Sure you can. Your project, your rules.
"You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License." [0]
He is right, the changed license is discriminatory.
Older commits can be used freely, so not a big deal for a while at least and by then someone can fork the code.
If an author of a library chooses to apply political condition(however justified they may be), then the software is simply not free by definition.
I’m neither Russian nor Ukrainian. I cannot turn a blind eye simply because it doesn’t apply to me. What if another library that I use apply a license that says “those that look like this cannot use my software from now on”?
Really? Making software free is just about as political as it gets. Restricting that freedom, as happens here, is equally political. I guess you just don't this special kind of politics in your software.
Consider: "Open source is political": the power 'open source' relates to is the power of the licensed software's users to read the program's source code, and to redistribute/modify the program. Insofar as there's a moral vision to it, the idea of a world where users are unable to distribute/modify/etc. their software is worse than a world with open source software.
Whereas, the meta-statement "don't bring politics into discussions" is more like rules-of-engagement for discussion involving a diverse group of people. The 'political' in the statement refers to e.g. moral or ideological points of view. -- "asl2.0, but you have to agree abortion is murder" is 'political' in a different way than "asl2.0, you can't use this software if your name is Jared", because the restrictions itself is about a moral disagreement.
I'd hate to say it, but including other political ideologies into the software license is making it more political. If the author of the software wants to, he is within his rights, but i think it's the wrong platform to try to voice his opinion.
A piece of software is a platform - but using this platform (granted to the author by the participation of a community) to further a different, unrelated ideology could be considered abuse of power. May be this war is extenuating circumstances - and understandable. But i'm concerned about the slippery slope.
Realistically a license change is not going to affect the course of the war, nor make putin reconsider. I argue that the effort is only going to inconvenience their users, without actually making a true change.
It may be better to ask for donations, etc, rather than changing the license as a political statement.
Yes, but has not that ship sailed already?
I go to great efforts to keep my "feed" purely technically focused, but in the past ~2 years this has become basically impossible.
You would hate a statement being added to README file EVEN MORE than civilians being shelled indiscriminately, entire families shot while waiting in bread lines, and the targeting of war correspondents by a foreign army?
Got it.
The author is entitled to use whatever license they want, and the community is entitled to a fork if it doesn't violate the previous license. That's all there is to it. the author doesn't owe the community anything, and the community, as long as they respect the terms of the previous license, is free to fork the project and get rid of the new license.
In general, these political stunts eventually reflect badly on their author. Open source is a double edged sword.
That being said, your average EULA has about 4000x more clauses in it than it needs to be, because they don't expect anyone to read them and those clauses are rarely, if ever, enforceable. FOSS licenses tend to be short and easily readable because they are written by people who want you to know what they entail. Proprietary EULAs tend to be forked from some internal corporate list of legal requirements that get copypasted everywhere.
My favorite example of this is the clause in iTunes - a music store - that prohibits you from designing nuclear weapons with it. Second favorite is the LICENSE file included in all Swift Playgrounds example code, which has about 2 actual provisions Apple cares about (don't resell the sample code in the app and don't hack people with Swift Playgrounds), and a hundred clauses copypasted from the iPadOS EULAs that I've already agreed to. As far as I can tell, nobody at Apple is actually going to care if an individual user does something that technically breaches the EULA.
It was never my intention to make changes in a license in any way. It would be just wrong to drop 5+ years of my life working on all terraform-aws-modules and betray everyone who have been participating as contributors and users.
If there are questions, please ask here or twitter (@antonbabenko).
I see at https://github.com/terraform-aws-modules/terraform-aws-eks/c... that you have dropped the additional terms of use. I think that should alleviate the concerns people had about a license change. I appreciate you listening to your contributors and users feedback on this emotional topic.
Putin khuylo!
I commend you for reverting the terms of use change. I also believe that this sort of remaining political statement in a project sets a poor precedent, and diminishes the work. Free software is meant to be open to all. Throwing ideological barbs in the project, however correct and riteous, undermines the project's freedom. I would urge you to reconsider.
PS: It is not just Putin who attacks Ukraine but I don't want to go into this discussion here.
Just to be clear, AWS/Hashicorp is NOT beginning to charge people for the use of Terraform modules.
At a first glance, "transitions to non-free license" implies that you now have to pay for it. The default isn't "Well I guess non-free means it's still free but not the OSI definition".
People very often do not read beyond the title.
