The source is public. Public source is not open source.
It is not open for me to port, repair, improve, or redistribute to signed and reproducible built distribution channels like f-droid, arch, or debain as I see fit. Honestly really disappointing from a team known for promoting right to repair. I was totally on board with sharing grayjay from the rooftops until I saw the LICENSE file and my heart sank.
Also at a minimum this creates a lack of accountability to prove given binaries came exactly from published code. Someone backdoors the grayjay CI/CD server and everyone gets a backdoored app. Centralized software distribution is irresponsible in a world where supply chain attacks are common.
If they just care about malicious impersonation they should have just done what Mozilla did and file trademarks but leave the code open.
the source is open, it's just not open source. You can't be pedantic about things they didn't say, and you don't get to retroactively define open to only be definable by OSI.
Open source is the only usage of the word open that really matters when it comes to source code and personal freedom, so yes, it is important to be pedantic about this.
It is not open for me to port, repair, improve, or redistribute to signed and reproducible built distribution channels like f-droid, arch, or debain as I see fit. Honestly really disappointing from a team known for promoting right to repair. I was totally on board with sharing grayjay from the rooftops until I saw the LICENSE file and my heart sank.
Also at a minimum this creates a lack of accountability to prove given binaries came exactly from published code. Someone backdoors the grayjay CI/CD server and everyone gets a backdoored app. Centralized software distribution is irresponsible in a world where supply chain attacks are common.
If they just care about malicious impersonation they should have just done what Mozilla did and file trademarks but leave the code open.