| From: |
| VanL <van.lindberg-AT-gmail.com> |
| To: |
| License submissions for OSI review <license-review-AT-lists.opensource.org> |
| Subject: |
| [License-review] For approval: The Cryptographic Autonomy License (Beta 3) |
| Date: |
| Thu, 22 Aug 2019 16:10:06 -0500 |
| Message-ID: |
| <CAFQvZEPUyGfcqZDSwtvAJ92Ljb3U-Ac3ZQ7J9qOXqeHtO-JoYQ@mail.gmail.com> |
| Archive-link: |
| Article |
I am withdrawing Beta 2 and substituting Beta 3. The only difference
between the two is the addition of new provision 4.1.3:
#### 4.1.3. Coordinated Disclosure of Security Vulnerabilities
You may delay providing the Source Code corresponding to a particular
modification of the Work for up to ninety (90) days (the “Embargo Period”)
if: a) the modification is intended to address a newly-identified
vulnerability or a security flaw in the Work, b) disclosure of the
vulnerability or security flaw before the end of the Embargo Period would
put the data, identity, or autonomy of one or more Recipients of the Work
at significant risk, c) You are participating in a coordinated disclosure
of the vulnerability or security flaw with one or more additional
Licensees, and d) the Source Code pertaining to the modification is
provided to all Recipients at the end of the Embargo Period.
All other discussion regarding CAL Beta 2 should apply. The following is
copied from the Beta 2 submission:
*Rationale:* The CAL is a new network copyleft license especially
applicable for distributed systems. It is designed to be as protective as
possible of downstream recipients of the software, providing them all that
they need to create and use an independent copy of a licensed work without
losing functionality or data.
*Distinguish:* The CAL is most similar to the AGPL, and will have a similar
scope of action in most cases. However, the CAL has provisions that require
that operators provide recipients of the software with a copy of their user
data, enhancing their ability to independently use the software. The CAL
also allows the creation of mixed "Larger Works," provides for affiliate
use, and does not specify a mechanism by which notice is given to
recipients.
*Legal Analysis*: The CAL was drafted by legal counsel. Previous
discussions have outlined many aspects of the legal analysis.
Following the rejection of CAL Beta 1, this version has been reworked to
remove the reasons for rejection and to address the concerns that led into
the “further discussion” items. In particular, I worked on laying out the
scope of the private right of use, clarifying when the conditions apply,
and avoiding constructions that may result in adverse policy inferences. I
also simplified the language to enhance interpretability.
The most controversial aspect of the CAL remains: it requires someone who
is communicating the software (or a part of the software) to a "Recipient"
(a non-affiliated third party), to also allow that Recipient access to the
Recipient's own user data. To show how this fits into the broader concept
of software freedom, the policy associated with this requirement is also
laid out: to allow a Recipient to fully use an independent copy of the Work
generated from the Source Code provided with the Recipient’s own User Data.
*Previous Discussion*: For those only following this list, I also provided
a changelog on license-discuss [1] which prompted some discussion. From
that discussion, I'll note that Russell McOrmond is on record as believing
that the CAL is part of a class of licenses - which includes the AGPL, and
the GPL as applied) is not compliant with the OSD. Bruce Perens is on
record as believing the any requirements that an operator provide user data
is a violation of "no field of use" restriction in OSD 6. Bruce is also on
record as believing that the identification of the private right of use is
a field of use restriction.
[1]
http://lists.opensource.org/pipermail/license-discuss_lis...
A copy of the license (now beta 3) in markdown-formatted plaintext is
attached.
Thanks,
Van
CAL draft v1.0-Beta 3 (Temporary version number for development purposes)
________________________________________________________________________
# Cryptographic Autonomy License version 1.0
_This Cryptographic Autonomy License (the “License”) applies to any Work
whose owner has marked it with any of the following notices:_
_“Licensed under the Cryptographic Autonomy License version 1.0,” or_
_“CAL-1.0” or “Licensed under the Cryptographic Autonomy License version_
_1.0, with Combined Work Exception,” or “CAL-1.0-With-Exception.”_
_________________________________________________________________________
## 1. Purpose
This License gives You unlimited permission to use and modify the software
to which it applies (the “_Work_”), either as-is or in modified form, for
Your private purposes, while protecting the owners and contributors to the
software from liability.
