[zen@freedbms.net: Veracrypt license - how to change it]

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[zen@freedbms.net: Veracrypt license - how to change it]

Zenaan Harkness-2
My other email addy is still banned for life from all debian lists it
seems, so forwarding the below as it may be of interest to some.

Regards,
Zenaan


----- Forwarded message from Zenaan Harkness <[hidden email]> -----

From: Zenaan Harkness <[hidden email]>
To: [hidden email], [hidden email]
Cc: CypherPunks <[hidden email]>, [hidden email], [hidden email]
Date: Wed, 7 Aug 2019 17:28:53 +1000
Subject: Veracrypt license - how to change it

Hi Stephen, I'm hoping you will know who to contact.

The Veracrypt code and therefore license inherits from TrueCrypt.

The TrueCrypt code license is declared by the FSF to be a non-free
software license, and has been determined by the Debian community to
be not distributable by Debian due to its terms.

Truecrypt maintained an aloof/ not contactable type of arrangement
with the public, then disappeared altogether.

In the interests of having Veracrypt be distributable by Debian,
all Veracrypt code must be licensed accordingly.

This can be done by public notice (see below).

Doing so would be somewhat similar to how the MAME community caused
their source code license to be changed from "problematic for Debian/
the FSF etc" into something distributable by Debian etc (I think they
went to GPL).


Here's what the Veracrypt community would need to do:

 - make a public announcement that they will, after DURATION say 1
   year, change the license to all outstanding source code inherited
   from TrueCrypt, to be Apache/GPL/whatever

 - include in the announcement that any party objecting must contact
   the developers at BLAH (email list address, or list of developer
   email addresses)

 - wait the DURATION

 - change the source files to reflect the license change, to be the
   new license as declared DURATION period prior


The announcement needs to be published and made generally publicly
available - e.g. at Slashdot, LWN, on the Veracrypt home page, etc.


Legally, this does a few things:

 - gives general public Notice (legal concept), that something will
   be done in the future, thus satisfying the general duty of care to
   the public that something will be done which may affect the
   interests of the public

 - gives the only possible notice available to be given to the
   original developers (assuming they are no longer contactable)

 - provides a genuine and reasonable opportunity for any affected
   parties to contact the Veracrypt developers and make an actual
   objection

 - parties who remain silent, are thereafter (after time period
   DURATION) "taken to have tacitly consented"


The above is legally sufficient to make such a change, and the MAME
community is at least one example where this legal technique of
Public Notice has been used effectively.


If no objections are raised by anyone in DURATION time period, then
the Veracrypt developers can at that point unilaterally change the
license to be the new/ newly declared license.

If an objection -is- raised, and if the person objecting is an actual
copyright holder of certain Truecrypt code, then that particular code
can thereafter be rewritten.  Other than this, objections are
unlikely to be legally substantive and may well be able to be
ignored.  Notwithstanding, all objections should be responded to as
to what position is being taken in relation to that objection (this
is part of the duty of care to the general public/ others in our
community).


Kind regards,
Zenaan


----- End forwarded message -----

Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Mihai Moldovan
* On 8/7/19 9:31 AM, Zenaan Harkness wrote:
> In the interests of having Veracrypt be distributable by Debian,
> all Veracrypt code must be licensed accordingly.
>
> This can be done by public notice (see below).

Re-licensing can be a difficult, lengthy process and - as far as I've seen in
the one case I observed and took part in (mpv's core re-licensing, which started
in 2015 and is more or less done at the current time, but still not completely
finished) - doesn't work the way you'd like to have it.


> Doing so would be somewhat similar to how the MAME community caused
> their source code license to be changed from "problematic for Debian/
> the FSF etc" into something distributable by Debian etc (I think they
> went to GPL).

Skimming over articles, this situation looks different. The MAME project didn't
just inherit/fork code from another developer team, but was always headed by the
MAME development team itself, with changing personnel. Crucially, the project
lead that initiated the license change has already been head for 3 years at the
time, so I figure he'd be part of the project to some degree/contributing to it
for an even longer time already.

If anything, this example shows that re-licensing can be pretty easy IFF you
control most code and contributors can be easily reached (they obviously have
contacted contributors individually as well, not just issued this "public
notice"), but even that process is dodgy as best, as it wasn't carried out in
the public, as far as I can tell. There was no way to observe it.


> Here's what the Veracrypt community would need to do:
>
>  - make a public announcement that they will, after DURATION say 1
>    year, change the license to all outstanding source code inherited
>    from TrueCrypt, to be Apache/GPL/whatever

... and effectively ignore the original authors's copyright and original license.


>  - include in the announcement that any party objecting must contact
>    the developers at BLAH (email list address, or list of developer
>    email addresses)

That's not the way this stuff works. You have to assume objection UNTIL given
permission. I wonder if that would be a fitting metaphor: a burglar justifying
his actions by giving the sleeping original occupants an ample amount of time,
say, 10 minutes, to answer the question if they'd be okay with him taking
valuables. Since they haven't responded, he assumed that it's fine to proceed.
More tongue-in-cheek, naturally, but still somewhat fitting.


