Log in

No account? Create an account

Affirmative Assent Considered Harmful

There has been a desire in some open-source licenses to provide something called affirmative assent. The basic idea is that you want the user to agree to the license in some way. I think the goal is to make sure that you have a contract, not just a non-exclusive copyright license. This has been somewhat politically heated with the open-source community. Debian claims it is horrible and the OSI seems OK with some forms of affirmative assent and has approved licenses like the OSL that contain such provisions. A lot of the time it feels like debian-legal is filled with a bunch of radicals who lose sight of the fact that we attempt to secure open-source freedoms in the interests of our users and to guarantee our future ability to do software development. At some level I thought the affirmative assent dispute was one of those disputes where really if you to a moderate viewpoint the OSI had probably come to the right conclusion.

Windows taught me that Debian was in this instance 100% correct. I noticed that even though my computer was configured to take updates automatically, the system tray icon indicating updates were available to install had been around for a few days. I clicked on it only to find that critical updates were waiting for me to assent to their license before they installed. Um, no, just not OK. I never want to have to go around to all the managed computers in an organization and agree to a bunch of licenses just to avoid security problems. Anything that gets in the way of automatic upgrades for the sake of licensing is not acceptable.

The obvious next stand is to argue that the software should wait for assent when it is run not when it is installed. Unfortunately that just doesn't work for libraries. I'm picturing a situation where your display manager attempts to open an X connection so it can present the login window only to be told that X will not be available until the user assents to the latest license in the font rendering engine.


Affirmative assent is also evil because it prevents me changing the program to remove or alter the assent "feature". What if I want to take just one function out of your program and use it in mine? Free software licenses should encourage that sort of thing, but geez, what if I have to have fifty little assent widgets to agree to?

It doesn't scale, and it blocks modification. It might be ok to say that this modification doesn't matter much in, say, a complete operating system. But you can't guess all the future uses of your program which is the problem with so many non-modifiability things (including the GFDL).

The "radicals" on debian-legal are usually right.
At some level i agree with you. However there are enough problems
combining licenses that you just have to accept that you cannot in
general do a good job of combining code from one licensed set of
works with another. GPL is one big commons; there are a few others.
But I think the free software community has accepted that we are
unwilling to force people into one of these commons to call their
software free software. So the sad truth is that having to assent
a bunch of licenses is no worse than a lot of other things that
already happen.

The radicals on debian-legal may be right in that the world might
work better if everyone agreed with them. However they are completely
wrong on a lot of critical process issues. For example it is
completely unacceptable that there is as much divergence as there
between Debian and OSI. If we're going to have this divergence we
need to at least do a lot better job of educating people about the
differences. For example, a completely well-meaning corporation could
decide that open-source software development is an approach they want
to take. A apparently reasonable (and I argue actually reasonable)
thing for them to do is to discuss the license they want on the OSI's
license-discuss list. The corporation believes it has done a
responsible thing to work with the community, adopts a license and
only later finds out that the Debian folks are unhappy. The
corporation suffers; the Debian users suffer; the image of the free
software community suffers. No one seems to be trying to fix this
either by getting
convergence or documenting the lack of convergence so that both sides
(and people who consult either side) will understand the other side's

I also think debian-legal has stretched the social contract beyond
all recognition. There are consensus decisions of debian/-legal that
while perhaps consistent with the social contract are not the only or
even most likely reading of the social contract. Yet no one has taken
the time to prepare changes to the social contract to bring it in
line with the current consensus. If this is just lack of time, it is
highly unfortunate. However I have a nagging suspicion that people
believe that if they proposed these changes the changes might fail
and they'd like the current political reality better. Given that
debian-legal's role is to interpret the SC, not to set new policy, I
would consider it unethical for debian-legal to hide and issue where
its thinking might differ from the project as a whole or to defer
the broader discussion.

I'm also fairly certain that some of the debian-legal patent
positions are just on crack. I believe I convinced myself that there
were cases where adding a patent grant and related termination clause
to an otherwise free license would render it non-free in the eyes of
debian-legal. That does not seem in the interests of either the free
software community or Debian's users. I certainly don't think it is
supported by a conservative reading of the social contract.

P.S. I have not replied to your earlier comment because I need to go
look up where in NM my parents are living these days.

September 2019

Powered by LiveJournal.com