New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Violation of the conditions of the GPL and the Free Open Source Software definition #282

Closed
ghost opened this Issue Jul 29, 2013 · 5 comments

Comments

Projects
None yet
4 participants
@ghost

ghost commented Jul 29, 2013

Unfortunately, I have noticed that you are violating on the conditions of Free Open Source Software. You have forbidden to distribute TextSecure binaries outside the Google Play Store.

All the arguments have you mentioned to justify this (#127) are invalid, because this restriction contradicts to the Freedom 2 of the Free Software definition: the freedom to redistribute copies of the software without asking permission. Also the GPL grants this. You can do some research if you don’t believe me.

As a result, you have two options to solve this issue:

  • Release TextSecure under a non-free proprietary license with all restrictions you want. Then you should delete this GitHub repository or make it private.
    or
  • Drop your restrictions that violate GPL and let TextSecure be a REAL free software.

You have the choice. Don’t disappoint me.

@moxie0

This comment has been minimized.

Member

moxie0 commented Jul 30, 2013

Hey @rickbarton , to my knowledge we have not forbidden anything. People have requested that we distribute official binary APKs outside of the Play Store, which we are currently choosing not to do for several reasons (#127, #281). If we can address those issues we would be happy to distribute binary APKs.

However, this does not "forbid" anyone else from doing whatever they please. We would not recommend that anyone use an unofficial binary build, and we would strongly and very publicly encourage users not to do so, but that doesn't prevent you from doing whatever it is you'd like.

If what you'd really like to see is us distributing "official" binary APK builds outside of the Play Store, I think your efforts would be better spent contributing to the development of the missing pieces that would allow us to safely and securely do that than to threaten us with (incorrect) legal action.

@moxie0 moxie0 closed this Jul 30, 2013

@henning

This comment has been minimized.

henning commented Mar 8, 2014

@rickbarton you're interpretation of opensource licenses is plainly and completely wrong.

  1. There's no way an opensource author is forced to publish his code in any special place. As long as all authors agree, they can even stop publishing it at one point

  2. if an author of an opensource app "begs" a publisher/an appstore provider to remove the software, the appstore provider can simply ignore it, because when the software is open source, they can do what they want. so any "forbidding" is simply ineffective, can be ignored

So, fdroid can very well simply continue to build it's own version from the source and publish it, as they have done from the start. But they shall take care to properly update it always and in time, e.g. meintain the package properly, in a way a package maintainer of a linux distribution must act responsibly.

@RoundSparrow

This comment has been minimized.

RoundSparrow commented Nov 12, 2014

"We would not recommend that anyone use an unofficial binary build, and we would strongly and very publicly encourage users not to do so," - it's kind of a standing principal that a open source user is encouraged to build their own binary from source. That's considered the ideal self-responsible / report odd things netizen way. Of course, many don't do it, but the option being there isn't exactly a minor appeal...

Example: in a world of NSA/KGB/etc acceptance - how can a peace activist assume that Google's cloud hasn't been tampered with - and providing signed copies that are altered in some subtle way? or that the store app has been tampered with in some way / or SSL certs are faked /etc.

Having a source tarball and digest hash of it public on several known websites is kind of a tradition for security sake. Especially with it turns out down the rad someone binds some evidence of tampering and wants to know how long it was in the wild before discovery...

@fncnt

This comment has been minimized.

fncnt commented Nov 13, 2014

@RoundSparrow It's a completely different thing to use an unofficial build and to compile your own binary.

@RoundSparrow

This comment has been minimized.

RoundSparrow commented Nov 13, 2014

""We would not recommend that anyone use an unofficial binary build" - language does not encourage you to build your own unofficial binary build. And then you get into the concept of trusted distributors - example Debian, etc. Even Red Hat is compiling and distributing Android apps these days - especially security related. cite: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en

The Google Play store requires an address and payment - so open source can run into paradox of needing a trusted distributor. But all this is expansion from my original point of the language being a oversight to open source tradition of building your own code or community trust.

This isn't a grammar or surface expression issue. It's an ideal. Encouraging users to build from source and having updated instructions on source dependencies and building is encouraged.

P.S. I believe the F-Droid repository doesn't have it - they seem stuck on Google cloud dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment