Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Violation of the conditions of the GPL and the Free Open Source Software definition #282
Unfortunately, I have noticed that you are violating on the conditions of Free Open Source Software. You have forbidden to distribute TextSecure binaries outside the Google Play Store.
All the arguments have you mentioned to justify this (#127) are invalid, because this restriction contradicts to the Freedom 2 of the Free Software definition: the freedom to redistribute copies of the software without asking permission. Also the GPL grants this. You can do some research if you don’t believe me.
As a result, you have two options to solve this issue:
You have the choice. Don’t disappoint me.
Hey @rickbarton , to my knowledge we have not forbidden anything. People have requested that we distribute official binary APKs outside of the Play Store, which we are currently choosing not to do for several reasons (#127, #281). If we can address those issues we would be happy to distribute binary APKs.
However, this does not "forbid" anyone else from doing whatever they please. We would not recommend that anyone use an unofficial binary build, and we would strongly and very publicly encourage users not to do so, but that doesn't prevent you from doing whatever it is you'd like.
If what you'd really like to see is us distributing "official" binary APK builds outside of the Play Store, I think your efforts would be better spent contributing to the development of the missing pieces that would allow us to safely and securely do that than to threaten us with (incorrect) legal action.
@rickbarton you're interpretation of opensource licenses is plainly and completely wrong.
So, fdroid can very well simply continue to build it's own version from the source and publish it, as they have done from the start. But they shall take care to properly update it always and in time, e.g. meintain the package properly, in a way a package maintainer of a linux distribution must act responsibly.
"We would not recommend that anyone use an unofficial binary build, and we would strongly and very publicly encourage users not to do so," - it's kind of a standing principal that a open source user is encouraged to build their own binary from source. That's considered the ideal self-responsible / report odd things netizen way. Of course, many don't do it, but the option being there isn't exactly a minor appeal...
Example: in a world of NSA/KGB/etc acceptance - how can a peace activist assume that Google's cloud hasn't been tampered with - and providing signed copies that are altered in some subtle way? or that the store app has been tampered with in some way / or SSL certs are faked /etc.
Having a source tarball and digest hash of it public on several known websites is kind of a tradition for security sake. Especially with it turns out down the rad someone binds some evidence of tampering and wants to know how long it was in the wild before discovery...
""We would not recommend that anyone use an unofficial binary build" - language does not encourage you to build your own unofficial binary build. And then you get into the concept of trusted distributors - example Debian, etc. Even Red Hat is compiling and distributing Android apps these days - especially security related. cite: https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp&hl=en
The Google Play store requires an address and payment - so open source can run into paradox of needing a trusted distributor. But all this is expansion from my original point of the language being a oversight to open source tradition of building your own code or community trust.
This isn't a grammar or surface expression issue. It's an ideal. Encouraging users to build from source and having updated instructions on source dependencies and building is encouraged.
P.S. I believe the F-Droid repository doesn't have it - they seem stuck on Google cloud dependencies.