From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 2CBBD8CC for ; Fri, 14 Oct 2016 11:51:34 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-qk0-f180.google.com (mail-qk0-f180.google.com [209.85.220.180]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id F1A188F for ; Fri, 14 Oct 2016 11:51:32 +0000 (UTC) Received: by mail-qk0-f180.google.com with SMTP id o68so189474568qkf.3 for ; Fri, 14 Oct 2016 04:51:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=iRPiJBmol+XMjUbJGF9wwYVREUHjbdo3FUHqUVty/Eg=; b=y/OzjPXqd4vwrmiH6eow9W0kA0hn7fhWsVOqU8P9PkryNBKG2zT5W4WHvvqmS+MS9i k5wjqowk+UhY+EDKt9krN9oiVY8aZdjM7G8Y4aND0lXvqhicNM/a7OYoijTAF4w3U89N 3YOLLUHFiiaBac/KY8RNRcgUewC1gIVYO+53TT3akJpwLu29HlIDVcVDSY6Eo0BEdzJa Jx3calUlVMon9NQ8JWJTrCI9e/HowLUZdAp6+E9RroNywizwgrwSXjZx2fcJ1mKGkhwt fIfkCXZNx5TRytzlkdffrFt5WcTzfNgMProOcZxct//penHau7bCF/uhP/gfdE1iSFch jfyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=iRPiJBmol+XMjUbJGF9wwYVREUHjbdo3FUHqUVty/Eg=; b=RmElZ3htefo3WSsTrTc/h6hIJFXQBzJqV7h/XOE6bwsQGpLWKg8ifj/rDQORW1G/Kf NmD+qqYYxo2DwE8HYak6QsgoVf50MA3PHgi1QsSJmGmDXHuu4EhA3mlq7FlSd8MhqEep M2prRdr4kKth1SkQXk3+grsN2Ss+GNNPsNLumajvYa6qczWNc6/fy5vqvkTDYnxUxhB2 pKm9BmD+5rCKxyn5nWq2cq5KL4QC63vxsnRw1gqt5ycWo7TL0CnPzSa5ejxWvHkbrxQv xBeevv9gljbTu12q+X85cgo8+camwNjKQlG/ztcwmkSSwozctyjrLifZukuEYY9qs83d mK1Q== X-Gm-Message-State: AA6/9Rn8mcwwMQC0bEEE2lsqnN+6vE59JdA4fsG8TlC2Z+HDkkgaXoN3t4GlOPA50OM5BfN6vBM3Eky7uz/4Pg== X-Received: by 10.55.69.20 with SMTP id s20mr10838049qka.56.1476445892161; Fri, 14 Oct 2016 04:51:32 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.56.15 with HTTP; Fri, 14 Oct 2016 04:51:01 -0700 (PDT) In-Reply-To: <20161014105757.GA8049@fedora-21-dvm> References: <20161014105757.GA8049@fedora-21-dvm> From: Daniel Robinson Date: Fri, 14 Oct 2016 04:51:01 -0700 Message-ID: To: Peter Todd , Bitcoin Protocol Discussion , Sergio Demian Lerner Content-Type: multipart/alternative; boundary=001a114ac040eeb51e053ed1d8ef X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_LOW, RCVD_IN_SORBS_SPAM autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 14 Oct 2016 13:31:01 +0000 Subject: Re: [bitcoin-dev] DPL is not only not enough, but brings unfounded confidence to Bitcoin users X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Oct 2016 11:51:34 -0000 --001a114ac040eeb51e053ed1d8ef Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable > > Because if not, the DPL is still better than the status quo. Agreed. Also worth noting that it has a potential advantage over unilateral patent disarmament, analogous to the advantage of copyleft licenses over MIT/BSD: it provides an incentive (at least a theoretical one) for other companies to adopt it too. As many people have proposed, the best option, though one that would require a lot of work, might be a dedicated Bitcoin-related defensive patent pool=E2=80=94similar to Linux's Open Invention Network=E2=80=94that = could strategically deploy patent licenses to incentivize cooperation and punish aggressors. Along those lines, it'd be reasonable to consider changing the Bitcoin > Core license to something like an Apache2/LGPL3 dual license to ensure th= e > copyright license also has anti-patent protections. I think Apache 2.0 would be a great license for Bitcoin Core. It not only contains an explicit patent license grant (rather than MIT's implicit one), but terminates that license if the licensee asserts a claim alleging that the covered work infringes a patent. That might be an effective deterrent against bringing patent claims based on alleged infringement in Bitcoin Core. (I'm not sure I see a good reason to dual-license under the LGPL3, but am curious to hear more.) It would probably be feasible to upgrade to the Apache license for new releases and contributions (leaving already-existing code and previous releases under the MIT license=E2=80=94so basically a copyright "soft-fork"= ). Has this been discussed before? Are there any obstacles or objections? (These are my personal opinions, do not necessarily reflect the views of any company, and are definitely not legal advice.) On Fri, Oct 14, 2016 at 3:58 AM Peter Todd via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > On Fri, Oct 14, 2016 at 07:38:07AM -0300, Sergio Demian Lerner via > bitcoin-dev wrote: > > I read the DPL v1.1 and I find it dangerous for Bitcoin users. Current > > users may be confident they are protected