This License also strives to protect the freedom and autonomy of third
parties who receive the Work from you. If any non-affiliated third party
receives any part, aspect, or element of the Work from You, this License
requires that You provide that third party all the permissions and materials
needed to independently use and modify the Work without that third party
having a loss of data or capability due to your actions.
The full permissions, conditions, and other terms are laid out below.
## 2. Receiving a License
In order to receive this License, You must agree to its rules. The rules of
this License are both obligations of Your agreement with the Licensor and
conditions to your License. You must not do anything with the Work that
triggers a rule You cannot or will not follow.
### 2.1. Application
The terms of this License apply to the Work as you receive it from Licensor,
as well as to any modifications, elaborations, or implementations created by
You that contain any licenseable portion of the Work (a _Modified Work_”).
Unless specified, any reference to the Work also applies to a Modified Work.
### 2.2. Offer and Acceptance
This License is automatically offered to every person and organization. You
show that you accept this License and agree to its conditions by taking any
action with the Work that, absent this License, would infringe any intellectual property right held
by Licensor.
### 2.3. Compliance and Remedies
Any failure to act according to the terms and conditions of this License places Your use of the
Work outside the scope of the License and infringes the
intellectual property rights of the Licensor. In the event of infringement,
the terms and conditions of this License may be enforced by Licensor under
the intellectual property laws of any jurisdiction to which You are subject.
You also agree that either the Licensor or a Recipient (as an intended
third-party beneficiary) may enforce the terms and conditions of this License
against You via specific performance.
## 3. Permissions and Conditions
### 3.1. Permissions Granted
Conditioned on compliance with section 4, and subject to the limitations of
section 3.2, Licensor grants You the world-wide, royalty-free, non-exclusive
permission to:
a. Take any action with the Work that would infringe the non-patent
intellectual property laws of any jurisdiction to which You are subject; and
b. Take any action with the Work that would infringe any patent claims that
Licensor can license or becomes able to license, to the extent that those
claims are embodied in the Work as distributed by Licensor.
### 3.2. Limitations on Permissions Granted
The following limitations apply to the permissions granted in section 3.1:
a. Licensor does not grant any patent license for claims that are only
infringed due to modification of the Work as provided by Licensor, or the
combination of the Work as provided by Licensor, directly or indirectly, with
any other component, including other software or hardware.
b. Licensor does not grant any license to the trademarks, service marks, or
logos of Licensor, except to the extent necessary to comply with the
attribution conditions in section 4.1 of this License.
## 4. Conditions
If You exercise any permission granted by this License, such that the Work,
or any part, aspect, or element of the Work, is distributed, communicated,
made available, or made perceptible to a non-Affiliate third party
(a “_Recipient_”), either via physical delivery or via a network connection
to the Recipient, You must comply with the following conditions:
### 4.1. Provide Access to Source Code
Subject to the exception in section 4.4, You must provide to each Recipient
a copy of, or no-charge unrestricted network access to, the Source Code
corresponding to the Work.
The “_Source Code_” of the Work means the form of the Work preferred for
making modifications, including any comments, configuration information,
documentation, help materials, installation instructions, cryptographic seeds
or keys, and any information reasonably necessary for the Recipient to
independently compile and use the Source Code and to have full access to the
functionality contained in the Work.
#### 4.1.1. Providing Network Access to the Source Code
Network access to the Notices and Source Code may be provided by You or by a
third party, such as a public software repository, and must persist during the
same period in which You exercise any of the permissions granted to You under
this License and for at least one year thereafter.
#### 4.1.2. Source Code for a Modified Work
Subject to the exception in section 4.5, You must provide to each Recipient of
a Modified Work Access to Source Code corresponding to those portions of the
Work remaining in the Modified Work as well as the modifications used by You
to create the Modified Work. The Source Code corresponding to the
modifications in the Modified Work must be provided to the Recipient either
a) under this License, or b) under a Compatible Open Source License.
