I’m curious what people make of this situation; in particular the general issue of tech companies being unwilling to place stronger than “do whatever you want” restrictions on open-source code.
in this instance i understand that the company wants to switch a license because they only have an approved set. but what about changing that set? what are some good open-source licenses that allow us to place (small, let’s face it) restrictions on our users?
does anyone have any opinions on how we can push companies that do contribute to OS to use more progressive licenses? (i.e. recognition that neutrality is in fact not “neutral”, etc, etc.)
Free software with restrictions on use isn’t free software. Aside from being really hard to identify what does/doesn’t do harm (in essence making the Hippocratic unenforceable - is such software prohibited in United Nation humanitarian operations, since they are staffed by military personnel?), trying to put our current morals into license form just doesn’t work.
50 years ago, homosexual and transgender people were considered harmful, and would be prohibited under such a license, and at the time people thought this was right, moral, and just. I think it would be arrogant to pretend that we’re at the pinnacle of moral judgement now.
So let’s leave licenses open to all use, rather than ruling out behaviour we think is immoral now at the cost of the progressive future.
how do you feel about a code of conduct to enforce norms in a community? the same way, or differently? why?
Codes of conduct describe practices for how people develop the software, it doesn’t change the way free software can be used by users, or who is even allowed to be a user.
If you want to set rules on how you work as a team, that’s just fine, but that’s different from then prohibiting certain uses by people or organisations outside your team because you don’t agree with those uses.
To send a question back at you, how do you view the morality of use for things like evacuation and disaster relief efforts that involve the military (for example, in the UK a lot of COVID support was done by the military), which under the Hippocratic license would be, at first blush, prohibited?
i’d say it’s exactly the same; setting the code of conduct enforces who is in and who is out; same with the license.
i’d say it’s within the spirit of acceptable usage; so it would be fine.
Unfortunately licenses don’t operate on spirits or hopes, and the Hippocratic license says:
3.1. The Licensee SHALL NOT, whether directly or indirectly, through agents or assigns:
3.1.20. Military Activities: Be an entity or a representative, agent, affiliate, successor, attorney, or assign of an entity which conducts military activities;
This clearly sets out that if you, the licensee, are a representative of an org that conducts military activities, you cannot use the software. It’s clear cut and dry.
But the point that is being hit on here, by both of us, is there there is clearly nuance in use of the software. The intent of the relicensing is to limit it to peaceful and progressive, humanitarian use. The problem is that the legal wording of the license does actually prohibit this use if you happen to be from the wrong team when you are conducting those progressive/humanitarian goals. The software could not be used in any such efforts such as rapidly deployed military hospitals to disaster zones, military helicopter search and rescue teams, coast guard, etc.
But, I promise I’m not trying to say “military good” - the underlying point is that software ends up being used in all sorts of delicately nuanced and varied situations that we cannot possibly predict, and so by trying to suggest that we can ahead-of-time predict all these nuanced cases we will either be overly restrictive, or not restrictive enough. Given that the nature of progress is to improve upon ourselves, I would rather less restrictive to allow for uses I couldn’t have predicted, rather than stifle them because we are relatively backwards compared to our progressive peers in the future.
licenses, like all legal agreements, are merely systems through which the world is interpreted; i.e. it’s the spirit of the intention.
i’m not saying the hippocratic license is perfectly worded; and of course i didn’t design it; but it’s certainly possible to have different interpretations of a piece of legal writing.
i think i agree with you that i don’t want to be overly specific, and i’d probably agree that the hippocratic license is a bit too specific; so i’m open to alternatives (hence this conversation)
i’d hope there’s a middle ground between MIT and the Hippocratic license; and i think i’m arguing that i’d prefer to err towards hippocratic vs MIT, because at least that enables me to say something about what i want.
This is actually what lawyers try very hard to remove. They like things that are clear and settled.
for what it’s worth, while i think this is a side issue to the central point - namely, how can we as programmers have some say on how software is used; and in particular try and push our industry towards positive applications of software; or at least not planet-destroying usages - i don’t think you’re right at all.
law is all about interpreting the essence in certain settings; so while i’m sure the hippocratic license doesn’t get it perfect; i’m sure there is a way to make a best effort, that does not necessitate total prediction of the future.
Licenses based in morality are guaranteed to be restrictive, since morality itself is relative. Same with “positive applications”, or “not planet-destroying usages” - relative topics, and licenses based on these are bound to be restrictive. As an example, software that cannot be used for deforestation applications (say controlling the mechanical saw) cannot be used in locations where primary source of fuel is wood and no alternative exists.