but in fact they are not, as > the > > future generations of users can be attacked, making Bitcoin technology > > fully proprietary and less valuable. > > Glad to hear you're taking a conservative approach. > > So I assume Rootstock is going to do something stronger then, like > Blockstream's DPL + binding patent pledge to only use patents defensively= ? > > https://www.blockstream.com/about/patent_pledge/ > > Because if not, the DPL is still better than the status quo. > > > If you read the DPL v1.1 you will see that companies that join DPL can > > enforce their patents against anyone who has chosen not to join the DPL= . > > (http://defensivepatentlicense.org/content/defensive-patent-license) > > > > So basically most users of Bitcoin could be currently under threat of > being > > sued by Bitcoin companies and individuals that joined DPL in the same w= ay > > they might be under threat by the remaining companies. And even if they > > joined DPL, they may be asked to pay royalties for the use of the > > inventions prior joining DPL. > > > > DPL changes nothing for most individuals that cannot and will not hire > > patent attorneys to advise them on what the DPL benefits are and what > > rights they are resigning. Remember that patten attorneys fees may be > > prohibitive for individuals in under-developed countries. > > > > Also DPL is revocable by the signers (with only a 180-day notice), so i= f > > Bitcoin Core ends up using ANY DPL covered patent, the company owning t= he > > patent can later force all new Bitcoin users to pay royalties. > > Indeed. However, you're also free to adopt the DPL irrevocably by > additionally > stating that you will never invoke that 180-day notice provision (or more > humorously, make it a 100 year notice period to ensure any patents > expire!). > > If you're concerned about this problem, I'd suggest that Rootstock do > exactly > that. > > > Because Bitcoin user base grows all the time with new individuals, the > sole > > existence of DPL licensed patents in Bitcoin represents a danger to > Bitcoin > > future almost the same as the existence of non-DPL license patents. > > To be clear, modulo the revocability provision, it's a danger mainly to > those > who are unwilling to adopt the DPL themselves, perhaps because they suppo= rt > software patents. > > > If you're publishing all your ideas and code (public disclosure), you > > cannot later go and file a patent in most of the world except the US, > where > > you have a 1 year grace period. So we need to do something specific to > > prevent the publishers filing a US patent. > > Again, lets remember that you personally proposed a BIP[1] that had the > effect > of aiding your ASICBOOST patent[2] without disclosing that fact in your > BIP nor > your pull-req[3]. The simple fact is we can't rely solely on voluntary > disclosure - your own behavior is a perfect example of why not. > > [1]: BIP: https://github.com/BlockheaderNonce2/bitcoin/wiki > [2]: ASICBOOST PATENT https://www.google.com/patents/WO2015077378A1?cl=3D= en > [3]: Extra nonce pull request: https://github.com/bitcoin/bit > coin/pull/5102 > > > What we need much more than DPL, we need that every BIP and proposal to > the > > Bitcoin mailing list contains a note that grants all Bitcoin users a > > worldwide, royalty-free, no-charge, non-exclusive, irrevocable license > for > > the content of the e-mail or BIP. > > A serious problem here is the definition of "Bitcoin users". Does Bitcoin > Classic count? Bitcoin Unlimited? What if Bitcoin forks? > > Better to grant _everyone_ a irrevocable license. > > > Along those lines, it'd be reasonable to consider changing the Bitcoin Co= re > license to something like an Apache2/LGPL3 dual license to ensure the > copyright > license also has anti-patent protections. > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --001a114ac040eeb51e053ed1d8ef Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Because if n= ot, the DPL is still better than the status quo.
<= div class=3D"m_7947996649752724480m_8909253615039019842m_-49942849208637306= 31gmail-m_2007853613104620962inbox-inbox-F3hlO">
= Agreed. Also worth noting that it has a potential advantage over unilateral= patent disarmament, analogous to the advantage of copyleft licenses over M= IT/BSD: it provides an incentive (at least a theoretical one) for other com= panies to adopt it too.=C2=A0

