BOSL or MIT - Orchard

Ah! I looked for such a thing in the the Orchard repo and it wasn’t there…

I guess this would solve the direct problem, but it also creates yet more centralization: putting ECC in a position that’s privileged not just with respect to its own code, but also with respect to others’ contributed code. It’s explicitly ECC that’s named in the Contributor License Agreement…

4 Likes

It also doesn’t handle the ECC being unable to adopt external code, the claimed benefit of copyleft, as it wouldn’t have the CLA applicable to external work and adopting said work would mean making their own work BOSL without exceptions granted, and when librustzcash/zcashd updated, they’d become BOSL as well (which could be a poison pill for adoptance).

2 Likes

Thanks, and fwiw add me as MIT
I’m new to the forums, but irl represent as a 14 year senior sw subsystems tester (unit, functional, integration, interface, db)

3 Likes

I’m not going to pretend to be a legal expert. I’m not going to pretend I know the implications of any license.

I know ZEC is flexible, and I know we’re all here because of ECC’s innovation. With that in mind, similarly to @aiyadt, I’m down to try BOSL now, and reassess in future.

12 Likes

I find the idea appealing that we want many, many developers and companies contributing to or even just using Zcash tech. As a corporate engineer/architect who has sway in choosing what tech to work with at Big Corp, I always always always choose exclusively MIT-licensed dependencies, mainly so i never have to worry about it or waste time and money considering these types of licensing questions.

It seems that BOSL is basically intended to thwart Big Corp from using Orchard for proprietary code and perhaps also to thwart CoinB from improving by using Orchard for free? The idea is that Big Corp or CoinB might leave ZEC in the dust because people will use Big Corp or CoinB instead of Zcash?

To quote Darth Vader, “I find your lack of faith disturbing”.

In the worst case scenario, how much could Big Corp or CoinB using Orchard for free hurt ZEC? Do we really think that it could be an existential crisis?

I dont think that ZEC needs copyright protections to succeed. IMHO, Zcash needs improved tooling and developer facilities to create the biggest, baddest collection of MIT-licensed privacy :fire: that supports 100s and 1000s of developers working on, maintaining and integrating different facets of the ecosystem, building all kinds of amazing things that we havent thought of yet.

My focus would be scaling the developer community and cultivating new contributors. BOSL could be a risk to these goals.

Feel free to read my extremely unpopular thought experiment into how i would like to see the Zcash developer community scale :smile:

In short though, the benefit of holding/buying/mining ZEC is that we are going to build an unstoppable juggernaut, unencumbered by restrictive licensing and, by growing the developer ecosystem over years, possibly compete for lofty goals like ZEC being the most widely used and accepted private internet money.

6 Likes

Updated the above list. By the current count:

  • Only three developers, zooko, aiyadt, and pitmutt, advocate for BOSL and BOSL alone
  • Every other developer is against BOSL, with an undisclosed preference, dual license preference, or MIT preference
  • Multiple developers are saying their companies wouldn’t bother working with this and multiple independent developers are saying they wouldn’t personally work with this

We have ECC developers, ZFND, a QEDIT (ZSAs) developer, the Zwallet developer, a Cake Wallet member, a Zephyr wallet developer (and potentially the only person actually interested in using Orchard outside of a direct fork because most other projects are interested in Halo 2 which is already MIT), and various other misc developers advocating for a change here.

We then have community members advocating for BOSL. By the post above, it’s 8 for BOSL (total, including the three developers) and 18 for some form of change.

While I won’t say it’s solely the developer community who should participate in this discussion, I do feel the community as a whole does not understand the development we will lose if we proceed with BOSL.

4 Likes

Created free2z.cash, expert engineer at Big Corp, joined forum in 2016. I flopped back and forth. But, strong MIT lean. Final answer.

6 Likes

Beyond the forum’s policy on these matters which recently came up (though I think when you effectively use the same nick it doesn’t make it unsubstantiated), I will note the reason I placed individual names with their votes, and evidence, was to ensure anyone could do their own evaluation. I’m personally inclined to ignore zooko, due to the blatant conflict of interest (which is debateable thanks to Bootstrap) and lack of development towards Zcash, but I understand he’s a major player in the community who others still value the opinion of on this matter, regardless of any potential CoI.

The most opinionated my post itself got was:

  • I don’t know some of y’all :stuck_out_tongue:
  • I tried to sort each section by how impactful I thought they were to the community (so while we have two ZCG members, aiyadt is first thanks to Nighthawk)

I will note that may have some mild controversy, as I placed sgp higher than some other people, such as fireice_uk and you, yet that was due to the project he works on, which is a ZCG grant recipient with a large user base integrating ZEC.

This isn’t me saying your post is invalid. I think it’s healthy to discuss potential CoIs and biases here. I’m also not a forum moderator :stuck_out_tongue: I just wanted to take the natural discussion of the people on the list as an opportunity to present my stance on it.

That works both ways though.

I have worked extensively as a consultant for senior technical executives across the world for a decade, and the most recurrent problem with them is this semi-endemic incapacity to understand the business side of the innovations they work on. This problem is so real and widespread that several top business universities came up with advanced education courses solely geared to these types of profiles, as to help them with this semi-endemic struggle to grasp commercial matters.

We all have blind spots. Food for thought.

1 Like

Wait what? Zooko has done more than any of us to launch Zcash, keep it improving for years, and even create and fund the Zcash Foundation. His opinion is crucially important, regardless of whether one agrees with it!

13 Likes

I am the creator of ZGo and I am for BOSL.

I am also releasing all further versions of the ZGo code under BOSL. One of my main concerns launching the project was putting all the effort into it, for then a McBigCorp taking the code and rolling it into their paid, most likely closed source app for nothing. I believe this license makes that scenario far less likely.

7 Likes

@pitmutt, thanks for explaining your position.
What do you think of using GPL, or BOSL/GPL, to achieve the same goal?

1 Like

I think the time-gate in BOSL provides an opportunity for entities (other devs/projects/companies) to explore and use the code and then decide if they want to keep moving forward, and then either release their contributions under BOSL (a plus for the community), or come to an agreement with ZGo for a license exception (a plus for ZGo). With a straight-up GPL, the pool of people willing to explore or try the code shrinks significantly.

As for dual licensing, I think the only plus would be to mitigate the “BOSL? That’s new/weird!” factor a bit, which can also be mitigated in other ways, perhaps working with the FSF or a similar entity to review the license.

Cursory caveat, I am not a copyright lawyer but I do have some skin in the game for ZGo.

6 Likes

If ZGo uses the Orchard code (which is what we’re discussing) then ZGo can’t grant that exception. Unless ECC also grants that exception.

the time-gate in BOSL provides an opportunity for entities (other devs/projects/companies) to explore and use the code and then decide if they want to keep moving forward, and then either release their contributions under BOSL (a plus for the community), or come to an agreement

Not quite. The moment that external party combines your BOSL code with their code, and distribute it (including as SaaS), they irrevocably commit to publishing their sourcecode immediately and to BOSL-licensing it within a year. Their future decision whether to “keep moving forward” will only affect future code.

So in particular, anyone considering integrating BOSL code with their large pre-existing codebase, needs to make the upfront decision whether to immediately reveal, and eventually BOSL-license, that pre-existing codebase. There is no time-gating for that decision.

So the bottom line is not very different from GPL, except for the barrier and legal expenses of even understanding this.

3 Likes

I’ve listened to his evidence and taken it into account. I’m inclined to ignore his summary personal opinion, which is effectively the ECC’s opinion, due to the conflict of interest (leading the organization which stands to receive millions in funding thanks to this license choice). The lack of development part, which you did quote yet honestly wasn’t my primary reason, was more saying while he is a developer, he doesn’t actively serve as a code developer on Zcash AFAIK. I fully acknowledge the organizational development he contributes, yet I considered him a code developer in my posted summary despite the lack of contributions (as I considered forum randoms claiming to be some form of developer developers regardless of contributions). I more wanted to contextualize that specific stance.

        to distribute or communicate copies of the Original Work and
        Derivative Works to the public, provided that prior to any such
        distribution or communication You first place a machine-readable copy
        of the Source Code of the Original Work and such Derivative Works that
        You intend to distribute or communicate in an information repository
        reasonably calculated to permit inexpensive and convenient access
        thereto by the public (“Information Repository”) for as long as You
        continue to distribute or communicate said copies

Not to mention, this doesn’t actually mandate free copies of the course code be provided to the public (which the GPL does for networked distributions). Solely ‘reasonably inexpensive and convenient’. I also seem to be not seeing the clause where it’s required for you to even establish your work is BOSL and therefore has this as an option. It requires in-source retaining of attribution notices, yet I don’t see where it says you must include the BOSL license text with binaries like the GPL.

GPL stance on the repository:

Corresponding Source conveyed, and Installation Information provided, in accord with this section must
be in a format that is publicly documented (and with an implementation available to the public in source
code form), and must require no special password or key for unpacking, reading or copying.

“no special password or key for unpacking, reading or copying” is the part I’m noting.

