this post was submitted on 07 Mar 2024
134 points (97.2% liked)

Open Source

31372 readers
39 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Relevant parts:

Partner represents and warrants that it shall not introduce into WhatsApp’s Systems or Infrastructure, the Sublicensed Encryption Software, or otherwise make accessible to WhatsApp any viruses or any software licensed under the General Public Licence or any similar licence (e.g. GNU Affero General Public License (AGPL), GNU General Public License (GPL), GNU Lesser General Public License (LGPL)) containing a "copyleft" requirement during performance of the Services.

Partner shall not: (i) combine Sublicensed Encryption Software with any software licensed under any version of or derivative of the GNU General Public License (e.g.; GNU Affero General Public License (AGPL), GNU General Public License (GPL), GNU Lesser General Public License (LGPL) in any manner that could cause, or could be interpreted or asserted to cause, the Sublicensed Encryption Software or any modifications to the Sublicensed Encryption Software to become subject to the terms of any version of or derivative of the GNU General Public License or other copyleft open source software

top 41 comments
sorted by: hot top controversial new old
[–] [email protected] 71 points 8 months ago (4 children)

What is that bs? So they only interoperate with closed source, for profit services or what? I hope the EU rips them a new one.

[–] [email protected] 22 points 8 months ago (1 children)

The recent malicious compliance by Meta and Apple goes to show there's no such thing as "good faith" and the EU is doing a bad job by leaving a bunch of loopholes open.

[–] [email protected] 11 points 8 months ago (2 children)

The EU has done a wonderful job by making the DSA which went into effect yesterday. My personal favorite is up to 10% of global revenue per transgression and 20% for repeat offenses.

[–] [email protected] 6 points 8 months ago (1 children)

That's great if there is in fact a transgression. My guess is there won't be because of said loopholes.

[–] [email protected] 2 points 8 months ago (1 children)

We will see I guess. Feel free to write to your representative. Be the change you want to see.

[–] [email protected] 2 points 8 months ago (1 children)

My representatives are in bed with the corpos. No luck there.

[–] [email protected] 3 points 8 months ago

Welp, thats pretty bad. Since I get defeatist thoughts when I watch the news, I block them wherever I can, go protest, write complaints, vote and so on. Thats all that I think can be asked of me so I‘ll just go on doing that until morale improves.

[–] [email protected] 3 points 8 months ago (1 children)

@haui_lemmy @helenslunch The EU generally has the right idea but is often pretty bad at writing « ironclad » laws. I’m pretty sure most of the people writing these texts have very little experience in tech, and they tend to leave gaping holes that big tech companies are quick to exploit.

Still, in general, they’re doing a solid job at curbing the power and abuses of these companies. It just takes longer than it should to patch the holes!

[–] [email protected] 2 points 8 months ago

I agree. Feel free to write a letter to your representative and either offer help with it or tell them how to do it. Be the change you want to see. :)

[–] [email protected] 20 points 8 months ago (1 children)

All the closed source for profit services that might be relevant already said that this crippled access is of no interest, and the only ones left (Matrix and some hobbiists) will be likely prevented from ever using it by these legal shenanigans. Malicious compliance accomplished 😒

[–] [email protected] 1 points 8 months ago

Well, the DSA goes in the right direction so I am still hopeful. Feel free to write to your representative how exactly these laws need to be changed. Be the change you want to see.

[–] [email protected] 9 points 8 months ago (1 children)

No, just GPL licensed source.

MIT, BSD, Apache, and all the other OSI licenses are fair game.

[–] [email protected] 4 points 8 months ago (1 children)

i‘m not familiar with the differences. I know they differ in terms of „can the end product be closed source“ but no idea which one does what. I read up every time i need to use one but hasnt been too often.

[–] [email protected] 10 points 8 months ago (1 children)

GPL is a "copyleft" license aka a "viral" license. It forces anybody who uses it to keep the software open but not just the code, also the way it is being used, and to use the same license if they modify the code, or distribute anything made with the code, and these terms are perpetual and unrevokable.

Basically anything GPL will keep being GPL and anything that comes into contact with it will have to be GPL or take certain precautions to avoid becoming GPL.

[–] [email protected] 2 points 8 months ago

Thanks for clarifying. I have read something like this but now its more clear.

[–] [email protected] 2 points 8 months ago (1 children)

I just hope the elections in June don't get the EU a parliament of right wingers dead set on "smaller government" and "free market". Given that EU citizens are just humans and very influenced by the republicans of the USA, it wouldn't surprise me though. Let us enjoy what could've been while 30% of the population ignores its democratic duty and 60% give in to USAian + Russian propaganda 🍷

CC BY-NC-SA 4.0

[–] [email protected] 1 points 8 months ago (1 children)

I hope so too but we have to admit that it is hard enough for a lot of people to get by so besides going to protests and talking, I cant fret too much about it anymore or I risk permanent damage to my life which wont bring anyone any good.

I have since blocked all american politics and topics that I cant change and dont have the energy to advocate for. My family and community need me for a couple years longer so I have to choose my fights. Sorry if thats not enough for you.

[–] [email protected] 1 points 8 months ago (1 children)

I have blocked American politics too. Just take and evening out of your life to look at which parties will be on the ballot and their election program points (just bullet points), take another hour on election day and that's it. There's nothing more to it.

It happens every 4 years. Is that really too much?