In my experience, it is a futile effort to try and enforce some arbitrary definition of “positive applications”, “not planet-destroying” etc., without also restricting valid, legitimate, and moral use (moral as per the license author, who actually wishes to allow moral use).
A project with a proper FOSS license and a highly restrictive CoC can still be legitimately forked into a community with a different or even contradicting CoC.
A project with a restrictive license can’t be legitimately forked away into a contradicting license.
and that’s exactly what i’m going for :)
My point is that this is what makes it not be “exactly the same” that you responded above. :)
A license ties your moral judgements to the code, a CoC ties your moral judgements to your community.
I understand that you want to tie moral judgements to code, but that’s where the disagreement lies. I, and I suspect other people you’re debating here, believe that we should be free to legitimately fork away from moral judgements. It’s less of a debate of whether the moral judgements are objectively correct or absolute or pious or whatever.
i suppose what i’m getting at is, at what point do we as a tech community take a stand against various injustices? one way is through the companies we work for, and the communities we support. but what about the open-source work we do? are we doomed to just always be left open to abuse and misuse; or is there some avenue by which we can exercise personal judgement there as well? clearly there’s some level on which people are “okay” with this (i.e. GPL licenses, etc; which maybe while somewhat widely frustrating, also get traction). my interest lies in exploring that domain where we’re concerned with social good.
it seems a shame to not at least attempt to explore this space, given how pervasive software is.
I don’t think there’s much disagreement about the existence of injustices (no matter that our definitions of injustice changes over time) and the need to take actions against them.
The disagreement is more about whether action should be taken at all layers and aspects of life/society/technology, or whether there are some places where it’s more appropriate to encode restrictions vs others where it’s less appropriate.
In my view, the community code of conduct is a very appropriate avenue for this. We can create or think of other avenues, too! I don’t feel that the code license is a good fit, for many reasons already expressed elsewhere in this debate. :)
I understand the urge to be absolute and complete in sanctioning people we disagree with, and maybe it’s a political axis spectrum thing. I tend to land more on sanctions through voluntary relations (deplatforming, refusing to trade, etc) rather than through mechanical means (restricting access to technology, safety, food, oxygen, whatever extreme we can imagine). I’m sure it’s a varying spectrum for many people. I’ve seen some people express this as “higher level” (social) vs “lower level” (physical).
I don’t want to be “that guy”, but… none? Use GPL and write an end-user license agreement. Problem of corpos abusing libre codebases, sorted. Problem of corpos abusing libre software, sorted. Problem of free/open source software users & developers not wanting to get involved in political licenses and instead remain generally neutral, disappeared. It’s a win-win all round, drinks on me.
Who is Tweag? A company? Why was there even a repo in their org with a license they don’t like?
A little bit more context would be nice. I have some questions which are relevant to get an opinion on this PR:
I assume by “more progressive licenses” you mean copyleft licenses. I don’t think this is the goal, because I believe everyone should be allowed to publish/sell his software under which license he want (this also includes non free licenses). Nobody forces you contribute to a project or use it. If you like to contribute to a non copyleft project but want your code only in a copyleft license you are free to fork the code and change the license. Yes a fork is not an easy task and requires time. But this is also true for the original work. Free software means I allow you to use my code, change it and publish the changes. It doesn’t mean that I’m required to even look at your comments or changes.
 with some legal restriction to customer protection
 And yes I have already not contributed to projects, because I didn’t like the license or the required contribution agreement
 you must still follow the original license and watch for some other legal foo
i don’t really mean copyleft, i mean any license which enforces some “code of conduct” like constraint; i.e. “anyone can use this code; but not a fossil fuel company.”
certainly the goal to limit use.
Limiting use is not possible with free / opensource software, because free software requires to allow the use of the software for whatever the user wants to use the software.
But in general it’s up to you to add such restrictions to your software. But it’s up to others not to use or contribute to your software, when they don’t like your restrictions. The other way around it’s up to you not to use or contribute to software projects which don’t have restrictions you would like to have. You might ask them to add such restrictions, but you should be prepared that they reject your request (by the way: rejecting such requests doesn’t imply they don’t share your values).
 there should be (and are, depending on your restriction) some legal restrictions what you are allowed to require/enforce
saying this isn’t “open-source software” is a bit vacuous; the point is to reinterpret how we can do open-source stuff while also having some say about how our code is used, just as we would do when we are working.
You can’t, because this wouldn’t be open-source by Definition (See point 5 and 6). I like more the argument over the four essential freedoms: What you suggest would violate freedom 0. Yes you can add such restriction to your software, but then it wouldn’t be open-source anymore.
