Re: Classification of the APSL as non-DFSG-compliant

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

Mihai Moldovan
* On 4/20/20 9:03 AM, John Paul Adrian Glaubitz wrote:

> Secondly, for the APSL-1.2, it seems that the only clause that makes the
> license non-DFSG-compliant is this one:
>
>  > (c)  You must make Source Code of all Your Deployed Modifications publicly
>  >      available under the terms of this License, including the license grants
>  >      set forth in Section 3 below, for as long as you Deploy the Covered Code
>  >      or twelve (12) months from the date of initial Deployment, whichever is
>  >      longer. You should preferably distribute the Source Code of Your Deployed
>  >      Modifications electronically (e.g. download from a web site); and
>
> It was claimed in [6] that this clause makes the APSL-1.2 non-DFSG-compliant as it's
> not possible for Debian to keep every single modification around for at least
> 12 months.
>
> This claim may have been valid in 2001, but I think it does not hold up for
> 2020 since source code to packaging in Debian is usually maintained in
> Salsa or Github and therefore keeping all modifications available for 12
> months and longer, plus there is Debian Snapshots [7] which keeps a older
> versions of a package around as well - including source code.

It may or may not fail the Desert Island Test, depending on how broad "publicly"
is interpreted.

While it may not be a huge (technical) problem for the Debian Project to comply
to this term specifically, any user (and modifier) of this code would need to
find a way to publish their own modifications for at least the given time - and
maybe even longer based on their "deployment" (which includes current usage).
This sounds like a pretty difficult thing to do for individuals.



Mihai

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

Tobias Frost-3
On Mon, Apr 20, 2020 at 10:06:23AM +0200, Mihai Moldovan wrote:

> * On 4/20/20 9:03 AM, John Paul Adrian Glaubitz wrote:
> > Secondly, for the APSL-1.2, it seems that the only clause that makes the
> > license non-DFSG-compliant is this one:
> >
> >  > (c)  You must make Source Code of all Your Deployed Modifications publicly
> >  >      available under the terms of this License, including the license grants
> >  >      set forth in Section 3 below, for as long as you Deploy the Covered Code
> >  >      or twelve (12) months from the date of initial Deployment, whichever is
> >  >      longer. You should preferably distribute the Source Code of Your Deployed
> >  >      Modifications electronically (e.g. download from a web site); and
> >
> > It was claimed in [6] that this clause makes the APSL-1.2 non-DFSG-compliant as it's
> > not possible for Debian to keep every single modification around for at least
> > 12 months.
> >
> > This claim may have been valid in 2001, but I think it does not hold up for
> > 2020 since source code to packaging in Debian is usually maintained in
> > Salsa or Github and therefore keeping all modifications available for 12
> > months and longer, plus there is Debian Snapshots [7] which keeps a older
> > versions of a package around as well - including source code.
>
> It may or may not fail the Desert Island Test, depending on how broad "publicly"
> is interpreted.

For sure it fails the Dissident Test.
 

> While it may not be a huge (technical) problem for the Debian Project to comply
> to this term specifically, any user (and modifier) of this code would need to
> find a way to publish their own modifications for at least the given time - and
> maybe even longer based on their "deployment" (which includes current usage).
> This sounds like a pretty difficult thing to do for individuals.
>
>
>
> Mihai
>

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

John Paul Adrian Glaubitz
On 4/20/20 10:28 AM, Tobias Frost wrote:

>>> This claim may have been valid in 2001, but I think it does not hold up for
>>> 2020 since source code to packaging in Debian is usually maintained in
>>> Salsa or Github and therefore keeping all modifications available for 12
>>> months and longer, plus there is Debian Snapshots [7] which keeps a older
>>> versions of a package around as well - including source code.
>>
>> It may or may not fail the Desert Island Test, depending on how broad "publicly"
>> is interpreted.
>
> For sure it fails the Dissident Test.
Does it? The part which requires the availability of the source changes explicitly
talks about deployment of the software, i.e. distribution, not personal use which
would be the criteria for the dissident test.

If I'm using the software for myself and modify it, I'm free to keep the modifications
to myself unless I distribute the software, so I don't think the clause would fail
the test.

