On Mar 4, 2020, at 9:13 AM, Drew DeVault <[email protected]> wrote: > > I have some thoughts of my own regarding the ethical licensing movement. > I hope we can promote a more civil discussion among peers, rather than > between opponents.
I can’t tell you how glad I am to read those words. I am the first to admit that in the early days of the movement we took a very antagonistic, anti-establishment approach, but thanks in part to the efforts of individuals at the SFC and the OSI who had the wisdom and wherewithal to engage in good faith anyway, I feel like we are much better situated to have constructive conversations about the issues that are important to us, in service of finding a collaborative and mutually beneficial way forward. > Firstly, I completely acknowledge the concerns of those who would put > ethical clauses in their licenses. I believe that the values on display > with these licenses are valid and worth fighting for. That being said, I > don't believe that software licensing is the appropriate stage for this > fight. I'll explain why, and I'll also share my thoughts on alternative > solutions to these valid ethical issues. There is a strong contingent of people within the ethical source working group who agree 100% with this sentiment about licensing not being the best strategy. Although it is the most visible of our many initiatives, please rest assured that we are exploring a number of options to move the agenda forward. > Even though I find problems with the ethical-source approach, I again > find the ethical dilemma valid and worth addressing. Ethical-source is a > desperate response to the increasing radicalism of world politics. Many > advocates feel powerless to effect change in the world around them, as > dissonant right-wing worldviews grow in public support. This leaves us > frustrated, dejected, and desperate for solutions. > > Software licensing is a domain over which we have power, as software > developers, to affect change. Contrasted with the powerless feeling we > endure on the world's political stage, our power over the software > ecosystem is a good feeling. We want to believe that by exercising our > privilege in the software space, we can bring about the broader changes > we want in the rest of the world, or at least insulate the software > ecosystem against it. > > Unfortunately, it won't work. I know this sucks. I feel those same > frustrations with the progress of world affairs. I feel equally > powerless and desperate. This approach, however, amounts only to virtue > signaling. There are better ways to signal your virtues, and better ways > to deal with the problems that are facing us. I completely understand your position, even though I hold out hope that it might prove to have a positive impact. But taking a step back, would we even be having this conversation if the (admittedly deeply flawed first version of the) Hippocratic License had not been released last September? Had it not gotten so much press attention? Had it not launched dozens of blog posts? As an aside I also would like to caution you on the use of the term “virtue signaling”. I am NOT implying that this applies to you, but that term is something of an alt-right “god whistle” in very common usage in dark and hateful corners of the internet like 4chan, 8chan, some terrible communities on Reddit, and places like Kiwi Farms. It is commonly used to dismiss, imply insincerity or hypocrisy, and generally ridicule people working in the social justice space. That being said, taken without the culture baggage, what’s so wrong about "virtue signaling" if you think of it as “this person is publicly proclaiming a strongly held moral or ethical stance”? Don’t people have the right to make such proclamations without having their integrity challenged? In fact, shouldn’t we be encouraging that? Doesn’t it have inherent value? > > This doesn't mean that there is no place for ethics in your software > projects. You shouldn't have to deal with racism, sexism, homophobia, > transphobia, or any other kind of discrimination in your project's > spaces. The maintenance of a healthy and inclusive community is an > important role for a software maintainer to perform. Be vigilant, and be > prepared to moderate discussions, eject bad actors, and provide a safe > space for everyone. It's going to be hard work, and it won't be made > easier by your choice of license. > > Just because a jerk (or substitute whichever rude word you prefer) can > use your software doesn't mean that you're obligated to interact with > them. You can ban them from your issue trackers, mailing lists, and > chat rooms. You can reject their patches. You can even blackhole their > IPs from your distribution servers. Tell them to fork off and die. > You're still going to have to do this if you use an ethical software > license. Adopting an ethical license, at worst, is a way of stating very clearly that you feel an ethical responsibility for the way your software is being used. The strong feelings evoked by, for example, Palantir using hundreds of open source libraries to help ICE put kids in cages are valid, and as you say, developers have very strong reactions to knowing that the code they so lovingly crafted and devoted so much of their time to is being used in this way. Developers feel