Changes for page Open Source Model and Licensing

Last modified by Robert Schaub on 2026/02/08 08:30

From version 1.3

edited by Robert Schaub
on 2026/02/08 08:30

Change comment: Update document after refactoring.

To version 1.1

edited by Robert Schaub
on 2026/01/20 20:44

Change comment: Imported from XAR

Raw
Rendered

Summary

Page properties (2 modified, 0 added, 0 removed)

Details

Page properties

Parent

@@ -1,1 +1,1 @@
--WebHome
++FactHarbor.Organisation.WebHome

Content

@@ -1,10 +1,7 @@
  = Open Source Model and Licensing =
--
  == 1. Purpose and Relation to Other Documents ==
--
  This page explains **how FactHarbor is run from a licensing and enforcement perspective** – as an open, trustworthy, non-profit oriented, but professionally maintained project.
  It covers in particular:
--
  * the **licensing choices** for code, documentation, data, and core specifications,
  * how contributors grant the project the right to use and enforce those licenses,
  * how AI-related components (such as AKEL) fit into the licensing picture,
@@ -12,7 +12,7 @@
  * **organisational transparency commitments**,
  * **privacy and data protection standards**.
  Together with the other Organisation pages, it defines **how FactHarbor is run**:
--* [[Governance>>Archive.FactHarbor 2026\.02\.08.Organisation.Governance.WebHome]] – who decides what, and under which principles
++* [[Governance>>FactHarbor.Organisation.Governance.WebHome]] – who decides what, and under which principles
  * [[Finance & Compliance>>FactHarbor.Organisation.Finance-Compliance]] – how funding, transparency, and internal controls work
  * [[Legal Framework>>FactHarbor.Organisation.Legal-Framework]] – legal forms, contracts, and regulatory aspects
  The **Specification** (Mission, Requirements, Architecture, Data Model, Workflows, etc.) describes **what FactHarbor does**.
@@ -19,11 +19,8 @@
  This Open Source Model and Licensing page (together with Governance and Finance & Compliance) describes **how FactHarbor is run and protected**.
  For historical context, earlier drafts used a purely AGPLv3-centric model for the core software.
  The current licence mix is defined in the sections below and takes precedence over any older drafts.
--
  == 2. Overview ==
--
  FactHarbor is, and will remain, an **open source project** that:
--
  * publishes its work openly whenever legally and ethically possible
  * makes its reasoning and evidence inspectable
  * invites contributions under clear, transparent rules
@@ -37,31 +37,24 @@
  * the standards that repositories must follow,
  * **organisational transparency and privacy commitments**.
  Normative licensing decisions on this page **override** any older variants or drafts.
--
  == 3. Licensing (Current Decisions) ==
--
  === 3.1 Documentation ===
--
  All general **documentation** (organisational and technical) is licensed under:
--
  * **Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0)**
  This allows:
  * reuse, adaptation, and translation of documentation,
  * including commercial reuse,
  * as long as:
--* clear attribution to FactHarbor is preserved, and
--* derivative works are shared under the **same license (CC BY-SA 4.0)**.
++ * clear attribution to FactHarbor is preserved, and
++ * derivative works are shared under the **same license (CC BY-SA 4.0)**.
  Exception handling:
  * In rare cases, **security-sensitive or abuse-enabling documentation** may be:
--* published only in partial form, or
--* made available under more restrictive terms, or
--* kept internal.
++ * published only in partial form, or
++ * made available under more restrictive terms, or
++ * kept internal.
  * Any such exceptions must be **explicitly documented** where they apply.
--
  === 3.2 Core Protocol & Data Model ===
--
  The **core protocol**, core **data model** (including key ERDs), and other "defining specifications" are licensed under:
--
  * **Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0)**
  Intent:
  * enable **collaborative evolution** of the protocol and data model,
@@ -72,26 +72,23 @@
  * You may **use, implement, and modify** the protocol/data model in your own systems.
  * You may **publish derivative or modified specifications** under CC BY-SA 4.0.
