One of the *fundamental* qualities of FOSS is that FOSS licenses are *purely copyright licenses*. What this means is that their terms apply solely when software is copied or modified, which are actions which are controlled by copyright law, but *not* when you merely use the software yourself.
This is a well-understood concept. The FSF [explains this](https://www.gnu.org/licenses/gpl-faq.en.html#ClickThrough ) in the context of the GPL. Diego Elio Pettenò (npub16uv…lz0y) also [wrote about this](https://flameeyes.blog/2020/03/23/the-gpl-is-not-an-eula/ ) (hi, I found your relevant blog post first this time! :P).
This has *significant* implications, it's not just a curiosity. A license that imposes conditions on mere *usage* requires some form of click-through setup. Not having that would cause those usage terms to be thrown out by most courts, as there is no way for the user to be informed of the EULA and their obligations under it. You cannot agree to what you are unaware of.
This is a *critical* legal distinction, because these EULA terms work *outside* of the framework of copyright law. Copyright law itself requires no click-through EULA: you can violate copyright law even if you are unaware of the terms and conditions, and it is the distributor's or editor's responsibility to comply with all appropriate licensing and copyright requirements when engaging in those actions. But mere *usage* of software that you have lawfully obtained does not invoke copyright law (modulo technicalities about "running software being a copy to RAM", but that's a whole separate [can of worms](https://open.mitchellhamline.edu/cgi/viewcontent.cgi?article=1037&context=cybaris ) with conflicting legal precedent, and the practical fact that if mere RAM copies are in fact copyright infringement then all of us would be committing copyright infringement every day, all day, in a huge number of situations).
Put simply: a piece of software entirely devoid of a license agreement can be hosted on the creator's website, and the default protections of copyright law apply. You are not allowed to redistribute it, but you are allowed to download it and run it for your own personal usage.
This distinction is encoded in the policies of many distribution FOSS projects, like Linux distributions. For example, [Fedora only allows FOSS licenses](https://docs.fedoraproject.org/en-US/legal/license-approval/ ), and Gentoo [accepts all "FREE"] licenses by default(https://gitweb.gentoo.org/repo/gentoo.git/tree/profiles/license_groups). This is representative of a very important point: neither of those distributions requires you to read or accept any of those licenses. The assumption is that anything considered "free" is purely a copyright license and that you, as a user, can just go and install distro packages and not read any licenses and be perfectly fine, and nothing you do short of redistributing the software itself could possibly violate them.
But now we have a problem. Notice how both the Fedora and Gentoo allowed license lists include the EUPL. But the EUPL Article 5, if interpreted literally and assuming no other license conditions override it, imposes restrictions on mere usage: it is an EULA. If you download and use EUPL software, and then run it on a server, then the license *requires* you to ensure that users of your server are offered the complete and correct source code to the software running on your server.
But how are you, as a user, supposed to know that? If you install software on Fedora or Gentoo the normal way, the system doesn't even tell you what license the software is distributed under, much less ask you to accept its terms. It's not supposed to be necessary, because FOSS licenses are supposed to be licenses and not EULAs.
Now, since there is no license prompt, if a user were to actually do this, things get really weird. Let's say you run Gentoo or Fedora, install an EUPL package, and run it on a server without ensuring there is a source offer to its users, particularly in cases where the server action does not distribute the code itself (this gets messy with webapps with HTML/JS/CSS, so let's assume this is a simple database server). Now you are violating Article 5 of the EUPL... but you never agreed to said license terms, so courts are highly unlikely to find you liable for it.
So who is liable? Are the distros? Is it a distro's job to ensure that end-user relevant license agreement terms are shown to users of its packaged software? Nobody knows... but then we reach the logical conclusion: either the EUPL is toothless because it is being treated as a non-EULA and users aren't being required to agree to its terms... or distributions themselves are in violation by not ensuring it is displayed to users.
Linux distros might want to think twice about OSI's idea of FOSS licenses and whether they really want to carry software licensed under licenses with clear usage restrictions, regardless of what OSI says is free or not.
Or perhaps the EUPL just doesn't protect against SaaS in practice, regardless of what its authors may claim.
