Protective GPL licences vs permissive MIT/BSD licences

https://lukesmith.xyz/articles/cucklicenses

I have made a couple of comments on different threads related to licensing and free, as in freedom, software, and specifically, the choice of licensing some of the Safe Network under licenses which will permit nonfree apps being developed. I have felt like those comments either slipped under the radar or were misunderstood, and I feel it’s a very important topic. So I wanted to make my argument clearly at least once, and either encourage some rethinking on the licensing, or at least have a clearer picture myself of the thinking behind it so that I can accept it more easily.

I’ve no desire to create flame wars or distractions from more important things such as testnets, and I don’t think this has to be a fiery issue actually. My plan was to make a little thread to discuss the issue post-testnet, but I have seen lots of discussions recently where I’ve held myself back from saying something about licensing, in instances where I feel licensing is being talked around.

I’m also totally willing to consider that I’m being naive or idealistic, or that I’m misunderstanding some other important element in this kind of decision. As I’ve mentioned elsewhere, I’m very new to computer stuff, and am conscious that there are people on here with years upon years of actual experience making systems and programs, working on big teams and projects, all that.

So I wouldn’t make the argument myself with the same style or the same language as the article I link at the start there, but I largely agree with the author and think he puts it across in a funny and clear way. Here’s my basic argument:

I simply don’t get the argument for allowing propietary, closed-sourced apps in the first place, and think it leaves an obvious avenue open for users of the Network to eventually be swindled, one way or another. There seems to me to be plenty of evidence that the original core idea that motivated free software has borne out to be largely true: nonfree propietary source code is a bad idea, the information imbalance tends to lead to abuse, and we’d be better off without it. I won’t make a list of the backdoors and the spying and the data mining and all that that has been hidden in propietary software over the years, I think we’re all fairly conscious of that here.

While it is true that the fundamentals of the network will technically be met if something is released one day that respects those fundamentals from MaidSafe’s point of view… What’s the point, if the licensing leaves propietary source code an option for developers on top of that, it would be sort of like leaving the backdoor open? If someone makes a malicious app one day, one that lies to the user saying everything is fine but it is actually doing something bad without saying, the argument from MaidSafe in response will be, presumably, you should have been careful when you used that propietary app, we can’t help. Well, can’t we skip a step, avoid that headache and ensure that source code is not hidden?

This was one of the things I’ve been very excited about possibly happening on Safe - no more propietary software. It would mean developers are rewarded some other way, which I believe we have plenty of options for and has been discussed at length elsewhere. And it would be great for security. It isn’t hard to imagine auditing of code becoming more common, given the immense importance of keeping the keys to your permanent data safe.

Better security, more sharing, easier to learn from studying everyone’s code, and no downsides? What am I missing? The fear of GPLing everything is that we won’t get any devs involved and then the Network won’t take off, or something else? Again, I thought that the idea was that we’d be finding different business models on the Safe Network, what am I missing there.

Is there some weird thing going on, where the ‘success’ of the Network is more important than the freedom and security of the users? Or am I utterly missing some important relevant points here. I find it very hard to imagine MaidSafe is slipping in their commitment to the users, because they’re typically so refreshingly solid on that exact point. I wonder is there some complication involved with something above or below Safe in the technology stack, that is completely over my head, which means that this is a necessary evil? As in, for Safe to be usable on lots of different types of computers, it helps to have this type of licensing, or something like that.

Sincere thanks for any explanations from anyone, and to be clear - I plan on dropping the issue after engaging in this thread regardless of the response, I really do not want to parrot on about it and have already tried to bring it up more ‘casually’ elsewhere, only for my confusion to grow when I get no/very little response. In the end, it is entirely MaidSafe’s decision, and if they decide to go this route, that is their right, they are obviously under no obligation to explain anything to me. I will continue supporting the project and will be doing all I can when the network is released to make it a place where users, and source code, are free, regardless of the discussion here.

[EDIT: made the topic Apps, cos I think the licensing problem I am trying to bring up here could only concern third-party apps]

7 Likes

Good post, here’s my thoughts over the years.

GPL, make everything free- has many detractors and folk who will just plain refuse to develop etc.

BSD et al’ folk steal this (Apple etc.)

To me it’s a never ending debate. What I would like to see is a place where code is free, but and a big but, folk can validate it, as you say. I don’t think it’s possible though.

So audit / validate code is a great claim of GPL and BSD, make it free, make it open, make it visible and auditable.

This is the fail, auditing code that goes even a little from the norm, or has nested logical decisions/loops to me is a crazy and delusional thing, you just cannot audit it, your faster rewriting it.

