Author Topic: Software license?  (Read 3030 times)

0 Members and 1 Guest are viewing this topic.

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
I noticed two problematic files in the web_wallet: vendor/js/highcharts.src.js and vendor/js/highstock.src.js. These two are licensed under the "Creative Commons Attribution-NonCommercial 3.0 License". Notice the "NonCommercial", this is IMO a complete no-go for a P2P currency client.

thank you for the review!

The license language is:
Quote
You may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation.[...]


Who is actually in violation of the license? Developers for distributing code that is uses primarily for private monetary compensation ("compensation" might be the key word, since it's used for "gain" but not "compensation")? Traders that make money, but not traders that lose money? Delegates that run the GUI client to sign blocks? If I use those files to make a website showing BitUSD prices for free, and someone uses my website to make money - are they or I in violation (or neither?)

This is the "section 3" referenced above:

Quote
3. License Grant. Subject to the terms and conditions of this License, Licensor hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the duration of the applicable copyright) license to exercise the rights in the Work as stated below:

a)    to Reproduce the Work, to incorporate the Work into one or more Collections, and to Reproduce the Work as incorporated in the Collections;
b)    [...]
c)    to Distribute and Publicly Perform the Work including as incorporated in Collections; and,

The web_wallet "incorporates the Work". I. e. the person who initially committed this into the repo did so under the terms of the license. Anyone who clones the repo does so under the license. Anyone who distributes the software in source or binary form does so under the license. All of this in itself is not yet a violation of section 4a of the license, because the software is made available for free. (IMO the way the files have been "incorporated" is not sufficient wrt section 4c of the license, though.)

IANAL, but I think in general the term "reproduce" is also applied to loading the software into RAM in order to execute it. I. e. anyone who runs the software does so under the license.
I'm not sure what qualifies as "commercial advantage or private monetary compensation". I'm pretty sure though that a merchant using the gui client to receive payment for his goods would be using the software for "commercial advantage". Delegates with non-zero pay using the gui client would be doing this for "commercial advantage". A trader would likely also be using it for "commercial advantage", even if he is a bad trader - what counts is the intention, a bad trader isn't trading for his commercial disadvantage. Creating a free website showing BitUSD prices OTOH would not be a problem if you only use the gui client to extract the prices from the network (other than using the files in question to display charts in the user's browser).
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline maqifrnswa

  • Hero Member
  • *****
  • Posts: 661
    • View Profile
I noticed two problematic files in the web_wallet: vendor/js/highcharts.src.js and vendor/js/highstock.src.js. These two are licensed under the "Creative Commons Attribution-NonCommercial 3.0 License". Notice the "NonCommercial", this is IMO a complete no-go for a P2P currency client.

thank you for the review!

The license language is:
Quote
You may not exercise any of the rights granted to You in Section 3 above in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation. The exchange of the Work for other copyrighted works by means of digital file-sharing or otherwise shall not be considered to be intended for or directed toward commercial advantage or private monetary compensation, provided there is no payment of any monetary compensation in connection with the exchange of copyrighted works.


node js is a legal entanglement mess, but makes beautiful interfaces easily.

Who is actually in violation of the license? Developers for distributing code that is uses primarily for private monetary compensation ("compensation" might be the key word, since it's used for "gain" but not "compensation")? Traders that make money, but not traders that lose money? Delegates that run the GUI client to sign blocks? If I use those files to make a website showing BitUSD prices for free, and someone uses my website to make money - are they or I in violation (or neither?)

I think there are tools that are used for stock market analysis that have a "non-commercial" clause in them, but since the tools are not sold, it is ok to distribute even though they are used for financial gain (but not compensation).

I really don't know, that's a hard one
maintains an Ubuntu PPA: https://launchpad.net/~showard314/+archive/ubuntu/bitshares [15% delegate] wallet_account_set_approval maqifrnswa true [50% delegate] wallet_account_set_approval delegate1.maqifrnswa true

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
I noticed two problematic files in the web_wallet: vendor/js/highcharts.src.js and vendor/js/highstock.src.js. These two are licensed under the "Creative Commons Attribution-NonCommercial 3.0 License". Notice the "NonCommercial", this is IMO a complete no-go for a P2P currency client.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
However, public domain is GPL compatible:

This is a tricky subject. Yes, the unlicense is GPL compatible. But look what compatible means here: http://www.gnu.org/licenses/gpl-faq.html#WhatDoesCompatMean

Quote
It means that the other license and the GNU GPL are compatible; you can combine code released under the other license with code released under the GNU GPL in one larger program.