Adrian

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [hidden email]
`. `'   Freie Universitaet Berlin - [hidden email]
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

Mihai Moldovan
* On 4/20/20 10:48 AM, John Paul Adrian Glaubitz wrote:
>> For sure it fails the Dissident Test.
> Does it? The part which requires the availability of the source changes explicitly
> talks about deployment of the software, i.e. distribution, not personal use which
> would be the criteria for the dissident test.
>
> If I'm using the software for myself and modify it, I'm free to keep the modifications
> to myself unless I distribute the software, so I don't think the clause would fail
> the test.

Yes, but the Dissident Test explicitly includes distribution to friends.



Mihai

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

John Paul Adrian Glaubitz
On 4/20/20 11:04 AM, Mihai Moldovan wrote:

> * On 4/20/20 10:48 AM, John Paul Adrian Glaubitz wrote:
>>> For sure it fails the Dissident Test.
>> Does it? The part which requires the availability of the source changes explicitly
>> talks about deployment of the software, i.e. distribution, not personal use which
>> would be the criteria for the dissident test.
>>
>> If I'm using the software for myself and modify it, I'm free to keep the modifications
>> to myself unless I distribute the software, so I don't think the clause would fail
>> the test.
>
> Yes, but the Dissident Test explicitly includes distribution to friends.

I don't think that sharing your software with friends qualifies to the term
"Software Deployment" that Apple is talking about here. Personal Use is
explicitly excluded from the deployment term, even when the source is distributed.

In 1.4, the license states:

> 1.4  "Deploy" means to use, sublicense or distribute Covered Code other than
>       for Your internal research and development (R&D) and/or Personal Use,
>       and includes without limitation, any and all internal use or distribution
>       of Covered Code within Your business or organization except for R&D use
>       and/or Personal Use, as well as direct or indirect sublicensing or
>       distribution of Covered Code by You to any third party in any form or manner.

It's pretty obvious from this clause that the requirement to provide the sources
of your modifications for at least 12 months applies to commercial distribution
only.

Adrian

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [hidden email]
`. `'   Freie Universitaet Berlin - [hidden email]
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

Tobias Frost-3
On Mon, Apr 20, 2020 at 11:13:48AM +0200, John Paul Adrian Glaubitz wrote:

> On 4/20/20 11:04 AM, Mihai Moldovan wrote:
> > * On 4/20/20 10:48 AM, John Paul Adrian Glaubitz wrote:
> >>> For sure it fails the Dissident Test.
> >> Does it? The part which requires the availability of the source changes explicitly
> >> talks about deployment of the software, i.e. distribution, not personal use which
> >> would be the criteria for the dissident test.
> >>
> >> If I'm using the software for myself and modify it, I'm free to keep the modifications
> >> to myself unless I distribute the software, so I don't think the clause would fail
> >> the test.
> >
> > Yes, but the Dissident Test explicitly includes distribution to friends.
>
> I don't think that sharing your software with friends qualifies to the term
> "Software Deployment" that Apple is talking about here. Personal Use is
> explicitly excluded from the deployment term, even when the source is distributed.
>
> In 1.4, the license states:
>
> > 1.4  "Deploy" means to use, sublicense or distribute Covered Code other than
> >       for Your internal research and development (R&D) and/or Personal Use,
> >       and includes without limitation, any and all internal use or distribution
> >       of Covered Code within Your business or organization except for R&D use
> >       and/or Personal Use, as well as direct or indirect sublicensing or
> >       distribution of Covered Code by You to any third party in any form or manner.
>
> It's pretty obvious from this clause that the requirement to provide the sources
> of your modifications for at least 12 months applies to commercial distribution
> only.

Distributing to friends may cross the line of personal use. And !"personal use" != "commercial use".
(I define "personal use" as individual use; not use of a group.)

Also, there may be an Dissident Inc; also that needs the Dissident Test to pass.

The last sentence reads to me that distributiong to 3rd parties is Deployment.
Your dissident friend is a "third party".

However, if it is the intention of that paragraph that commercial use is to be
treated differently, this alone would alone is a reason to call a license
non-free (DFSG §6).

