When we last signed up for the Audacity community, users thinking about the privacy of the free open source audio editor were concerned about proposed plans to add a telemetry report to decades-old open source audio editing software. More than 1,000 comments have been left on the GitHub download request that would realize this “home phone” feature, with many arguing that the best course of action is to create a new Audacity plug that removes any current or a future tracking code that is embedded upstream.
For their part, the new owners of the project, Muse Group, say Audacity’s ability to report on the user’s software environment will allow them to track some particularly difficult errors. A table of anonymous usage information, such as which audio filters are most commonly applied, would be used in a similar way to determine where development time and money would be best spent. New project manager Martin Tantacrul Kiri personally intervened to explain that the whole situation was just a misunderstanding and that Muse Group had no bad intentions for the esteemed program. They just wanted to get a better idea of how the software is used in the real world, but after seeing how vocal the community was on the subject, it was decided to postpone any changes until a more widely accepted approach could be developed. .
Our last post on the topic ended in a high toneas if the situation had improved. Although there was still a segment of Audacity’s user base that was skeptical about adding remote analytics to a program that had never needed it before, Muse Group representatives seemed to be listening to the feedback they were receiving. Keary assured consumers that plans to implement telemetry have been dropped and that if they are reintroduced in the future, it will be done with appropriate transparency.
License Shell Game
Just over a week after the release of our previous Audacity article, Daniel Ray, Muse Group’s strategy manager, launches new GitHub bomb in the form of a new CLA. He explained that past and future associates will be bound by the agreement, which gives Muse Group unlimited rights over how the code provided is used and licensed. The document clearly shows that the original contributor is still the technical owner of the code and that they were free to use it in other projects, but will have no bearing on his fate once they have joined the Audacity project.
If there was any doubt as to what Muse Group meant by applying this CLA, Ray was clear that they were indeed positioning themselves to relicen the project. In the short term, they want to move Audacity from GPLv2 to GPLv3, which he explained will open up compatibility with various libraries and technologies that the team has been keeping an eye on. This is not necessarily a bad thing and while some contributors may disagree with any changes made in a later revision of the GPL, the upgrade is unlikely to have made too many waves.
The real trouble began when he admitted that Muse Group eventually intended to introduce a dual license on the code. This would mean that in some situations and at their discretion, Muse Group could offer a version of Audacity that is subject to a completely different and as yet unnamed license. Ray cites problems listing GPL-licensed projects in the Apple App Store as an example of why this clause is necessary because it would allow the Muse Group to use a more licensing license to meet the provider’s redistribution requirements.
If that wasn’t enough, the new CLA FAQs explicitly state that the code that contributed to Audacity could be used in future Muse Group closed source projects:
It is no exaggeration to say that this is the antithesis of what an open source community, or at least the GPL, is. Few people who want to submit their code for inclusion in a program that has spent more than 20 years licensed under the GPLv2 would approve of their work, which ends as part of a closed source commercial project. When a commentator asked Ray how Muse Group intended to get past contributors to agree to such a document, he replied that only the big participants should unsubscribe; the team decided that rewriting what he described as “trivial” contributions would be more effective than getting the original authors to agree to the new terms.
You have to be so tall to ride
Many commentators expressed concern that Audacity’s requirement for a new age would mean that the free tool could no longer be used in educational settings, forcing schools to find an alternative program. Others pointed out that both GPLv2 and GPLv3 explicitly prohibit restrictions on who can run the program. If the Muse Group intended to use the CLA to replace this GPL clause, this would be a dangerous precedent; limiting the age at which a user can start a program is a slippery slope to other forms of discrimination, another unforgivable insult to open source community values.
In the second case, we may have an answer. A branch of Audacity aimed at undoing the changes made by the Muse Group, with the appropriate name Tenacityhas already garnered more than 4,000 stars on GitHub. Of course, there is no guarantee of the longevity of such rebellious projects, or it is critical whether large software repositories will avoid the upstream version in favor of de-Mused compilations. But behind that is an undeniable momentum, fueled purely by the way the Muse Group has confused their interactions with the Audacity community since they took the reins just three months ago.
If this is really the beginning of a hard fork for the legendary open source audio editor, there is no question who should take the blame. In the end, however, if the new Tenacity crew takes the Audacity torch and runs with it, in a year’s time we may wonder what all the fuss is about.