> The announcement needs to be published and made generally publicly
> available - e.g. at Slashdot, LWN, on the Veracrypt home page, etc.

Ugh, I didn't yet know I have to check these outlets regularly. Now I'm
terrified of having missed a lot of legal announcements for any project I ever
contributed to!


> Legally, this does a few things:
>
>  - gives general public Notice (legal concept), that something will
>    be done in the future, thus satisfying the general duty of care to
>    the public that something will be done which may affect the
>    interests of the public

I don't think this concept can be applied in this case. It might be a fine in
order to inform a mostly anonymous, but concerned mass, but the situation is
different here.

For instance, informing affected parties about upcoming communal changes via
public announcements/notices in the town hall (including about their legal right
to oppose the changes) is fine if the affected parties can not be easily
identified. Even if the administration had an up-to-date list of residents,
other affected parties might exist that are not registered at that place, but,
e.g. commuting.

On the other hand, this is not an acceptable procedure in legal proceedings that
involve a set of known parties. In this case, they must be notified explicitly.

This case is more alike the latter one.


>  - parties who remain silent, are thereafter (after time period
>    DURATION) "taken to have tacitly consented"

During the mpv re-licensing, code written/modified by unreachable contributors
was marked as not re-licensable and to be rewritten, which sounds like a much
saner approach.


> The above is legally sufficient to make such a change, and the MAME
> community is at least one example where this legal technique of
> Public Notice has been used effectively.

Again, I consider MAME's license change shady at best. A contributor with
considerable changes objecting to the change (even retrospectively, for instance
because the whole "public notice" thing didn't reach him) might easily pull the
project into interesting legal issues.

Having no public record likely doesn't help the case, neither.


> If an objection -is- raised, and if the person objecting is an actual
> copyright holder of certain Truecrypt code, then that particular code
> can thereafter be rewritten.  Other than this, objections are
> unlikely to be legally substantive and may well be able to be
> ignored.  Notwithstanding, all objections should be responded to as
> to what position is being taken in relation to that objection (this
> is part of the duty of care to the general public/ others in our
> community).

Careful, I very much misinterpreted that paragraph at first. My original reply
would have said "Wait, I may misunderstand this paragraph, but it sounds like
you're saying that code affected by direct objections *CAN*, but needs not, be
rewritten later on and that any objections would have no legal binding
whatsoever anyway and can be ignored?"

I assume that what you actually meant is that objections by non-contributors
have no legal binding and can be ignored, which is true, but also a tautologism.

----

The suggested approach sounds HIGHLY questionable to me. I personally fully
support the intention, but strictly oppose the mechanism.



Mihai


signature.asc (916 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Giovanni Mascellani-3
Hi,

Il 07/08/19 12:23, Mihai Moldovan ha scritto:
>>  - include in the announcement that any party objecting must contact
>>    the developers at BLAH (email list address, or list of developer
>>    email addresses)
> That's not the way this stuff works. You have to assume objection UNTIL given
> permission. I wonder if that would be a fitting metaphor: a burglar justifying
> his actions by giving the sleeping original occupants an ample amount of time,
> say, 10 minutes, to answer the question if they'd be okay with him taking
> valuables. Since they haven't responded, he assumed that it's fine to proceed.
> More tongue-in-cheek, naturally, but still somewhat fitting.

Agreed. There is no way to obtain tacit permission for anything except
what the copyright holder has already declared (except for copyright
expiration, but that takes veeery long). In order to relicense, explicit
permission must be given by each of the copyright holders. Exceptions
can possibly be made for trivial contributions by reasoning that they
are so simple that they cannot be considered copyrightable, but that's a
very risky way. If some copyright holder (or their heirs) cannot be
contacted or do not agree, their contributions must be removed and
possibly rewritten, and again this entails a lot of risk, because it's
on those who are relicensing to prove that they removed all the
contributions by such copyright holder and that what was written to
patch the removal is actually independent.

Giovanni.
--
Giovanni Mascellani <[hidden email]>
Postdoc researcher - Université Libre de Bruxelles


signature.asc (235 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Mihai Moldovan
* On 8/7/19 12:58 PM, Giovanni Mascellani wrote:

> Agreed. There is no way to obtain tacit permission for anything except
> what the copyright holder has already declared (except for copyright
> expiration, but that takes veeery long). In order to relicense, explicit
> permission must be given by each of the copyright holders. Exceptions
> can possibly be made for trivial contributions by reasoning that they
> are so simple that they cannot be considered copyrightable, but that's a
> very risky way. If some copyright holder (or their heirs) cannot be
> contacted or do not agree, their contributions must be removed and
> possibly rewritten, and again this entails a lot of risk, because it's
> on those who are relicensing to prove that they removed all the
> contributions by such copyright holder and that what was written to
> patch the removal is actually independent.
This said, there is the concept of abandonware, which is a specialization of
orphan works.

For such works, while the copyright is still valid and protected, the
rightholders might not pursue violations.

One might argue, and this might be what the original poster also intended to
say, that it's expected that the original authors won't interfere at all. Still,
that sounds like very thin ice to me.

