Broadband Tech > Security > Security > Mozilla Firefox Requires EULA??

reply to B

Re: Mozilla Firefox Requires EULA??

Hey Mike....Welcome to BBR's Security Forum. It's not very often we get a Staff Member dropping in to post....even if they are token Canadian.

Ugh, I need to update that blurb!

Mike

reply to Mike Shaver

Here! Here!

reply to Steve
A plain reading of the information available should quickly indicate that there is not very much information available, which to most reasonable people indicates that opinions should be formed only with significant caution. The not-as-plain "reading" of information which is not available causes more trouble, but it's hard to fight phantoms with facts.

The only record-straightening that I saw need for was clarification that the sample text posted in that bug was not intended as a Mozilla Firefox EULA, and that record seems to be amply straightened in that bug. I haven't seen any legitimate and disturbing questions raised on the basis of a well-researched position, though I'll keep my eye out. One legitimate, though not IMO disturbing, question might be "will Firefox have a EULA?", to which the answer is "yes", and has been for quite some time. That would require "legitimate question" to cover those answered by simple reading of the bug, though, in which case we could include "is the sample text there the Firefox EULA?", to which the answer would be "no".

I'm not sure what other parts of the record need straightening. I don't see any point in having someone write a position paper on Firefox EULA options and theory, when we'll have the actual EULA in a matter of days. (Certainly, if the Mozilla Foundation were to jump into press-release-and-parade mode over every bad article misinterpreting bugzilla comments, not much else would get done.)

The only stink that lingers is, IMO, the foul odor of poor fact-checking, but you should be no means feel enjoined from clearing whatever air you think is still impure. I think all the relevant facts are in the bug, if you want to re-read it.

(I also think that if a site is going to post a "news item" on the basis of an attachment to a bug in bugzilla, they would do themselves and their readers a favour by learning what the different attachment states are, and what it generally means to have something attached there without legal review, etc. There was a time when people would have, for example, contacted _someone_ in the Mozilla community for clarification before posting such an article. That would have at least saved them from the most embarrassing -- for them -- part of the article, which by my lights is the use of Ben Smedberg's comment about Ben's and my late string changes as though it in any way related to the EULA, let alone the cited EULA text.)

I'm not sure if this is what bcool wanted to "here", but I'm not sure what else there is to say.

Mike
(still not speaking for the Mozilla Foundation, natch)

reply to Mike Shaver
First of all, let me say thanks for taking the time to reply to this issue personally, Mike, as I'm sure your schedule pending release is rather busy.

Mr. Shaver (if it really is him of course) chose to attack those who've raised the issue rather than address our concerns in ANY way.

He could have simply posted the CURRENT, DRAFT, EULA and said "here, see, this is the current draft, and it's just about liability; and thanks for your concern about Mozilla remaining free". He chose not to.

I concur with VirtualLarry -- how can we recommend, let alone evangelize, an open source product with freedom-killing licensing terms (oh they're not egregious? Great -- please show us) from an organization that dismisses its users' concerns out-of-hand?

Mozilla: "Don't dare question us; we know what's best." I just don't like the sound of that new motto.

To Mr. Shaver -- do you have any IDEA how snide and condescending you've presented yourself here?

-- B
--
In a realm outside causality and function

(I"m sorry this is a little disjointed; I'm writing it in pieces as I wait for builds and test runs.)

The term "EULA" covers a very broad range of license terms; a practically infinite range of license terms, in fact, since it applies to anything that's a license for the end user. A disclaimer of liability would be a great use of one, IMO, as would calling out that Firefox binaries contain non open-source components (chiefly Talkback, of which reverse engineering is not likely permitted in many jurisdictions).

I don't understand why people don't think a EULA makes sense for an open-source project, though I agree that there are many traditional EULA clauses -- such as about redistribution -- that would make little sense for this open source project.

