<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Il 13/03/2015 19:29, Pine W ha scritto:<br>
    <blockquote
cite="mid:CAF=dyJjO69O-ye+327BU6wC_k_+AQvwUq0rfZvW0YaV=P+iCaA@mail.gmail.com"
      type="cite">
      <p dir="ltr">Question: are there heightened security or privacy
        risks posed by having non-open-source code running in Labs?</p>
      <p dir="ltr">Is anyone proactively auditing Labs software for open
        source compliance, and if not, should this be done?</p>
    </blockquote>
    <br>
    FYI, <a href="http://tools.wmflabs.org">http://tools.wmflabs.org</a>
    uses the toolinfo.json 'standard' to show a useful link to the
    source. Although probably most tools with a toolinfo have already
    been published as open source.<br>
    <br>
    <blockquote
cite="mid:CAF=dyJjO69O-ye+327BU6wC_k_+AQvwUq0rfZvW0YaV=P+iCaA@mail.gmail.com"
      type="cite">
      <p dir="ltr">Pine</p>
      <div class="gmail_quote">On Mar 13, 2015 10:52 AM, "Ryan Lane"
        <<a moz-do-not-send="true" href="mailto:rlane32@gmail.com">rlane32@gmail.com</a>>
        wrote:<br type="attribution">
        <blockquote class="gmail_quote" style="margin:0 0 0
          .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <div dir="ltr">On Fri, Mar 13, 2015 at 8:42 AM, Ricordisamoa <span
              dir="ltr"><<a moz-do-not-send="true"
                href="mailto:ricordisamoa@openmailbox.org"
                target="_blank">ricordisamoa@openmailbox.org</a>></span>
            wrote:<br>
            <div class="gmail_extra">
              <div class="gmail_quote">
                <blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex">From
                  <a moz-do-not-send="true"
                    href="https://wikitech.wikimedia.org/wiki/Wikitech:Labs_Terms_of_use"
                    target="_blank">https://wikitech.wikimedia.org/wiki/Wikitech:Labs_Terms_of_use</a>
                  (verbatim): "Do not use or install any software unless
                  the software is licensed under an Open Source
                  license".<br>
                  What about tools and services made up of software
                  themselves? Do they have to be Open Source?<br>
                  Strictly speaking, do the Terms of use require that
                  all code be made available to the public?<br>
                  Thanks in advance.<br>
                  <br>
                </blockquote>
                <div><br>
                </div>
                <div>As the person who wrote the initial terms and
                  included this I can speak to the spirit of the term
                  (I'm not a lawyer, so I won't try to go into any legal
                  issues).<br>
                  <br>
                </div>
                <div>I created Labs with the intent that it could be
                  used as a mechanism to fork the projects as a whole,
                  if necessary. A means to this end was including
                  non-WMF employees in the process of infrastructure
                  operations (which is outside the goals of the tools
                  project in Labs). Tools/services that are can't be
                  distributed publicly harm that goal. Tools/services
                  that aren't open source completely break that goal.
                  It's fine if you wish to not maintain the code in a
                  public git repo, but if another tool maintainer wishes
                  to publish your code, there should be nothing blocking
                  that.<br>
                  <br>
                </div>
                <div>Depending on external closed source services is a
                  debatable topic. I know in the past we've decided to
                  allow it. It goes against the spirit of the project,
                  but it doesn't require us to distribute close sourced
                  software in the case of a fork.<br>
                  <br>
                </div>
                <div>My personal opinion is that your code should be in
                  a public repository to encourage collaboration. As the
                  terms are written, though, your code is required to be
                  open source, and any libraries it depends on must be
                  as well.<br>
                  <br>
                </div>
                <div>- Ryan<br>
                </div>
              </div>
            </div>
          </div>
          <br>
          _______________________________________________<br>
          Labs-l mailing list<br>
          <a moz-do-not-send="true"
            href="mailto:Labs-l@lists.wikimedia.org">Labs-l@lists.wikimedia.org</a><br>
          <a moz-do-not-send="true"
            href="https://lists.wikimedia.org/mailman/listinfo/labs-l"
            target="_blank">https://lists.wikimedia.org/mailman/listinfo/labs-l</a><br>
          <br>
        </blockquote>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Labs-l mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Labs-l@lists.wikimedia.org">Labs-l@lists.wikimedia.org</a>
<a class="moz-txt-link-freetext" href="https://lists.wikimedia.org/mailman/listinfo/labs-l">https://lists.wikimedia.org/mailman/listinfo/labs-l</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>