Users of Joplin Server, please help crowdfund the license! (16 Dec - license draft is ready)

Granted I could be missing something, legal texts are hard to analyse at the best of time. But particularly, 3.1 and 4.1 would give me personally the impression that modification isn't allowed.

3.1 claims the license is only valid if Joplin Server is aquired by yourself as-is. If the software doesn't come from you, or comes modified, it could revoke the license. (I'm not a lawyer, this is a laymans interpretation ofc)

4.1 has or otherwise copy (except to exercise rights granted in this License), modify, create derivative works of, distribute, assign any rights to. It's hard to say what constitutes derivative works when it comes to packaging. But uploading to Docker is a pretty clear method of distribution, the same with Github, Snap, Homebrew, etc. Recompiling for alternate architectures could be modification, applying patches to the source code definitely is. The copying provision also seems to only be a "reasonable" amount for individual use, which wouldn't be the case with thousands of downloads from DockerHub.

e.g. I don't undestand the following part:

Install the Software on a Licensee’s or third party’s server and provide access to the Software to third parties (a) for a fee or (b) free of charge, if the said third parties may use the Software for commercial purposes;

Does this mean I cannot use the server when I sync a notebook with work related info and run the client on a work computer? Since I can't exclude folders from syncing, nobody can use the server when they use the client on a personal and work computer.

1 Like

Ok maybe we can tweak the license a bit to allow certain narrow cases.

Regarding redistribution, I've always been a bit uneasy about Joplin Server being repackaged by third-parties, not from a licensing point of view but in terms of security. Like the Joplin repo is watched by many eyes, and we have multiple admins. So if a malicious commit somehow gets in, it will be flagged relatively quickly. But on third party repositories, we don't know. The security may be weak and if someone hacks the repo and pushes a bad build of Joplin Server we won't know about it.

Perhaps it's a wider issue - it could mean we need to talk to the alternative release developer and ask if they can move their repo under the official Joplin org, or see if their changes can be integrated to the main release. But anyway, although it's more about security concerns, it also means allowing redistribution is not high on my priority list - I definitely wouldn't want to see dozens of Joplin Server releases around as it's too much of a security risk.

Regarding modification, do people really patch their Docker image that often? And there's a chance they'll want this patch part of the official release, so perhaps it's a matter of adding a line that explicitly allows modifications if it's for a pull request?

This line is to prevent a company from hosting a Joplin Server instance and giving access to other users (whether it's for free or for a fee). But you can self host it and use it for your own personal or work notes.

2 Likes

I can understand not wanting to encourage third party releases, and I'd say that generally it's probably the case that if someone is making a third party release that actually gets used, it's likely beneficial to try and just integrate it into the upstream branch (E.G, Arm64 support, smaller image sizes, etc). I can think of a few edge cases where this might not be the case, and to be honest I think you could basically work around this by adding a clause similar to You can modify and run the modified software locally, provided that you do not provide such modifications in either compiled or source code form to other users; except for the purpose of contributing back to the upstream Joplin project.. This would let people like me for example mess around with a proof of concept Server snap, potentially encourage you to adopt it, and keep it private to me if you didn't want it. Similarly, maybe other people might find it beneficial to integrate Apache or PostgreSQL into the single image, as long as they keep it private to themselves (and follow the rest of the terms for no profiteering).

I do have a concern that this license could introduce some legal complexities around ownership though. Usually when you submit a PR to a GitHub repository, there's an explicit agreement in GitHub's TOS that the PR must be the equivilent license of the repo it's merging with. Since the majority of Joplin is MIT, actual ownership (seperate to license) hasn't been an issue. However, any contributions to Joplin Server specifically would be under this personal use license. Since you wouldn't be the owner of the patch as it's produced by someone else, it ironically means you wouldn't have permission to run them on Joplin Cloud. The safest answer would be to just never accept contributions to Joplin Server, but an alternate answer could be to introduce a contributor license agreement for the server component, ensuring you're legally the owner of any patches. Presumably your lawyers could assess this pretty rapidly.

That's a very good point, thanks for bringing that up. I see there's a CLA template here so I might just use that. Thankfully I see that pretty much all Joplin Server are from myself so far.

As for the third-party releases, that extra clause along with ad hoc license for certain distributions like ARM, snap, etc. might be the way to go. I wonder if there should be some extra requirements in that case for security purposes, or perhaps the name should be changed from "Joplin Server" to something else, to show that it's not official.

You don't have to apply the same license to all users, you could selectively allow a maintainer licensing to make a third party distribution, set the terms as you wish, and revoke the license if you change your mind for whatever reason. The legal aspect there is pretty easy, the practicalities of actually enforcing it, that's the real challenge. It'd be hard to get them to remove it if they just dropped dead.

As trademarks go, it's already the case and you're entitled to ask them to change their branding already. You don't need to register a trademark officially (it does provide some extra guarantees in the UK though so it might be worth doing anyway), and Joplin is big enough by now to already have some protections here.

This is why we ended up with the whole IceWeasel fiasco with Debian's version of Firefox

Turns out I've applied for a EU trademark a while ago and just got confirmation today that it was accepted, so that could help with this. I've registered that trademark mostly because of a domain squatter as I didn't want them to use the name in a way that would confuse users (They were doing so at some point, but now they just advertise hotels in Joplin, MO).

1 Like

Hi, sorry for "kidnapping" this topic, but I have two questions regarding Joplin Server licence.

As I understand, I can use Joplin Server for my personal use only. So inside my family, friends, but I cannot use it with my co-workers for business projects.

What if I would like to use it commercially? What is the fee?

Another question is, had the author ever considered to make Joplin Server absolutely free? One possible option would be to collect a sufficient amount of money to "open" the Server (through Kickstarter project) - what that amount of money would be?

I discovered Joplin a few weeks ago and it is really nice software. I am using it together with Nextcloud. However, I am missing an option to share encrypted notes with different people, and as I understand this feature is available only on Server version.

There's no such option at the moment, but maybe there will be one later on.

I'm not sure that would work, and it seems like it would require a continuous income if the server is to be continuously developed. For now Joplin Cloud is a good solution for this, although I understand it's not ideal for everybody.