Request for Clarification: Linking Hippocratic Libraries

[Alch-Emi]

Hi! Thank you a million times for this wonderful license! I just licensed my first library under Hippocratic-2.1, and I'm overjoyed that tools like this exist to give devs a way to take responsibility for unethical use of their software without taking away open source rights for users.

I recently mentioned my library to a friend, who expressed interest in using it in a project of their own. When I mentioned that it was under Hippocratic-2.1, they asked how that would affect the licensing for their own project. Having read the license and FAQ a couple times, I gave my best guess:

That dependent projects are free to use the another license, but there might be cases where a potential bad-actor licensee would receive a license to the dependent project but not the hippocratic library, meaning they'd be able to receive the dependent source code but not build or use the project in it's entirety, and that if the dependent project were to distribute a compiled binary, they would need to do so with a clause limiting the use of the binary.

I have no idea how close that is to the truth (and let my friend know as much), but I'd be curious to know the real answer. I wasn't able to find my answer in the FAQ after revisiting it again, and when I re-read the main body of the license itself, the closest thing I could find was the following passage

For clarity, although Licensee is free to create modifications of the Software and distribute only the modified portion created by Licensee with additional or different terms, the portion of the Software not modified must be distributed pursuant to this License

which I interpreted to mean that:

a) The uncompiled source code of a dependent project is not subject to any restrictions of the hippocratic license
b) A dynamically linked dependent binary is not subject to any restrictions of the hippocratic license (assuming that copyright law applies to dynamically linked binaries in the first place, which IIRC is still up in the air)
c) A statically linked dependent binary contains a "portion of the Software not modified" and therefore must be distributed pursuant to the license
d) The compiled source code of the hippocratic library is of course subject to the restrictions of the hippocratic license, so a bad actor with dependent source code would not be able to receive the hippocratic source code from a repository like pip, crates.io, or a git repo in order to build the dependent source (?)

Which is pretty much what I had originally assumed.

But even after all of that, I'm honestly still not completely sure I've arrived at the right conclusion, so I was hoping:

1. One of the lawyers generously donating their expertise here might be able to chip in their expertise to help clear this up
2. A note might be added to the FAQ so that others with a question similar to mine might be spared a similar search for an answer

If I missed something that already gave an answer to my question, I deeply apologize for the trouble, although I'd greatly appreciate it if you could point me in the resource I missed.

Thank you very very much for your response, and to everyone who worked on this amazing license!

Emi (they/them)

[DEGoodmanWilson]

Howdy Emi! And thanks for the thoughtful feedback! IANAL, etc. but I do have opinions 🤓

There does seem to be an interesting tension here!

When applied to systems that distribute packages in source form (which would include things like Node and Ruby, but also C++ packages distributed as source-only via Conan), then the license does seem to apply to the end user when they require package A, and package A requires B which is HL-licensed. This seems consistent with the intent of the license, as the goal is to prevent anyone from using package B for harming human rights.

But I suspect you are right, there are cases where the end user isn't bound by the HL, specifically when dynamically linked. Your analysis makes a great deal of sense to me. that when binaries are linked in, because you are no longer distributing (or required to distribute) the source, that end users are not bound by the HL. If so, this seems like an oversight that ought to be clarified, and/or corrected.

Hopefully we'll have some legal resources we can bring to bear on this issue soon, this is an important issue to get straight on!

[Alch-Emi]

Aa thank you very much for weighing in! I hadn't originally though of the dynamically linking thing as an oversight, since at least in my (very incomplete & unprofessional) understanding of copyright, the bad actor would still not be licensed to use the dll, so wouldn't be able to run the compiled, dynamically linked runtime without some stand-in for the hippocratic dependency (maybe?).

I think that depends a lot on what the original intent was with being able to license dependencies with more permissive licenses though, and if any of my reading has been correct in the first place :p