Additionally, even just *using* orphan works might not be permissible in some
jurisdictions. That's not relevant for Truecrypt, since the license explicitly
allows that, but modifying the code's license is an entirely different beast.



Mihai


signature.asc (916 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Zenaan Harkness-2
In reply to this post by Giovanni Mascellani-3
On Wed, Aug 07, 2019 at 12:58:16PM +0200, Giovanni Mascellani wrote:
> Hi,
>
> Il 07/08/19 12:23, Mihai Moldovan ha scritto:
> >>  - include in the announcement that any party objecting must contact
> >>    the developers at BLAH (email list address, or list of developer
> >>    email addresses)

> > That's not the way this stuff works. You have to assume objection
> > UNTIL given permission.

So you say.  Your saying so does not make it true.

Actually, no, --I-- do not have to assume objection util given
permission.

That might trigger your personal sensibilities, but that is not
meaningful to me, except that you bring a legal action against me
personally.


> > I wonder if that would be a fitting metaphor: a burglar justifying
> > his actions by giving the sleeping original occupants an ample amount of time,
> > say, 10 minutes, to answer the question if they'd be okay with him taking
> > valuables. Since they haven't responded, he assumed that it's fine to proceed.
> > More tongue-in-cheek, naturally, but still somewhat fitting.
>
> Agreed.

Not agreed - not a reasonable metaphor.

A reasonable metaphor might be a maker space or some other public
space where some object has been anonymously left, and is being used
e.g. as a portable bench, then at some point in time, it becomes
apparent that the object is in fact a flying contraption, and folks
wonder whether or not they "have permission from the maker" to use
the contraption to fly beyond the walls of the maker shed, and
someone decides yes they do, but hey, let's put up a public notice
and give any possible objectors a few months to object.


> There is no way to obtain tacit permission for anything

Another completely unsubstantiated assertion.


> except what the copyright holder has already declared (except for
> copyright expiration, but that takes veeery long).  In order to
> relicense, explicit permission must be given by each of the
> copyright holders.

OK.  Perhaps a misunderstanding - to the extend that existing code
authors have provided valid contact means (email, post etc), then
attempt to contact them and provide the (1 or say 2 year relicensing
notice) must be made, or prima facie our public duty of care has not
been met.

Any intention to bypass the will of those who wish to make their will
known, is a prima facie undermining or bypassing of the will of those
who wish to make their will known (in relation to their own code).

Making all reasonable efforts to contact all copyright holders, is
part of the Public Notice legal mechanism, and part of our general
duty of care to be respectful of one another in the current statutory
regime that most of the West operates with...


> Exceptions can possibly be made for trivial
> contributions by reasoning that they are so simple that they cannot
> be considered copyrightable, but that's a very risky way.

Risky exactly how ??


> If some copyright holder (or their heirs) cannot be contacted or do
> not agree,

Conflation is a classic obfuscation technique which you might advise
yourself to not use. Here you have chosen to conflate two utterly
distinct legal (and legally relevant in the circumstances) concepts:

 - copyright holders not able to be contacted

 - copyright holders expressing their actual objection


> their contributions must be removed and possibly rewritten,

... and thus your conclusion is like a hand waving - having
intertwined two entirely separate circumstances in the conflation you
used, this next part ("must be removed") is a misleading and leading
assertion, which for legally robust discussion must be extracted from
the conflation - your assertion "must be removed" might be fully or
partially relevant for one of your conflated cases, for both of your
conflated cases, or for neither of your conflated cases, or some
partial combination.

Trying to "make the discussion go away" by use of such conflation is
not useful to clear thinking/ clear communication.



> and again this entails a lot of risk, because it's on those who are
> relicensing to prove that they removed all the contributions by
> such copyright holder and that what was written to patch the

... and the follow on is also problematic due to the prior
conflation.

"A lot of risk" is also non quantified and not even hinted at.

"Time cost" risk to untangle things in the future might be a
reasonable risk.

"Potential legal court case" might, or might not, be a financial
risk.

There might be other possible risks or costs, in either, or other of
the cases at issue - e.g. reputation.


> removal is actually independent.
>
> Giovanni.


Regarding tacit consent, the government, and e.g. the Federal Reserve
banks use tacit consent against us in morally corrupt ways all the
time. The government passes a "law" and it "is taken to be"
sacrosanct, unviolable, and any challenge must be by lawyers and
massive legal court cases that go all the way to the highest courts
on constitutional grounds, and this is the only way to challenge.

That's the myth which unfortunately prevails - and when folks wish to
exercise their rights individually and such living/ exercise of
rights is in opposition to a statute law, usually pay with a
government paid for court case against themselves.

And so the government, or rather the administration (the third arm)
get their nefarious statute created monopolies on many things - the
production of cotton and the suppression of hemp (for an old example)
- the banning of alcohol and other drugs at different times, creating
extremely lucrative black markets, the mandatory requirement in
certain jurisdictions to ensure your children attend the local
government brainwashing facility known as schools.

Corporations use tacit consent regularly too - Uber gets going in a
new city, and they assume the right to operate in the face of the
existing laws about Taxi cabs etc, and build they user base quickly
enough that by the time any court case gets going, they can have
financial, legal and government clout to get the laws changed - but
until that change happens, they operate under TACIT CONSENT - tacit
consent of the people, and tacit consent of the government.