> Adrian
>
> --
>  .''`.  John Paul Adrian Glaubitz
> : :' :  Debian Developer - [hidden email]
> `. `'   Freie Universitaet Berlin - [hidden email]
>   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913
>

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

John Paul Adrian Glaubitz
On 4/20/20 12:15 PM, Tobias Frost wrote:

>> It's pretty obvious from this clause that the requirement to provide the sources
>> of your modifications for at least 12 months applies to commercial distribution
>> only.
>
> Distributing to friends may cross the line of personal use. And !"personal use" != "commercial use".
> (I define "personal use" as individual use; not use of a group.)
>
> Also, there may be an Dissident Inc; also that needs the Dissident Test to pass.
>
> The last sentence reads to me that distributiong to 3rd parties is Deployment.
> Your dissident friend is a "third party".
>
> However, if it is the intention of that paragraph that commercial use is to be
> treated differently, this alone would alone is a reason to call a license
> non-free (DFSG §6).

How is that different from the GPL-2 which mandates three years of distribution
for non-personal distribution. I have the impression that you are applying
double-standards here.

Any commercial product using GPL-2 must share the source code publicly, the
same applies to the APSL-1.2. There is no difference.

Adrian

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [hidden email]
`. `'   Freie Universitaet Berlin - [hidden email]
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

Tobias Frost-3
On Mon, Apr 20, 2020 at 12:22:52PM +0200, John Paul Adrian Glaubitz wrote:

> On 4/20/20 12:15 PM, Tobias Frost wrote:
> >> It's pretty obvious from this clause that the requirement to provide the sources
> >> of your modifications for at least 12 months applies to commercial distribution
> >> only.
> >
> > Distributing to friends may cross the line of personal use. And !"personal use" != "commercial use".
> > (I define "personal use" as individual use; not use of a group.)
> >
> > Also, there may be an Dissident Inc; also that needs the Dissident Test to pass.
> >
> > The last sentence reads to me that distributiong to 3rd parties is Deployment.
> > Your dissident friend is a "third party".
> >
> > However, if it is the intention of that paragraph that commercial use is to be
> > treated differently, this alone would alone is a reason to call a license
> > non-free (DFSG §6).
>
> How is that different from the GPL-2 which mandates three years of distribution
> for non-personal distribution. I have the impression that you are applying
> double-standards here.
>
> Any commercial product using GPL-2 must share the source code publicly, the
> same applies to the APSL-1.2. There is no difference.

No. the GPL requires you only to give the sources to the recipient of the work,
not to everyone which is the defintiopn of "publicily" [1].

[1] https://dictionary.cambridge.org/dictionary/english/publicly

> Adrian
>
> --
>  .''`.  John Paul Adrian Glaubitz
> : :' :  Debian Developer - [hidden email]
> `. `'   Freie Universitaet Berlin - [hidden email]
>   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

Mihai Moldovan
* On 4/20/20 12:32 PM, Tobias Frost wrote:
>>> Distributing to friends may cross the line of personal use. And !"personal use" != "commercial use".
>>> (I define "personal use" as individual use; not use of a group.)
>>>
>>> Also, there may be an Dissident Inc; also that needs the Dissident Test to pass.

Or something like an NGO, which strictly is also a business (even if not for
profit).


>>> The last sentence reads to me that distributiong to 3rd parties is Deployment.
>>> Your dissident friend is a "third party".
>>>
>>> However, if it is the intention of that paragraph that commercial use is to be
>>> treated differently, this alone would alone is a reason to call a license
>>> non-free (DFSG §6).

No discrimination against fields of endeavor and commercial use. Yep.


>> How is that different from the GPL-2 which mandates three years of distribution
>> for non-personal distribution. I have the impression that you are applying
>> double-standards here.
>>
>> Any commercial product using GPL-2 must share the source code publicly, the
>> same applies to the APSL-1.2. There is no difference.
>
> No. the GPL requires you only to give the sources to the recipient of the work,
> not to everyone which is the defintiopn of "publicily" [1].

Additionally, the "three-year clause" in the GPL v2 is an option (which can
easily be circumvented by choosing a different option, e.g., to always
distribute binaries and source at the same time) for a written *offer* to
distribute sources upon request by the binary recipient.

The key difference here is "public" vs. "recipient". For instance, in the Desert
Island Test, an entity that is unable to communicate with the island can neither
receive binaries nor request source distribution, which is fine.