I believe you ask the wrong question. You should ask: Is it a good idea to limit the usage of software for some users but still have the source code as open as possible? How could such a license look like? What restrictions should be hold? How could we name this licensing system?
To answer the first question: I would say it’s a bad idea. Because it tries to solve social issues with legal limitations. Also how would you find consent about what usage/which users the license should restrict? We currently have problems with incompatible open-source licenses and discussions about which is the “best” license.
it wouldn’t be “definitionally” open source according to that definition; but the whole conversation we’re having here is what would it look like if we decided to treat re-use just like we treat our communities. there’s no point arguing about the definitions some privileged people wrote down many years ago.
as to your second point; isn’t the whole essence of the state about solving social issues with “legal” means; i.e. the state itself? i.e. what’s the point of a legal apparatus at all but to tackle social problems.
OK I understand now what you want and I must say I hate this type of argumentation. You suggest to redefine a already set term till it means what you currently want. This is bad because it poisons the discussion if everyone uses the same word with different meanings.
For your suggestion, I believe you just burn your and other peoples time by restricting the use of the software. There are many important issues, but these issues are not solved by software licenses. Also it is not easy to define (and redefine) which restriction the license should enforce. So for example you exclude some “evil” company. Later the company changes and want to create some “good” product with your code. But one of your core contributor don’t want to allow the company to use his code, because he has had a fight with the CEO of the company. An other example: You might find out in 5 years that on of the restrictions is harming “good” use, but you have lost contact to one of the core contributors so you can’t change the license.
In general I see it more and more that project which started to solve one issue now try to solve all issues. Most of the time in a way that you only accepted if you share all values and believe proposed solution is the best solution (and most of the time there is at least on point I believe the proposed solution is harmful). I avoid this communities, because I don’t have the mental capacity to save the world.
i’m not against the idea that software licenses are a totally pointless mechanism for change, aside from the fact that they clearly are a mechnaism for change, i.e. the mere idea of the GPL, the abundance of MIT, the fact that open-source powers literally everything on the planet at the moment, etc, etc.
i’m just curious if there is any way to also consider social good. maybe the answer is “no”, but it seems a shame.
I have never implied this. I would guess you believe the opposite. I also think software licenses can help to solve some issues. But it’s not the only tool available. Also free software communities are not the only communities available to solve social issues. The free software definition/community hasn’t solved the problems lead to the free software movement and definition. So adding more issues to solve don’t looks like a good idea.
In German there is the word “Eierlegendewollmilchsau” which translate to Pig which lays eggs while producing milk and wool. It is used when someone proposes a all in one solution which sounds to good to be real. What you propose sounds like you want a “Eierlegendewollmilchsau”-license. So to answer your questions: I don’t think the free software definition is the best definition for a social good (whatever that means) licensing type definition, but I haven’t seen a better one or one which might lead to a better definition.
Also your question sounds like you want to solve all (or at least a lot of) social issues just by one magic switch. But social problems aren’t that easy and there is not that one switch/law which just need to be enabled and the problem is gone. It’s a time consuming process to understand the issue, understand the reasons for the issue and find ways to solve/mitigate the issues. Also the issues are not stand alone. A solution for a problem might cause some issues somewhere else.
So can your licenses influence how some issues are solved? Yes of course, but be careful because you might make it worse or harm something unrelated. Also keep in mind: “Prediction is very difficult, especially about the future”.
I would take a step back and ask why you are making the code open source in the first place. If you want just to share your work with others, then pick whatever you want. As long as you own all of the intellectual property related to the code, you can pick whatever license you desire.
However, if you want your project to be adopted within a corporate environment, you can’t expect things outside their standard set to get a lot of traction. That set was picked by lawyers to reduce the risk of the company having future issues with clean intellectual property rights to their product. Even if it was adopted by a company before they were big enough to have lawyers who cared, one day they will grow, get acquired, IPO, and there will be a team of people running license checks for stuff outside of the approved set. That is especially true for relatively unknown licenses like the one in this case. At that point, they’re likely going to stop engineering work to replace the components affected, too, once again, reduce risk.
Here is a hypothetical. A company adopts this component with the license as it was; they get acquired by a large, multinational public company. There is not a lawyer that would read this license and agree to run down every aspect of this license and ensure they’re complying with it. Some are easy, but many are vague enough to be a pain. So instead, they tell engineering to yeet it from the product.
