As initially agreed all code written within DREAM is licensed as AGPL-3.0-or-later. Also ocaml-monocypher.
ocaml-monocypher is a small binding layer for OCaml to the Monocypher cryptographic library (https://monocypher.org/). It is used by ocaml-eris (for Blake2b and ChaCha20) and from ocaml-dmc (for Ed25519).
I’d like to make an exception for ocaml-monocypher and license it as BSD-2-Clause.
Monocypher itself is in the public domain (CC0-1.0) and optionally BSD-2-Clause. The motivation of this is that cryptographic primitives should be easier available and that usage of crypto with a bad license is better than not using crypto for users.
For same reasons I would suggest using BSD-2-Clause for ocaml-monocypher.
This would be the second licensing exception made (other being ocaml-base32).
Background: I would like to use ocaml-monocypher with js_of_ocaml and that needs some hacking.
If no objections, I will relicense ocaml-monocypher as BSD-2-Clause in a week (on 2022-01-26).
I am not making any objection as I do not feel I have any need for agency on this issue and it is important you do what you feel is better. However for the sake of the conversation., I will comment here:
I tend to agree with @how that although I understand cryptographic primitives should be accessible, we need not to contribute or facilitate the life of proprietary software, we should not accept their conditions, quite the contrary they need to adapt.
Yes, I really wonder why the change is necessary. If you can verbalize it clearly, @pukkamustard, it would certainly be useful for the whole free software community. I feel there’s an underlying topic that is not sufficiently exposed.
I feel the author of the Monocypher library has gone trough great effort to make it “easy to deploy” [1]. From what I understand that is the reason why Monocypher is licensed as CC0-1.0/BSD-2-Clause. ocaml-monocypher is a very thin binding layer between OCaml and Monocypher. I feel licensing this as AGPL-3.0-or-later is an unnecessary detriment to the goals of Monocypher.
I am considering using ocaml-monocypher for a JavaScript implementation of ERIS. This should be usable or at least accessible to the masses of NPM developers by just running npm install eris. I think this is an excellent place where we can make developers consider user-respecting licenses and licensing a js-eris as AGPL-3.0-or-later would be really good. On the other hand, there is a possibility that this might stop certain projects from even experimenting with ERIS. In particular Hypercore and SSB. Both projects use the MIT license. I think this is wrong and it would be better if they had used a libre license. But it is what it is. The question is do we make a stand for user freedom or do we make it “easier” for these two specific existing projects? As the chances that SSB/Hypercore will show interest in ERIS are negligible I think it would be better to keep a JavaScript implementation AGPL. A similar case where I have used GPL instead of AGPL is for guile-eris. The decision was easier as the possibility of using guile-eris in the GPL licensed project (Guix) is much realer.