I've a few concerns that I think are probably actionable
- I think that certain sections, e.g, the Acceptible Use Policy, don't belong in a software license. It feels like this license is trying to be a bit more than just a license, edging onto being part of the ToS of Joplin Cloud. And while Joplin Cloud's ToS might need work (I haven't looked at them since it's release), the mixing of purpose is probably too much here, especially when it's the license explicitly for the self hosted release. Joplin Cloud doesn't need a license because the users aren't running it.
There's also specific bits of the acceptable use policy that I think are overkill, e.g:
ii. Circumvent the technical limitations of the Software;
If the server has a bug that I can fix on my machine, I'm now not allowed to.
This implies Joplin Server has limitations. Of course, it has technical limitations, one instance can't run the world, you can't use any arbitrary database backend. But these kind of clauses are meant for licensing limitations enforced via technical policies, E.G, on Windows, it'd be understandable I couldn't modify Windows 10 Home to let me use BitLocker, because it's a Windows 10 Pro feature, and hence an actual licensing limitation. Yet Windows 10 Home does actually contain the same files as Windows 10 pro, the only difference is how it lets you use them. Joplin Server doesn't have this same model, because the Joplin Server doesn't have artificial limitations to begin with.
Use the Software for committing cyber offences, including, without limitation, gaining
unauthorised access to machines, devices, networks, or data;
Again, this makes sense in Joplin Cloud, it doesn't make sense in Joplin Server. It means that definitions of Cyber Offences and Unauthorised Access are defined by English law, even when it's running outside of England on someones Raspberry Pi in the attic.
The only bit of the AUP I believe makes sense in the license is
vi. Use the Software for any purpose that the Licensor may consider a breach of the Li-
- There's a lot of repetition that doesn't serve to strengthen the protections, but might weaken them. It's mostly 2.3.X), the repeated usage of "charge others" doesn't need to be repeated. 2.3.I) Should just be "You can't charge others". By adding this statement onto every sub-sub-section, it implies the logical AND rather than the grammatical and.
You can see instead an proper grammatical and used here
(i) use the Software for commercial purposes and (ii) grant others the right
It's clear that these are entirely independent. Unlike e.g,
Install the Software on Licensee’s infrastructure and charge others for the use of the Software
So I could potentially install it on infrastructure I don't own, E.G, AWS, and charge for it? Obviously this isn't the intention, but it becomes a reasonable interpretation because of the repeated usage of and when it isn't needed.
commercial purposes, including, without
limitation, copying, reproducing, publishing, transmitting, transferring, selling, renting, modi-
fying, creating derivative works from, distributing, reposting, performing, displaying, or in
any other way commercially exploiting the Software
This implicitly defines a lot of the context of commercial use. But I don't think for example you're going to want "modifying", because it would deny Github contributions. Similarly, reproducing & publishing would deny users making alternate Docker releases. You could argue the mere presence of submitting to DockerHub would be giving Docker commercial influence via popularity. It leaves a lot open to interpretation.
Of course practically, there's an preference for people to be using the official releases of the software to ease support. But I don't think the this document has the balance that I assume you were hoping for.