Mihai

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

John Paul Adrian Glaubitz
In reply to this post by Tobias Frost-3
On 4/20/20 12:32 PM, Tobias Frost wrote:
>> Any commercial product using GPL-2 must share the source code publicly, the
>> same applies to the APSL-1.2. There is no difference.
>
> No. the GPL requires you only to give the sources to the recipient of the work,
> not to everyone which is the defintiopn of "publicily" [1].

I don't see any difference from a distribution point of view. Apple's APSL
is even less restrictive than the GPL-2 here as it does not require you
to share your modifications among your friends or for R&D. The GPL-2
requires that, the APSL not.

Furthermore, the question that is relevant for the dissident test - that
was used as argument for calling the license non-free - is whether sharing
your modifications with your friends would require you to make these
modifications public. And that is clearly not the case.

And, devdisk_cmds (which is what hfsprogs is derived from) is part of the
Fedora main distribution [1]. So RedHat's lawyers seem to agree that the
license can be considered free. It's not distributed in openSUSE for the
moment, but as a SUSE employee, I should be able to ask our lawyers.

In any case, I will be contacting Apple now and I will ask for their assessment
as I don't think we're getting further in this discussion if the goal posts
keep moving.

Thanks,
Adrian

> [1] https://src.fedoraproject.org/rpms/hfsplus-tools/

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [hidden email]
`. `'   Freie Universitaet Berlin - [hidden email]
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

John Paul Adrian Glaubitz
In reply to this post by Mihai Moldovan
On 4/20/20 12:54 PM, Mihai Moldovan wrote:
> * On 4/20/20 12:32 PM, Tobias Frost wrote:
>>>> Distributing to friends may cross the line of personal use. And !"personal use" != "commercial use".
>>>> (I define "personal use" as individual use; not use of a group.)
>>>>
>>>> Also, there may be an Dissident Inc; also that needs the Dissident Test to pass.
>
> Or something like an NGO, which strictly is also a business (even if not for
> profit).

I will check that with Apple Legal but I don't consider it a problem for an
organization to share the sources along their binaries.

>>>> The last sentence reads to me that distributiong to 3rd parties is Deployment.
>>>> Your dissident friend is a "third party".
>>>>
>>>> However, if it is the intention of that paragraph that commercial use is to be
>>>> treated differently, this alone would alone is a reason to call a license
>>>> non-free (DFSG §6).
>
> No discrimination against fields of endeavor and commercial use. Yep.

I don't see how it's explicitly discriminating commercial use when this rule applies
to non-commercial use as well (see 1.8). If you distribute the source publicly, you
also have to share the sources.

>>> How is that different from the GPL-2 which mandates three years of distribution
>>> for non-personal distribution. I have the impression that you are applying
>>> double-standards here.
>>>
>>> Any commercial product using GPL-2 must share the source code publicly, the
>>> same applies to the APSL-1.2. There is no difference.
>>
>> No. the GPL requires you only to give the sources to the recipient of the work,
>> not to everyone which is the defintiopn of "publicily" [1].
>
> Additionally, the "three-year clause" in the GPL v2 is an option (which can
> easily be circumvented by choosing a different option, e.g., to always
> distribute binaries and source at the same time) for a written *offer* to
> distribute sources upon request by the binary recipient.

You effectively have the same option for the APSL as well. If you ship your
modifications along binaries - which we do - as well from the beginning, I
don't see how you are violating against the APSL.

The only difference between GPL and ASPL is here how long you have to share
your modifications when you are not shipping the sources with the binary.

> The key difference here is "public" vs. "recipient". For instance, in the Desert
> Island Test, an entity that is unable to communicate with the island can neither
> receive binaries nor request source distribution, which is fine.

I think that the use case of a business on a remote island which is modifying
and distributing software is a very constructed situation.

It's also not described in the dissident test.

But I will ask Apple and SUSE legal.

Thanks,
Adrian

--
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - [hidden email]
`. `'   Freie Universitaet Berlin - [hidden email]
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

Tobias Frost-3
In reply to this post by John Paul Adrian Glaubitz
On Mon, Apr 20, 2020 at 01:14:15PM +0200, John Paul Adrian Glaubitz wrote:

> On 4/20/20 12:32 PM, Tobias Frost wrote:
> >> Any commercial product using GPL-2 must share the source code publicly, the
> >> same applies to the APSL-1.2. There is no difference.
> >
> > No. the GPL requires you only to give the sources to the recipient of the work,
> > not to everyone which is the defintiopn of "publicily" [1].
>
> I don't see any difference from a distribution point of view. Apple's APSL
> is even less restrictive than the GPL-2 here as it does not require you
> to share your modifications among your friends or for R&D. The GPL-2
> requires that, the APSL not.

