Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

request for clarity of AuthPass's licensing #363

Open
hwpplayer1 opened this issue Feb 16, 2024 · 2 comments
Open

request for clarity of AuthPass's licensing #363

hwpplayer1 opened this issue Feb 16, 2024 · 2 comments

Comments

@hwpplayer1
Copy link

Thank you for AuthPass and releasing it under the GPLv3.0. I am working on approving AuthPass for the Free Software Directory (FSD), but I am having trouble determining if it is licensed under GPLv3.0-only or GPLv3.0-or-later.

The Free Software Foundation has recommendations on How to use GPL licenses for your own software which include detailing the licensing information in the README file. I did find text describing -or-later in /metadata/linux/app.authpass.AuthPass.metainfo.xml, but it isn't quite enough for having the correct licensing information in the FSD. Would you be interested in reviewing the FSF's recommendations and bringing clarity to AuthPass's licensing?

I am not a lawyer and this is not legal advice.

Thanks again,
hpoul added a commit that referenced this issue Feb 17, 2024
@hpoul
Update README.md: Add clarification for GPL v3 #363
79aec91
hpoul added a commit that referenced this issue Feb 17, 2024
@hpoul
Clarify license: GPL-3.0-only #363
2878ab7
@hpoul
Copy link
Collaborator

hpoul commented Feb 17, 2024

@hwpplayer1 to be honest I didn't think too much about that part. But reading GPLv3.0-only or GPLv3.0-or-later makes me think GPLv3 makes more sense. I have updated the README and (/metadata/linux/app.authpass.AuthPass.metainfo.xml)[https://github.com/authpass/authpass/blob/main/metadata/linux/app.authpass.AuthPass.metainfo.xml].

(I've set up a CLA which all contributors must sign, exactly so I'm able to change the license if GPLv4 is released (or any other).. which seems to be the main point of that "or later" clause..)

Let me know if this clarifies the license issue. thanks for pointing that out.

@tallship
Copy link

tallship commented Feb 21, 2024
edited

@hpoul ,

Thank you for your choice in this matter. I believe that since you cannot know what a GPLv4/5/6 might look like, your decision to hold it at GPLv3-only is prudent, and considering the terms in your CLA, you'll be able to freely make a determination later as to whether you feel comfortable bumping the license up a version at a time or not.

Linus himself has been adamant about GPLv2 only, and has stated that he would not license the Linux kernel under GPLv3. His reasons are beyond the scope of this discussion however, and is a matter of public record.

Also, there's basically two constructs as to how contributions are made to copyleft licensed software (permissive cuck licenses too like BSD and MIT) - The contributor assigns copyright to the project, or the contributor assigns a license under their copyright to the project.

Here's the gist of it all for everyone, in a nutshell:

2. License grant

2.1 Copyright license to Us

Subject to the terms and conditions of this Agreement, You hereby grant to Us a worldwide, royalty-free, NON-exclusive, perpetual and irrevocable (except as stated in Section 8.2) license, with the right to transfer an unlimited number of non-exclusive licenses or to grant sublicenses to third parties, under the Copyright covering the Contribution to use the Contribution by all means, including, but not limited to:

  • publish the Contribution,
  • modify the Contribution,
  • prepare derivative works based upon or containing the Contribution and/or to combine the Contribution with other Materials,
  • reproduce the Contribution in original or modified form,
  • distribute, to make the Contribution available to the public, display and publicly perform the Contribution in original or modified form.

Ramifications:

  • Unlike many CLAs designed to monetize a corporation, whereby the contributor must Assign Copyright to the project, this one requires the contributor to assign a license to the project of their Copyright.
  • If you assign your copyright - you no longer own the intellectual property
  • If you assign a license to the project, you still own the extent of the intellectual property that you contributed, are free to contribute that code or prose elsewhere, etc.
  • In this case, the contributor assigns a non-exclusive license, meaning that the contributor can license others to use the code they authored and contributed.
  • Also note that since you've licensed the use of your (the contributor's) intellectual property, without any expiry (you've assigned the license in perpetuity), you, as the contributor may NOT ever assign your copyright to someone else (Not that you would want to, but some projects require this, and you cannot take away the license you've granted to AuthPass) without incumbering whomever you assign your copyright to, by requiring them to honor this previous license to AuthPass.

IMNSO, this is the most ethical form of CLA - beware of other projects who want you to assign your copyright (ownership of intellectual property that you've created).

Again, thank you for taking the track of copyright licensing rather than that of copyright assignment. It sounds like a subtle distinction, but it is indeed not so subtle.

All the best!

.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hpoul @tallship @hwpplayer1