License is problematic for many #9
Comments
|
(This is the first time I"m seeing this 'hippocratic license'. Researchign more about it, I see it's motivating was people not wanting their software to be used by the US ICE department? I'm sympathetic to that. I wouldn't to aid ICE, or really the whole US Government, myself in any way either, personally. I think they are doing some horrific stuff. I still don't think this kind of license is workable, and think it's too risky for many other kinds of projects to use your software with such a license). |
|
Thank you for mentioning this! We do understand that the Hippocratic License might be an impediment for some to use our software as part of what they deliver to their customers, and we do take it very seriously. That being said, we have decided that the potential benefits (discouraging some actors from using the software we furnish) outweigh the losses that we are imposing on ourselves (having our software be less popular). For libraries which already have some adoption - such as zip_tricks we have decided to continue offering previously-released versions - which are licensed under a more liberal MIT license - and we deliver bugfixes for those versions. For new bits of code that we deliver going forward the Hippocratic license has been selected (and signed off by the company leadership as well as our legal department). If it is not acceptable for you for whatever reason it is understandable, but I believe with the implementation you already have you can easily reproduce our optimisations in your signer as well. Sorry that we couldn't be more helpful here. |
|
Thanks for the response! As far as the practicalities... WeTransfer offers a cloud service... Do you at WeTransfer require all your customers/users to sign a declaration that they will not use WeTransfer "for systems or activities that actively and knowingly endanger, harm, or otherwise threaten the physical, mental, economic, or general well-being of other individuals or groups, in violation of the United Nations Universal Declaration of Human Rights"? That's my interpretation of this part of the license:
If I use any anything with this license to provide a service to others, I need to, require people using my service, as a condition of use, require them not to use the service in such a way. So I think I'd need to have them agree to such as part of a service agreement? Since it says I need to require that of them as a condition of use of my service? I guess maybe technically you at WeTransfer don't have to do that with your own code, since you don't need a license to use your own code. But if you used anyone else's code that used the "hippocratic license" maybe you would need to? (Not sure if you do). If you are asking anyone that uses any of your released code to provide a service to require their own customers to agree to that as a condition of use... are you requiring that of your customers too? Or are you interpreting it differently, maybe I'm not interpreting it how the community of people using this license intend? |
We do take the restrictions seriously - to my knowledge at least we try not to service entities which are known for human rights violations. And indeed we are verifying whether the libraries we are using do allow for our use cases. |
I was looking into optimizing S3 presigned_url generation too, so was very excited when Julik brought my attention to this gem, y'all have already done a bunch of solid work on it, awesome!
I'm interested in using the gem, and also potentially sending some PR's to add some features I might need. And/or forking if the features I need aren't compatible with the gem's ultra-optimization (like, I need per-url additional query params, like
response_content_disposition).Unfortunately, I'm a bit concerned about the "Hippocratic License". I understand and sympathize with the motivation to prevent sharing the fruit of your labors with entities that will use it to do harm. But I think this license would be incompatible with many projects I work on.
The license says that I can use this software only so long as I don't do harm "in violation of the United Nations Universal Declaration of Human Rights".
It also says if the software is used to provide a service to others, I have to also require any users of the service not to use the service in a way that violates human rights.
This seems to say that if I use your gem in software I provide as a service, I have to get all of my users to promise not to violate human rights. Which doesn't sound so bad -- except who decides what constitutes violating human rights? I am pretty sure the legal departments of any potential customer would be unwilling to sign such a thing.
If I write a gem which has this gem as a dependency -- then anyone using my gem to provide such a service becomes bound by this too? If I write a gem which has this gem as a dependency -- does my gem need to insist on this "do no harm" license too, "virally"?
I know that if I wanted to fork this gem to add features incompatible with it (say those custom headers ) -- I'd have to use this same 'hippocratic license' on my fork. That makes me worried about even looking at your source code anymore -- maybe I should remain ignorant of it, so I can write it from scratch based on the Amazon python example as you did, and apply a different license.
Note that the Hippocratic License is not compatible with the popular GPL. You can't combine code copied from a project licensed by 'hippocratic license' and code copied from a project licensed by GPL into a new project (or each into the other) -- the licenses are incompatible. EthicalSource/hippocratic-license#6
I understand and sympathize with the intent of this kind of license, but Idon't think it works out very well in practice. The key thing is "who gets to decide if something violates the UN Declaration of Human Rights"? Which gets especially complicated when you re-mix software into multiple projects, as we do with open source. For a tiny project it might not matter, but for lots of large/serious projects, it's not really feasible to incorporate code that requires you promise your whole project (and any of it's users!) won't do something that's pretty general/vague without being sure who decides what counts. Some projects I work on, including open-source non-commercial ones, would not allow incorporating code with such a license.
Would you be willing to consider using a more common license that is more compatible with existing code? It's your code, so it's up to you! If not, I will consider looking into reimplementing from the Amazon python example, instead of PR'ing or building on the great work you have done here, which is sad, but it happens.
The text was updated successfully, but these errors were encountered: