Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reviewer: Can evaluate open-source repo #11

Open
jeffdomke opened this issue Jan 31, 2019 · 18 comments
Assignees

Comments

@jeffdomke
Copy link
Member

@jeffdomke jeffdomke commented Jan 31, 2019

No description provided.

@friedger

This comment has been minimized.

Copy link
Contributor

@friedger friedger commented Mar 20, 2019

To increase the engagement in the developer community, proprietary apps should be punished heavily.

@kkomaz

This comment has been minimized.

Copy link

@kkomaz kkomaz commented Mar 21, 2019

I would love some input on this one @jeffdomke // @hstove // @larrysalibra

How important is it to make sure your app is open source? As apps become more developed I would hate for anyone to "steal" it and basically make a copy of your own app, submit to the app mining program, and have a higher score. (Very possible since the memory function)

@friedger

This comment has been minimized.

Copy link
Contributor

@friedger friedger commented Mar 21, 2019

@jeffdomke

This comment has been minimized.

Copy link
Member Author

@jeffdomke jeffdomke commented Mar 21, 2019

@kkomaz seems like there are upsides and downsides. Suggest we add this dimension to digital rights since an open source project is more likely to defend a user from malicious code. Thoughts @larrysalibra ?

@friedger

This comment has been minimized.

Copy link
Contributor

@friedger friedger commented Mar 22, 2019

@kkomaz @jeffdomke I would say the advantages (of requiring that the app is open source as defined by the open source initiative ) outweigh the disadvantage.

Pros:

  • Decentralizes the ownership of code
  • Decentralizes hosting of the app
  • Increases trust
  • Increases innovation

Cons:

  • Somebody might get higher rewards than the original app publisher

Let's open a new issue for this Con: #75

@jeffdomke

This comment has been minimized.

Copy link
Member Author

@jeffdomke jeffdomke commented Mar 29, 2019

@larrysalibra is free to include this in his reviewer whenever he feels like.

@larrysalibra

This comment has been minimized.

Copy link
Member

@larrysalibra larrysalibra commented Apr 7, 2019

I'm not sold at the moment that making open source as defined by the open source initiative a requirement makes sense. Would like to revisit this in the future. In the meantime, feel free to write more about why you think this requirement is or is not a good idea.

@larrysalibra

This comment has been minimized.

Copy link
Member

@larrysalibra larrysalibra commented Nov 27, 2019

When an app’s source code is available, it becomes easier for others to audit its behavior. It also makes it so that users can run their own copy of the app, reducing their dependence on the app developer.

We propose that developers self-declare their open source status at app mining submission time, provide a link to the source code and indicating the type of license it is under. App developers can choose to make their app's source code visible but continue to hold exclusive rights to its use. Alternatively, they can license the code under a license that grants use of the code.

We define “source available” as meaning that a generalist developer should be able to run their own copy of the app in a “reasonable” amount of time and code should not be obscured. Developers should make a good faith effort to meet this standard.

We reserve the right to spot check developer claims and propose a whistleblower system as the enforcement mechanism. That is to say, we will award points based on the developer’s claimed status with random spot checks and encourage community members or peers to reach out during the audit period if they think an app claims open source status for which is not qualified.

We propose the following scoring:

  • No source code available/Commercial or unclear license: 0
  • Source available - Non-OSI approved license or commercial license: 1
  • Source available - OSI-approved license or public domain: 4

Since the community is subsidizing app’s development, we feel it makes sense to award apps that return the favor by contributing their code back to the community through an OSI-approved license.

A dry run of this new open source criteria will be conducted during the app review period that begins on December 1, 2019 (November 2019 cohort).

See the following forum issue for other proposed scoring and policy changes: https://forum.blockstack.org/t/november-2019-nil-scoring-proposals/9494?u=larry

@cuevasm

This comment has been minimized.

Copy link
Collaborator

@cuevasm cuevasm commented Nov 27, 2019

  • Somebody might get higher rewards than the original app publisher

By far not the only con. I'm generally in favor of open-source, however, I think we should consider how this impacts the teams and people that will consider participating in App Mining and building with Blockstack. You will have whole swaths of high-quality entrepreneurs awakening to decentralized apps and their possibilities in the very near future and I think they'll be unlikely to want to risk their business in that way. If we're fine essentially saying this isn't the program for you, all good, though I do think it would be a missed opportunity to bring in the right kind of people that can take Blockstack to the next level. These folks have the skills and networks to bring in scores of new people to the ecosystem, that, combined with sustainable businesses being built on Blockstack, are much more valuable in the long-term than whether or not someone wants to have their code open-source in my opinion. With clones of App Mining sure to popup and incentives from other networks competing with Blockstack, I fear people choosing these alternatives readily if made to share their hard-earned IP publicly (especially if they are backed by investors).

