←back to thread

Grayjay Desktop App

(grayjay.app)
510 points pierrelf | 2 comments | 20 Dec 24 17:33 UTC | HN request time: 0.538s | source
Show context
lrvick ◴[21 Dec 24 07:35 UTC] No.42478077[source]
I love the right to repair work Louis Rossmann does, and this project goal as a whole, but this license is a major step backwards for software distribution with high assurances of security, freedom and privacy.

Debian, Arch, Guix, F-droid or any other independent signed reproducible build channels require a true Open Source license to function legally.

The license thus forces users to download unsigned non-reproducible binaries off grayjay servers and trust blindly that their build server is creating binaries from exactly the published code and not compromised to inject tracking or malware not in the public repo (an increasingly common attack they may not even know about for years!). Or say the grayjay domain is hijacked or even a BGP attack or a LAN MITM. All sorts of ways they could be helping distribute malware and not know it with no signatures or reproducible build proofs.

Thing is, your team would not have to solve these problems if you licensed it so the community could solve them for you, as we do for thousands of open source software projects.

I really want to see a project like this take off and would gladly donate, but only if it can be opened up for accountability via third party compilation and distribution channels so it can never be backdoored or co-opted for surveillance if your leadership or release engineers are ever compromised.

Said license: https://github.com/futo-org/Grayjay.Desktop?tab=License-1-ov...

There are other licenses like AGPL that would kill any attempt for someone to rip your code off to make their own proprietary offering, without locking yourself out of established freedom, security, and privacy preserving software distribution channels.

If anyone from the team is reading this, I would be happy to detail and discuss my concerns further as a software supply chain security specialist. Hit me up.

replies(6): >>42479087 #>>42479200 #>>42479315 #>>42479424 #>>42479879 #>>42480938 #
ferbivore ◴[21 Dec 24 11:38 UTC] No.42479087[source]
FUTO develops, for the most part, proprietary software that they plan to monetize. The license choice isn't some mistake that you can get them to recant by explaining the virtues of the AGPL and third party distributors. (They're already aware of these things; one of the products under their umbrella is Immich, which was relicensed to AGPL after they started employing the original developer, as a compromise between his goals and FUTO's.) They're deliberately going for the same model as Unreal: source access is only provided a courtesy to users, and/or as part of a marketing strategy, and they have zero interest in allowing you to fork their software.
replies(2): >>42479273 #>>42482120 #
em-bee ◴[21 Dec 24 12:23 UTC] No.42479273[source]
while that is technically mostly correct, that does not properly reflect their intentions. they most certainly are interested in allowing you to fork their software as a user. but what they are also interested in is to prevent a fork to take revenue from the original developers.

so you can most likely (i don't know the details) fork and change and redistribute the code. what you can not do is exploit that commercially.

this goes in the directions of the discussions started by bruce perens that we need to rethink FOSS, because funded companies are taking advantage and making a profit from FOSS without paying the developers.

it is not obvious that FUTO's approach is the right one. it is an attempt at addressing the problem, and i expect that it will take more such experiments to shake out what the best approach to this problem really is.

replies(1): >>42479674 #
1. ferbivore ◴[21 Dec 24 13:52 UTC] No.42479674[source]
That's not a fork in the sense normally used by the free software community. It's better than nothing, to be sure, and if Xerox had adopted this license back in 1980 maybe we wouldn't even be talking about free software today. But FUTO still maintains some control over what your fork can and cannot do, which violates freedom 1.

I don't have a strong opinion on whether this licensing approach is right or wrong, I just doubt "anyone from the team" would find lrvick's post a compelling argument for switching to a free software license considering their stated goals.

replies(1): >>42481124 #
2. em-bee ◴[21 Dec 24 18:04 UTC] No.42481124[source]
i was unaware that there was a free software definition of fork. for me fork is a technical term that is used to indicate that the forked codebase is going to be developed with a different goal than the original. which license the code has, and what the limitations of that license are, is not relevant for it to be a fork. i can make a fork of a closed source application if i have the code and the legal right to it (which i might have because i paid the owner for that right)

FUTO is not xerox. and i disagree that xerox is responsible for allowing free software to be developed. furthermore, the right to commercial exploitation is not what drove the idea of free software. commercial exploitation was necessary because otherwise selling tapes and other media with free software on them would not have been possible. today where distribution of software can be done pretty much without any cost at all, this right is no longer needed in just to be able to fork and distribute an application.

it is only needed if i want to be able to commercially exploit the changes i make to the application. this is where free software and these new source available licenses diverge. and this divergence is the entire point of these new licenses.

also historically there used to be an active community of the development of non-commercial software. many MUDs for example had a non-commercial license and each one of them was forked many times over.