Skip to content

Acceptable Use Policy May Impose Apache 2.0-Incompatible Use Restrictions #6200

Closed
Closed
Acceptable Use Policy May Impose Apache 2.0-Incompatible Use Restrictions#6200
@alejandro5042

Description

@alejandro5042
alejandro5042
opened on Dec 19, 2025

Hi everyone -- raising a small but important licensing concern.

To be clear up front: I’m not disagreeing that people, in general, should avoid the activities listed in the Acceptable Use Policy (AUP). The issue here isn’t the intent -- it’s how these restrictions are written and where they’re applied.

As written, the AUP appears to impose behavioral / field-of-use restrictions on how the software may be used. For example:

“Engage in, promote, incite, facilitate, or assist in the planning or development of activities that present a risk of death or bodily harm to individuals…”

and

“including weapon development”

Read literally, this would prohibit use of the tool for legitimate safety, security, or regulated government use cases, even when conducted in compliance with applicable law and regulation.

This creates a conflict with the Apache License 2.0, which grants broad, unconditional rights:

“...a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to use, reproduce, prepare Derivative Works, sublicense, and distribute the Work...”
— Apache License 2.0, §2

To avoid confusion: this isn’t about whether an AUP may exist at all. An AUP is fine when scoped to a hosted service or community. The issue arises when AUP language can be read as a binding condition on use of the Apache-licensed software itself.

Apache 2.0 does not provide a mechanism to attach additional use restrictions to the software itself, and redistribution is permitted only under the terms of the license (§4). This aligns with the Open Source Definition maintained by OSI, which requires that licenses:

“not restrict anyone from making use of the program in a specific field of endeavor.”
— Open Source Definition (OSI)
https://opensource.org/osd

If the AUP is intended to apply only to:

  • a hosted service,
  • Block-operated instances, or
  • community infrastructure,

...it would help to explicitly scope it as such. As written, the policy could reasonably be interpreted as restricting use of the Apache-licensed code itself, which would be incompatible with the Apache License’s grant of unrestricted use.

Suggested fix:

Add a brief clarification stating that the AUP applies only to Block-hosted services and does not apply to self-hosted, forked, or redistributed versions of the Apache-licensed software.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions