror will pop up. In a few other...
though it's rarely noticed since releases are seldom deleted.
Most companies that have done open-core or gone closed-source will leave up the older releases that were under a free/open source license. Or if they don't, a mirror will pop up.
In a few other cases, the source code may be under a FOSS license but is only given to paying customers (who have a slight disincentive to just give away the code for $0/free).
I have seen questions of FOSS definition(s) in this topic, so I’m starting this thread to help clarify. OSI has the Open Source Definition, which is summarised in the following rules, commonly...
I have seen questions of FOSS definition(s) in this topic, so I’m starting this thread to help clarify.
OSI has the Open Source Definition, which is summarised in the following rules, commonly referred to OSD1 to OSD10:
Free Redistribution – The license shall not restrict any party from selling or giving away the software as a component of an aggregate software distribution containing programs from several different sources. The license shall not require a royalty or other fee for such sale.
Source Code – The program must include source code, and must allow distribution in source code as well as compiled form. Where some form of a product is not distributed with source code, there must be a well-publicized means of obtaining the source code for no more than a reasonable reproduction cost, preferably downloading via the Internet without charge. The source code must be the preferred form in which a programmer would modify the program. Deliberately obfuscated source code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not allowed.
Derived Works – The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.
Integrity of The Author's Source Code – The license may restrict source-code from being distributed in modified form only if the license allows the distribution of "patch files" with the source code for the purpose of modifying the program at build time. The license must explicitly permit distribution of software built from modified source code. The license may require derived works to carry a different name or version number from the original software.
No Discrimination Against Persons or Groups – The license must not discriminate against any person or group of persons.
No Discrimination Against Fields of Endeavor – The license must not restrict anyone from making use of the program in a specific field of endeavor. For example, it may not restrict the program from being used in a business, or from being used for genetic research.
Distribution of License – The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.
License Must Not Be Specific to a Product – The rights attached to the program must not depend on the program's being part of a particular software distribution. If the program is extracted from that distribution and used or distributed within the terms of the program's license, all parties to whom the program is redistributed should have the same rights as those that are granted in conjunction with the original software distribution.
License Must Not Restrict Other Software – The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be open-source software.
License Must Be Technology-Neutral – No provision of the license may be predicated on any individual technology or style of interface.
There is also the FSF which defines Free Software as software that gives its users the following four freedoms, commonly referred to as freedom 0-4:
The freedom to run the program as you wish, for any purpose (freedom 0).
The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help others (freedom 2).
The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.
“Open Source” is the proper name of a campaign to promote the pre-existing concept of Free Software to business, and to certify licenses to a rule set. Please treat it as a proper name, rather than a descriptive term, when it is applied to any work to which a license compliant with the Open Source Definition could possibly apply. That means you should capitalize both words.
This is surely not a bar I would want to be set. If it's open source, it's open source - you don't get to pick and choose who is using the code and for what, that's part of the appeal. Just...
This is surely not a bar I would want to be set. If it's open source, it's open source - you don't get to pick and choose who is using the code and for what, that's part of the appeal. Just imagine a corporation pulling something like that with their open source products and trying to sabotage the competition by restricting them from using the code.
What this person did is somewhat of a misguided childish tantrum more than anything else - not only the code is already out there and the license can't be changed, he is also attracting and empowering a certain type of people, that will try and push these types of actions without actually doing research into the why and how.
We have more than enough division in this community as it is, not only we have a hand full of very similar licenses that have to coexist, we also have multiple GUI frameworks, init systems, kernels, package managers and so on. With development split as it is the last thing I want is people further dividing the development efforts. You want to try and be holier-than-thou, a beacon of righteousness - all these things by trying to prevent "evil people" from using your code, I can be sympathetic to that, sure. But I don't thing this kind of segmentation is what FLOSS community can afford.
It's ridiculously easy to fork from a backup. Again, there was no restriction of code, only of distribution. It was a protest, and an effective one at that. He caused the CTO of Chef to be forced...
Just imagine a corporation pulling something like that with their open source products and trying to sabotage the competition by restricting them from using the code.
It's ridiculously easy to fork from a backup. Again, there was no restriction of code, only of distribution.