  * Derivative specifications must:
--* be clearly attributed to FactHarbor,
--* use different branding/names (trademark protection),
--* state they are "derived from FactHarbor protocol",
--* remain under CC BY-SA 4.0 (share-alike).
++ * be clearly attributed to FactHarbor,
++ * use different branding/names (trademark protection),
++ * state they are "derived from FactHarbor protocol",
++ * remain under CC BY-SA 4.0 (share-alike).
  * Changes to the **canonical FactHarbor specification** are governed through FactHarbor's internal review and release processes.
  **Trademark Protection:**
  The "FactHarbor" name and associated marks are protected separately from the license. Derivative protocols may not use "FactHarbor" branding without explicit permission, ensuring users can distinguish official from derivative implementations.
  This approach (license for sharing + trademark for brand protection) follows successful models like Mozilla Firefox and the W3C.
--
  === 3.3 Code ===
--
  **Default License:** Unless explicitly stated otherwise, **code** produced under the FactHarbor project is licensed under:
--
  * **MIT License**
  This allows:
  * broad reuse, including in commercial software,
  * proprietary integrations and extensions,
  * as long as:
--* the MIT license text is included, and
--* attribution to the FactHarbor project is preserved.
++ * the MIT license text is included, and
++ * attribution to the FactHarbor project is preserved.
  **Hybrid Licensing for Core Components:**
  For the **core reasoning engine** and **AKEL components**, we recommend using **AGPL-3.0** to prevent black-box deployments and ensure transparency of modifications.
  The recommended hybrid approach:
@@ -103,33 +103,27 @@
  * Prevents "FactHarbor-as-a-service" black boxes that contradict transparency mission
  * MIT for peripheral components maximizes ecosystem growth
  * Strong protection of **openness of reasoning** is handled via:
--* open protocol and data model (CC BY-SA),
--* open documentation (CC BY-SA),
--* AGPL for core reasoning components,
--* and explicit transparency rules.
++ * open protocol and data model (CC BY-SA),
++ * open documentation (CC BY-SA),
++ * AGPL for core reasoning components,
++ * and explicit transparency rules.
  The decision to implement this hybrid model should be made explicitly before the first public release.
--
  === 3.4 Structured Data & Curation Artefacts ===
--
  Structured data, curated knowledge artefacts and derived datasets are licensed under:
--
  * **Open Database License (ODbL)**
  **Note on ODbL:** The Open Database License includes a share-alike requirement, ensuring derivative databases remain open. This aligns with FactHarbor's commitment to openness and prevents proprietary capture of community-curated data.
  Principles:
  * data used for public reasoning should be:
--* reusable and remixable,
--* properly attributed,
--* versioned and traceable,
--* kept open through share-alike.
++ * reusable and remixable,
++ * properly attributed,
++ * versioned and traceable,
++ * kept open through share-alike.
  * privacy, safety, and legal constraints may require:
--* partial publication or anonymity,
--* stronger access control around certain datasets.
++ * partial publication or anonymity,
++ * stronger access control around certain datasets.
  Concrete exceptions and more restrictive handling must be **documented at dataset level**.
--
  === 3.5 Attribution Guidelines (Non-Mandatory but Recommended) ===
--
  FactHarbor encourages, but generally does not require beyond the base licenses, that:
--
  * user interfaces show a short line such as:
  `Powered by FactHarbor (open documentation, open protocol, open data)`
  Intent:
@@ -136,47 +136,35 @@
  * strengthen **brand recognition** and trust,
  * keep attribution light-weight and compatible with open licenses,
  * avoid creating extra legal conditions beyond the existing licenses.
--
  == 4. Licensing Goals and Principles ==
--
  Earlier "Open Source Model & Licensing" drafts contained valuable reasoning about **why** strong open-source protections might be needed. The core goals remain relevant, even though the exact license mix has evolved.
