Re: AGPLv3 Compliance and Debian Users

[Howard Chu <hyc@symas.com>]

Steve Langasek wrote:
> On Thu, Jul 11, 2013 at 12:53:01PM -0700, Howard Chu wrote:
> > > Sure, but that doesn't make it DFSG free (hint: it's likely not)[1][2]
>
> > > [1]: The Dissident test
> > > [2]: The Desert Island test
>
> > Sure, but #2 is stupid. We didn't say "must send changes back
> > immediately." Nor would we wish any such thing; if you're in the
> > middle of making a long series of changes we obviously want to wait
> > until the changes are completed and have settled down. Otherwise
> > someone could make a case that the changes should be sent back the
> > instant they are written, one keystroke at a time, which is
> > ludicrous.
>
> > Send changes back in a timely manner. You obtained the software
> > somehow; therefore at some point in time a distribution channel was
> > available to you. The next time such channel is available, send your
> > changes back. If you're stuck on a desert island and die before such
> > channel reopens, no one's going to sue you.
>
> > I'd say #1 is borderline stupid. It is worded such that it only
> > applies to hiding existence of a system from the government. Fair
> > enough; I'm not the government.
>
> That's not the point.  The purpose of the Dissident Test is to demonstrate
> that distribution channels for software are not necessarily symmetric; it
> may be very easy for you to distribute the software, but very
> hard/expensive/dangerous for a recipient to distribute their modifications
> back to you.  In the specific case of the Dissident Test, the unreasonable
> cost of returning the changes upstream - as opposed to distributing them to
> whoever you happen to be distributing binaries to (possibly no one) - is
> that sending those communications back may give hostile authorities
> information you don't want them to have, such as your location, details
> about the software you're modifying, or even simply the fact that you're
> doing something that you care about encrypting to keep them from prying.
> Even if you aren't otherwise doing anything the government disapproves of,
> the mere act of sending these changes upstream might get you labelled a spy.

This is still an unreasonable test. Again, it ignores the element of time. 
Send your changes at your earliest convenience. If the NSA is breathing down 
your neck, "convenience" might be a long time away, but that's understandable.

> This is one example of why Debian says it's ok for a license to require
> modifications to be distributed to your downstreams, but not ok to require
> those changes be sent to a particular party.  Users should not have to
> choose between complying with the license and being safe from their
> government; they should be *free* to exercise their rights on the code in
> Debian, even when they aren't free in other aspects of their lives that we
> don't have control over.

Freedom always has a price. The price of benefiting from free software should 
be that you help others benefit from it too. Absolving recipients of all such 
responsibility merely encourages parasites. Progress happens faster when 
everyone pitches in, there shouldn't be just a few people creating and 
everyone else tagging along for the ride. Even here 
http://people.debian.org/~bap/dfsg-faq.html 12.A.k "This freedom is one of the 
most important driving factors for progress in computing---and we like 
progress." That sentence is not talking about this particular point but the 
underlying concept remains - the goal for all of this is to encourage 
progress, not hinder it. Hoarding improvements to yourself hinders progress 
for society as a whole.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/