Last, an app being open-source doesn't make it inherently more 'Can't Be Evil' or worthy of being called a Blockstack app. It only makes it easier to audit, which is maybe valuable, but again, we're imposing somewhat of philosophy (again, that I agree with) here and I just want us to be aligned in how that will likely limit our future potential developer base. Good with rewarding this, but not to the level that not being open-source is prohibitive to success in the program.

This is one of those I think we should work up to and change hearts. minds, and norms over time vs. taking a hardline this early on in the development of this movement.

@friedger

This comment has been minimized.

Copy link
Contributor

@friedger friedger commented Nov 27, 2019

We have the rule that clones are not accepted by the program. This rule was already applied.

Close-sourced apps are still accepted.

@cuevasm

This comment has been minimized.

Copy link
Collaborator

@cuevasm cuevasm commented Nov 27, 2019

I get that, but this model could be so prohibitive to closed-source apps being successful in the program, that we turn away a lot of really good builders. If we're fine with that, fine. Just saying, as a marketer trying to get high-quality people to build with Blockstack, this hurts my chances in a lot of successful circles.

@qqnoname

This comment has been minimized.

Copy link

@qqnoname qqnoname commented Nov 27, 2019

How about complex apps that have complex algorithms? For example, what if someone will decide to develop an Awario-like app with Blockstack? As a result, they will need to open-source their backend and anyone could to create a clone just by changing UI. Moreover, the algorithms of their not-blockstack competitors always will be better and blockstack apps will not be able to compete with not-blockstack apps.

The open-source requirement will be a barrier for creating a stable business that is not addicted to App Mining.

@talhasch

This comment has been minimized.

Copy link

@talhasch talhasch commented Nov 27, 2019

@qqnoname I think Runkod is one of the most complex Blockstack apps consists of 3 different code repository. 2 of them are server side.

We designed a new nginx + letsencrypt automation that never exists before. And a virtual file system for client side file browser. And much more..

We don't hesitate to share it as open source. Our competitors can check it and get inspired if they need.

Inspiring our conventional competitors with a Blockstack based application is another success. And this should have a price.

@hstove

This comment has been minimized.

Copy link
Collaborator

@hstove hstove commented Nov 27, 2019

These licenses are so confusing to me. I never really get what GPL "means" as well as the others, except something more simple like MIT.

My question is, if an app releases their code as open source, with a license that only allows non-commercial uses, does that get a full score? I can never tell if GPL permits the developer to restrict to personal, non-commercial use only.

@hstove

This comment has been minimized.

Copy link
Collaborator

@hstove hstove commented Nov 27, 2019

On the topic of open-source vs. not. I know there are pros and cons, but this is a "digital rights reviewer". It's pretty clear that open source is better for digital rights.

@cuevasm

This comment has been minimized.

Copy link
Collaborator

@cuevasm cuevasm commented Nov 27, 2019

Not if we end up unintentionally pushing away a bunch of people from building amazing things for digital rights. I'd wager most entrepreneurs will run the other direction at that currently, but that is changing and I just think there are ways to reward open-source without hammering closed-source, there are legit reasons to stay closed-source imo

@hstove

This comment has been minimized.

Copy link
Collaborator

@hstove hstove commented Nov 27, 2019

I just think there are ways to reward open-source without hammering closed-source, there are legit reasons to stay closed-source imo

This is a good sentiment, but rewarding someone can also be seen as punishing others, regardless of how you do it. If NIL ends up with many different criteria, like 6, then the "open source" criteria would only account for 1/18th of your score.

@larrysalibra

This comment has been minimized.

Copy link
Member

@larrysalibra larrysalibra commented Nov 28, 2019

These licenses are so confusing to me. I never really get what GPL "means" as well as the others, except something more simple like MIT.

My question is, if an app releases their code as open source, with a license that only allows non-commercial uses, does that get a full score? I can never tell if GPL permits the developer to restrict to personal, non-commercial use only.

Yeah I agree the licenses can be confusing.

Generally open source means that source code is both available AND people can use/modify/share it. Here is a good definitions here: https://opensource.org/osd-annotated.

Just posting your source code on the internet doesn't make something open source. Without a license, in many places in the world (like the usa) you have no legal right to use code that's just posted on the internet because the creator of it automatically holds a copyright on it. If you use code that isn't properly licensed you open yourself up to copyright infringement issues.

My proposal is that any of the licenses approved by the Open Sounce Initiative (OSI) (and there's a lot - I believe all of the commonly used ones are there) or putting your code in the public domain (giving up any copyright interest in the code) be treaded as open source and get full score:
https://opensource.org/licenses/alphabetical

If an app doesn't want other people to use their code (in other apps, etc) they can still make their source code available in a human readable form - I call this "source available" vs "open source". This is good for users because they can at least more easily read or inspect the code if they so desire, they just can't use it for anything without potential copyright infringement issues.

To specifically answer your question @hstove, if an app releases their source code under one of these licenses https://opensource.org/licenses/alphabetical or in the public domain, they receive full score. If they provide their source code ("source available") but say something like "restricted to personal, non-commericial use only" they would only receive 1 point because this isn't an accepted open source license.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.