A “_Compatible Open Source License_” means a license accepted by the Open
Source Initiative that allows object code created using both Source Code
provided under this License and Source Code provided under the other open
source license to be distributed together as a single work.
#### 4.1.3. Coordinated Disclosure of Security Vulnerabilities
You may delay providing the Source Code corresponding to a particular
modification of the Work for up to ninety (90) days (the “Embargo Period”) if:
a) the modification is intended to address a newly-identified vulnerability or
a security flaw in the Work, b) disclosure of the vulnerability or security
flaw before the end of the Embargo Period would put the data, identity, or
autonomy of one or more Recipients of the Work at significant risk, c) You are
participating in a coordinated disclosure of the vulnerability or security flaw
with one or more additional Licensees, and d) Access to the Source Code
pertaining to the modification is provided to all Recipients at the end of the
Embargo Period.
### 4.2. Maintain User Autonomy
In addition to providing each Recipient the opportunity to have Access to the
Source Code, You cannot use the permissions given under this License to
interfere with a Recipient’s ability to fully use an independent copy of the
Work generated from the Source Code You provide with the Recipient’s own User
Data.
“_User Data_” means any data that is either an input to or an output from the
Work, or is necessary for the functioning of the system, in which the
Recipient has an existing ownership interest, an existing right to possess, or
has been generated for or uniquely assigned to the Recipient.
#### 4.2.1. No Withholding User Data
Throughout any period in which You exercise any of the permissions granted to
You under this License, You must also provide to any Recipient to whom you
provide services via the Work, a no-charge copy, provided in a commonly used
electronic form, of the Recipient’s User Data in your possession, to the extent that such User Data
is available to You for use in conjunction with
the Work.
#### 4.2.2. No Technical Measures that Limit Access
You may not, by means of cryptographic controls, control of encryption keys,
seeds, hashes, or any other technological protection measures, or any other
method, limit a Recipient’s ability to access any functionality present in
Recipient's independent copy of the Work, or to deny a Recipient full control
of the Recipient’s User Data.
#### 4.2.3. No Legal or Contractual Measures that Limit Access
You may not contractually restrict a Recipient's ability to independently
exercise the permissions granted under this License. You waive any legal
power to forbid circumvention of technical protection measures that include
use of the Work, and You waive any claim that the capabilities of the Work
were limited or modified as a means of enforcing the legal rights of third
parties against Recipients.
### 4.3. Provide Notices and Attribution
You must retain all licensing, authorship, or attribution notices contained
in the Source Code (the “_Notices_”), and provide all such Notices to each
Recipient, together with a statement acknowledging the use of the Work.
Notices may be provided directly to a Recipient or via an easy-to-find hyperlink
to an Internet location also providing Access to Source Code.
### 4.4. Scope of Conditions in this License
You are required to uphold the conditions of this License only relative to
those who are Recipients of the Work from You. Other than providing Recipients with the applicable
Notices, Access to Source Code, and a copy of
and full control of their User Data, nothing in this License requires You to
provide processing services to or engage in network interactions with anyone.
### 4.5. Combined Work Exception
As an exception to condition that You provide Recipients Access to Source
Code, any Source Code files marked by the Licensor as having the “_Combined
Work Exception_,” or any object code exclusively resulting from Source Code
files so marked, may be combined with other Software into a “_Larger Work_.”
So long as you comply with the requirements to provide Recipients the
applicable Notices and Access to the Source Code provided to You by Licensor,
and you provide Recipients access to their User Data and do not limit
Recipient’s ability to independently work with their User Data, any other
Software in the Larger Work as well as the Larger Work as a whole may be
licensed under the terms of your choice.
## 5. Term and Termination
The term of this License begins when You receive the Work, and continues until
terminated for any of the reasons described herein, or until all Licensor’s
intellectual property rights in the Software expire, whichever comes first
(“_Term_”). This License cannot be revoked, only terminated for the reasons
listed below.