Looking at the big picture here, I want to point out a big red flag:

It’s nearly two years since the TGPPL/BOSL license was introduced to the Zcash community, and nearly a decade since an earlier version was published. (Edit: actually, more than 14 years.)

It’s been looked at by countless people, many of whom are cognizant in copyright law and open-source licenses. Many of us have been using and analyzing such licenses for decades.

Yet we still don’t understand what the license means. Looking at the above thread and related ones, I see ongoing confusion, misunderstandings and new realizations on fundamental questions of BOSL’s implications.

If ECC wishes to proceed with this license, I suggest they publish an FAQ answering these basic questions. A few examples, just from the last few of days:

  1. I’d like to launch a fork of the Zcash chain. Will I need anyone’s permission? (Of course, I’d like to keep the MIT-licensed parts under an MIT license.)
  2. I have an important bug fix to the Orchard code, and I published it under BOSL. Will ECC merge it? (Oh BTW, I’m on an offline vacation for the next couple of months.)
  3. I’d like to use Orchard code in my GPL project, which isn’t part of Zcash per se, but in my opinion it would help the Zcash community and ZEC. Can I? How does that work if ECC gets hit by a bus?
  4. Some third party company wants to use BOSL code in combination with their pre-existing proprietary closed codebase. They would consider releasing their codebase or paying for a private license, but they first want to do a small pilot and get feedback, before making any commitment about their codebase. Can they?
  5. How is BOSL substantially better than GPLv3, or AGPLv3, or dual licensing with either? Concrete scenarios, please.
11 Likes

This statement is so important if we are expecting Zcash to become a reserve internet money. Well said by @Dodger .

It’s one thing to experiment during R&D, testing, and for peripherals… but we need to remove “experiments” and testing in production (like BOSL) from Zcash strategy.

Many many folks who buy and hold Zcash do not see the live mainnet as an experiment… it’s literally their life savings and store of value. So, we should honor that and reduce risk by either avoiding things like BOSL or fully vetting the idea and getting widespread support first.

5 Likes

I’ve been thinking about the Contributor License Agreement angle and realized that beyond my initial reply, there’s a deeper problem here:

The BOSL world, as envisioned by ECC, is inherently fragmented into separate silios that cannot easily share code, even if they all use BOSL.

That’s because the purpose of BOSL is to incentivize external users to:

ask for an exception from ECC — where we can ask them to contribute something valuable back to the ZEC holders in order to get that exception

But ECC can only grant this exception if it has the requisite relicensing rights to all the pertinent code.
Crucially, these relicensing rights do not follow from BOSL! They follow only from having written the code in the first place, or having explicitly received them via a separate ad-hoc agreement:

Thus, effectively, ECC cannot incorporate BOSL code written by others unless it gets explicit permission from those others.

For example, if some competing coin forks Orchard and (therefore) chooses to license their improvements under BOSL, that’s OK because at least they’re giving back their improvements to the Zcash community, right? Wrong. ECC can’t merge those improvements into its own code, because that would break ECC’s ability to relicense the merged work (and thereby extract “value for ZEC holders” in the future).

Or, suppose someone publishes a cool BOSL-licensed Rust crate, and ECC wants to use it in its own BOSL-licensed code. Nope! That, too, would break ECC’s ability to relicense the merged work.

Well, ECC can politely ask those other parties to DocuSign a contributor agreement that grants relicensing rights to ECC, right? Maybe those parties happen to like ZEC, and have the money to pay lawyers to review that agreement. But if those other parties also buy into the narrative of value-extraction-from-public-goods-by-relicensing-rights, then they would be fools to give away their relicensing rights. If they do, ECC could eat their lunch, neutralizing their ability to extract value for their positive feedback loop.

So, anyone who believes BOSL’s narrative would be strongly disincentivized to intermingle BOSL code with anyone else who believes BOSL’s narrative — unless they are already strongly incentive-aligned and mutually-trusting (in which case what’s the point of convoluted licenses).

Consequentially, taken to its logical conclusion: the BOSL ecosystem becomes fragmented into separate incentive-locked BOSL licensing silos, that cannot share code, and each is controlled by a centralized legal entity that holds the relicensing rights and mandates a contributor agreement within that silo.

None of that is a problem with MIT, or with GPL as normally used, because neither relies on relicensing to work. Notably, in the past there have been attempts to use GPL-plus-offer-to-relicene to extract value via proprietary relicensing, in a similar spirit to BOSL’s motivation; but to my knowledge the vast majority of those attempts have failed, and either died off or found a different business model.

Am I missing something?

8 Likes

I think this was @nuttycom’s idea, probably.

3 Likes