"Community maintained terraform-aws-modules transition to non-OSI-approved license" would probably be more accurate, but not nearly as click-bait.
I really struggle to understand the reason for using the modules rather than the underlying resources, except that there are a lot of tutorials and blog posts written based on using the modules.
Maybe you can enlighten me rather than writing a three-letter comment?
On one hand, I ask myself what I would have done if I worked at IBM in the 1930s[0]
On the other hand, as an LGBT person, I firmly believe that maximal freedom of speech protects vulnerable people from erasure.
What this means for free software is a tough question.
It's very easy to say things like this without fully comprehending all of the implications. Here's an example: Google restricted the usage of its own product, Google Maps, in an effort to halt the killing of Ukrainians by Russian armed forces, who were using Google Maps to launch their operations. This directly contradicts your claim.
Could this act actually awaken an IT team to the atrocities, in a way that makes a difference?
[0] https://writing.kemitchell.com/2022/03/05/Russia-to-Legalize...
> Would you be comfortable with an open source license that bans Jewish users because of the Palestinian conflict?
Comfortable is a loaded term here. No I wouldn't, but I could break that down to: Is it something that a maintainer should ...
* legally be able to do - YES
* consider likely to make a difference in the conflict - NO
* consider to be good for the OSS ecosystem - NO
* consider ethically wise - NO
* still consider an OSS license - NO, but I think one could be constructed that had more generic restrictions against human rights abuses, or use by militaries, or similar general restriction. Would that meet OSI definitions? Not sure I care, but I wouldn't be too concerned even I think it would be better to keep things simple.
It is worth noting that OSS distributed from the US as part of sale, still is subject to EAR. While we benefit from having a global community of OSS, local laws still apply in any number of circumstances.
Wouldn't “Israeli” be the more appropriate analog here?
As much as I think the war is wrong, having it seep into other things which are "non-political", is incredibly annoying.
Furthermore, if you’re going to make grandiose statements about what may or may not become precedent, it would behoove you to learn the word you’re trying to use first.
Furthermore, its an internet comment, i'm not gonna double check my spelling
For example, here is the same change in their VPC module: https://github.com/terraform-aws-modules/terraform-aws-vpc/c...
I'm an environmentalist. Should I update all my licenses to ban meat eaters, frequent flyers and drivers? Where does this shit end?
Edit: maybe this?
> Terraform-AWS-modules/Terraform-AWS-eks restricts license for Russian/Belarussian users
Software licenses are LEGAL DOCUMENTS. If you are not a lawyer, who has a specialty in this specific area of law, don’t go fucking with them.
1. Fuck Russia. This is the only right answer to the question.
Entirely separately is #2.
2. If you change the terms of a license, it’s a different license. The changed license was not the Apache 2.0 license, and was additionally a breaking change in every sense of the phrase.
I appreciate that @antonbabenko recognized this and fixed it, but these two issues are entirely separate. What Russia is doing is terrible. That is an absolute fact. But the new Terraform variables that were added in that commit have absolutely nothing to do with making the software work in the way that it was intended to, therefore, they do not belong.
This has nothing to do with being anti-politics. I’m very heavily political, and I fully support Ukraine in this case. I also have strong opinions on both “free software“ and also “open source software“, and I apply them at the license level by selecting a pre-existing license without making custom modifications to it.
But things like `var.putin_khuylo` simply don’t belong in the software itself. Nor does it belong in an OSI-approved software license.
The original author is entitled to their opinion and can restrict their own development to a repo with license conditions they define, but it is not reasonable to expect companies to accept non-standard and politically charged license terms. Getting shit done is hard enough and this change will not move the needle on Ukraine/Russia sentiment one iota.
Would be nice to compile a list of them!
Also, if you support the stance, you arguably don't want to make it easy for Russian/Belarusian users to avoid software, you want to maximize their inconvenience - which you do when they invest time into learning something and then find out they are technically not allowed to use it in production.
This said, it's all theatre anyway - I would bet good money that most Russian businesses already didn't care about respecting FOSS licenses, considering the infamously lax attitude about copyright enforcement in that country (and in China and Iran). So adding that sort of clause will stop absolutely no one, in practice, and I bet the authors will never even try to sue anyone in Russia (or anywhere else with some sort of jurisdiction over Russia, like the WTO) for infringing it.
