For fear of falling into a logical fallacy, let’s use a specific example:
- A is a western researcher contributing to a computer vision library like OpenCV
- B is Russia
- C is Ukraine
- B uses A’s work to attack (in the most literal sense) C
- A doesn’t like this but can’t do a thing about it because of OSD5 / OSD6
- You “fix” OSD to prevent B attacking C, but B is outside of your regulatory sphere and does it anyway
In this case you’ve just broken it for A (and everyone else dependent on them) without fixing what you set out to fix anyway. Further complicating the situation is when [the jurisdiction of] A flip-flops from supporting C to supporting B, as may be happening as we speak.
This is one of myriad reasons why ethics must remain outside of the scope of Open Source, but can certainly be addressed by other frameworks.
While I accept that the “stewards” of Open Source in particular have done incredible damage to the brand by releasing a definition (i.e., OSAID) that doesn’t require the source (i.e., data), I don’t believe it’s irreparable harm (yet), and the technology doesn’t care for hurting marketers’ feelings — either we have a litmus test that works and protects the four freedoms so the software/models can form the foundation for future generations, or we do not. Right now, we do not, but @giacomo’s minimalist amendment to cover data for completeness at least demonstrates that we could without creating a conflicting definition.
If we can’t achieve clear consensus in the community on this, then dare say we can’t achieve it on that (I wouldn’t support it, and I know many others who wouldn’t), and that’s fine… it just means Open Source goes on meaning what it has since it was “invented” over a quarter century ago, as defined by the Open Source Definition at v1.9.