helpless. And to date no organization that I am aware of has prioritized addressing this feeling of helplessness. That was the impetus for founding the Ethical Source Movement— we want to empower creators and reinforce the idea that BECAUSE of the impact of the software we create is so wide-ranging, we have a higher-than-average responsibility to ensure that our work is used for social good. The Ethical Source Movement comprises like-minded, concerned technologists looking for any and all tools and methods that will enable us to fulfill these responsibilities. There are going to be misses. There are going to be failures. There are going to be unintended consequences. The important thing is that we are coming together and trying. We’re prioritizing it when it seems that no one else is. > > Philosophy aside, the specific issues as I see them with the ethical > licensing approach are: > > 1. Laws enforce themselves > > The Hippocratic License, for example, includes the following: > >> The Software shall not be used by any person or entity for any systems, >> activities, or other uses that violate any applicable laws, >> regulations, or rules that protect human, civil, labor, privacy, >> political, environmental, security, economic, due process, or similar >> rights (the “Human Rights Laws”). Where the Human Rights Laws of more >> than one jurisdiction are applicable to the use of the Software, the >> Human Rights Laws that are most protective of the individuals or groups >> harmed shall apply. > > The problem is, licenses are held in force by laws, too. Human rights > are already defended: by laws. Anyone who is prepared to violate *human > rights* is going to have no problem ignoring your software license, too. > I disagree on this point, which I see being made quite often (usually it’s more along the lines of “terrorists don’t care about licenses”. The activities that ICE engages in at its concentration camps are illegal but still being carried out by the government, and ICE cannot be sued for human rights violations. But to return to the example of Palantir: do you think their lawyers are going to even ENTERTAIN the notion of using software with an ethical license? Being sued for license violation is the least of their concerns. It would be a public relations disaster if it was discovered that they were using ethical source licensed software to support ICE. > 2. It's difficult to comply with > > I maintain a project hosting forge, which is currently licensed with the > AGPL. It provides git hosting, among other things. If I used the > Hippocratic License instead of AGPL, would I be liable if someone hosted > a project on my platform which violated, say, environmental laws? The > license terms say that most stringent jurisdiction applies. Let's say > for example that the electricity consumption of Bitcoin was made illegal > under strict environmental protections somewhere, and I have users in > that jurisdiction. If someone pushes the Bitcoin source repository to > SourceHut, are they in violation of the SourceHut license? Am I? > > What if someone pushes GNURadio to SourceHut, and I have a user in the > United States National Radio Quiet Zone? I think the language in 2.1 (coming out next week) will clarify this concern. > 3. It's not open source > > This should be fairly obvious. Simply review the ESD and OSD: > > https://ethicalsource.dev/definition/ > https://opensource.org/osd > > Points 1 and 6 are the only ones which are not in *direct* conflict with > the open-source definition. Ethical Source is tautologically not the > same thing as Open Source. The OSD does not define open source, it defines the characteristics of open source licenses. This is a critical distinction. Not meaning this at all in an ageist way (I’m pushing 50 myself), the so-called “GitHub generation” does not, I believe, think of open source from a licensing perspective. The way the majority of them think of open source is experiential: “I am developing code in public, accepting contributions from other developers across the world, in the hopes that it will be useful to someone else.” For better or worse, for many people a license is just a drop-down you select from on a GitHub form when you create a new repo. This is part of the reason why I’m running for the OSI board: the OSI necessarily spends its incredibly insufficient budget on the mission of open source adoption by commercial entities, and (to the best of my knowledge) does little or nothing to support developers themselves. I think it has tremendous potential to do more for the average open source developer, given an adequate budget. > Even if we disagree on software licensing being the appropriate venue > for these battles, I don't believe that a hostile takeover of the > open-source definition is an appropriate way to promote this viewpoint. > A better approach is to put forward new definitions and terminology for > the ethical-source movement to rally behind, and to not drag open-source > advocates into it kicking and screaming. Any members of the open-source > community who were brought into ethical-source without their consent are > going to make for poor members of the ethical-source community. Hostile takeover is very strong language, and I believe a gross misunderstanding of my goal (speaking now for