[ANN] servant-oauth2 - first release!

Hey All,

I wanted to announce a little library that a few of us have been working on: servant-oauth2.

It’s a light-weight wrapper around wai-middleware-auth, but done within the context of “modern servant”, so you can lift authentication/authorisation information to the type level.

It’s fair to say it’s in “beta” at the moment; and this is the first (mildly interesting) Haskell library I’ve ever personally been involved in, so please be kind with your feedback

In any case, I hope you potentially find it useful, and we would welcome contributions and feedback, if you have it!

Thanks!

Interesting licence. I haven’t seen that one before. Would you like to say more about it?

I found the page which builds the licence. The modules look intriguing. Did you include any of those?

well from that site:

The canonical “Open Source Definition” states that an open source license must not discriminate against any person or group of persons, or against any field of endeavor, even those which would generally be understood as harmful or dangerous. By design, the Hippocratic License does not conform to these criteria.

personally I am like when I read this - what seem like the “greater good” or “ethical right” might very well shift quickly … personally I’d rather stick with “no discrimination” but I guess that’s a dangerous topic in it’s own right.

Thanks for the discussion!

@steshaw says:

Interesting licence. I haven’t seen that one before. Would you like to say more about it?

Have to credit my colleague @marcosh for deciding to use this license.

I’d be curious for his perspective, but my own is that software is one of the main ways we programmers interact with the world; and so it makes some kind of sense to try and encourage good behaviour through that process.

For many years now I’ve personally felt conflicted at all the profiteering done of open-source software; and while this particular license may not be perfect, in some sense at least it opens a conversation.

In terms of modules; they are all included, in fact.

@CarstenK says:

personally I am like when I read this - what seem like the “greater good” or “ethical right”
might very well shift quickly …

For what it’s worth, I don’t see language like “Greater good” or “ethical right” in here; I see concrete behaviours that are excluded, such as military, or violence, or mass surveillance. To me it feels okay to have limits in this way, much as each individual might have limits on what kind of companies they are willing to work for.

I guess it’s not worth discussing that here (it’s about the library right?) but in case you want to know: I skimmed through The Hippocratic License: Learn More about the Hippocratic License and it rubbed against personal believes I guess.

You are right I should not have used “…” as it’s quite a bit of interpretation on my part but it talks about social good, ethical topics, etc.

In the end it’s your choice and it’s 100% in your right to use every licence you choose (assuming it does not interfere with licences of dependencies you used etc.) and I’m all for that.

Hi Noon

this thread got me reading that license. It is indeed a very interesting license and I’m surprised to find it likely precludes me from using it due to 3.1(.13)

The Licensee SHALL NOT, whether directly or indirectly, through agents or assigns:
Be an individual or entity, or a representative, agent, affiliate, successor, attorney, or assign of an individual or entity, that engages in fossil fuel or mineral exploration, extraction, development, or sale;

Doesn’t riding a petrol car, taking a plane or even using power generated from fossil fuels mean that I’m indirectly through agents engaging in the extraction and sale of fossil fuels?

Whether or not I believe this would be enforceable is a different question; the question whether or not this might under some very literal interpretation of the text might make liable on license infringement will make me think this over a few times whether or not to use it.

That being said, I see your concerns about open source usage and would even say I agree with the spirit of the license mostly. This one just seems to overshoot a lot similar to how MIT/BSD undershoots.

Doesn’t riding a petrol car, taking a plane or even using power generated from fossil
fuels mean that I’m indirectly through agents engaging in the extraction and sale of
fossil fuels?

Yeah; it’s a decent point. I get that it creates some potential anxiety. I could imagine that particular wording could be interpreted quite literally; but I think in the same sense as the military ones; i.e. clearly even I, and probably all of us, benefit from the military indirectly.

I think the most that I can hope for is that people will think about it in good faith and with some reasonableness; i.e. should BP.com use this new library for logging in to their new website? I guess probably not (though I personally can see some wiggle-room here; I think for example companies who still emit, but are focused on a transition should be encouraged; i.e. I’m not in camp fundamental-boycott); but should you or I use it for some website we make for tracking our interest in, say, gas-guzzling non-electric super-charged monster-trucks? Probably fine.

I think the most I can hope for is that someone has to think a bit, and come to their own conclusions. In some sense I agree this is non-optimal from the “standard” licensing that means we don’t have to think much at all; but maybe it’s a nice way to get a different kind of conversation going.

Thanks for your thoughts!

Typing this very message could be enough I guess.

I somewhat fear that we will run into danger of killing OSS (we meaning basically all folks involved in OSS, politics, activists, … more or less we all as a species).

Security, really excessive licences, laws and processes (merging PRs could potentially be fatal in some countries/laws), …

I wonder (ok I believe) if we wouldn’t be better of if we’d try and go back to the more liberal philosophies and practices this all started with.

I think the best way to think about this is just the same as you would with a job you’d take; except doing it outwardly.

I certainly think it’s a bit of a stretch to say that this kind of license will “kill” OSS; I could be equally dramatic - OSS can only survive on a planet that exists. Will current business practices and business as usual get us there? Debatable.

I’m not talking about the licence - not only - I just noticed quite a few problems over the last years/month and honestly it’s getting a lot more difficult to use OSS.
It’s mainly about security concerns but the question on licencing comes up a lot too.

I really don’t want to get in to any heated debate about the survival of the planet or such and probably my comment is producing unwanted associations (sorry I really struggle to express myself here and not being an native english speaker makes it not easier so please give me some slack).

Anyway thanks for this library and sorry again for any controversy I might have caused.
I did not mean to be a bad actor here I just wanted to voice my concern.

I’ll guess I better shut up now and let you all deal with the important stuff.

No worries

Thanks for your comments; I’ve found it useful to chat this through with you I’ve gotten something out of it, and I hope others have too.

I do think its worth going back to the intent of the license, as after all, unless a lot of money is in between, the licenses are pragmatically just that - guidance. Also worth thinking as a community, are we going to fight for licenses that push our technology to be used in certain domains, and one can get into the details (as we have above) but umbrella ideas and hopes are also part of the technology itself.

Directly from the Organization for Ethical Source the Hippocratic License is a license that prohibits use of the software in the violation of internationally recognized human rights.

So we can sit here and debate if we like the details, or we can sit here and stand firmly for what it stands, and maybe influence it to have better language, or further definition, so that you don’t feel like using a library stops you from driving a car. But debating whether this is necessary direction for open source seems backwards, this direction was necessary decades ago.