  FactHarbor's licensing aims to:
--
  * **Protect openness of reasoning**
--* Users must be able to understand how conclusions were reached.
--* Code and documentation that materially affect user-visible behaviour should be inspectable or clearly described.
++ * Users must be able to understand how conclusions were reached.
++ * Code and documentation that materially affect user-visible behaviour should be inspectable or clearly described.
  * **Discourage hostile or misleading forks**
--* Avoid "closed clones" that keep the FactHarbor name or appearance while hiding important changes.
--* Forks that significantly diverge should use their own branding and not pretend to be official FactHarbor instances.
++ * Avoid "closed clones" that keep the FactHarbor name or appearance while hiding important changes.
++ * Forks that significantly diverge should use their own branding and not pretend to be official FactHarbor instances.
  * **Make modifications traceable**
--* Substantial changes to code, specs, or governance documents should be documented and versioned.
--* Users interacting with a service based on FactHarbor should be able to see **which version or fork** they are using.
++ * Substantial changes to code, specs, or governance documents should be documented and versioned.
++ * Users interacting with a service based on FactHarbor should be able to see **which version or fork** they are using.
  * **Support long-term sustainability and legal clarity**
--* Licenses and governance must be enforceable in practice.
--* The organisation should have clear standing to protect the project if needed.
--
++ * Licenses and governance must be enforceable in practice.
++ * The organisation should have clear standing to protect the project if needed.
  == 5. Contributors, Governance & CLA ==
--
  === 5.1 Contributor Journey (from licensing perspective) ===
--
  The contributor journey (Visitor → New Contributor → Contributor → Trusted Contributor → Contributor → Moderator → Trusted Contributor) is defined in more detail in the **Contributor Processes** and **Organisation** pages.
  From a *licensing* perspective, the key points are:
--
  * All contributions must be compatible with the chosen licenses (CC, MIT, AGPL, ODbL, etc.).
  * Contributors confirm that they have the right to contribute the material under these licenses.
  * Higher-trust roles (Trusted Contributors, Contributors, Moderators) help enforce licensing and attribution rules when reviewing changes.
  For full role definitions, see the **Organisation / Contributor Processes** documentation.
--
  === 5.2 Contributor License Agreement (CLA) ===
--
  To keep the legal situation clear and enforceable, FactHarbor uses a **Contributor License Agreement (CLA)**.
  See [[Contributor License Agreement>>FactHarbor.Organisation.CLA]].
--
  ==== 5.2.1 Dual Contributor Model ====
--
  FactHarbor distinguishes between two contributor types with different copyright arrangements:
  **Unpaid Contributors (Volunteers)**:
--
  * **Retain copyright** of their contributions
  * Grant FactHarbor a perpetual, royalty-free license to use and distribute
  * Enable the project to enforce licenses on their behalf
@@ -191,87 +191,65 @@
  * Provides clarity for commercially sponsored work
  * Ensures FactHarbor can effectively maintain and defend the project
  * Maintains transparency about contribution sources
--
  ==== 5.2.2 Core Intent (All Contributors) ====
--
  Regardless of contributor type, the CLA ensures:
--
  * Contributors grant the **FactHarbor organisation**:
--* a **perpetual, worldwide, irrevocable license** to use, modify, and redistribute their contributions under the project's chosen licenses (CC BY-SA, MIT, AGPL, ODbL, etc.), and
--* the **express right to enforce** those licenses and **pursue legal action** against infringers on their behalf.
++ * a **perpetual, worldwide, irrevocable license** to use, modify, and redistribute their contributions under the project's chosen licenses (CC BY-SA, MIT, AGPL, ODbL, etc.), and
++ * the **express right to enforce** those licenses and **pursue legal action** against infringers on their behalf.
  This ensures that:
  * the organisation has **clear standing** to defend the project legally,