What this person did is somewhat of a misguided childish tantrum more than anything else
It was a protest, and an effective one at that. He caused the CTO of Chef to be forced to respond to the fact that they entered into a contract with ICE, and now many employees of Chef are joining in on the protest against ICE.
he is also attracting and empowering a certain type of people, that will try and push these types of actions without actually doing research into the why and how.
Can you detail this a bit? What "type" of people, and what kinds of actions?
With development split as it is the last thing I want is people further dividing the development efforts. You want to try and be holier-than-thou, a beacon of righteousness - all these things by trying to prevent "evil people" from using your code, I can be sympathetic to that, sure. But I don't thing this kind of segmentation is what FLOSS community can afford.
On the contrary, if the FLOSS community is to thrive, it must absolutely come to terms with the idea that people's code can be used for evil purposes, and how can we best rectify the communistic nature of FLOSS with the corporatist nature of most large software companies?
Reporters, activists, politicians - anyone who can use a drama to create moral panic in order to apply pressure on any organization, community and so on, consequences be damned. You can call them...
Can you detail this a bit? What "type" of people, and what kinds of actions?
Reporters, activists, politicians - anyone who can use a drama to create moral panic in order to apply pressure on any organization, community and so on, consequences be damned. You can call them the ambulance chasers of the internet.
On the contrary, if the FLOSS community is to thrive, it must absolutely come to terms with the idea that people's code can be used for evil purposes
The very idea of FLOSS is that the code should be public and free, open for modification, porting, adoption, study, etc. This is is mutually exclusive with purpose and the xoncept of "evil", because publicity removes any kind of exclusivity. "Evil" can not be excluded or discriminated against if everything is public. And any attempt to limit the publicity or the availability of code is hurtingthe FLOSS movement, not improving it.
I call them the protestors of an unjust system. You claim they don't understand the consequences, but I think that has more to do with your assessment than any knowledge on their side. "Moral...
Reporters, activists, politicians - anyone who can use a drama to create moral panic in order to apply pressure on any organization, community and so on, consequences be damned. You can call them the ambulance chasers of the internet.
I call them the protestors of an unjust system. You claim they don't understand the consequences, but I think that has more to do with your assessment than any knowledge on their side.
"Moral panic" is a bit dismissive when we are cruelly separating families and throwing kids into cages at a record rate.
The very idea of FLOSS is that the code should be public and free, open for modification, porting, adoption, study, etc
Yes, but just because the code is public and free does not mean the distribution networks are open and free.
"Evil" can not be excluded or discriminated against if everything is public.
On the contrary, if everything is public, it becomes far easier to ensure that evil is given a harder time.
Check if the IP range comes from the DOD and block. Make slight inaccuracies if you detect code being run inside of organizations you dislike.
It's all open source and free for modification, but it'll be a pain for these organizations to use your code unless they stop being shitty.
This is factually true, but my point is that there is no actual way of preventing the code from getting into anyone's hands. Distribution networks can be private and exclusive, but exclusion...
Yes, but just because the code is public and free does not mean the distribution networks are open and free.
This is factually true, but my point is that there is no actual way of preventing the code from getting into anyone's hands. Distribution networks can be private and exclusive, but exclusion doesn't really work in open source spaces very well. You can't reasonably expect to keep anything that can bee freely copied to be exclusive in any way, that's why we have piracy to this day.
The measures you've described are nothing but a farce that, once again, sets a bar that I don't thing you want to set. Hell, GPLv3 had been made in part to prevent some greasy limiting practices in open source - like companies that open source the code that runs inside a customer's device that can't be reflashed or modded. "Detecting" where the code runs to sabotage it is a horrible idea. Just imagine a corporation doing that for whatever reason.
Nope, but Chef doesn't have to make money off of it, either. And that was really the point here, to get Chef and its employees thinking about why Chef is profiting off of their code being used by...
but my point is that there is no actual way of preventing the code from getting into anyone's hands
Nope, but Chef doesn't have to make money off of it, either. And that was really the point here, to get Chef and its employees thinking about why Chef is profiting off of their code being used by evil companies/organizations.
The measures you've described are nothing but a farce
It's not a farce, it's a protest.
"Detecting" where the code runs to sabotage it is a horrible idea. Just imagine a corporation doing that for whatever reason.
So? It's FOSS. Don't like it, don't use it, or modify it to your liking. The point is slowing down the bad organizations and speeding up the good ones.
Exactly. There's no guarantee that free/open source licensed code has to be available on the internet for free. It only needs to be available to those that have the binaries. It's possible to give...
there was no restriction of code, only of distribution.
Exactly. There's no guarantee that free/open source licensed code has to be available on the internet for free. It only needs to be available to those that have the binaries. It's possible to give away GPL/Apache/AGPL/MIT code only to paying customers who are paying for your product/service.
how can we best rectify the communistic nature of FLOSS with the corporatist nature of most large software companies
Any sufficiently useful project should offer a monthly and yearly license/support fee. Why? Small businesses that use FOSS can then deduct those as expenses which is a big boost. I'd gladly hand over $15/month to LibreOffice or $5/month to a smaller project if I could deduct it as part of my business expenses.
For big companies, that would turn the code into a budget item and no longer give a free lunch. Big companies right now rely on the fact that the developer salaries are already paid for and with that they can use that one item, salary, to cover the expense of finding $0-cost FOSS libraries or developing alternatives, because the development time is already paid for even if it means the project takes a bit longer. Big companies already had a process for purchasing proprietary licensed software, it's time that FOSS takes advantage of that (through dual-licensing or just charging a fee, no matter how small).
A community that wants to put political restrictions on how their software is used isn't really an open source community. Maybe they should find a new name and new licenses for what they're doing?
There's a contradiction between package distribution systems that allow authors to revoke releases and the open source spirit (where authors have no veto power), though it's rarely noticed since releases are seldom deleted.
But, completely removing the ability to revert a release has problems too. Go's new proxy server doesn't have any way to revert, resulting in some sticky issues: https://github.com/golang/go/issues/34189
I really don't think restricting the use of your software like that means it isn't 'open-source'. The only way the open source community can survive is by ensuring bad faith actors don't infiltrate the community in ways that harms it as a whole. After all, it's not like FOSS has a history of corporate entities attempting to take control over said software so that they can privatize and profit off of it...
Otherwise, aren't we going back to the usual free speech argument? Where you're not truly a platform of 'free speech' unless you allow anyone to say anything, which results in platforms like Gab where the most virulent rule the site? If anything efforts like what Seth did is one of the most effective forms of protest you can do as a software engineer if you're writing popular open source code.
Are there licenses that give the creator/keeper of the code the ability to withhold and takedown the source at their own digression? GitHub can choose not to host code that it finds objectionable or illegal, so there is likely a precedent.
Most free and open source licences don't require hosting at all, except in certain circumstances. Many—for example, the GPL—don't require that the software even be free of charge or publicly available.
As I'm most familiar with the GPLv2/v3, I will use it as an example. The author of a GPL work is under no obligation to make it available for free, or available to the public. The principle requirements of the GPL are two-fold, and are similar to most free software licences:
If the author had distributed non-source versions, then they would continue to be obligated to provide the source to people who had the non-source version. However, if the code is distributed in source form, as I expect was the case for this package, then there's no obligation to provide anything additional after the licensee has downloaded the code. The author can simply stop distributing it, with the caveat that prior licensees would still be able to distribute on their own. Similarly, the author could charge for copies of the software, or only distribute it to their friends, or only distribute it on physical media—all with the same caveat.
It's different because releasing something as open source means other people can archive and redistribute it. This is a legal right. Taking down your copy won't stop people for long.
Seth's protest is possible due to how gems are distributed. The server lets an author take down a package. But that's up to the distributor and they don't have to work that way.
No, but it started a hell of a conversation, didn't it?
Requirements around code review and any kind of change management in the Federal Govt being what they are, stuff like this can gum up the work longer than you might expect.
Certainly it did! But it's a trick that won't keep working if lots of people do it.
It only really takes one.
