Re: Proposed: Debian's Five Freedoms for Free Works
On Sun, 2003-06-15 at 06:05, Dylan Thurston wrote:
> In article <[🔎] firstname.lastname@example.org>, Adam Warner wrote:
> > Branden, perhaps the term "information disclosure" would better suit
> > you/us than "privacy"? That is we propose a DFSG-free licence cannot
> > mandate information disclosure of anything but the information forming a
> > distributed and derived work.
> But surely "privacy" is exactly when you have when "information
> disclosure" is not forced on you? Could you please elaborate on the
A guideline of privacy could be read as a positive obligation that
DFSG-free software licences protect against information disclosure. My
concern is that a guideline expressed in this way could impact upon no
discrimination against fields of endeavour.
No mandatory information disclosure is expressed as a negative. A
licence can't mandate information disclosure beyond the source for a
distributed and derived work. No obligation to protect privacy arises.
To my mind privacy is too likely to tie the information test to the
licence (e.g. is it good policy that a licence can demand my credit card
number?). A prohibition against information disclosure ties the test to
each distributed and derived work (e.g. if an author uses his credit
card number as a key to unlock what would otherwise be copylefted
information then the credit card number must be disclosed).
Branden's fifth freedom can be read as a right because it is written in
a way that mirrors the FSF's four fundamental freedoms of (as Branden
writes) "freedoms intended to apply to non-public-domain works in
general". That is it is most relevant as a copyleft principle. When the
principle is applied to DFSG-free software which also distributes public
domain and permissively licensed software it has to be recast as a
negative. That's what I have done by suggesting a test of no mandatory
information disclosure beyond the information provided by the source of
a distributed and derived work.
Though I would go further to suggest that a copyleft software licence
that mandated certain privacy protections (where all derived works had
to be distributed under the same licence) would not be DFSG-free because
it could discriminate against persons, groups or fields of endeavour.
Consider a copyleft licence mandating that any software distributed
under the licence cannot collect email addresses as a privacy protection
against spam. We arrive at such thorny issues because privacy is given
the opportunity to exist as a fundamental free software freedom.
I can immediately think of two potential implications to recognising
that a DFSG-free licence can't mandate information disclosure beyond the
source for a distributed and derived work:
* The APSL becomes clearly non-DFSG free (but it already clearly
discriminates against fields of endeavour when determining whether
something is considered internal or personal use):
1.4 "Deploy" means to use, sublicense or distribute Covered Code other
than for Your internal research and development (R&D) and/or Personal
Use, and includes without limitation, any and all internal use or
distribution of Covered Code within Your business or organization except
for R&D use and/or Personal Use, as well as direct or indirect
sublicensing or distribution of Covered Code by You to any third party
in any form or manner.
2.2 You may use, reproduce, display, perform, modify and Deploy Covered
Code, provided that in each instance:
(c) You must make Source Code of all Your Deployed Modifications
publicly available under the terms of this License, including
the license grants set forth in Section 3 below, for as long as
you Deploy the Covered Code or twelve (12) months from the date
of initial Deployment, whichever is longer. You should
preferably distribute the Source Code of Your Deployed
Modifications electronically (e.g. download from a web site);
* Debian could be more reluctant to accept that any licences that
attempt to close the so-called ASP (Application Service Provider)
loophole are DFSG-free. With a no mandatory information disclosure
guideline a licence could not force source disclosure without
Though I wonder how far the issue of distribution of a derived work
could already extend under existing copyleft licences. Say a program
that also includes artwork is distributed under the GPL and one modifies
the program, allows access to it via a website ASP model and also
modifies the artwork and displays it on the website. As one is
distributing a derivative of the artwork via the website could that also
mean one is required to supply the source to the entire GPLed work that
also includes the modified program?