  * individual contributors do not have to act alone against infringements,
  * licensing remains enforceable even if contributors become inactive.
--
  ==== 5.2.3 Determining Contributor Type ====
--
  * **Default**: Contributors are considered unpaid volunteers unless they have a written agreement specifying paid status.
  * **Paid Status Indicators**: Employment contract, written contracting agreement, or grant/sponsorship agreement.
  * **Transparency**: Contributor type should be disclosed where applicable.
  See [[Contributor License Agreement>>FactHarbor.Organisation.CLA]] for complete terms.
--
  == 6. AI Models and Licensing (AKEL) ==
--
  AKEL (AI Knowledge Extraction Layer) may rely on different types of models. Licensing and transparency rules are crucial here.
--
  === 6.1 Open vs Proprietary Models ===
--
  AKEL may use:
--
  * **Open-source models (preferred)**:
--* weights and code are openly available under compatible licenses,
--* prompts, evaluation logic and integration code are made public where licenses permit.
++ * weights and code are openly available under compatible licenses,
++ * prompts, evaluation logic and integration code are made public where licenses permit.
  * **Proprietary / hosted models (allowed but constrained)**:
--* used only when necessary for quality or feasibility,
--* must be clearly **disclosed to the user** at point of use,
--* AKEL must label which parts of its output derive from proprietary tools,
--* surrounding **integration logic remains open** (MIT/AGPL or compatible) and is documented.
++ * used only when necessary for quality or feasibility,
++ * must be clearly **disclosed to the user** at point of use,
++ * AKEL must label which parts of its output derive from proprietary tools,
++ * surrounding **integration logic remains open** (MIT/AGPL or compatible) and is documented.
  Rules:
  * No deployment may suggest "fully open" AI if proprietary models are used without disclosure.
  * For high-impact reasoning (e.g. health, politics, safety-critical topics), **open, auditable models** are preferred wherever feasible.
  * Where proprietary models are unavoidable, additional care is taken to:
--* document limitations,
--* avoid overstating certainty,
--* and keep reasoning layers as transparent as possible.
--
++ * document limitations,
++ * avoid overstating certainty,
++ * and keep reasoning layers as transparent as possible.
  === 6.2 Prompts, Pipelines and Integration Code ===
--
  * Orchestration code, pipelines and evaluation logic around AKEL are treated as part of the **open FactHarbor codebase** (MIT or AGPL).
  * Where prompts or model configurations are licensed in a way that restricts publication, this must be documented clearly, and safe abstractions should be used in public documentation.
--
  === 6.3 AI Prompts and Orchestration ===
--
  * Prompts, system instructions, and orchestration code are considered **Code** and licensed under **MIT** or **AGPL** (depending on component).
  * They must be visible in the repository to ensure the system is not a 'black box'.
  * If a proprietary model requires a prompt that cannot be shared (e.g. contractual restriction), that component cannot be part of the open core.
--
  == 7. Third-Party Libraries and Components ==
--
  FactHarbor depends on third-party libraries under:
--
  * permissive licenses (MIT, Apache-2.0, BSD), and/or
  * other compatible open-source licenses.
  Requirements:
  * All dependencies must be **license-compatible** with:
--* the MIT/AGPL-licensed code,
--* and the overall FactHarbor licensing strategy.
++ * the MIT/AGPL-licensed code,
++ * and the overall FactHarbor licensing strategy.
  * License information is documented in:
--* `/LICENSE` and, where applicable, `/NOTICE`,
--* and a dedicated "Third-Party Licenses" section in project documentation.
++ * `/LICENSE` and, where applicable, `/NOTICE`,
++ * and a dedicated "Third-Party Licenses" section in project documentation.
  FactHarbor actively avoids dependencies that:
  * restrict redistribution in ways incompatible with open-source norms,
  * prevent network users from accessing the relevant source,
  * or conflict with the project's transparency and licensing goals.