CC BY-NC-SA 4.0

[–] [email protected] 2 points 8 months ago (1 children)

Since I‘m not in the US, my times are a little different but I go vote and I go protest (which is more than most) if stuff is bad. But reading bad things every day sends me into defeatism so I need to keep it away from me so I can stay being productive (not only work but also live and vote)

[–] [email protected] 1 points 8 months ago (1 children)

Then you're doing fine 👍 I know many people who don't follow politics because it's theatre, and no world news because it's just depressing. Totally understandable. You haven't given up and still vote, which is good. I can only hope you vote for the good of all, but at least you show up.

Have a good day, mate.

CC BY-NC-SA 4.0

[–] [email protected] 1 points 8 months ago* (last edited 8 months ago) (1 children)

Well, thats quite a broad term. As a minority member, I feel responsible to vote for equality and inclusion. Thats not great for those who would like „a strong leader“ or „just let the markets decide“ but I consider going against others‘ opinion less of an offense than going against their personhood.

Edit: you have a good one as well. :) Edit2: do you put that license in manually or automatically?

[–] [email protected] 1 points 8 months ago (2 children)

For me, egoistic altruism shaped my voting behavior.

Edit2: do you put that license in manually or automatically?

I'd appreciate a "signature" function in a lemmy frontend client, so until then, it's manual.

CC BY-NC-SA 4.0

[–] [email protected] 1 points 8 months ago

Thats actually a very interesting and healthy take imo. I‘m an altruist from birth and need to take better care of myself. But otherwise I‘m on the same track.

Also, I‘m strongly against the thing they left out (probably to not polarise, which makes the point come across easier), people still trying to get a bigger pie than anybody else.

But I guess both approaches are helpful.

[–] [email protected] 1 points 8 months ago

Here is an alternative Piped link(s):

egoistic altruism

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] [email protected] 17 points 8 months ago

Not to mention that interoperability is limited to EU (EEA to be specific)

[–] [email protected] 15 points 8 months ago (1 children)

Just dual-license your software under the TNGPL (Totally Not GPL) license that just so happens to afford the same protections.

[–] [email protected] 20 points 8 months ago* (last edited 8 months ago) (1 children)

Fun fact: the GPL license is itself under copyright, held by the FSF, and subject to certain conditions. That's why there's only one "GPL" and it remains the same and everybody can rely on what's in it.

Besides, they did mention that derived licenses or any copyleft licenses are not ok either.

[–] [email protected] 4 points 8 months ago* (last edited 8 months ago)

They actually did not. They clearly state (at least in the text posted by the OP) that you are not allowed to license under a version or derivative of the GPL if it would end up copyleft. The main condition is that it is licensed under a version of the GPL.

(To be clear, I'm talking about the second quote, about combining)

[–] [email protected] 12 points 8 months ago (1 children)

Pardon me, but would this not interfere with partners' ability to host services via 99% of Linux-based servers?

[–] [email protected] 13 points 8 months ago

No, running software on GPL licensed systems does not make the guest software GPL.

But, The AGPL is “infectious”, and one bit of AGPL can make your entire project subject to the AGPL. It’s a legal nightmare and many businesses outright ban the use of AGPL software.

Presumably, they’ve just blanket banned GPL to avoid any ambiguity.

[–] [email protected] 10 points 8 months ago

i THINK they’re saying that they sublicense a library to do encryption in order to talk to WhatsApp and that it’s this software that they won’t be allowed to be included in GPL-licensed software because it may be that in the future that implies a release of source code?

this doesn’t seem unreasonable as long as you can create a facade or abstraction that’s NOT GPL-licensed to interact with WhatsApp that then interacts with your GPL code?

or i could be misreading entirely

[–] [email protected] 4 points 8 months ago* (last edited 8 months ago) (1 children)

This looks written to protect against copyleft infection. It's probably fine to link.

[–] [email protected] 4 points 8 months ago

otherwise make accessible

This sounds very, very broad. Broad enough for at least a chilling effect.

[–] [email protected] 4 points 8 months ago

Does this mean that the Eclipse Public License is allowed (unless GPL is listed as a "Secondary License") but the Mozilla Public License is not allowed (unless "Incompatible With Secondary Licenses")?

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago) (1 children)

Partner represents and warrants that it shall not introduce into WhatsApp’s Systems or Infrastructure, the Sublicensed Encryption Software, or otherwise make accessible to WhatsApp any viruses

The technical definition of a "computer virus" is actually quite narrow, and true viruses are rare these days because they are passive and slow compared to more modern malware types.

A strict, literal reading of the text says that all other kinds of malware are acceptable.

[–] [email protected] 3 points 8 months ago* (last edited 8 months ago)

Paragraph 3.1.5. expands on that though:

To transmit, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.

[–] [email protected] 3 points 8 months ago

I'm not a lawyer, but under the definition of "Infrastructure" on page 5, they state that they will construe WhatsApp Infrastructure and Partner Infrastructure accordingly, which to my untrained eye is prima facie evidence to their acknowledgement that these are separate systems, at least one (the Partner's) of which is not under their custodianship and not named as subject of the first stipulation you quoted. In other words "do not make it so WhatsApp's own infrastructure would run GPL material" and potentially "do not send GPL material through our systems"

The second one I interpret to mean "nothing with licenses that apply that runtime operation is copy left"

[–] [email protected] 2 points 8 months ago (1 children)

Well they did pay an ungodly amount of money for a freaking chat program.

[–] [email protected] 7 points 8 months ago (1 children)

You mean a metadata & contact list harvester

[–] [email protected] 3 points 8 months ago (1 children)

Don't sell it short, it probably collects the gist of the chats too.

[–] [email protected] 3 points 8 months ago

Don't be paranoid. They scans our chats against problematic keywords to find out bad guys, and metadata helps law enforcement in catching these bad guys. /s