Hector Martin /
npub1qk…9azpx
2024-08-18 11:50:56
Author Public Key
npub1qk9x6yrvten3jqyvundn7exggm90fxf9yfarj5eaz25yd7aty8hqe9azpxPublished at
2024-08-18 11:50:56Event JSON
{
"id": "5a5a8956d02acc9d3584a534afe666d3c5a8f4bc27cdb8f3472d1319d536779c",
"pubkey": "058a6d106c5e6719008ce4db3f64c846caf49925227a39533d12a846fbab21ee",
"created_at": 1723981856,
"kind": 1,
"tags": [
[
"proxy",
"https://social.treehouse.systems/@marcan/112982874941526943",
"web"
],
[
"p",
"d719273d61c0bbb0452e0020e7b73fc618ede201126e5814c19c329978027a6b"
],
[
"proxy",
"https://social.treehouse.systems/users/marcan/statuses/112982874941526943",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://social.treehouse.systems/users/marcan/statuses/112982874941526943",
"pink.momostr"
],
[
"-"
]
],
"content": "One of the *fundamental* qualities of FOSS is that FOSS licenses are *purely copyright licenses*. What this means is that their terms apply solely when software is copied or modified, which are actions which are controlled by copyright law, but *not* when you merely use the software yourself.\n\nThis is a well-understood concept. The FSF [explains this](https://www.gnu.org/licenses/gpl-faq.en.html#ClickThrough ) in the context of the GPL. nostr:npub16uvjw0tpczamq3fwqqsw0delccvwmcspzfh9s9xpnsefj7qz0f4s88lz0y also [wrote about this](https://flameeyes.blog/2020/03/23/the-gpl-is-not-an-eula/ ) (hi, I found your relevant blog post first this time! :P).\n\nThis has *significant* implications, it's not just a curiosity. A license that imposes conditions on mere *usage* requires some form of click-through setup. Not having that would cause those usage terms to be thrown out by most courts, as there is no way for the user to be informed of the EULA and their obligations under it. You cannot agree to what you are unaware of.\n\nThis is a *critical* legal distinction, because these EULA terms work *outside* of the framework of copyright law. Copyright law itself requires no click-through EULA: you can violate copyright law even if you are unaware of the terms and conditions, and it is the distributor's or editor's responsibility to comply with all appropriate licensing and copyright requirements when engaging in those actions. But mere *usage* of software that you have lawfully obtained does not invoke copyright law (modulo technicalities about \"running software being a copy to RAM\", but that's a whole separate [can of worms](https://open.mitchellhamline.edu/cgi/viewcontent.cgi?article=1037\u0026context=cybaris ) with conflicting legal precedent, and the practical fact that if mere RAM copies are in fact copyright infringement then all of us would be committing copyright infringement every day, all day, in a huge number of situations).\n\nPut simply: a piece of software entirely devoid of a license agreement can be hosted on the creator's website, and the default protections of copyright law apply. You are not allowed to redistribute it, but you are allowed to download it and run it for your own personal usage.\n\nThis distinction is encoded in the policies of many distribution FOSS projects, like Linux distributions. For example, [Fedora only allows FOSS licenses](https://docs.fedoraproject.org/en-US/legal/license-approval/ ), and Gentoo [accepts all \"FREE\"] licenses by default(https://gitweb.gentoo.org/repo/gentoo.git/tree/profiles/license_groups). This is representative of a very important point: neither of those distributions requires you to read or accept any of those licenses. The assumption is that anything considered \"free\" is purely a copyright license and that you, as a user, can just go and install distro packages and not read any licenses and be perfectly fine, and nothing you do short of redistributing the software itself could possibly violate them.\n\nBut now we have a problem. Notice how both the Fedora and Gentoo allowed license lists include the EUPL. But the EUPL Article 5, if interpreted literally and assuming no other license conditions override it, imposes restrictions on mere usage: it is an EULA. If you download and use EUPL software, and then run it on a server, then the license *requires* you to ensure that users of your server are offered the complete and correct source code to the software running on your server.\n\nBut how are you, as a user, supposed to know that? If you install software on Fedora or Gentoo the normal way, the system doesn't even tell you what license the software is distributed under, much less ask you to accept its terms. It's not supposed to be necessary, because FOSS licenses are supposed to be licenses and not EULAs.\n\nNow, since there is no license prompt, if a user were to actually do this, things get really weird. Let's say you run Gentoo or Fedora, install an EUPL package, and run it on a server without ensuring there is a source offer to its users, particularly in cases where the server action does not distribute the code itself (this gets messy with webapps with HTML/JS/CSS, so let's assume this is a simple database server). Now you are violating Article 5 of the EUPL... but you never agreed to said license terms, so courts are highly unlikely to find you liable for it.\n\nSo who is liable? Are the distros? Is it a distro's job to ensure that end-user relevant license agreement terms are shown to users of its packaged software? Nobody knows... but then we reach the logical conclusion: either the EUPL is toothless because it is being treated as a non-EULA and users aren't being required to agree to its terms... or distributions themselves are in violation by not ensuring it is displayed to users.\n\nLinux distros might want to think twice about OSI's idea of FOSS licenses and whether they really want to carry software licensed under licenses with clear usage restrictions, regardless of what OSI says is free or not.\n\nOr perhaps the EUPL just doesn't protect against SaaS in practice, regardless of what its authors may claim.",
"sig": "88ad09402c64b3132020b457f953a67bd81ba927f68d20ad6b35b263546d72eb7a21422c9717642f13f349fdf2de29db910531e0d3d0834fe902d25ed094ff92"
}