--
  == 8. Repository Standards ==
--
  Each official FactHarbor repository must follow a minimum standard.
--
  === 8.1 Required Files ===
--
  Each repository should contain at least:
--
  * `README` – purpose, scope, status, and how to use it.
  * `LICENSE` – the applicable license(s) for the repository.
  * `CONTRIBUTING` – how to propose changes; coding/writing guidelines.
@@ -278,40 +278,29 @@
  * `CODEOWNERS` – who is responsible for which parts.
  * `CHANGELOG` – human-readable log of important changes.
  * `SECURITY` (or `SECURITY.md`) – how to report vulnerabilities and how they are handled.
--
  === 8.2 Prohibited Content ===
--
  FactHarbor repositories must **not** contain:
--
  * purely ideological advocacy texts unrelated to the project's purpose,
  * opaque binaries or artefacts that cannot reasonably be inspected or reproduced,
  * embedded secrets (API keys, passwords, private tokens),
  * content that materially contradicts the stated licenses or governance rules.
--
  == 9. Historical Licensing Option: AGPLv3 for Core Engine (Non-Normative Background) ==
--
  Earlier versions of this page explored a **strong copyleft** option for the core software based on **GNU Affero General Public License v3 (AGPLv3)**.
  Those drafts argued that:
--
  * AGPLv3, as a **network-copyleft license**, would:
--* require modified network services to publish their source to users,
--* prevent closed forks of the core reasoning engine,
--* ensure that any public "FactHarbor-like" service stays inspectable.
++ * require modified network services to publish their source to users,
++ * prevent closed forks of the core reasoning engine,
++ * ensure that any public "FactHarbor-like" service stays inspectable.
  They also defined:
  * the scope of AGPLv3 coverage (backend services, AKEL logic, frontend),
  * expectations for forks (must remain AGPLv3, must declare they are forks),
--* and the same CLA principles now adapted to the current license mix.
++ * and the same CLA principles now adapted to the current license mix.
  These AGPLv3 considerations have been **partially adopted** in the hybrid licensing model (section 3.3), where AGPL-3.0 is recommended for core reasoning components.
  They are preserved here as **design background** and may be revisited for specific components or future arrangements.
--
  == 10. Organisational Transparency ==
--
  FactHarbor is committed to exceptional transparency in all aspects of its operations, governance, and finances. This commitment is essential to build trust in a system claiming to support well-grounded judgments.
--
  === 10.1 Financial Transparency ===
--
  We commit to publishing annually:
--
  * Complete financial statements (audited where possible)
  * Swiss tax filings (annual statements per Swiss law)
  * Income sources in aggregate (grants, donations, sponsorships)
@@ -318,11 +318,8 @@
  * Expense breakdown by category
  * Compensation ranges for staff roles (not individual salaries)
  * Major funding relationships and partnerships
--
  === 10.2 Governance Transparency ===
--
  We commit to publishing:
--
  * All governance documents (bylaws, policies, procedures)
  * Governing Team composition and meeting schedules
  * Governing Team meeting minutes (with narrow exceptions for privacy, security, or legal matters)
@@ -329,11 +329,8 @@
  * Policy changes with rationale and effective dates
  * Decision-making process documentation
  * Conflict of interest policies and disclosures
--
  === 10.3 Operational Transparency ===
--
  We commit to publishing:
--
  * Transparency reports (published twice yearly)
  * Content moderation statistics and practices
  * AKEL performance metrics and audit results
@@ -341,11 +341,8 @@
  * Partnership agreements and funding relationships
  * Incident reports (security, moderation, governance)
  * System uptime and performance data
--
  === 10.4 Privacy Protection ===
--
  While maintaining organisational transparency, we protect:
--
  * Individual user privacy and personal data
  * Security vulnerabilities (until patched, typically 30-90 days)
  * Personnel matters and personal information
@@ -352,9 +352,7 @@
  * Ongoing legal matters (until resolved)