As many people have = proposed, the best option, though one that would require a lot of work, mig= ht be a dedicated Bitcoin-related defensive patent pool=E2=80=94similar to = Linux's Open Invention Network=E2=80=94that could strategically deploy = patent licenses to incentivize cooperation and punish aggressors.

Along those li= nes, it'd be reasonable to consider changing the Bitcoin Core=C2=A0lice= nse to something like an Apache2/LGPL3 dual license to ensure the copyright= =C2=A0license also has anti-patent protections.

=
I think Apache 2.0 would be a great license for Bitcoin Core. It not o= nly contains an explicit patent license grant (rather than MIT's implic= it one), but terminates that license if the licensee asserts a claim allegi= ng that the covered work infringes a patent. That might be an effective det= errent against bringing patent claims based on alleged infringement in Bitc= oin Core. (I'm not sure I see a good reason to dual-license under the L= GPL3, but am curious to hear more.)

It would proba= bly be feasible to upgrade to the Apache license for new releases and contr= ibutions (leaving already-existing code and previous releases under the MIT= license=E2=80=94so basically a copyright "soft-fork"). Has this = been discussed before? Are there any obstacles or objections?
(These are my personal opinions, do not necessarily reflect the= views of any company, and are definitely not legal advice.)

=

On Fri, Oct 14, 2016 = at 3:58 AM Peter Todd via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org> wrote:
On Fri, Oct 14, 2016 at 07:38:07AM -0300, Sergio Demian Lerner v= ia bitcoin-dev wrote:
> I read the DPL v1.1 and I find it dangerous for Bitcoin users. Current=
> users may be confident they are protected but in fact they are not, as= the
> future generations of users can be attacked, making Bitcoin technology=
> fully proprietary and less valuable.

Glad to hear you're taking a conservative approach.

So I assume Rootstock is going to do something stronger then, like
Blockstream's DPL + binding patent pledge to only use patents defensive= ly?

=C2=A0 =C2=A0 ht= tps://www.blockstream.com/about/patent_pledge/

Because if not, the DPL is still better than the status quo.

> If you read the DPL v1.1 you will see that companies that join DPL can=
> enforce their patents against anyone who has chosen not to join the DP= L.
> (http://defensivepatentlicense.org/content/defensive-patent-license)
>
> So basically most users of Bitcoin could be currently under threat of = being
> sued by Bitcoin companies and individuals that joined DPL in the same = way
> they might be under threat by the remaining companies. And even if the= y
> joined DPL, they may be asked to pay royalties for the use of the
> inventions prior joining DPL.
>
> DPL changes nothing for most individuals that cannot and will not hire=
> patent attorneys to advise them on what the DPL benefits are and what<= br class=3D"m_7947996649752724480m_8909253615039019842m_-499428492086373063= 1gmail-m_2007853613104620962gmail_msg"> > rights they are resigning. Remember that patten attorneys fees may be<= br class=3D"m_7947996649752724480m_8909253615039019842m_-499428492086373063= 1gmail-m_2007853613104620962gmail_msg"> > prohibitive for individuals in under-developed countries.
>
> Also DPL is revocable by the signers (with only a 180-day notice), so = if
> Bitcoin Core ends up using ANY DPL covered patent, the company owning = the
> patent can later force all new Bitcoin users to pay royalties.

Indeed. However, you're also free to adopt the DPL irrevocably by addit= ionally
stating that you will never invoke that 180-day notice provision (or more humorously, make it a 100 year notice period to ensure any patents expire!)= .

If you're concerned about this problem, I'd suggest that Rootstock = do exactly
that.

> Because Bitcoin user base grows all the time with new individuals, the= sole
> existence of DPL licensed patents in Bitcoin represents a danger to Bi= tcoin
> future almost the same as the existence of non-DPL license patents.
To be clear, modulo the revocability provision, it's a danger mainly to= those
who are unwilling to adopt the DPL themselves, perhaps because they support=
software patents.

> If you're publishing all your ideas and code (public disclosure), = you
> cannot later go and file a patent in most of the world except the US, = where
> you have a 1 year grace period. So we need to do something specific to=
> prevent the publishers filing a US patent.

Again, lets remember that you personally proposed a BIP[1] that had the eff= ect
of aiding your ASICBOOST patent[2] without disclosing that fact in your BIP= nor
your pull-req[3]. The simple fact is we can't rely solely on voluntary<= br class=3D"m_7947996649752724480m_8909253615039019842m_-499428492086373063= 1gmail-m_2007853613104620962gmail_msg"> disclosure - your own behavior is a perfect example of why not.

[1]: BIP: https= ://github.com/BlockheaderNonce2/bitcoin/wiki
[2]: ASICBOOST PATENT https://www.google.com/patents/WO2015077378A1?cl=3Den<= br class=3D"m_7947996649752724480m_8909253615039019842m_-499428492086373063= 1gmail-m_2007853613104620962gmail_msg"> [3]: Extra nonce pull request: https://github.com/bitcoin/bitcoin/pull/5102

> What we need much more than DPL, we need that every BIP and proposal t= o the
> Bitcoin mailing list contains a note that grants all Bitcoin users a > worldwide, royalty-free, no-charge, non-exclusive, irrevocable license= for
> the content of the e-mail or BIP.

A serious problem here is the definition of "Bitcoin users". Does= Bitcoin
Classic count? Bitcoin Unlimited? What if Bitcoin forks?

Better to grant _everyone_ a irrevocable license.


Along those lines, it'd be reasonable to consider changing the Bitcoin = Core
license to something like an Apache2/LGPL3 dual license to ensure the copyr= ight
license also has anti-patent protections.

--
https://petertodd.org 'peter'[:= -1]@petertodd.org
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.= org
ht= tps://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev<= br class=3D"m_7947996649752724480m_8909253615039019842m_-499428492086373063= 1gmail-m_2007853613104620962gmail_msg">
--001a114ac040eeb51e053ed1d8ef--