Closed Bug 388893 Opened 17 years ago Closed 17 years ago

AMO should be explicit about what license is suggested for developers to upload

Categories

(addons.mozilla.org Graveyard :: Policy, defect)

Product:
addons.mozilla.org Graveyard
Component:
Policy
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: ray, Unassigned)

Details

I went to upload an add-on and looked at the submission help page. There was no information about what kind of license should be attached to extensions that are being uploaded. MoCo does care about this, so they should be explicit here. Supplying pointers to the text would be a good thing also.
How does MoCo care about this?  There are no license requirements for add-ons being hosted on AMO, and they indeed run quite the gamut.
Right now, one needs to accept the following agreement:

     By uploading your add-on to this site, you agree that
     the following are true:

        * you have the right to distribute this add-on,
     including any rights required for material that may
     be trademarked or copyrighted by someone else; and
        * if any information about the user or usage of
     this add-on is collected or transmitted outside of the
     user's computer, the details of this collection will
     be provided in the description of the software, and you
     will provide a link to a privacy policy detailing how
     the information is managed and protected; and
        * your add-on may be removed from the site,
     re-categorized, have its description or other information
     changed, or otherwise have its listing changed or removed,
     at the sole discretion of Mozilla and its authorized
     agents; and
        * the descriptions and other data you provide about
     the add-on are true to the best of your knowledge.

These all make sense.

I would suggest that one of the things Mozilla wants to do is encourage people to release software under open-source-friendly licenses. I could point to posts in the governance newsgroup to support this contention, but I doubt I need to.

It would be helpful if part of this agreement was: "your add-on is being released with a license compatible with the goals of the Mozilla Foundation."

It would then be more helpful if there was a list of licenses that one could pick from, such as "MPL 1.1", "GPL 2.0" and so on. There could even be links to text files that contain these licenses so that people could see what they are about.

Being helpful is good, yes?
If the source is built from scratch, it is the developer's choice which license to use.

A choice list of license is a duplicate of bug 330051 - quoting Mike Shaver:
"Authors can already put the license terms in the description of their add-on if they choose to"
It would not be helpful to force a licensing choice on add-on authors, and it's not helpful for us to try and hide the significant and long-reaching effects of license choice behind a single checkbox.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → WONTFIX
Recently I wanted to install the Total Validator add-on. To achieve this you are  supposed to agree with a custom license agreement a part of which I copied below (from https://addons.mozilla.org/fr/firefox/addons/policy/0/2318/19958). 

================ part of license
RESTRICTIONS.
Except as otherwise expressly permitted in this Agreement, you are not allowed to: (a) modify or create any derivative works of the Software; (b) reverse-engineer, decompile, disassemble or otherwise attempt to derive the source code for the Software except and only to the extent that such activity is expressly permitted by applicable law notwithstanding this limitation; (c) manipulate or alter the components that make up this Software in any way; (d) sell, rent, lease, sublicense, or otherwise transfer rights to the Software. 
=================

I think this is dangerous to allow authors include “no reverse-engineering” clauses. I checked the extension and it is made of non obfuscated JS but what prevents any author to do so? Or to include a binary program? Mozilla products being directly connected to the Internet, I consider this as a major security issue. Unless Mozilla include a firewall in their products to stop unwanted traffic? ;-)

I hope such extension (obfuscated or binary) would not be published on AMO when reviewed. I confess I replaced Total Validator with Html Validator!

PS: what about most of add-ons that do not claim any license? Defaults to Mozilla license?
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.