-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarification of redistribution/license terms for source code/binaries #53
Comments
'cloudflared' is a multi-purpose client-side tool for CloudFlare Argo Tunnel, CloudFlare Access, as well as including a simple DNS-over-HTTP (DoH) proxy tool as well. However, 'cloudflared' is NOT available under an open source license. Furthermore, the exact terms of redistribution (namely, if we are able to redistribute binaries at all) are not entirely clear to me. As a result, I have filed the following bug report concerning the terms of redistribution for the source code and binaries: cloudflare/cloudflared#53 'cloudflared' does have source code available, however, and it encourages users to use 'go install' in order to set it up, in fact (or download their prebuilt, compiled binaries). So using the source seems to be encouraged. Even then, I'm still not sure if Hydra can serve these binaries. In lieu of a more pointed answer regarding source/binary licensing, and to avoid keeping this expression in my private tree, I've marked it as 'unfree' (to avoid Hydra serving it in any way) as well as compiled from source (to avoid any 'redistribution allowed while unmodified' terms that may crop up). The dependencies for this build were generated using 'dep2nix'. Signed-off-by: Austin Seipp <aseipp@pobox.com>
bump, I'd be interested in what the deal is here also... (as a customer who uses Argo) |
I'd like to redistribute a binary that I've compiled for mips64. Clarification please. |
Hello, we are in the process of closing out some old tickets and saw that we didn't get back to your inquiry. I escalated to our legal team and they advised that NixOS should mark the Cloudflare Daemon as unfree. The |
Hi,
I'd like to package
cloudflared
for NixOS, which is a very unusual Linux distribution that tends to compile everything from source where possible (for a number of reasons, but not just because we enjoy it -- though proprietary binaries are sometimes workable). In particular, each package in NixOS, when built, is stored and served over a big HTTP cache[1]. This means we do the packaging on our servers and ship the binary artifacts (made by us) to users.However, like most distributions, we keep track of licenses, and we do not (by default) allow usage of non-free software, which we mark as
license = unfree
. There are two "tiers" ofunfree
packages in NixOS:unfree
, which prohibits usage by default, and does not build copies of the objects in the HTTP cache, andunfreeRedistributable
, which is legally not free software, but can have the binary results redistributed.The
LICENSE
file forcloudflared
pretty clearly indicates the software isn't free software (under any libre/OSI approved terms), but I'm more wondering about the terms of redistribution:Am I allowed to redistribute the binary downloads that you provide? i.e. can we download the binaries CloudFlare provides, and re-host them for our users? If so, what are the terms of distribution for that binary? e.g. it must be completely un-modified from the original, etc
Is it a violation of the terms to compile the (unmodified) code from source and use that to interact with CloudFlare? If it is not a violation, can we distribute the resulting binary?
If we must use the original binary, does the user of the binary have to accept any provided terms to download it? E.g. Oracle requires you to agree to terms before downloading OracleJDK. In practice
cloudflared
can just be downloaded by anyone and the documentation makes no indication that there are any restrictions on who downloads it, but this is also maybe worth clarifying.I'm not a laywer, so these questions may be obvious to someone, but that someone isn't me.
The questions are a bit complicated; in particular, the ideal case would be "You can compile the source and redistribute the binary artifacts from that source code, under the same license as provided", re: question 2. This would mean NixOS could simply mark this package as
unfreeRedistributable
and still serve binaries for our users when they wanted it.If source code isn't allowed, the binary case is a bit more complicated. Most licenses require "non-modification" of the binaries, but for proprietary binaries they often have to have their ELF headers modified on NixOS to work properly. This may not be the case with cloudflared (static Go binary), but it's still worth clarifying I think. (As an example, Nvidia distributes proprietary binary drivers that you can redistribute but only if they're unmodified. This is fine for some Linux distros, but not for us, because we have to modify the binary ELF headers. This means the Nvidia driver packages for NixOS are
unfree
, notunfreeRedistributable
, because we would otherwise violate the terms).The third case is an extension of case 2: if the original binary must be used, there's a question of whether any terms must be accepted to download it. This is also handled in NixOS separately; for example, some
unfree
packages do not require any explicit agreement to actually download the binary; the license simply doesn't allow you (a 3rd party) to redistribute the binary, so end-users have to download it themselves. An example of this is the Nvidia NCCL library. When a user installs it, they will 'build' the package themselves, and during that time, the binaries will be downloaded automatically. On the other hand, some package not only do not allow redistribution, they also require an explicit agreement with the user, like OracleJDK. In this case on NixOS, not only does the user have to 'build' the package themselves when they try to install it, they also have to manually download the binary first (through a web browser) and "add it" to their system so it can be built. (In other words, our tools can't "automatically" accept the license on their behalf, which is fairly standard).At the end of the day,
cloudflared
in NixOS can be simply marked asunfree
which is the most restrictive license in NixOS, and end-users would have to compile it themselves, removing us from the loop. The only relevant question then, is question 3 -- whether or not the binary can be downloaded without an agreement on behalf of the user. In this case, everything here seems to indicate that no agreement for download is necessary, which is nice, but that's not fully clear to me.I don't expect there to be any good, easy answers to these questions without your legal team getting involved. Also, talking to your legal team is probably not your good idea of 'fun', so I understand if this clarification isn't the highest priority (though that's how life is sometimes).
This wouldn't be the end of the world, although it may be a bit unfortunate for the few people who need it. However, these terms may be worth clarifying for others too.
[1] Sadly we do not use CloudFlare for our cache -- but I imagine you probably don't want terabytes of ELF binaries clogging your CDN/cache layers. :)
The text was updated successfully, but these errors were encountered: