I don’t think that’s correct. As @aquietinvestor quoted earlier, the text that needs to be signed off on is
As an App developer, you assume total responsibility and risks for your use of the Service and any damage that your application may cause to third parties or to Ledger. This responsibility includes, but is not limited to, all the necessary steps to maintain the continuity of the availability and the performance of the App you have developed and submitted to the Service. You shall, at all times and at your own cost, regularly test and update the App you have developed in order for your App to be fully functional with the latest Ledger updates and plugins, as well as, mitigate all risks and incidents that may affect your App, or the use of your App by any third party.
By submitting the App to the Service, you warrant that your App will not cause any fault or malfunction in any software, firmware, hardware or network and information system, nor shall introduce any viruses or vulnerabilities onto the Services. You warrant that the App will operate in accordance with Ledger and user expectations and that the maintenance of your App will be of satisfactory quality and conform to the requirements to function with the Service, Ledger software, firmware and hardware."
ZF and ZCG met with Zondax today to discuss potential a potential path forward.
Zondax indicated that they would not be willing to take responsibility for maintaining and bugfixing an app developed by a third party.
We discussed leveraging the work that Zondax has already done to submit an app with support for Sapling shielded transactions that meets Ledger’s requirements, and would be backwards compatible with the existing Ledger Live app. This would make it possible for desktop Zcash wallets like Zingo and Ywallet to add support for storing transparent and Sapling shielded ZEC on Ledger devices (subject to the necessary integration work being done).
With the new app approved, the next step would be to look at adding support for Sapling shielded transactions to Ledger Live, and investigate whether the same app can enable support for mobile wallets to sign transparent and Sapling Zcash transactions over a Bluetooth connection (there is a known issue where the Bluetooth connection to a Ledger device can timeout if signing a transaction takes too long; we do not know whether this will impact Zcash transactions).
Potential future support for Orchard (and ZSAs) is dependent on resolving any potential licensing conflicts. Ledger requires that any code changes submitted to Ledger Live are MIT licensed but the Orchard code was released under the BOSL license.
The next step is to draft a plan and meet with Ledger to get their input. We will update the community when we have something concrete to report.
Apologies if this is throwing fuel on a fire that isn’t present here, yet as an anecdote, when I reviewed integrating Zcash into my work, I also solely considered integrating Sapling due to not being willing to deal with the BOSL. This was due to:
My personal opinionation (well voiced and not needing reiteration)
The lack of desire to hire a lawyer to answer any ambiguities I had if I did try to work with BOSL (and while I’m sure the ECC would be happy to answer any questions I have, I can’t responsibly accept their answers without a third party’s review)
Needing to establish a non-FOSS license amenability policy for my project
Not being able to advertise as FOSS
I also can comment that my work was originally scoped around Zcash and I dropped Zcash due to the strain of the original series of events.
This anecdote may not be cared for, and I’d rather walk away then spend the next month in debate. I don’t feel any need nor desire to insist other people react/respond. That said, if a notable organization (Ledger) is identifying frustrations with BOSL, it may be justifiable to once again discuss licensing policy. If this discussion is being re-opened, I did want my anecdote to be present.
Apologies again if the licensing discussion isn’t potentially re-openable, as if so, this is just a reminder of old drama with no actual value.
Hi @hanh, maybe hold off on finding an organisation for now. It has come to our attention that Ledger is unlikely to accept an application from anyone other than ZF (or possibly ECC). We are in discussions with ZF and Zondax to find the best path forward.
this is how companies protect their brand and their customers. zcash should learn from them. we should be copying them not criticizing. our brand is weak because we are too loose. we don’t have much if any accountability. their high standards is why customers trust their products.
We (ZF) met with Zondax, Ledger and ZCG to discuss how best to move forward, and there was general agreement around the multi-phase approach described above.
Zondax is preparing a grant application for phase 1, which will cover:
Updating Zondax’s fork of Zecwallet Lite to support ZIP317 fees
Security audit of the new embedded app by one of Ledger’s approved audit partners
Technical support and maintenance of the embedded app for 12 months
Training and support to other Zcash desktop wallet teams who want to add support for Ledger devices
This work will deliver a new embedded Ledger app with support for transparent and Sapling shielded transactions. We hope that this new embedded app will allow Ledger users whose funds are currently “stuck” to unlock their funds.
The next step once that app has been accepted and published by Ledger will be to look at updating Ledger Live to support Sapling shielded transactions (we’re referring to this work as phase 1a).
Future work includes looking at adding Orchard support and checking whether shielded transactions can be signed using Ledger devices over a Bluetooth connection (for mobile devices).
Disappointment here too. We have an open source code for Orchard, ready for immediate Ledger integration, and no one at ECC or ZF is able to support it officially ? Wrong priorities at ECC/ZF.
The point here is that the current structure makes Ledger feel they have to work with the ECC/ZF and other organizations (including the ZCG) are not legit.
So no, not any member of the community can take this responsibility.
Well, they receive devfund, i.e. money. The question is whether it is part of their job or not.
I don’t tell my boss: “hey, that code looks like too much responsibility. I won’t do it. Where is my check?”
Though for sure, Ledger is not totally clean either. Do you remember when the Zondax/ZF started?
Lol. They are literally the ones running the project. ZFND/ECC are both companies. They are running a business. Their business is supposed to ensure that their customers are satisfied with their product. Right now, they aren’t fulfilling their end of the deal.
%. People like @Dodger and @zooko have their priorities misaligned and are failing to act as the leaders that they consider themselves to be.
Perhaps all this red tape isn’t by accident. 
%. People like