The International Science Council [1] has a Committee for Freedom and Responsibility in Science that "promotes freedom for scientists to pursue knowledge and to freely exchange ideas, at the same time as advocating the responsibility of scientists to maintain scientifically defensible conclusions, and of scientific institutions to apply high standards." [2] They have published a list of Freedoms and Responsibilities of Scientists[3], the main principle of which is "the free and responsible practice of science is fundamental to scientific advancement and human and environmental well-being."
Reading the list in full, it seems evident that there is intellectual dissonance between the aims of scientific freedom and the aims of the Universal Declaration of Human Rights[4] (which it references). It opposes blocking access to science based on discrimination, which is laudable. However, it also doesn't explicitly oppose science done that supports discrimination, or science done by organizations that support discrimination.
This makes sense when you consider that advances in science like GPS can be used to help you drive to a birthday party, or to guide a missile towards one. Clearly you can't condemn scientific research by itself, as it has too many potential applications for both good and harm, often unknown at the time the research is done.
Similarly, discriminating against research on the basis of "ethnic origin, religion, citizenship, language, political or other opinion, sex, gender identity, sexual orientation, disability, or age" also prevents the free and responsible practice of science, so the list of Freedoms and Responsibilities of course opposes this discrimination. But what if the end result of that science research is used to discriminate against those same people for the same reasons? What does a responsible, ethical scientist do then?
What we can do is oppose the use of science by people with those discriminatory goals, or goals that violate universal human rights. If you know someone is researching genetics in order to popularize Eugenics, there should be no responsibility to continue supporting that research. Similarly, if you believe that not supporting scientific research may help put pressure on a nation that is waging an unjust and unprovoked war which is killing thousands of innocent civilians [in violation of universal human rights], you should have no responsibility to continue supporting said nation's scientific research. In other words, it should be okay to discriminate if you are discriminating against violations of universal human rights.
Considering this, I would propose that one major tenant of any new Open Source license is to discriminate against organizations or nations that want to research, use, or produce science or technology, if that organization or nation is widely considered to be violating universal human rights. This goal has the effect of communicating an ethical red line you must not cross if you want to participate in a global human community, and will be a discouraging factor when nations again consider the potential ramifications of their actions.
Basically, we should use access to collaboration in science and technology as a lever to improve human rights.
edit Ethical minds think alike! Somebody already created a version of the MIT license with this exact restriction! The Hippocratic License[5]: "an Ethical Source license that specifically prohibits the use of software to violate universal standards of human rights, and embodying the Ethical Source Principles." It appears there are many[6] other such licenses.
[1] https://council.science [2] https://council.science/about-us/governance/committees/commi... [3] https://council.science/what-we-do/freedoms-and-responsibili... [4] https://en.wikipedia.org/wiki/Universal_Declaration_of_Human... [5] https://firstdonoharm.dev/ [6] https://ethicalsource.dev/licenses/
I can list recent violations from both US, Russia and China. So now what? The US has already said they'd prefer to invade The Hague than have a USer trialed there. You need a court to establish what's a violation and what's not. And who should provide the judges?
The most pertinent part is:
> A condition against torture would not work, because enforcement of any free software license is done through the state. A state that wants to carry out torture will ignore the license. When victims of US torture try suing the US government, courts dismiss the cases on the grounds that their treatment is a national security secret. If a software developer tried to sue the US government for using a program for torture against the conditions of its license, that suit would be dismissed too. In general, states are clever at making legal excuses for whatever terrible things they want to do. Businesses with powerful lobbies can do it too.
Edit: https://www.apache.org/foundation/license-faq.html#mod-licen...
I mean, if we're going to go down this road, then let's actually effect real change and slip some clauses in there with teeth like "no click-through license agreements" or "no pop-up cookie prompts" or "no ad trackers"...
I would not be happy if a library codifies political statements. What could be next? Conditions that state you agree to vote for/against Trump, that you disagree with homosexuality or are against transphobia. Note, I'm not accusing anyone of having those views neither am I commenting on them, they merely serve as an example of the dangers of discriminating.
Dependencies and supply chain attacks are the big thing - and while dependency scanning and pinning are an important component, but I don't think it is possible to use open source libs at scale without a certain amount of trust. I work on a platform where there are hundreds of teams and thousands of microservices. I'm now trying to think how we can assess the risk of thousands of dependencies and millions of lines of code. Without trust, the only way that's possible is to fork all libs, prevent open source and generally kill off any agility and velocity. My problem is that this weaponisation is killing off trust. It's not about sitting on the fence or taking sides in a war. It's about what open source has achieved over the last 30 years and I think that's now more at risk than before…