How do you see this move as being at all connected with the licence they are using (Apache)? The author is not, unless I am mistaken, trying to revoke the licensing of the software to those who have it, or trying to prevent those who have copies from distributing or developing them under the same licence. They are only ceasing to distribute it themselves. That is perfectly within both free software and open source, and can also happen for many reasons other than political protest.
It's very unclear to me what you mean by "the open source spirit" including that "authors have no veto power," as well. Authors have no veto power over how people redistribute their code, but they certainly have veto power over how they distribute their code, whether on their own sites or on a distribution system where they administer the distribution of the code.
I can understand the concern about licence restrictions on use: more distressing to me than political disputes, which rarely end up enshrined in the licence itself, are the "source-available" abominations that have been recently popular and controversial, where the code is developed as though it is open source, but then use is restricted such that many users will actually have to pay for licences.
However, this case appears to have nothing to do with licence restrictions: the company involved has actually already made a mess of trying to fork the code.
While an author is within their rights to stop hosting the code, this will be ineffective in the long run because other people can still distribute the code, and there is no legal way of stopping them.
So, it seems to me that if an author wants to be effective at preventing people they don't like from using their code, they will need to switch to a different license?
I'll also point out the collateral damage to unrelated developers from letting authors do this as a protest. It seems like Chef was under pressure to step in to keep it from breaking other customers, and screwed it up.
Redistributors who are thinking ahead rather than doing things in a rush like Chef will actually host the code themselves and disallow taking it down. This is basically what Go is doing with their new proxy server.
Also, other people can host their own proxy servers, so even if you got the Go team to take down a release, it wouldn't affect the other proxies.
I don't think it was meant to be effective in the long run, only to start a broader conversation about FOSS code being used in "evil" situations.
Protests generally do inconvenience people. It's how they get noticed and the word is spread.
When do you say it isn't and is acceptable to remove code then? What if terrorists or other enemies of the state are using it? Just because something is open source doesn't mean it's not still the property of the person who created it and Just because something is open source doesn't mean that it's creator has an obligation to maintain it indefinitely either. Removing it is no different than projects that have become deprecated or downright broken due to their age.
Yes, but, as in this example, it made the people who were using his code for evil's lives harder and caused an entire discussion around ethical use of code/associations among companies.
I don't really see anyone here "taking back" ownership of their code. They're just refusing to distribute it on their own Github, which just so happens to be where most people get it from.
You mentioned property, that's why I had to clarify ownership here.
Now if we go to my opinion - he took down code that had been automatically fetched via a build system, am I getting this right? He even mentions that he is sorry to anyone who's code got broken.
So the ultimate takeaway here for me is the one you would hear often - downstream packaging and distribution is essential to ensure safe and reliable deployment. Just imagine someone's day at the job following this:
Sorry for the confusion, I'm not the guy who said property.
Yes, absolutely. Mirroring from public repos is essential to large installations.
Then maybe corporations should either consider the morality of their business decisions or not freeload off of FLOSS without giving back to the community?
Corporations are giving back the code, most of the great open souce projects like Linux, Android, Clang and so on are the direct result of corporations giving back. I don't know how you suppose a corporation should be considering the morality of something that happens elsewhere far beyond the reach of this corporation. This action potentially broke a lot of things for people who may be as removed from the whole US as possible.
Chef didn't have to enter into the agreement with ICE. That's the point here.
The world is so hyper-connected in this day and age, that's highly unlikely.
It's true, they didn't have to do it, but there are two sides here - the progmatic and realistic one and a hot-headed and otrageous one.
The progmatic one is to ask yourself what is better for everyone here? Chef is a public distribution system, anyone gets to clone code via it. It is also open souce, hence everything Chef as a company contributes to the Chef the software benefits everyone. So having an extra source of income for Chef is good, because their efforts get to be shared and their work is public anyway.
And then there is a way of the outrage, which is to drag a nneutral company into political polarization. Willingly or not, this guy forced Chef into a posotion that they can only loose from - now they can either retire the contract, loose money this way and potentially futher contracts with people who would view their actions as an anti-US action, or keep it and loose on the other end for being a pro-US company and take a hit in their public image. However regardless of these two options that would mean that the US agency still gets to use all the code that it wants to.