Just because we are normally not taught about tacit consent, does not
mean that tacit consent does not exist, or is not used on a daily
basis all over the planet.

Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Zenaan Harkness-2
In reply to this post by Mihai Moldovan
On Wed, Aug 07, 2019 at 01:26:35PM +0200, Mihai Moldovan wrote:

> * On 8/7/19 12:58 PM, Giovanni Mascellani wrote:
> > Agreed. There is no way to obtain tacit permission for anything except
> > what the copyright holder has already declared (except for copyright
> > expiration, but that takes veeery long). In order to relicense, explicit
> > permission must be given by each of the copyright holders. Exceptions
> > can possibly be made for trivial contributions by reasoning that they
> > are so simple that they cannot be considered copyrightable, but that's a
> > very risky way. If some copyright holder (or their heirs) cannot be
> > contacted or do not agree, their contributions must be removed and
> > possibly rewritten, and again this entails a lot of risk, because it's
> > on those who are relicensing to prove that they removed all the
> > contributions by such copyright holder and that what was written to
> > patch the removal is actually independent.
>
> This said, there is the concept of abandonware, which is a specialization of
> orphan works.
>
> For such works, while the copyright is still valid and protected, the
> rightholders might not pursue violations.
>
> One might argue, and this might be what the original poster also intended to
> say, that it's expected that the original authors won't interfere at all. Still,
> that sounds like very thin ice to me.

Yes, this is much closer to the intention the OP posited.


> Additionally, even just *using* orphan works might not be permissible in some
> jurisdictions. That's not relevant for Truecrypt, since the license explicitly
> allows that, but modifying the code's license is an entirely different beast.

Let's not devolve into generalisations.

We wants our precious Veracrypt in Debian proper, we wants.

To the extent that the old authors of Truecrypt are contactable, they
ought of course be contacted. I believe, from memory of the last time
I looked into this, that said authors are no longer (at least easily)
contactable.

Putting that Truecrypt code into something like an abandonware
category.


Just a little 'nother point on the tacit consent issue - I think it
was Ubuntu that took an arguable leap of faith vis a vis ZFS, got
some legal advice to support their position, and plunged into a
somewhat unknown.

To a real degree, the initial bind of ZFS into a *Linux distribution,
was putting upon Oracle (the ZFS copyright holders) an assertion of
tacit consent.

Now it seems Debian has been willing to take the same position.

And now some significant time has passed - 2 years or more?

There are certain time periods which are also significant legally,
such as 7 years for example.

After a couple of years, it can and would be argued that Oracle had
full and fair, and entirely public notice, that Ubuntu (and now
others including Debian) are distributing ZFS in certain ways, and
if they now brought a court case after such substantial period of
time, that could be argued to be bad faith on their part - they
should have spoken up earlier. This is not necessarily binding or
conclusive in the favour of Ubuntu, as final decisions are a matter
for the courts.

BUT, duty of care, and tacit consent over various time durations, are
real, actual legal concepts and significant depending on the specific
circumstances of any particular case.

And of course, and especially in the case of Truecrypt/ Veracrypt, it
is entirely likely, especially after a substantial couple of years of
careful and comprehensive public notice, that no court case would
ever follow.

That's as good an outcome as we can collectively achieve, and IMEHO,
an outcome worth doing.

Timid snowflakes need not apply, and especially those who (prefer
to?) live in fear, please consider carefully the world you wish to
create, going forward, and how your words affect the thinking of
others and ultimately how your words affect our shared common
delusions...

Good luck, and remember, you -do- in fact help create your world with
every thought, every word, every deed and every emotion.

So let's spend our attention, our thoughts and our deeds wisely,
assuming the highest intentions in our fellow Souls in this shared
world.

Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Zenaan Harkness-2
In reply to this post by Mihai Moldovan
On Wed, Aug 07, 2019 at 12:23:37PM +0200, Mihai Moldovan wrote:

> * On 8/7/19 9:31 AM, Zenaan Harkness wrote:
> > In the interests of having Veracrypt be distributable by Debian,
> > all Veracrypt code must be licensed accordingly.
> >
> > This can be done by public notice (see below).
>
> Re-licensing can be a difficult, lengthy process and - as far as
> I've seen in the one case I observed and took part in (mpv's core
> re-licensing, which started in 2015 and is more or less done at the
> current time, but still not completely finished) - doesn't work the
> way you'd like to have it.

Oh yes, as far as I've seen in the MAME case, yes it does.


> > Doing so would be somewhat similar to how the MAME community caused
> > their source code license to be changed from "problematic for Debian/
> > the FSF etc" into something distributable by Debian etc (I think they
> > went to GPL).
>
> Skimming over articles, this situation looks different. The MAME
> project didn't just inherit/fork code from another developer team,
> but was always headed by the MAME development team itself, with
> changing personnel. Crucially, the project lead that initiated the
> license change has already been head for 3 years at the time, so I
> figure he'd be part of the project to some degree/contributing to
> it for an even longer time already.

As have the Veracrypt devs - they've been developing it for YEARS
now!