I feel we need a new approach, the gpl/bsd debate has lasted since the 80’s / early 90’s and nobody wins. We need a new approach, what that is I am not sure but legal wrangling to me is a farce and is very broken. We need to think bigger or more conclusively, maybe AI can help, but humans stand no chance of truly auditing code that is even a tiny bit complex (i.e. anything valuable).

Let’s take another path!

10 Likes

I agree with the OP that proprietary black box code/apps should not exist on Safe. The whole notion of closed source software is antithetical to the security goals of Safe imo. However, it’s up to the client user to decide what they use so more education is necessary.

Should we care about these detractors if they insist on a broken closed source development model? I don’t think so.

I’m inclined to agree with @JayBird but realise the issue is complex and that I probably don’t know enough about it.

I’m not sure why MaidSafe would not keep their code only GPL even if it means some don’t use it. People will still be able to build closed source apps on the network regardless, but MaidSafe will have ensured what they built remains open.

So there’s a difference between the network code and app code. In MaidSafe’s case both could be only GPL, and people would still be able to build closed source apps.

If Safe Network is successful and MaidSafe used only GPL people will take notice. It will be a big win for GPL and anyone impressed with the technology and wanting to build using it will have to consider GPL. Maybe there will be better ways one day, but until we have them I don’t see much value for Safe Network in not being GPL.

I see there will be fewer people willing to build on some crates, but the publicity Safe will gather can counteract that and make some reconsider.

2 Likes

For what it’s worth, all of the code I’ve written has been GPL only, following MaidSafe’s original lead.

So far I’ve not received any negative comment about that, including from the admittedly relatively small number of people who have contributed to the code, testing etc.

I was recently encouraged by a crate owner to collaborate and he offered to tutor and support me in doing so. I was seriously considering it, but it was MIT licensed, and that was for me a strong reason not to contribute which I explained to him. I think if I do contribute I’ll be having more discussion with him about that, and might make a GPL fork if that seems feasible, or choose an alternative.

So it goes both ways. MIT licensed crates are losing contributions too, and the whole of open source suffers as a result.

In time, this could shift. I think it comes down in part to awareness. Most are not seeing big business as a problem, and don’t recognise the damage the system we have does. If this awareness grows, the attitude to MIT / GPL will probably change.

Personally I’ve always been a bit idealistic and willing to suffer the downside of being out on that limb. I do compromise this as well, and the tension between them has worked well for me personally. Being a bit out there gives a different perspective, always pushing for something original. I think fundamentally it’s one of the ways I have found to be creative. I don’t think I’d be doing the work I have for this project, if not for that. And I’ve already benefited from that personally in many ways, whatever happens to Safe Network.

4 Likes

Not some, but business in general. I have an experience with this. We have a game, where we have invested 15 years of development. There is a GPL engine, that makes play loggic amazingly well. But that GPL forces us to make our whole mobile APK opensource. On the other hand, there are hundreds of apps, that are using that open source engine. But from all of them, none released their source code. So all those apps are breaking GPL licence. And they do not care. So as a result, that GPL licence is preventing serious business to create best possible product. And it does not help with creating more open source software. If we implement that GPL licenced engine, we have to make our source public, because we do not risk such breaking of laws. But once we make it opensource, others will clone it in minutes, and release exact clone into appstore. And it is very dificult to fight them, to force google/apple to take them down if it is opensource. So this whole GPL licencing is a crap, that expects all people will act according law. But the reality is they don’t. And this licence gets the worse combination. It prevents business to use it and improve it and it does not bring more open source software as it expects.

2 Likes

That some break the law is not an argument related to open source. I’m not saying it’s not an issue, but it’s not a reason for me to capitulate and support a system that is IMO inherently poisonous.

I’m actually good with lots of businesses not using MaidSafe’s code. They don’t benefit, which then helps non profits and individuals. It shifts the benefits towards more conscious businesses and business models.

The problem is much bigger than this, but by adopting and advocating GPL we can make our case. I try to stand up for what’s right, though as noted I’ve also chosen to compromise where the personal cost of that was too high at the time.

Everyone has a choice here, so I’m not telling anyone what to do. I’m explaining what I do and why.

Well, this is very dangerou sentence. We want business to participate. If you want to prevent cloning of the the network by corporations, you can simply make GPL only some vault code. Or only some parts of the network, that will never prevent businesses to use our network instance. But all the client site librararies that can ever by included in any client code should be MIT/BSD licensed.