TL;DR: This guy tries to hurt an organisation he doesn't like but ends up hurting anything but the organization in question.
The pragmatic one is to ask what is the more moral choice, the choice that is likely to stage an effective protest and get people talking about Chef's readiness to cozy up to evil organizations.
Chef is a large enough company that a small contract with ICE doesn't make much of a difference in their bottom line. This is a flawed argument.
They dragged themselves into it by selling their services to ICE and refusing any objections made by their employees or contributors.
It's literally impossible to calculate any and all future contract losses, and that's one hell of a spin for choosing not to contribute to a US organization that cruelly separates families for no good reason and throws kids in cages. Oh, and the whole "indefinite detention while not providing basic healthcare, all but ensuring people will die" bit.
It's interesting that you don't think that being a "pro-US" company (another bit of spin, as it's really pro-ICE and pro-cruelty), wouldn't lose them contracts or money...
But they wouldn't receive support and they would have a harder time doing it.
By your same logic, however he didn't really hurt anyone, did he?
For most licences, authors retain considerable property rights, and do not surrender ownership. They retain the ability to license the code however they wish, under any other licence, and also may retain other rights (trademark, restriction of marketing use of attribution, etc). For most licences, authors don't even need to make the software free of charge or publicly available. The only right, for the most part, that they give licensees is the right to use the software, obtain the source, modify the software, and redistribute the software, often only under the same licence terms.
This is not at all the same as surrendering ownership, eg, through copyright transfer or something like CC0.
It all boils down to what is your defenition of ownership is, because to me having a code under any open source license is akin to letting the gene out of the bottle - yes, you can re-license the code to a third party or make a new version under a new license, but the code that is already made public is not going to be affected - it's out and it's done. You can sell open software, but our topic athand concerns middleware, so that's a bit irrelevant. IMO you don't really own any open sourced code, since ownership is, by defenision, exclusive, and while there are some strings attached to some licenses exclusivity is ruled out as long as redistribution is free and open.
https://opensource.org/licenses
Why would a terrorist care about the license? If the license has "no terrorists or institutions I dislike, please", why would an organisation whose existence is illegal and/or immoral care at all? Who defines evil?
The amount of ignorance and call to emotions rhetoric here is saddening.
You're missing the fact that this is a library, so if it doesn't exist then anything trying to use it will not work.
Unless you already had it installed, which you do, because you were already using it. All you did was shoot future users in the foot, The Bad will continue to Bad.
I think you'd have to limit forking and distribution, so that only the author can publish the code. Then they could publish it on servers that allow them to set and revoke permissions.
This is how copyright law normally works. When you publish some of your writing, people can't legally redistribute it unless you allow it. (With caveats for fair use, etc.)
Or maybe do something like the creative commons non-commercial license?
Of course, then it's not open source anymore.
They're not putting any restrictions on how the software is used, they're just refusing to distribute it themselves.
Most companies that have done open-core or gone closed-source will leave up the older releases that were under a free/open source license. Or if they don't, a mirror will pop up.
In a few other cases, the source code may be under a FOSS license but is only given to paying customers (who have a slight disincentive to just give away the code for $0/free).
Chef made a blog post about this today: https://blog.chef.io/2019/09/23/an-important-update-from-chef/
I have seen questions of FOSS definition(s) in this topic, so I’m starting this thread to help clarify.
OSI has the Open Source Definition, which is summarised in the following rules, commonly referred to OSD1 to OSD10:
There is also the FSF which defines Free Software as software that gives its users the following four freedoms, commonly referred to as freedom 0-4:
Before someone mentions the differences between the two (happy to discuss if someone is really into this stuff), here’s it is from the horse’s mouth (Bruce Perens, the author of the Open Source Definition):
This is surely not a bar I would want to be set. If it's open source, it's open source - you don't get to pick and choose who is using the code and for what, that's part of the appeal. Just imagine a corporation pulling something like that with their open source products and trying to sabotage the competition by restricting them from using the code.
What this person did is somewhat of a misguided childish tantrum more than anything else - not only the code is already out there and the license can't be changed, he is also attracting and empowering a certain type of people, that will try and push these types of actions without actually doing research into the why and how.