myself, not the movement.) The OSD was written in 1998 with some very specific goals. It has been a wild success. Open source is the glue, the infrastructure, the go-to toolkit powering the modern age of computing. Mission accomplished. But licensing via OSI-approved instruments is about the rights of users, not creators. don’t believe the OSD does much to serve the constituents of the open source community, the developers spending their precious free time putting all of themselves into code that they hope someone will find useful. Maybe the OSI shouldn’t concern itself with developers like that? That’s for the organization itself to decide. But I firmly believe that business-as-usual will lead to the increasing irrelevance of the organization, and I think that would be a tragedy and great loss. If I were to be elected to the board, I would push for two things related to the OSD: 1) Creating a mechanism for reviewing and, if need be, revising the OSD through a consensus-based mechanism that extended beyond the board and paying members of the organization . 2) Through this mechanism, I would advocate for revising the language around “field of endeavor” to close the extraordinary ethical loophole of “evil people deserve freedom, too.” (I can’t think of a single example in the modern world where “evil people” enjoy the same full set of rights and privileges as the rest of a community.) > A contested merger of our groups would leave half of us feeling > disenfranchised: if the OSD remains the same, ethical-source advocates > feel unrepresented; if the OSD changes, open-source advocates feel > unrepresented. This "hostile takeover" approach risks creates a > community of fragmentation and infighting. In truth, almost all goals of > the open-source and ethical-source movements are in alignment. By > cooperating as separate entities, we can be more successful in promoting > our shared goals, and compete only on our mutually exclusive goals. “Hostile takeover” is not a goal of the Ethical Source Movement. We want a seat at the table, and we’re trying multiple strategies to make that happen— including working as peers with the other members of the board. I believe the organization is strong enough and the proper parliamentary procedures are in place to prevent one or even two board members strongly aligned with the Ethical Source Movement from disrupting or abruptly changing the fundamental mission of the organization. Those one or two board members would, instead, represent a perspective that for too long has been ignored, and find ways to encourage our peers in the organization to consider the ethical implications of our mission and goals. > I believe that this approach is going to weaken the open-source > community before it makes it stronger. For this reason, I voted against > Coraline in the OSI board member election. I believe the open source community is strong enough to handle these conversations. But that’s not completely in my control (despite the world-crushing powers that some of my critics ascribe to me ;) ). Over the past few months I have worked very hard to establish relationships and have civil conversations with the people who are dedicating so much of their time and effort to shepherding open source into the future. The working group that I created boasts members from both the OSI and the SFC. Sometimes I still react from a place of emotion and it comes out in ways that I regret, but for the most part I make a concerted effort to engage in the spirit of collaboration and shared concern. Framing matters. I am not an outsider to the open source community; I’ve been participating in open source since the early 2000s. Before that, I released software under the Artistic License back when I was a Perl hacker, and shareware before that. I have worked tirelessly for almost a decade to make open source more welcoming, inclusive, and diverse. I created the first code of conduct for open source communities, and it’s been adopted by tens of thousands of projects, including the entire open source portfolios of companies like Apple, Microsoft, Salesforce, and Intel, not to mention the Linux Kernel. I have mentored dozens of young people eager to join the open source community. And during my tenure on the board of Ruby Together, I launched a paid mentorship program called Ruby Me that helps aspiring developers get valuable experience by pairing them with experienced open source developers and paying both mentor and apprentice to work on open source projects. Like me or hate me, you can’t argue that I have *already* had a tremendous and positive impact on the open source community. Open source transformed my life and opened up opportunities to me that I never would have had otherwise. It is BECAUSE I believe so strongly in the promise of open source that I am engaged in the work that I am doing now. So I resent us-vs-them framing, even as I admit my own contribution to that antagonism early on. I’m hoping that we can move past adversity and come together to create the next great hack that ensures, in the words of Karen Sandler, that software freedom is ALWAYS in service to human freedom. —Coraline
_______________________________________________ License-discuss mailing list [email protected] http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org