### 5.1. Effect of Termination
If this License is terminated for any reason, all permissions granted to You
under Section 3 by any Licensor automatically terminate. You will immediately
cease exercising any permissions granted in this License relative to the Work,
including as part of any Modified Work.
### 5.2. Termination for Non-Compliance; Reinstatement
This License terminates automatically if You fail to comply with any of the
conditions in section 4. As a special exception to termination for
non-compliance, Your permissions for the Work under this License will
automatically be reinstated if You come into compliance with all the conditions
in section 2 within sixty days of being notified by Licensor or an intended
third party beneficiary of Your noncompliance. You are eligible for
reinstatement of permissions for the Work one time only, and only for the
sixty days immediately after becoming aware of noncompliance. Loss of
permissions granted for the Work under this License due to either a) sustained
noncompliance lasting more than sixty days or b) subsequent termination for
noncompliance after reinstatement, is permanent, unless rights are
specifically restored by Licensor in writing.
### 5.3. Termination Due to Litigation
If You initiate litigation against Licensor, or any Recipient of the Work,
either direct or indirect, asserting that the Work directly or indirectly
infringes any patent, then all permissions granted to You by this License
shall terminate. In the event of termination due to litigation, all
permissions validly granted by You under this License, directly or indirectly,
shall survive termination. Administrative review procedures, declaratory
judgment actions, and counterclaims in response to patent litigation do not
cause termination due to litigation.
## 6. Disclaimer of Warranty and Limit on Liability
As far as the law allows, the Work comes *AS-IS*, without any warranty of
any kind, and no Licensor or contributor will be liable to anyone for any
damages related to this software or this license, under any kind of legal
claim, or for any type of damages, including indirect, special, incidental,
or consequential damages of any type arising as a result of this License or
the use of the Work including, without limitation, damages for loss of
goodwill, work stoppage, computer failure or malfunction, loss of profits,
revenue, or any and all other commercial damages or losses.
## 7. Other Provisions
### 7.1. Affiliates
An “_Affiliate_” means any other entity that, directly or indirectly through
one or more intermediaries, controls, is controlled by, or is under common
control with, the Licensee. Employees of a Licensee and natural persons acting
as contractors exclusively providing services to Licensee are also Affiliates.
### 7.2. Choice of Jurisdiction and Governing Law
A Licensor may require that any action or suit by a Licensee relating to a
Work provided by Licensor under this License may be brought only in the courts
of a particular jurisdiction and under the laws of a particular jurisdiction
(excluding its conflict-of-law provisions), if Licensor provides conspicuous
notice of the particular jurisdiction to all Licensees.
### 7.3. No Sublicensing
This License is not sublicensable. Each time You provide the Work or a
Modified Work to a Recipient, the Recipient automatically receives a license
under the terms described in this License. You may not impose any further
reservations, conditions, or other provisions on any Recipients’ exercise of
the permissions granted herein.
### 7.4. Attorneys' Fees
In any action to enforce the terms of this License, or seeking damages
relating thereto, including by an intended third party beneficiary, the
prevailing party shall be entitled to recover its costs and expenses,
including, without limitation, reasonable attorneys' fees and costs incurred
in connection with such action, including any appeal of such action. This
section shall survive the termination of this License.
### 7.5. No Waiver
Any failure by Licensor to enforce any provision of this License will not
constitute a present or future waiver of such provision nor limit Licensor’s
ability to enforce such provision at a later time.
### 7.6. Severability
If any provision of this License is held to be unenforceable, such provision
shall be reformed only to the extent necessary to make it enforceable. Any
invalid or unenforceable portion will be interpreted to the effect and
intent of the original portion. If such a construction is not possible, the
invalid or unenforceable portion will be severed from this License but the
rest of this License will remain in full force and effect.
### 7.7. License for the Text of this License
The text of this license is released under the Creative Commons
Attribution-ShareAlike 4.0 International License, with the caveat that any
modifications of this license may not use the name “Cryptographic Autonomy
License” or any name confusingly similar thereto to describe any derived work
of this License.
_______________________________________________
License-review mailing list
License-review@lists.opensource.org
http://lists.opensource.org/mailman/listinfo/license-revi...