We have more than enough division in this community as it is, not only we have a hand full of very similar licenses that have to coexist, we also have multiple GUI frameworks, init systems, kernels, package managers and so on. With development split as it is the last thing I want is people further dividing the development efforts. You want to try and be holier-than-thou, a beacon of righteousness - all these things by trying to prevent "evil people" from using your code, I can be sympathetic to that, sure. But I don't thing this kind of segmentation is what FLOSS community can afford.
It's ridiculously easy to fork from a backup. Again, there was no restriction of code, only of distribution.
It was a protest, and an effective one at that. He caused the CTO of Chef to be forced to respond to the fact that they entered into a contract with ICE, and now many employees of Chef are joining in on the protest against ICE.
Can you detail this a bit? What "type" of people, and what kinds of actions?
On the contrary, if the FLOSS community is to thrive, it must absolutely come to terms with the idea that people's code can be used for evil purposes, and how can we best rectify the communistic nature of FLOSS with the corporatist nature of most large software companies?
Reporters, activists, politicians - anyone who can use a drama to create moral panic in order to apply pressure on any organization, community and so on, consequences be damned. You can call them the ambulance chasers of the internet.
The very idea of FLOSS is that the code should be public and free, open for modification, porting, adoption, study, etc. This is is mutually exclusive with purpose and the xoncept of "evil", because publicity removes any kind of exclusivity. "Evil" can not be excluded or discriminated against if everything is public. And any attempt to limit the publicity or the availability of code is hurtingthe FLOSS movement, not improving it.
I call them the protestors of an unjust system. You claim they don't understand the consequences, but I think that has more to do with your assessment than any knowledge on their side.
"Moral panic" is a bit dismissive when we are cruelly separating families and throwing kids into cages at a record rate.
Yes, but just because the code is public and free does not mean the distribution networks are open and free.
On the contrary, if everything is public, it becomes far easier to ensure that evil is given a harder time.
Check if the IP range comes from the DOD and block. Make slight inaccuracies if you detect code being run inside of organizations you dislike.
It's all open source and free for modification, but it'll be a pain for these organizations to use your code unless they stop being shitty.
This is factually true, but my point is that there is no actual way of preventing the code from getting into anyone's hands. Distribution networks can be private and exclusive, but exclusion doesn't really work in open source spaces very well. You can't reasonably expect to keep anything that can bee freely copied to be exclusive in any way, that's why we have piracy to this day.
The measures you've described are nothing but a farce that, once again, sets a bar that I don't thing you want to set. Hell, GPLv3 had been made in part to prevent some greasy limiting practices in open source - like companies that open source the code that runs inside a customer's device that can't be reflashed or modded. "Detecting" where the code runs to sabotage it is a horrible idea. Just imagine a corporation doing that for whatever reason.
Nope, but Chef doesn't have to make money off of it, either. And that was really the point here, to get Chef and its employees thinking about why Chef is profiting off of their code being used by evil companies/organizations.
It's not a farce, it's a protest.
So? It's FOSS. Don't like it, don't use it, or modify it to your liking. The point is slowing down the bad organizations and speeding up the good ones.
Exactly. There's no guarantee that free/open source licensed code has to be available on the internet for free. It only needs to be available to those that have the binaries. It's possible to give away GPL/Apache/AGPL/MIT code only to paying customers who are paying for your product/service.
Any sufficiently useful project should offer a monthly and yearly license/support fee. Why? Small businesses that use FOSS can then deduct those as expenses which is a big boost. I'd gladly hand over $15/month to LibreOffice or $5/month to a smaller project if I could deduct it as part of my business expenses.
For big companies, that would turn the code into a budget item and no longer give a free lunch. Big companies right now rely on the fact that the developer salaries are already paid for and with that they can use that one item, salary, to cover the expense of finding $0-cost FOSS libraries or developing alternatives, because the development time is already paid for even if it means the project takes a bit longer. Big companies already had a process for purchasing proprietary licensed software, it's time that FOSS takes advantage of that (through dual-licensing or just charging a fee, no matter how small).