> If anything, this example shows that re-licensing can be pretty
> easy IFF you control most code and contributors can be easily
> reached (they obviously have contacted contributors individually as
> well, not just issued this "public notice"), but even that process
> is dodgy as best, as it wasn't carried out in the public, as far as
> I can tell. There was no way to observe it.

Your anecdote is appreciated.

There are other anecdotes.

And the question is what -can- work, and should we attempt to do that.


> > Here's what the Veracrypt community would need to do:
> >
> >  - make a public announcement that they will, after DURATION say 1
> >    year, change the license to all outstanding source code inherited
> >    from TrueCrypt, to be Apache/GPL/whatever
>
> ... and effectively ignore the original authors's copyright and original license.

Only if those original authors say nothing - either they are not
contactable, or they choose to remain anonymous and not contactable
which is effectively the same thing.

I was probably unclear in my original email - to the extent that they
-are- in fact contactable, they certainly ought be contacted.


> >  - include in the announcement that any party objecting must contact
> >    the developers at BLAH (email list address, or list of developer
> >    email addresses)
>
> That's not the way this stuff works. You have to assume objection
> UNTIL given permission. I wonder if that would be a fitting
> metaphor: a burglar justifying his actions by giving the sleeping
> original occupants an ample amount of time, say, 10 minutes, to
> answer the question if they'd be okay with him taking valuables.
> Since they haven't responded, he assumed that it's fine to proceed.
> More tongue-in-cheek, naturally, but still somewhat fitting.

I think I addressed this, but anyway, what you are saying is not
legally sound - duty of care, public notice, and tacit consent, are
actual legal, and legally binding concepts, whether or not you like
that.


> > The announcement needs to be published and made generally publicly
> > available - e.g. at Slashdot, LWN, on the Veracrypt home page, etc.
>
> Ugh, I didn't yet know I have to check these outlets regularly. Now
> I'm terrified of having missed a lot of legal announcements for any
> project I ever contributed to!

As long as your contact details are included with your contributions,
then anyone giving such public notice, perhaps in a rarely visited
corner of the web so as to not be noticed, and failing to properly
attempt to contact you using the means of contact you have provided,
would be seen by the community, and by the courts, as acting in bad
faith (basically, failing to act pursuant to our duty of care to one
another).

On this basis, you have no need to live in terror - so go forth and
be confident, and not afraid, that your copyright 'rights' shall in
general be protected in this current modern Western world.


> > Legally, this does a few things:
> >
> >  - gives general public Notice (legal concept), that something will
> >    be done in the future, thus satisfying the general duty of care to
> >    the public that something will be done which may affect the
> >    interests of the public
>
> I don't think this concept can be applied in this case. It might be
> a fine in order to inform a mostly anonymous, but concerned mass,
> but the situation is different here.
>
> For instance, informing affected parties about upcoming communal
> changes via public announcements/notices in the town hall
> (including about their legal right to oppose the changes) is fine
> if the affected parties can not be easily identified.

Which is the case with Truecrypt.


> Even if the administration had an up-to-date list of residents,
> other affected parties might exist that are not registered at that
> place, but, e.g. commuting.

Come on! We're not talking putting up a poster at the New York town
hall or some bullshit - this is about giving notice in a few
prominent and relatively "attended by programmers and tech geeks"
digital locations.


> On the other hand, this is not an acceptable procedure in legal
> proceedings that involve a set of known parties.

Agreed.


> In this case, they must be notified explicitly.

Agreed.

We must do what must be done.

But I think you misunderstand - or perhaps you are not familiar with
the Truecrypt/ Veracrypt case - the old Truecrypt developers were
intentionally relatively anonymous, and at this time uncontactable
(IDK the exact reasons now, but that's the case).

The issue I think is merely that those who -can- be contacted agree
that the TC license is problematic, but that a proper history of who
wrote what code is not known, and so the copyright is sort of a
collective copyright, and certain of the programmers of that code are
no longer contactable, and thus the conclusion "it's all too hard
we're stuck with this problematic license forever".

It's that conclusion which is the only problematic bit, and which is
handled with the legal construct summarized as "public notice".


> This case is more alike the latter one.

Indeed.


> >  - parties who remain silent, are thereafter (after time period
> >    DURATION) "taken to have tacitly consented"
>
> During the mpv re-licensing, code written/modified by unreachable
> contributors was marked as not re-licensable and to be rewritten,
> which sounds like a much saner approach.

Sounds like a daft approach.

MPV folks created more work for themselves ENTIRELY unnecessarily so
- or perhaps they simply were not aware of the construct of public
notice and the consequent tacit consent -created- by that public
notice.

Oh, that reminds me - another classic, widely used and therefore
"presumably well known" form of public notice and consequent tacit
consent, is the "land development notice" which you see particularly
frequently in big cities, but also in the burbs by small developers
or even by home owner-builders.

The public notice is in all jurisdictions I am aware of in Australia
(at the state, as well as the local council jurisdictions), a
requirement in the various statute laws - which also specify the
minimum time durations that such public notice MUST be given, PRIOR
to the commencement of the building or development works...