Given all of that, to answer your prompt, you don’t. Companies are not taking a risk on small open-source components. If you want to get the Hippocratic License added to the set of approved licenses, it is a Sisyphean effort. The only way I see it happening is if your project gets to the level of something like Kubernetes or Linux, which (in a catch) often doesn’t happen without corporate support.
why open-source it? clearly, to provide some benefit. it’s a useful library.
i personally don’t care a great deal about adoption; what i do care about is “good use”. i personally don’t want to support the military or fossil fuel companies, say. just like i wouldn’t work at those companies.
i’m curious to gauge peoples views about expressing such sentiments via licenses. it seems like the hippocratic license - https://firstdonoharm.dev/ - is a very clear approach to do this; yet it seems to be met with quite some anxiety by people who think tech should somehow be “neutral”. it’s long been shown that neutrality only rewards the privileged; to make social change one needs to step out, somehow.
so my question is, as a tech community at large, do we just completely give up on licenses? (aside from the standard few?) or is there some room to innovative; some way to create social change for ourselves, our users, and the broader community? and if so, what is that mechanism?
I’ll ask it a different way. In an ideal world, would a company change its policies to adopt your open source software? If you want to change corporate governance, I don’t think you do it with progressive open source licenses. No engineering leader is going to go to a board and ask them to change broad policy so they can use an open source library.
and let me ask you in a different way - what would make them change?
IMO, probably only government regulation and popular opinion.
A plurality of US states – Delaware (the important one for corporate governance!) included – allow corporations to incorporate or reincorporate as a public benefit corporation. It’s conceivable that a corporation could be subject to enough pressure by its employees and shareholders that it would reincorporate as a B corporation.
But while I think a niche could exist in B corporations for software licensed under the Hippocratic license & similar, it’s important to not mix cause & effect: your Hippocratic licensed software may be eligible for selection by a company because they chose to become a B corp, but it strikes me as exceptionally unlikely that a company will ever become a B corp to use your Hippocratic licensed software.
how is B-corp and the license even related?
i.e. we’re just taking about a simple license here, where the terms are of course only enforceable through some (hypothetical) law suit; i..e the license really just expresses some notion of personal preferences enforceable only if i feel like suing random companies that use it.
maybe one thing i could point out is the difference between a code of conduct and a license. we all feel (somewhat?) comfortable with a code of conduct expressing behaviour wanted in our spaces; why not licenses for those same desires?
Corporate governance seems like the thing being discussed here. You hope to impact governance through clauses in a license. However, governance is not limited to the time when you decide to sue some companies. Companies are bound to various agreements which require them to make some attempt to mitigate risk so that they can achieve the outcomes that the owners desire. The result is that they pick and choose which risks they want to take on by limiting the number of licenses they support and the scope of these licenses.
Regular corporations (and, I suspect B-corps too) are unlikely to want to increase the number of risks they are dealing with by using software with the Hippocratic license. We already know that many companies rule out GPL and derivative licenses entirely just to limit their risk. Some will pick and choose, but only when they have resource to review and fit it into their business.
Above I used terms like “various agreements” because I don’t have the time to write in the level of the detail I’d like to. Agreements come in many forms and we care most about the explicit ones which are written like contracts. Some agreements are more implicit and while still important, I’m ignoring these to simplify. Agreements include but aren’t limited to:
For your license to succeed, you need to navigate all of these agreements. A license like MIT is relatively compatible because it’s limited in scope.
i mean, suppose you are a regular developer living your life, and you feel like sharing code. clearly, i don’t want to engage at the level you mention with anyone who uses the code.
licenses seem like a reasonable way, no? or no. would you suggest there is no way? we should just give up and MIT everything?
There is no way to achieve what you desire to any great extent with your approach. The trade-offs are for you to decide.
I would posit that most people don’t want to have relationships based on the requirements of the license you put forth. If you want to define your relationships and engagement through that license for your code, or companies you run, then that’s 100% fine. Many types of small communities can be sustained with hard work.
When you go in that direction don’t expect other people to reciprocate in various ways that they can in the open source world through code use, testing, bug reporting, doc writing, etc. If you use MIT then you’ll open the door to a lot more collaboration and usage. For many people who have a livelihood depending on open source, this is the only approach. When your livelihood doesn’t depend on open source it’s easier to pick and choose licenses, but even then the decision can limit who will engage with you.
You’ve forgotten one more potential situation: you want other open source projects and people to be able to use it, but don’t care at all about corporate usage, or even want to discourage it.
In such situations, licenses like the unlicense, AGPL, Hippocratic license, etc can be useful.
I bucket that under the first point of share your work with others.
Not quite on topic, but of interest to there being a relicensing - fortunately they’ve got all collaborators available to sign off on it, which is the right time to relicense. If they’d had more external contributions it’d be a lot more difficult