BOSL or MIT - Orchard

… the fact merging back in the OSS code we’d want as BOSL is impossible unless we make every thing it touches BOSL (librustzcash, currently MIT thanks to an exception, Zcash, same as librustzcash, and every wallet built on it, where GPL wallets could NOT be relicensed without permission from all copyright holders) or purchase exceptions is… insane lol. I haven’t even considered that but it completely defeats the purpose of this unless we either refuse to merge back external work, making requiring its publication pointless, or continually purchase exceptions as we go full corp crypto and reject FOSS.

EDIT: Nighthawk Wallet is Apache 2.0 and Apache 2.0 is incompatible with the BOSL AFAICT. Whoever the copyright holder for Nighthawk is, which is disputable as their LICENSE file doesn’t name someone, so it may be considerable as the individual submissions individually being Apache 2.0), would have to rerelease as BOSL to use a librustzcash which is BOSL because it merged in BOSL contributions we didn’t pay for a license for, despite only having BOSL to “ensure free software!”.

… can we either just make it GPL (or dual license as previously stated) so we don’t have a distinct separation of BOSL and GPL, or acknowledge the licensing hell this is and move to MIT? BOSL has a 1 year grace period. GPL doesn’t require publication of source until you have users. I don’t see that as distinct enough to warrant a new license and this hell. I’d also rather make Zcashd, as a whole, GPL, without exceptions, to be fully compliant as OSS with full clarity on licensing accordingly than continue this. While that would force librustzcash to also be GPL, and therefore all wallets… yeah, this is what copyleft does. It’s a pain. There’s a reason people keep advocating for MIT and against the current hell where it’s not copyleft if you have excepted uses, but instead to get it as MIT you have to talk to some American company to negotiate a license, potentially costing millions of dollars, which is its own hell.

2 Likes

(Good post GGguy but, yes oversimplified as I “personally” don’t support it (BOSL) for those reasons, other reasons)

1 Like

We should also remember the cryptocurrency space has pools of money far greater then us (at the current ZECUSD price). It’s not unfathomable this could happen.

Hmm, can we? As @GGuy has just pointed out:

Once ECC accepts BOSL-licensed contributions to Orchard from other parties, doesn’t that remove even ECC’s discretion to relicense the merged code under MIT, or sell other licenses, or add exceptions?

5 Likes

They could still sell licenses to their own contributions, yet the librustzcash containing both their BOSL code (excepted) and other BOSL code (not excepted) would have to be BOSL and you’d have to strip out the non-excepted BOSL code. There is some isolation which can be done here but… it effectively would turn the entire ZEC system BOSL regardless of whether or not the ECC grants exceptions to their side. While that still leaves profit potential for them with their specific work, it makes anyone doing work with any part of Zcash a mess (as again, MIT may be sublicenseable, yet I’m pretty sure Apache 2.0 isn’t, which some wallets are, and GPL definitely isn’t). Any exchange integration which directly uses librustzcash, instead of solely the daemon RPC, would also be bound by BOSL.

If the argument becomes “we just won’t accept external code we can’t get excepted as MIT” then what was the point of BOSL in the first place .-. I have no idea how this is expected to protect Zcash in the future given:

  • Halo 2 is MIT
  • Forks can still occur, it’s just more annoying as you need to write wrapper code for application-level isolation (which AGPL does help with yet BOSL does not)
  • Multiple developers are frustrated by this and at least 2 have said it’d be a blocker
  • Any BOSL contributions merged back in would make EVERYTHING in the Zcash system, including exchange integrations (assuming they use librustzcash), BOSL (or at least their wrapper which provides basic chain processing and then talks over a socket with their actual integration)
2 Likes

Hi All, Pablo from QEDIT here. We are currently working on the spec and implementation of UDA/ZSA.

In my opinion, the main argument for the MIT license is increased security. Being previously employed by a big tech company, I can confirm that a significant part of the decision-making while deciding whether to use an open-source lib comes down to:

GPL/custom license → no use.

Obviously, this is due to legal complexities.

My main argument is: More eyes on the code → more security.

This is complex code implementing a complex spec, and even after months of work, I can say that I don’t cover all its areas. Currently, the only people who are motivated to dig that deep into the code are part of the Zcash ecosystem (The ECC and the foundation) or stakeholders directly hired using the funding streams (QEDIT and others). Licencing as MIT will allow commercial entities to become meaningful stakeholders and significantly increase the number of eyes on the code. Most likely, these entities are not Zcash competitors in any way and are not even part of the cryptocurrency space but simply interested in the cutting-edge cryptography that is part of Orchard/Halo. Security is hard, and the code is constantly changing. The code can surely use the additional attention and exposure that the MIT license will provide.

12 Likes

Uniswap, a cited example for similar schemes, just dual licensed a lot of their code as GPL. It seems to be the project as a whole is still BUSL, yet the interfaces and libraries, AKA the pieces needed to successfully and feasibly integrate with, are GPL. This would be the equivalent, for Zcash, of making Halo 2 and Orchard GPL yet making Zcash itself BOSL. Anyone would be allowed to build apps, yet there’d be difficulty in a full fork.

4 Likes

Again with the cheapshots to try to manipulate what I said. That first phrase you quote was in response to this fallacy:

I guess context really does matter, eh?!