The public thereby is given notice, and once the required time period
has elapsed, the tacit consent of the public and the neighbours to
the property to be developed, is gained, and development/ building
may proceed on the basis of that -tacit- consent.

With the public put on notice, objections may also be filed with the
local/city council, to the development, then, again prior to
building works starting, those objections must be handled - and the
council (or state government) has usually documented, sometimes in
statute law, processes for the handling of such complaints.

This is perhaps a reasonable analogy.


> > The above is legally sufficient to make such a change, and the MAME
> > community is at least one example where this legal technique of
> > Public Notice has been used effectively.
>
> Again, I consider MAME's license change shady at best.

OK. Your consideration is entirely different to mine - the MAME crew
spent considerable -years- doing everything they could to contact
everyone relevant, rewriting that which was objected to, and giving
ample public notice of their intentions; in summary they:

 - handled themselves in dignity

 - abundantly handled their duty of care to the broader MAME
   community as well as the various copyright holders

 - effectively created the legal entitlement, sanction, and tacit
   consent for the remainder, to relicense MAME using a proper FLOSS
   license

Bloody well done!

And done in dignity, and honourably!

Any assertion that they acted dishonourably better be backed up with
facts or it's nothing but a dishonourable and libelious smear.


> A contributor with considerable changes objecting to the change
> (even retrospectively, for instance because the whole "public
> notice" thing didn't reach him) might easily pull the project into
> interesting legal issues.

It might. Or it might not. And the process the MAME folks followed
may well provide them ample legal footing for a strong defence to any
such legal action/ claim - I believe this to be the case in fact.


> Having no public record likely doesn't help the case, neither.

Or it might help their case too - IDK.

But if someone wishes to bring a claim against "the MAME community",
they better be the ones bringing a clear and unambiguous record, and
I have no doubt it will be handled both graciously and with dignity,
and to the ultimate satisfaction of all concerned, as this is in
keeping with the history of the MAME crew and how they handled their
relicensing to date.


> > If an objection -is- raised, and if the person objecting is an
> > actual copyright holder of certain Truecrypt code, then that
> > particular code can thereafter be rewritten.  Other than this,
> > objections are unlikely to be legally substantive and may well be
> > able to be ignored.  Notwithstanding, all objections should be
> > responded to as to what position is being taken in relation to
> > that objection (this is part of the duty of care to the general
> > public/ others in our community).
>
> Careful, I very much misinterpreted that paragraph at first. My
> original reply would have said "Wait, I may misunderstand this
> paragraph, but it sounds like you're saying that code affected by
> direct objections *CAN*, but needs not, be rewritten later on and
> that any objections would have no legal binding whatsoever anyway
> and can be ignored?"

<chagrin> Thanks, you're right - my wording was unclear. Thanks for
pointing this out to anyone - it's very good to clarify such
misunderstandings.


> I assume that what you actually meant is that objections by
> non-contributors have no legal binding and can be ignored, which is
> true, but also a tautologism.

Yes, and the point is that the legal construct of public notice is
that by giving public notice, you give (a best effort at least) to
provide every opportunity for those who might want to object, to so
object (and to contact people who might want to object).

In this way, we satisfy our duty of care to objectors - and in
particular, to anyone who might have a (legally) valid objection,
which is the thing you want to handle.


> The suggested approach sounds HIGHLY questionable to me. I
> personally fully support the intention, but strictly oppose the
> mechanism.
>
> Mihai


Anyway, ATEOTD, my intention was to somehow make contact with the
Veracrypt developers - their intention and their will (at the moment)
are the only wills which matter in this instance at this point in
time.

On the other hand, if they don't pick up this public notice + tacit
consent ball and run with it, literally anyone who chooses, can do so ...

Good luck ;)

Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Giovanni Mascellani-3
In reply to this post by Zenaan Harkness-2
Hi,

Il 07/08/19 14:29, Zenaan Harkness ha scritto:
>>> That's not the way this stuff works. You have to assume objection
>>> UNTIL given permission.
>
> So you say.  Your saying so does not make it true.

So says the law, as far as I know. Most copyright laws work by asserting
that the author of a copyrightable work has some exclusive rights over
it, and nobody can do those things unless they have an explicit
permission by the author themselves (there are exceptions to it, like
quoting and fair use, but it is not what we are dealing with now).

There is no "implit consent" mechanism here: the implicit assumption of
copyright is that rights are held exclusively for the author. Any
deviation from this must be explicit, which is the reason why licenses
are used.

Then of course you might say that you don't think that the authors would
sue you for your usage of their work even if they did not grant an
explicit license. That's sort of ok, or at least it is your business
until someone actually decides to proceed against you if they can and
wish. But if your aim is to have that software in Debian, I am pretty
sure that you will need something more. I really hope that FTP masters
will require some more hard facts that just "well, I personally don't
think the authors would be bothered by that".

> OK.  Perhaps a misunderstanding - to the extend that existing code
> authors have provided valid contact means (email, post etc), then
> attempt to contact them and provide the (1 or say 2 year relicensing
> notice) must be made, or prima facie our public duty of care has not
> been met.

I am not aware of any such mechanism: do you know court cases in which
this method was established?

Nobody has any obligation to be contactable in any way, and even less to
be contactable by the means you decided. It is on those who seek
relicensing to contact all those who have rights, and if they cannot,
bad for them.

>> Exceptions can possibly be made for trivial
>> contributions by reasoning that they are so simple that they cannot
>> be considered copyrightable, but that's a very risky way.
>
> Risky exactly how ??

The distinction between what is copyrightable and what is not can be
very thin. If the purported copyright holder and possibly the judge who
might handle your case do not agree with you, you might have some problem.

>> If some copyright holder (or their heirs) cannot be contacted or do
>> not agree,
>
> Conflation is a classic obfuscation technique which you might advise
> yourself to not use. Here you have chosen to conflate two utterly
> distinct legal (and legally relevant in the circumstances) concepts:
>
>  - copyright holders not able to be contacted
>
>  - copyright holders expressing their actual objection
I am not conflating anything. If the copyright holder is not contacted
you cannot know whether they have objections or not. If they do not,
then everything's ok. But if they do, then you have a problem, and this
problem can appear at any moment in the future, whenever the copyright
holder decides they have a problem. And I would never want to depend on
a software that can become illegal for me to use at any random moment,
especially if that software encrypts everything on my hard disk. It
would basically become a ransomware. I really hope nothing of that kind
ever enters Debian. If you feel at ease using it, better for you.

> And so the government, or rather the administration (the third arm)
> get their nefarious statute created monopolies on many things - the
> production of cotton and the suppression of hemp (for an old example)
> - the banning of alcohol and other drugs at different times, creating
> extremely lucrative black markets, the mandatory requirement in
> certain jurisdictions to ensure your children attend the local
> government brainwashing facility known as schools.

Hmm, it seems you got carried away just a little bit...

> Corporations use tacit consent regularly too - Uber gets going in a
> new city, and they assume the right to operate in the face of the
> existing laws about Taxi cabs etc, and build they user base quickly
> enough that by the time any court case gets going, they can have
> financial, legal and government clout to get the laws changed - but
> until that change happens, they operate under TACIT CONSENT - tacit
> consent of the people, and tacit consent of the government.

There is no law saying that you cannot operate cabs. Actually, there is
something like this somewhere, and in those places Uber cannot operate.
But this has nothing to do with our case, because in fact there is a law
saying that you cannot modify or redistributed other people's
copyrighted code unless you have explicit permission.

> Just because we are normally not taught about tacit consent, does not
> mean that tacit consent does not exist, or is not used on a daily
> basis all over the planet.

Yes, but for other things.

HTH, Giovanni.
--
Giovanni Mascellani <[hidden email]>
Postdoc researcher - Université Libre de Bruxelles


signature.asc (235 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Zenaan Harkness-2
On Thu, Aug 08, 2019 at 09:54:05PM +0200, Giovanni Mascellani wrote:

> Il 07/08/19 14:29, Zenaan Harkness ha scritto:
>
> > Corporations use tacit consent regularly too - Uber gets going in a
> > new city, and they assume the right to operate in the face of the
> > existing laws about Taxi cabs etc, and build they user base quickly
> > enough that by the time any court case gets going, they can have
> > financial, legal and government clout to get the laws changed - but
> > until that change happens, they operate under TACIT CONSENT - tacit
> > consent of the people, and tacit consent of the government.
>
> There is no law saying that you cannot operate cabs.

Pure hogwash. And a negative averment seeking "tacit support by non
response" to boot - devious I tell ya, devious! :)

The things people believe, hey?

Since you asserted some nonsense, here's some facts in response:

  Melbourne levels playing field for Uber, taxis, limos
  https://www.floridatoday.com/story/news/2015/11/12/melbourne-levels-playing-field-uber-taxis-limos/75582478/

  Published 4:40 p.m. ET Nov. 12, 2015

  MELBOURNE — Rather than changing with the times, Melbourne's
  licensed taxi, limousine and shuttle companies are relying on
  government to keep regulatory barriers high and protect their
  businesses from app-based competitors like Uber, Lyft and Sidecar,
  City Hall officials believe.

  That will change: Tuesday night, the Melbourne City Council decided
  to deregulate the vehicle-per-hire industry in the city and "level
  the playing field."

  ... City Council postponed discussion on the topic in August.
  That's when representatives of some of Melbourne’s 43 licensed
  taxi, limousine and shuttle companies — plus the Florida Taxicab
  Association and National Limousine Association — lobbied for
  continued regulations.

  ...



and see:

  Facing Uber, Melbourne cab companies support regulations
  https://www.floridatoday.com/story/news/local/2015/08/13/facing-uber-melbourne-cab-companies-support-regulations/31655513/

  MELBOURNE – City leaders have hit the brake pedal on a proposal to
  deregulate Melbourne’s 43 licensed taxi, limousine and shuttle
  companies.

  Tuesday, an array of Space Coast cab and limo company owners
  surprised Melbourne City Council members by asking to continue
  following City Hall rules.

  App-based competitors like Uber, Lyft and Sidecar are exempt from
  city code. But Louie Minardi, president of the Florida Taxicab
  Association, and David Shaw, the National Limousine Association’s
  Southeast region director, said their industry should continue
  having insurance-coverage requirements, vehicle inspections, drug
  testing and criminal background checks for drivers.

