Back to posts

Keyoxide 1.0.0: switched to AGPL-v3

Posted on 2020-07-30

The big 1.0.0

Well, yes but no. It's actually a small update but with a MAJOR (get it? Because semver) change: the project has switched to the AGPL-3.0-or-later license.

When I started the Keyoxide project, it didn't have the scope and ambitions it has now. What begun as a tool to bring simple PGP operations directly to the user's browser—a side project like many others—has turned into a full-blown solution to prove online identity in a decentralized manner.

The project has also seen quite a warm welcome among the tech-savvy and privacy-minded as a partial replacement for alternatives like Keybase. More importantly, the project has started receiving contributions from other people. From that point on, as was pointed out to me by @t0k@social.tchncs.de, a permissive license like I was using before will no longer do.

A copyleft license like AGPL-3.0-or-later is much better suited to protect the project and its contributors from getting the source code—including everyone's contributions—turned into a closed-source clone. Keyoxide is for the online citizenry and will remain so.

Why 1.0.0?

Usually, the "big 1.0" is associated with a project coming out of a beta period or more generally, becoming a product that users can use without excessive bugs. This is not the case here.

The versioning of this project adheres to semver: MAJOR-MINOR-PATCH. A license change such as this one might put certain people or organizations off from using it (it shouldn't… but it might) and could therefore be considered a breaking change which, according to semver, triggers a MAJOR release.

Hence 1.0.0.