It was revived in the sense that it came to my attention again yes, we have lots of stuff to do on PG and this is on of the many check boxes that still need to be checked, but it was buried for a bit indeed.
The issue is complex because there isnāt always a lot of choices in softwares or platforms to be used. This topic comes to mind:
I would love to have a straight criteria list for all tools, but itās simply not possible. There are some category of products that are much more mature then others.
I think the approach being used right now on PG, to have a per category criteria, makes the most sense.
There could also be a logic applied across the site like when a category is mature enough, meaning it has many options, audits, FOSS options, etc., THEN the category criteria gets stricter.
There could be a category maturity level, that isnāt necessarily apparent to the user, but managed by PG internally.
But here you are tighing open source as if it has impact on the level of privacy one can assume. More open source (or how you want to call it) does not mean more privacy. This is the reason for my post above. The connection between these that is drawn here is inaccurate and a noncausual relationship.
This is a concerning perspective and is the same perspective which has ruined other privacy communities. The notion that privacy or any concept for that matter can stand completely on its own is naive and incorrect. Privacy, security, and open-source are all inherently connected, and attempting to shut down any discourse which strays into these topics because āitās not privacyā is deeply troubling.
Open-source (per the OSI definition) does :
Increase transparency
Increase trust
Increase user freedom
Allow for greater scrutiny of code
Enhance the ease and value of external audits
Enable community collaboration
Open-source does not:
Inherently harm or improve security
Automatically result in better or worse software
Guarantee privacy
Eliminate the need for trust
I struggle to see how transparency, trust, and freedom are not central to the cause of privacy. Take Linux for example; you cannot chalk the fact that Linux is a more private OS than Windows up to pure dumb luck; obviously, the open-source nature of Linux is responsible.
Being open-source, or at least source-available, should not be an unreasonable ask of software which claims to defend the freedoms and rights of its users, nor should it be an unreasonable topic to discuss in this forum.
Well only here this part we agree. But the thing is, not all recommendations we have to make will always be of companies who claim this or are that engaged in privacy. More often recommendations can also be on way more generic products who are simply just the best out there for privacy but not much of an idialist firm.
This could lead to recommending f.x. shitty linux phones that are not user friendly, not secure, but somehow regarded as privacy friendly and surely more open source. That is not what we want.
Thereās 0 doubt in my mind that open source has inherent privacy benefits.
What I donāt understand is people hearing āopen source is good for privacyā and taking that to mean that all open source software is better than all closed source software. That seems like a completely irrelevant strawman
I am surprised we are 89 posts deep into this topic and yet nobody seems to have posted any counter arguments to my answer in post 23, and clarifications in posts 25 and 28. Iām still happy with these posts as my answer to this question, and I am still getting the feeling that people largely agree.
Can anyone share why they disagree with me, or can we consider this issue resolved?
Let me be more clear about my answer here. The question in this thread is very simple: what does the term āopen sourceā literally mean?
I feel it is my duty to both the open source and Privacy Guides communities to plainly say that I will not accept a situation where we use the words āopen sourceā on the website to mean anything other than the OSI definition.
If we do want to talk about source first products, we can use alternative phrases like source first, source available, etc. There is no issue with that, and never has been.
The question posed by this thread is not: is open source good?
The question is not: should we require open source tools exclusively?
These questions are (perhaps) worthy of discussion, separately.
Therefore, I am going to mark the post above as the solution to this topic so people see it. I am doing this because I think we are straying too far into irrelevant topics, when the answer to this is seemingly simple and grounded in apparent consensus. I am not doing this to quell dissent against my opinion, and if you disagree with my answer in this post, please reply. I am happy to un-mark this as the solution if there is more disagreement Iām not aware of.
However, if you want to talk about anything related to open source other than the literal meaning of the words, please open a new thread instead.
It canāt turn from open source to anything, it was never considered open source in the first place
Calling Futoās software source available is crazy.
Iām surprised you find my characterization objectionable, let alone crazy, I donāt believe Futo would disagree that their license falls under the umbrella of Source Available. They prefer to use their own term āSource-firstā to signify that their license is more than just mere source availability (and I agree with them. As far as source available licenses go, Futoās seems better than most, which is what they hope to communicate with the new term as far as I understand).
I understand Source Available as a broad category/umbrella term of licenses falling short of of Open Source, but sharing at minimum the characteristic of source availability:
Source-available software is software released through a source code distribution model that includes arrangements where the source can be viewed, and in some cases modified, but without necessarily meeting the criteria to be called open source.
The licenses associated with the offerings range from allowing code to be viewed for reference to allowing code to be modified and redistributed for both commercial and non-commercial purposes
IMHO, the ethos of Open Source is that the code in in the commons, available freely for use by all with minimal restrictions on use. The Source First license doesnāt truly place the software in the commons and hence doesnāt truly share even the same philosophy as open source. To be clear, I agree with @xe3 that the source first license is better than most other source available licenses but that doesnt make it open source.
I donāt believe that FUTOās license should be called source available just because they donāt allow distribution for commercial purposes. Itās a lot closer to open source than to source available, but in the end itās source first.
Just like everyone didnāt want FUTOās software to be called open source, I donāt think we should call it source available because both are incorrect, FUTOās software is source first, and they even trademarked that definition.
In terms of pure software freedom, both have restrictions on usage by specific entities, so that is where they both fall short of OSI. However, source available is often used by mega corps as switch and bait after initially being OSI, which is usually a shit practice. Source First is with made with the intention of smaller developers not getting screwed over by mega corps making money off of the product and not contributing back (like Elastic Search encountered with Amazon) as well as maintaining basic user privacy rights (not required by OSI).
TLDR; OSI preserves all freedoms of usage for everyone. Source Available has restrictions on usage, often in interest of protecting enterprise software. Source First has restrictions on usage, often in the interest of protecting software from enterprise usage without contribution, and rejects users privacy as a business.
Personally I think Source First would be the best for end users, but it does not contribute to the ācommonsā of available software for general usage as much. This mainly applies to other developers wanting to work on or use said software. Source First used in applications make sense, but for shared libraries and such, it would be an exceedingly strange choice imo. The other equally best is AGPL for web applications, and GPLv2+ for non web applications running locally.
Was there enough confusion around the issue where there should be a little blurb, maybe in the knowledge base, just saying something like āwhen we refer to open source we are referring to the OSI definitionā?
I donāt think there is confusion about the term and we use it completely consistently across the website right now.
There would have been confusion if we listed Grayjay and called it āopen source,ā which is why this discussion was necessary.
But we donāt list Grayjay, and if we do in the future weāve decided to call it something other than āopen source,ā so I donāt think any clarification is needed.