EULAs are often used by proprietary software companies to restrict the rights of the user, in order to protect a revenue stream or secret technology. Open source projects often use the same techniques (marketing, software development, QA, distribution channels) as proprietary software operations do, though they use them to different ends. The EULA is a legal technique that can be used for a wide variety of purposes, and I (personally, not speaking for Mozilla, etc., etc.) can see several purposes that would have value for an open source project like Mozilla. Liability and trademark issues are the first ones that come to mind, but I haven't spent a lot of time thinking about others.

Forget for a moment all the emotional baggage you have attached to the term "EULA". Not all EULAs are alike, just as not all source license terms are alike. You should judge any EULA on the basis of its specifics -- the specifics of the sample one that was attached were, for example, very bad, and it was rightly judged harshly in the bug and elsewhere.

(The MPL, by the way, is a source license, and does not require that a binary distribution follow any specific license terms, save for the notification required in 3.6. Modifications to the source also require that the source be made available alongside the binary, but that doesn't restrict the binary's license terms in any way. The GPL works the same way: you can do anything you want with the binary, as long as the source is managed in accordance with the GPL. Cygnus used to sell GNUPro -- all GPL tools -- in a box on a shelf, and the XChat developer has announced plans to sell Win32 binaries, though the source is GPL as always.)

I would never tell people to not question Mozilla -- I question Mozilla all the time, and publicly at that, and encourage others to do so. My bugzilla record on this is quite clear, I believe. I will, though, and often do, tell people that they should question Mozilla on the basis of facts, and not speculation. The concerns about the attached "sample EULA" were many and valid, and shared widely in the project, including, I believe, by Mozilla's legal staff -- you will note that it was not made the Firefox EULA, for example. They were misdirected, though, as that is not and will not be Firefox's EULA, and that fact has been made amply clear here and in other places.

If I had current draft EULA text, I still wouldn't put it up anywhere until it had gone through legal and project review, precisely to avoid the sort of false alarm that we saw in this case. I don't, though, and am in no special hurry to inject myself into that process. (Once it's gone through legal and project review, it'll be published widely, so there'll be no need for me to act as distributor.)

I'm trying to address the concern that "having a EULA" means "having an evil EULA", which I think is false. If the original attachment were in fact the Firefox EULA, I assure you that I would be at the head of the line handing out pitchforks and torches. (I'm also trying to clarify other misconceptions here about how licensing works, but I'm limited by available time.)

I do, however, reserve the right to be snide about "news sites" that can't read mailing list threads and their post order, before citing them in an "article". (Alternatively, I suppose they did read them and understand them, but chose to present them misleadingly anyway. I prefer error to malice, in accordance with Occam, myself.) It's one of the few freedoms remaining in this great world of ours, and I will indulge myself in it unto surfeit.

Mike
(really me; who else would bother to claim otherwise? it's really not that great a gig, I assure you)

Mike, thanks for taking the time to post here, and for your work at moz.

It is reasonably foreseeable that claims will be made, and so, unless I am missing something, the Moz developers would be grossly negligent should they fail to take even the most rudimentary customary and reasonable precautions to protect the Foundation, the developers, and the contributors from potential legal liability, and consequent ruin, when this thing goes into non-beta big-time release.

One can debate the present state of our legal system, and/or whether or not one should be able to claim and/or to disclaim liability, or even should one attempt to disclaim liability, but, I strongly suggest that should such a debate occur at this point in the project, the debate be conducted from behind whatever limited protections are available from a hopefully enforceable strong limited liability agreement, otherwise the debaters might find themselves cut short by the effects of litigation (time, effort, fees), or by the Sheriff enforcing a Judgment by collecting the chairs and PA system the debate is employing.

Perhaps all this brew-ha-ha (with apologies to Firesign Theater) just shows how much people really do want Moz/FF to continue forward and upward, and the almost knife-edge fear that it will instead follow a more common path....

One example is the OP B , who, I believe has been a great proponent of Moz, and FireWeasel (with Beta restrictions), for quite some time now.

Now, you guys had better not screw-the-pooch, please!

Why not register here Mike, it's a great Forum, with mostly friendly and mostly very helpful folks.
--
**~~Infected/Hijacked? FAQ~~~Protect/Secure Your Box/Data FAQ~~~Security Forum FAQs~~**