  * Whistleblower and abuse reports
  * Authentication credentials and sensitive operational details
--
  === 10.5 Review and Oversight ===
--
  * Annual review of all information marked "private"
  * Public reporting on transparency compliance
  * Community input opportunities on transparency policies
@@ -361,22 +361,15 @@
  * Appeals process for information requests
  * Independent transparency audits (when feasible)
  See [[Transparency Policy>>FactHarbor.Organisation.How-We-Work-Together.Transparency-Policy]] for complete details.
--
  == 11. Privacy and Data Protection ==
--
  FactHarbor is committed to protecting user privacy while maintaining transparency in operations and governance.
--
  === 11.1 Data Collection Principles ===
--
  * **Data minimization**: Collect only what is necessary for functionality
  * **Purpose limitation**: Use data only for stated purposes
  * **Short retention**: Delete data when no longer needed
  * **User control**: Provide access, correction, and deletion rights
--
  === 11.2 User Rights ===
--
  Users have the right to:
--
  * Access their personal data
  * Correct inaccurate information
  * Delete their accounts and associated data
@@ -383,27 +383,20 @@
  * Export their data (portability)
  * Object to certain processing
  * Lodge complaints with supervisory authorities
--
  === 11.3 What We Collect ===
--
  For specific details on data collection practices, retention periods, and processing purposes, see [[Privacy Policy>>FactHarbor.Organisation.How-We-Work-Together.Privacy-Policy]].
  In general:
--
  * **Public contributions**: Permanently public and attributed (essential for transparency)
  * **Account information**: Email, username (minimal required data)
  * **Technical data**: IP addresses, user agents (short retention, logged out users)
  * **Usage data**: Aggregated, anonymized analytics
--
  === 11.4 What We Never Do ===
--
  * Sell or rent user data
  * Share personal data with third parties for marketing
  * Track users across unrelated sites
  * Use personal data for purposes beyond stated scope
  * Keep personal data longer than necessary
--
  === 11.5 Security Measures ===
--
  * Encryption in transit (TLS/HTTPS)
  * Encryption at rest for sensitive data
  * Access controls and authentication
@@ -412,12 +412,9 @@
  * Vulnerability disclosure program
  * **Data Protection Impact Assessments (DPIA)** for high-risk processing (required by FADP Article 22)
  See [[Privacy Policy>>FactHarbor.Organisation.How-We-Work-Together.Privacy-Policy]] for complete details.
--
  === 11.6 Data Protection Officer (DPO) ===
--
  **If we serve users in the European Union**, we will appoint a Data Protection Officer (DPO) as required by EU GDPR Article 37.
  The DPO will:
--
  * Advise on data protection compliance
  * Monitor FADP and GDPR compliance
  * Serve as contact point for Swiss FDPIC and EU data protection authorities
@@ -428,30 +428,20 @@
  * Large-scale systematic monitoring of data subjects
  * Large-scale processing of sensitive personal data (including political opinions, health information)
  Given that FactHarbor processes claims containing political opinions and uses AI for systematic evaluation, we commit to appointing a DPO if we process personal data of EU residents.
--
  == 12. Exceptions and Appeals ==
--
  === 12.1 Requesting Information ===
--
  If you believe FactHarbor should disclose specific organisational information:
--
 . Submit a written request to [Transparency contact to be established]
 . Specify the information requested and rationale
 . Expect initial response promptly
--
  === 12.2 Appeals Process ===
--
  If a transparency request is denied:
--
 . Appeal to the Transparency Committee (if established)
 . Provide additional context or rationale
 . Expect appeal decision promptly
 . Final appeals may be escalated to the Governing Team
--
  === 12.3 Exception Criteria ===
--
  Information may be withheld only if disclosure would:
--
  * Violate individual privacy rights
  * Compromise security (vulnerability, credential)
  * Violate legal obligations (court order, attorney-client privilege)

Changes for page Open Source Model and Licensing

Summary

Details

Applications

Navigation

Need help?