EDIT:

Nothing prevents us to create new type of licence. Like all the software is MIT, if it uses official network only, and GPL if it uses any other clone.

1 Like

MaidSafe has chosen a mix of GPL and MIT/BSD. I think it’s a good balance and they’ve done a great job with it. Imo the issue for Safe code and apps is open source that is viewable vs. closed black box blobs that are not. The particular license used for the open source code is secondary and tailored to business models.

As the OP has stated, there is an opportunity with the network economics to protect business interests, which will decrease some of the issues. There may also be an opportunity where Safe could be used to encapsulate black box apps to limit there access to data and mitigate the security concerns.

The debian project has struggled with this for many years when organizing their package repositories into free, contrib, and non-free categories. Same with the linux kernel for binary blobs. The winning approach appears to be that one can allow closed source for maximum growth/participation, but keep it cornered while continuously seeking and promoting alternatives until it is no longer needed. A lot of it comes down to education and additude. Let’s just be honest, closed source is inferior.

@Antifragile and @jlpell Originally MaidSafe was pure GPL, the switch to it as an option was relatively recent. Originally I think the plan was as follows, and it was debated in the early days of the forum (2014-2016?).

  • everything has to be GPL including apps using libraries, but the option to negotiate a commercial license with MaidSafe would allow closed source too. After some debate I think it was loosened so you could build a closed source app so long as it didn’t link GPL libraries, in which case you’d still need a commercial license.

Something along those lines anyway. This was stricter than what I have been thinking we should have, though I’m still open to that level of strictness.

Even such a strict approach does not prevent business from building on SN or benefiting from MaidSafe technology, it just asks them to pay for it. Those are barriers, but exactly the kind of arrangement any business has to deal with every day and not a big ask, especially when you have such unique ground breaking technology.

As noted, that’s not what I’m advocating. What I don’t understand is why MaidSafe are licensing their code in a way that allows business to take their work (and that of any third party contributors) enclose it, profit from it, and not give anything in exchange.

I can see there are arguments in that direction but haven’t seen them put in a way that convinces me.

1 Like

Just on this point, given the app will presumably use safe network resources, the network will receive payments for PUTs. Can we consider the free software a loss leader in this regard?

Wasn’t me. I didn’t say anything in this topic

1 Like

Sorry I confused your avitar with Antifragile! Shall edit.

1 Like

The logic here is over my head @Traktion, or I’m missing something. Is it possible to clarify? Not following your point at all.

Thanks @happybeing for the explanations above, I didn’t know the past stance on licensing very well. The fact that third party developers will be able to write closed-source apps regardless of whether maidsafe GPL everything or not was not clear to me, I had imagined using the libraries and APIs would mean the app would be GPL. I still don’t see a good reason for not GPLing for the same reasons you outline, but you make the point very clearly already there, I won’t belabor it.

I must admit I don’t see an issue with the strict approach even… it makes finding different business models even more of a necessity, and closed source code even less likely, if I’m understanding correctly. Both of these are only positive in my eyes.

I can see how the whole discussion is considered a bit of a headache and can genuinely sympathise too. I think it would be lovely if everything could be public domain, or some other neat solution where we skip over the whole debate. Being quite fresh to these questions and this world the debate is also relatively new to me, though, and I wonder if the fact I haven’t had years of being worn down by the purely practical and cool “open source” type language is affecting my thinking?

My point being: I think the freedom aspect of free software is “cool”, and I’ve been learning recently how dated that is. If we attracted less microsoft and google types and more free software types I think that’d be fabulous, I am ashamed to admit. I’ll try not to go on about it too much.

Anyway, I am already happy to have brought the question up, I appreciate the response @dirvine, and the situation is already clearer to me I feel.

2 Likes

I posted identical polls on my 200 follower Mastodon account and my 2000 follower Twitter account and look at the difference after about three hours. Lots of engagement and a preference for GPL on mastodon versus near zero engagement on Twitter.

It’s hard to understand these differences so I won’t speculate. I do sometimes get good engagement in Twitter, but apart from the cultural differences I wonder about the influences of the Twitter algorithm.

1 Like

No problem! My angle is that any safe network app will encourage network usage. If this includes PUTs, then the app is bringing in income to the network. In turn, this should provide income to the dev team.

So, when I say loss leader, I’m suggesting that if giving away the source code encourages more safe apps, then that will bring more value to the network, helping to fund the ecosystem as a whole.

Ofc, then depends on them not spawning a separate network, but presumably they would want to use the safe network because of the network effect that attracted them to it.

1 Like