That is not the point. Excess distribution is the problem. I have to offer the
code to people I have not interacted with.
(And the license does not say anything about friends, just about RD departements)

> Furthermore, the question that is relevant for the dissident test - that
> was used as argument for calling the license non-free - is whether sharing
> your modifications with your friends would require you to make these
> modifications public. And that is clearly not the case.

As said, IMHO, distributing to the friend of a dissident is considered as Deployment.

> And, devdisk_cmds (which is what hfsprogs is derived from) is part of the
> Fedora main distribution [1]. So RedHat's lawyers seem to agree that the
> license can be considered free. It's not distributed in openSUSE for the
> moment, but as a SUSE employee, I should be able to ask our lawyers.
>
> In any case, I will be contacting Apple now and I will ask for their assessment
> as I don't think we're getting further in this discussion if the goal posts
> keep moving.

You should contact ftp masters. their opinion is authorative in Debian.
Not that of Fedora, Red Hat and not that of Apple.

But maybe Apple is willing to relicnese it to Apache 2.0, then it would be
worth a try. (ASFAIK they did so with some projets having this license)

> Thanks,
> Adrian
>
> > [1] https://src.fedoraproject.org/rpms/hfsplus-tools/
>
> --
>  .''`.  John Paul Adrian Glaubitz
> : :' :  Debian Developer - [hidden email]
> `. `'   Freie Universitaet Berlin - [hidden email]
>   `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply | Threaded
Open this post in threaded view
|

Re: Classification of the APSL as non-DFSG-compliant

Francesco Poli (wintermute)
On Mon, 20 Apr 2020 13:39:19 +0200 Tobias Frost wrote:

> On Mon, Apr 20, 2020 at 01:14:15PM +0200, John Paul Adrian Glaubitz wrote:
[...]
> > I don't see any difference from a distribution point of view. Apple's APSL
> > is even less restrictive than the GPL-2 here as it does not require you
> > to share your modifications among your friends or for R&D. The GPL-2
> > requires that, the APSL not.
>
> That is not the point. Excess distribution is the problem. I have to offer the
> code to people I have not interacted with.
> (And the license does not say anything about friends, just about RD departements)

Exactly.

Dear John, as has already been told you by Tobias and Mihai, the key
difference between the GNU GPL v2 and the APSL v1.2 (here) is that
the GPL only requires to make source code available to recipients of
object code, while the APSL requires to make source code *publicly*
available, if you just send modified object code of one friend (which
is a third party) or even if you just use modified object code
internally within your business or organization (for anything that is
not R&D or personal use).

Moreover, the APSL always requires you to continue making source code
*publicly* available for at least 12 months, while the written offer is
only *one* of the options to comply with the GPL: the other option is
offering source code along with object code and never having to worry
again about the thing.

>
> > Furthermore, the question that is relevant for the dissident test - that
> > was used as argument for calling the license non-free - is whether sharing
> > your modifications with your friends would require you to make these
> > modifications public. And that is clearly not the case.
>
> As said, IMHO, distributing to the friend of a dissident is considered as Deployment.

I agree with Tobias here.
Quoting the [APSL v1.2]:

[...]
| 1.4  "Deploy" means
[...]
| as well as
[...]
| distribution of Covered Code by You to any third party in any form
| or manner.
[...]

[APSL v1.2]: <https://opensource.apple.com/source/hfs/hfs-522.0.9/APPLE_LICENSE>

[...]
> But maybe Apple is willing to relicnese it to Apache 2.0, then it would be
> worth a try. (ASFAIK they did so with some projets having this license)

This would be a good outcome.
I really hope Apple may be persuaded to re-license hfsprogs under the
terms of the [Apache License v2.0].

[Apache License v2.0]: <https://www.apache.org/licenses/LICENSE-2.0.txt>


--
 http://www.inventati.org/frx/
 There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
 GnuPG key fpr == CA01 1147 9CD2 EFDF FB82  3925 3E1C 27E1 1F69 BFFE

attachment0 (849 bytes) Download Attachment