  “Even the National Coalition Against Domestic Violence has issued
  warnings about the ride-sharing,” Minardi told council members.
  “Ride-sharing is where the taxis and limos were years ago. That’s
  why we have regulation — because we had the same problems. You
  don’t know who’s driving the car.

  ...



and, for the legal punch line, how Uber created their legal
entitlement by effectively saying "f u" to Melbourne's Taxi
regulations:

  Citing Uber, Melbourne may drop taxi permits
  https://www.floridatoday.com/story/news/local/2015/08/02/melbourne-may-drop-taxi-permits-citing-uber-competition/31042705/

  Citing competition from Uber and up-and-coming ride-sharing
  services, Melbourne officials may deregulate taxi, shuttle and
  limousine companies to level the competitive playing field.

  Forty-three such companies are licensed to operate in Melbourne,
  employing 457 permitted drivers and using 131 decal-equipped
  vehicles. Per city code, these companies must pay a one-time $50
  application, pay $10 decal fees per vehicle, and pay a $15
  application fee and $24 background-check fee for each prospective
  driver.

  Plus, each regulated business must carry liability insurance
  covering at least $300,000 for injury and death claims per
  accident.

  In contrast, no app-based newcomers like Uber, Lyft or Sidecar have
  gone through the city's application process, City Clerk Cathy Wysor
  and Police Chief Steve Mimbs — who support taxi deregulation —
  wrote in a joint memo.

  ...


and if you still don't believe there are laws over taxi cabs:

  https://en.wikipedia.org/wiki/Taxicabs_of_Australia

  Taxis in Australia are highly regulated by each Australian state
  and territory,[1] with each state and territory having its own
  history and structure. In December 2014, there were 21,344 taxis in
  Australia.[2] Taxis in Australia are required to be licensed and
  are typically required to operate and charge on a fitted taximeter.
  Taxi fare rates are set by state or territory governments. A
  vehicle without a meter is generally not considered to be a taxi,
  and may be described, for example, as a hire car, limousine,
  carpool, etc. Most taxis today are fuelled by liquid petroleum gas.
  Cabcharge Australia owns and operates the Cabcharge payment system,
  which claims to cover about 97% of taxis in Australia, and operates
  one of Australia's largest taxi networks.[3]

  ...


> Actually, there is
> something like this somewhere, and in those places Uber cannot operate.
> But this has nothing to do with our case, because in fact there is a law
> saying that you cannot modify or redistributed other people's
> copyrighted code unless you have explicit permission.
>
> > Just because we are normally not taught about tacit consent, does not
> > mean that tacit consent does not exist, or is not used on a daily
> > basis all over the planet.
>
> Yes, but for other things.
>
> HTH, Giovanni.

Well, you provided a classic negative averment - another legal
technique - when you said:

  "There is no law saying that you cannot operate cabs."

and then waited to see whether I would fail to respond, in which case
it would "be taken" that I had tacitly consented to your rubbish.

Now you are in a position where you can accept this, or change the
playing field by saying something like "oh I didn't say there were no
laws in relation to driving cars for payment, of course there are
regulations which normal car drivers don't have to obey",

and then I would say "now you're dodging, and besides, Uber didn't
break any law, they simply did not obey the city regulations, which
are sort of laws but sort of not,"

and I would say "come on, you're splitting hairs - you made it sound
like Uber was not creating a legal entitlement to do what they did,
by simply doing it and ignoring the currently legal regulatory
regime,"

and who knows, may be someone somewhere will realise that yes, there
are laws around taxi cabs, limousines etc, and yes, Uber bloody well
ignored them and DID in fact create their own legal entitlement by
doing so (by tacit consent and force of numbers of drivers which they
built up quickly enough to have a real "political conversation" in
each jurisdiction they began operating in without having to face
costly (financially crippling) court cases before they were ready.

Anyway, folks don't have to believe in tacit consent for it to be
real - ostrich syndrome is pretty big here in Australi, so those who
do ignore those techniques which are used against them are no
different to the vast majority of other humans.

Good luck,

Reply | Threaded
Open this post in threaded view
|

Re: [zen@freedbms.net: Veracrypt license - how to change it]

Giovanni Mascellani-3
Hi,

Il 09/08/19 00:39, Zenaan Harkness ha scritto:
> Pure hogwash. And a negative averment seeking "tacit support by non
> response" to boot - devious I tell ya, devious! :)

I am not really sure why all these trivia about Uber should have
anything to do with the VeraCrypt relicensing, but I admire your care
into collecting them, although unfortunately it was somehow wasted,
because I do not really care and I did not read them. Maybe someone
looking for information about Uber in Melbourne will find the archived
message and it will be useful for them.

I thought I would also find some comments about the matter at hand, but
I could not, so I am left with the hope that my answers were satisfying
enough for you.

Thanks, Giovanni.
--
Giovanni Mascellani <[hidden email]>
Postdoc researcher - Université Libre de Bruxelles


signature.asc (235 bytes) Download Attachment