All GNU GPL versions permit such combinations privately; they also permit distribution of such combinations provided the combination is released under the same GNU GPL version. The other license is compatible with the GPL if it permits this too.

Note "the same" GPL version. Is it at all possible to create software using both readline (GPL) and libraries/fc/src/crypto/romix (AGPL)?
Edit: answer here: http://www.gnu.org/licenses/agpl.html (section 13)

Additionally, all of the BSD+MIT licenses require distribution of the license terms along with the binary.
« Last Edit: November 20, 2014, 01:06:19 pm by pc »
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline maqifrnswa

  • Hero Member
  • *****
  • Posts: 661
    • View Profile
Stuff we write has no restrictions except those imposed on it by 3rd party dependencies.

Erm, yes. But I think you don't handle the 3rd party dependencies correctly. (IANAL)

For example, the command line client links the readline library. readline is licensed under GPL. That means the CLI client must be GPL, too. You can't just stamp "public domain" on it, IMO. See http://en.wikipedia.org/wiki/GNU_Readline#Choice_of_the_GPL_as_GNU_Readline.27s_license .
Another example is the leveldb code. LevelDB comes with a BSD license requiring you to publish the license terms along with the binary. I don't think you do that anywhere.

don't forget the tons of node js stuff, licensing is crazy in there. However, public domain is GPL compatible:
Quote
Being in the public domain is not a license; rather, it means the material is not copyrighted and no license is needed. Practically speaking, though, if a work is in the public domain, it might as well have an all-permissive non-copyleft free software license. Public domain material is compatible with the GNU GPL.

    If you want to release your work to the public domain, we encourage you to use formal tools to do so. We ask people who make small contributions to GNU to sign a disclaimer form; that's one solution. If you're working on a project that doesn't have formal contribution policies like that, CC0 is a good tool that anyone can use. It formally dedicates your work to the public domain, and provides a fallback license for cases where that is not legally possible.
from: https://www.gnu.org/licenses/license-list.html

also, see:
http://directory.fsf.org/wiki/License:CC0
as a license which is public domain with a fallback for jurisdictions that don't have "public domain"
« Last Edit: November 17, 2014, 02:41:35 pm by maqifrnswa »
maintains an Ubuntu PPA: https://launchpad.net/~showard314/+archive/ubuntu/bitshares [15% delegate] wallet_account_set_approval maqifrnswa true [50% delegate] wallet_account_set_approval delegate1.maqifrnswa true

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Stuff we write has no restrictions except those imposed on it by 3rd party dependencies.

Erm, yes. But I think you don't handle the 3rd party dependencies correctly. (IANAL)

For example, the command line client links the readline library. readline is licensed under GPL. That means the CLI client must be GPL, too. You can't just stamp "public domain" on it, IMO. See http://en.wikipedia.org/wiki/GNU_Readline#Choice_of_the_GPL_as_GNU_Readline.27s_license .
Another example is the leveldb code. LevelDB comes with a BSD license requiring you to publish the license terms along with the binary. I don't think you do that anywhere.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline bytemaster

Stuff we write has no restrictions except those imposed on it by 3rd party dependencies. 

For the latest updates checkout my blog: http://bytemaster.bitshares.org
Anything said on these forums does not constitute an intent to create a legal obligation or contract between myself and anyone else.   These are merely my opinions and I reserve the right to change them at any time.

TurkeyLeg

  • Guest
Why has no one replied to this?

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Hi,

I have started to create linux packages for BitSharesX, which has made me research the BitShares license, and I see a problem there.

The BitSharesX client comes with a LICENSE.md that makes the client public domain. The source tree (excluding submodules for now) however clearly contains files that are not public domain (cotire.cmake is MIT, CrashRpt stuff seems to be BSD).

The web_wallet module is a complete nightmare: it also contains LICENSE.md which states that it is public domain plus code licensed under various licenses (including MIT, Apache, jQuery). In addition, it contains a "licenseagreement.html" that is clearly a non-free license.

The "fc" module used by the command line as well as the qt client does not specify its own license, which makes distribution problematic. Even worse, it contains AGPL-licensed code which means it cannot be published as either public domain or with a non-free license.

Please clarify.

Thanks,
Peter
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de