Bruce Perens withdrawal from the Open Source Initiative (OSI), which reviews licenses against Open Source criteria. Bruce is the co-founder of OSI, co-author of the Open Source definition, creator of the BusyBox package, and co-leader of the Debian project (succeeding Ian Murdoch in 1996). The reason for leaving is the unwillingness to be involved in the forthcoming OSI decision to include (Cryptographic Autonomy License) to the number of open licenses.
CAL License to the category of copyleft licenses and by order of the project specifically for additional protection of user data in distributed P2P applications. Holochain is developing a hashchain-based platform for building cryptographically verified distributed applications.
The CAL allows Holochain to be used in free and open source form if several conditions are met. First, the source code of Holochain and all derivative works must be supplied under the same terms and conditions, including those relating to the confidentiality of cryptographic keys. Secondly, the right to public performance of Holochain, including the use of the Holochain API to run applications, is granted only while maintaining the confidentiality and autonomy of each individual user's private cryptographic keys.
CAL is not conceptually like other licenses - if the service uses software under this license, it covers not only the code, but also the processed data. According to the CAL, if the confidentiality of the user's key is compromised (for example, the keys are stored on a centralized server), then ownership of the data is violated and control over the application's own copies is lost. In practice, this feature of the license allows key manipulation only on the end user side, without storing them on centralized servers.
For example, a CAL license will not allow a company to create its own corporate P2P chat based on Holochain, in which employee keys are placed on a common storage controlled by the company, which does not exclude the possibility of reading correspondence. In this way, Holochain tries to ensure that any application based on Holochain is trustworthy and autonomous. If an application engages centralized systems to work with user keys, such an application loses the right to work with Holochain.
Bruce Perens that the CAL does not provide the necessary freedom and is intended to protect from abuse by developers trying to fully control user data in their applications. Key storage requirements only on end user systems in the light of can be perceived as an infringement of the rights of certain groups and discrimination in the scope.
Perens explained that an important feature of open licenses is the ability to apply them without involving lawyers. A user can simply install a program that comes under an OSI-approved open source license, and as long as they don't modify the code or donate the program to someone else, they don't even need to read the license. Over 100 open licenses have been approved by OSI, all of which follow this model. But the CAL breaks this model - if someone works with a program under a CAL and has users, then they have the additional responsibility of returning data to those users.
With the help of the new license, Holochain is trying to control the application network and resist the fact that developers of clients for a distributed platform can bind users to themselves by capturing their data. Perens acknowledges the good intention of protecting the privacy of user data, but considers it unacceptable that legal advice is required to understand the license and interact with users. Perens also drew attention to the perversity of license proliferation, the abundance of which makes it difficult to combine applications under different licenses, and pointed out that you can get by with only three licenses - AGPLv3, LGPLv3 and Apache v2.
The CAL license was developed by renowned lawyer Van Lindbergh (), specializing in issues related to intellectual property and licenses in open source software. By obtained by The Register, Lindbergh privately lobbied OSI directors to agree to recognize the CAL as an open license, bypassing the public license approval process.
Lindbergh responded that many people initially formed a preconceived notion about the CAL license and are trying to use any pretext to oppose. The word lobbying is inappropriate in this context, since the license was reviewed and discussed in public forums, and only procedural issues were discussed privately.
Pamela Chestek, who chairs the license review committee, pointed out that there is nothing strange about the private correspondence, as the OSI Governing Board usually consults with the parties prior to license review. Including she had a telephone conversation with Lindberg, in which she tried to explain what exactly the problems with the proposed license were. Perhaps this communication was misunderstood. As for the CAL license, the discussion regarding it has not yet been completed and the final opinion has not yet been formed.
Source: opennet.ru