It is funny because what I really said about what’s actually representative of the community was this:

I had told you before, but I’ll say it again: Putting words in other people’s mouths to try to force a point just shows the weakeness of your argument in the first place. It is also manipulative and lame.

Be well.

My experience of working with large companies is the same as Pablo’s. I first discovered the problems with GPL and similar copyleft licenses nearly 20 years ago, when I was working at Deutsche Bank. In my experience, big companies have no problem supporting and contributing code back to open source projects but they’re highly skeptical and wary of viral licenses.

As a result, the popularity of copyleft (as opposed to permissive) licenses has been on the decline for many years…

…and the most popular open source licenses, by far, are Apache 2.0 and MIT, both of which are permissive.

Source: Open Source Licenses in 2022: Trends and Predictions

GPL isn’t a magic bullet alternative to BOSL. GPL would still present the same potential obstacle to companies like Gemini, Edge, and Unstoppable, of being required to open source and/or relicense their code.

6 Likes

I’m not trying to make cheap shots. In my opinion, the majority of people who would actually be affected by this license have stated they’re against it, making two developers who have contributed in the past label it as a blocker, and that means BOSL will have a negative impact on the Zcash ecosystem, as Dodger said.

It’s also undeniably true that the ECC licensing as BOSL, against the wishes of the community, would be harmful for the ecosystem, and it’s undeniable that this hasn’t been a community decision yet a unilateral decision thus far. This simple lack of process is arguably enough to say this is harmful due to the precedent it sets.

And yes, you did have that quote which was accurate, yet you finished with “I also urge you to continue to listen to the community” which suggests the community is saying BOSL when you yourself say it’s split.

I’d argue this is a miscommunication at this point and would rather just move on. I don’t believe there is a weak argument, and meant to specifically respond to your closing statement that this status quo is the will of the community. I’m sorry for any of my own contributions to this misunderstanding.

3 Likes

That quote was a just paralellism, a rethorical scheme, to this quote.

Be well.

@zooko, I have some more questions:

How do you plan to enforce the BOSL license, and how do you plan to fund your enforcement actions?

Do you plan to use the funds that ECC receives from Dev Fund through Bootstrap to pay attorneys to take action against members of the Zcash eco-system if you judge them to be in breach of BOSL?

2 Likes

This is the sort of thread i mentioned Shawn. Has anyone captured any value here? I spent three hours reading all of this back and forth and can’t see an action item or a reconstitution of anything that wasn’t known prior to the thread. The community wanted BOSL back then, and wants it now. The only reason MIT keeps getting dredged up is because we’re grooming XMR concern trolls post by post!

1 Like

ECC requires a Contributor License Agreement to be signed for contributions to the orchard crate, which ensures it retains the ability to relicense if necessary. See here for the text (from the zcash/halo2 repo which had the file checked in, but the actual agreements are done via something like DocuSign).

2 Likes

I think this hypothetical sounds like exactly the opposite of what Zooko has said he would do?

In Zooko’s post above he says the plan is to grant exceptions to developers building on Zcash, i.e. ‘members of the Zcash eco-system’.

I think a reasonable person could disagree with the BOSL license, but this seems like a straw man argument…

4 Likes

What if he doesn’t “think they are potentially good long-term partners that [ECC] want to build a collaborative relationship with”?

1 Like

It’s quite obvious reading though this thread and through a few random forum polls that the community is pretty evenly split on the subject of the BOSL license and is still actively debating the pros and cons of it.

This is also disingenuous, several members of the Zcash community including the director and board members of the Zcash Foundation, Zcash founding scientists, and core developers from ECC whom have no association with XMR have expressed concerns about BOSL and it’s potential impact on the Zcash ecosystem.

6 Likes

My interpretation of those two factors Zooko listed is that ECC would grant an exception

IF #1 “their intended use benefits the ZEC holders”

OR #2 “they are potentially good long-term partners” (edit OF → OR)

This is the most charitable interpretation and doesn’t involve ECC suing Zcash wallet devs so that is what I think he meant. Probably better to just ask Zooko if this is what he meant rather than assuming he is going to be suing wallet devs and using a rhetorical trick of asking him how ECC will pay for the lawsuits…

6 Likes

Thanks Shawn. (Does this community not support DMs or am i suffering an id10t by not seeing them) Is there a running tally of prominent Zcash leadership and their “one liner” opinions about BOSL vs MIT? I feel like I’ve missed so much of past thread discussions that it will be impossible to dyor my way up to speed easily.

ECC:

ZFND:

QEDIT:

Other:

Other people who I don’t recognize and don’t know what description to use for, feel free to tell me:

Forum polls: MIT leaning
Twitter people posted by zooko: BOSL

Current tally of the individual accounts listed above:

  • 8 for BOSL (including three developers)
  • 20 for some form of change (including 10 developers)

I listed organizations by association, not to claim the people speaking were speaking on behalf on them. If I copied a dated opinion, or misread it, please let me know. I also believe every MIT advocate follows secparam in a secondary preference for dual licensing.

I also presume Chammy is BOSL, yet didn’t see any explicit statements saying that. A lot of people asked questions/gave some opinion, but didn’t state a preference, and wasn’t included accordingly. If I missed you, feel free to comment your preference to be added.

IF YOU FEEL I MISREPRESENTED IN YOU IN ANY WAY, TELL ME AND I’LL CORRECT IT. THE END.

10 Likes