Custom source-available license, sharpened against several
ambiguities flagged in license review. Substance unchanged from
intent: operators can audit, run, modify, and sell licenses for
their own products through an instance they operate; reselling
the software itself or running it as a managed service for third
parties is forbidden. SDKs remain MIT in their own repos.
Concrete edits versus the prior draft:
- Added SPDX-Short-Identifier line (LicenseRef-Keysat-1.0) so
package metadata scanners can reference a stable name.
- New Section 1 (Definitions): "the Software", "You", "Internal
Use", "Modifications", "Managed Service" — closes the "is a
rented VPS internal use?" / "is publicly hosting on Tor a
managed service?" gaps.
- Internal Use explicitly includes rented compute. Managed
Service explicitly carves out "your own customers receiving
signed license keys" so the intended buy-page flow can never
be misread as forbidden.
- Section 3 (Restrictions) reworded for clarity:
- (a) "distribute compiled binaries" rather than ambiguous
"redistribute the source code" — source forks for audit /
contribution remain permitted under the trailing paragraph.
- (b) "provide ... as a Managed Service" — clean Elastic-v2
style phrasing in place of "publicly host a copy that is
accessible to or operable by parties other than yourself."
- Public source-code forks on GitHub explicitly permitted.
- Section 4 (Contributions): clarified as a non-exclusive
license-back, not a copyright assignment. Contributors retain
ownership.
- Section 6 (Termination): added "destroy or permanently delete
all copies" on termination + named the survival sections.
- Section 7 (Entire Agreement): added.
For commercial redistribution, resale, or hosted-service rights,
operators still email licensing@keysat.xyz — that's now
explicitly the single contact point at the bottom of the file.
Grant