{licenses, check-meta}: add support for faircode licenses and specific license acceptance #370685
Conversation
github-actions
bot
added
6.topic: stdenv
nix-owners
bot
requested review from
alyssais,
Artturin,
emilazy,
Ericson2314,
philiptaron,
reckenrode and
RossComputerGuy
Pandapip1
force-pushed
the
faircode-licenses
branch
from
0fa14a5 to
e7e6966
Compare
| url ? null, | ||
| fullName ? null, | ||
| redistributable ? free, | ||
| faircode ? false, |
There was a problem hiding this comment.
Are Faircode licenses not a superset of free licenses? Why wouldn't we have faircode ? free, and assert that free -> faircode instead of asserting !(free && faircode)?
There was a problem hiding this comment.
No, “fair‐code” is basically FOSSwashing; it’s a brand for a group of non‐FOSS shared source licences that allow modifications but come with various use restrictions. (Your question implies the branding worked!)
I don’t think we’d ever have a reason to consider these differently to any other unfreeRedistributable licence for NixOS packaging and infrastructure, so I’m personally against encoding this vague marketing distinction in our schema; deciding which licences count as FOSS is already difficult enough in many cases. However, the more general mechanism to allow unfree packages based on their licence seems like a good idea.
Edit: Ah, this reply was based on your comment before you edited it. I think no, because the site specifically lists “is commercially restricted by its authors” as one of its vague criteria.
There was a problem hiding this comment.
(Heh, the branding worked at some level or I wouldn't have thinkoed the concept in the first place!)
Okay, so there's no overlap with free licenses? If that's the case, then I have a different suggestion: make free default to !faircode, so that the API for using this becomes choosing one of:
{ }-> free, not fair-code{ free = false; }-> neither free nor fair-code{ faircode = true; }-> fair-code, not free
instead of requiring { free = false; faircode = true; } for the third case.
There was a problem hiding this comment.
Honestly, that makes me even more uncomfortable, because it’s implicitly encoding the marketing of “actually, this specific subset of non‐FOSS licences isn’t really non‐FOSS”. (Edit: I guess I misread your comment :) Since faircode would still imply !free, that seems fine to me if we choose to encode this at all.)
Mostly I just don’t think you can usefully make decisions about software based solely on whether the licence is “fair‐code”; you can generally assume a basic set of freedoms you can exercise with FOSS licences, though even there the requirements of licences like the AGPL may be very surprising. Other categories aren’t sufficiently well‐defined that you can make decisions without examining the details of individual licences. Like, being able to make and share modifications is one thing, but usually the basic things you care about are: can I run it, and can I redistribute it. In the case of “fair‐code” licences, the answer to the former is “maybe“, making them more dangerous to deploy than many licences that forbid modifications!
I think adding allowUnfreeLicensePredicate is a reasonable idea, but if someone wants to add fair‐code licences to it they can just list the six licences from the site without us getting into the weeds of whether this is a concept worth considering.
There was a problem hiding this comment.
That sounds like a reasonable take to me; consider my feedback above entirely conditional on adding this metadata at all, which you rightly identify as the larger question.
There was a problem hiding this comment.
Mostly I just don’t think you can usefully make decisions about software based solely on whether the licence is “fair‐code”; you can generally assume a basic set of freedoms you can exercise with FOSS licences, though even there the requirements of licences like the AGPL may be very surprising.
That's the point with faircode too; you can still assume a basic set of freedoms (non-commercial use, source availability, and limited right to fork). A large chunk of users of nix packages aren't using software commercially, so this seems a useful criteria. And a large chunk of users are using the software commercially, which is why this is still unfree software that can't be installed by default.
How about this: individual parameters for each of the following rights:
- Non-commercial use
- Commercial use
- Source available
- Right to fork and make modifications
I'll cherry-pick e7e6966 into its own PR.
There was a problem hiding this comment.
Well, things like the right to fork aren’t really relevant to direct deployment on a NixOS system other than ideologically, and the use restrictions of the various fair‐code licences are quite different. The summary on the fair‐code site that fair‐code software “is commercially restricted by its authors” is not really an accurate description of the freedoms and obligations.
For instance, SSPL makes no discrimination against commercial vs. non‐commercial use, but imposes extremely onerous requirements if you provide the functionality of the program as a network service that are effectively designed to make it all but impossible to comply with. This means that both non‐commercial and commercial use of MongoDB can be incredibly fraught depending on exactly how you’re using it.
BSL, on the other hand, forbids all “production” use by default. For any production use, it depends on an Additional Use Grant which can vary per the individual software. For MariaDB, this permits use “with a total of less than three server instances in production”. Totally different situation to SSPL, where you can deploy it however you want on however many machines as long as you don’t offer the functionality of the software as a service (or provide source for the entire universe).
Commons Clause does directly prevent “Selling” the software, but even that is distinct from use of the software in a commercial context – it’s related to taking fees for “a product or service whose value derives, entirely or substantially, from the functionality of the Software”. (Does that include a service that wouldn’t be possible without the software but that doesn’t directly offer its functionality to users? Who knows! They claim not in the FAQ, but as they say, “The Commons Clause was intended, in practice, to have virtually no effect other than force a negotiation with those who take predatory commercial advantage of open source development”. Clarity isn’t really a goal.)
Finally, the Sustainable Use License, from the creators of the fair‐code website, does in fact restrict all commercial usage (outside of “internal business purposes”‚.
There is no real commonality to the legal permissions and requirements fair‐code licences give to you under other than most software under those licences is going to be okay to use on small, non‐commercial deployments that don’t provide direct access to the software’s functionality. The only thing they really have in common is that they were drafted by companies that were unhappy with AWS, and that they’re frequently designed to make it difficult to tell whether your use is covered unless you have really good lawyers, in order to encourage you to pay for a less restrictive licence. It’s just bad marketing, bundling together a bunch of very different licences that were all created in reaction to the same dynamic in order to promote one of the newer entries, n8n’s Sustainable Use License. It’s nothing like the basic FOSS freedoms, or even like the various different forms of copyleft.
There was a problem hiding this comment.
Well, that's frustrating. Individual freedoms it is then.
There was a problem hiding this comment.
Given that copyright licences can impose basically arbitrary conditions, I think you’ll find a hard time finding a more fine‐grained factoring than our existing one that doesn’t result in a combinatorial explosion (there’s strong/weak copyleft vs. permissive as additional gradations to free, but even those can get pretty subtle, and things like AGPL are a total mess). There’s a reason the ecosystem converged on the freedoms we call FOSS, and even there FSF/OSI/Debian/Fedora don’t always agree on the exact requirements or the interpretation of specific licences. But I’m open to seeing attempts, of course.
See https://faircode.io/ for the definition of a fair-code license.
This allows for users to allow unfree licenses with a more finely-grained tool than
config.allowUnfreeand less clunkily than anallowUnfreePredicatethat looks atdrv.meta.license. My use case, as should be evident by this PR, is filtering on faircode licenses.Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.