It isn't a surprise that AGPL is on that list, as it redefines simple usage to be redistribution.
I'm sympathetic for its goals of closing the "_application service provider loophole_", but you know what, Open Source, nay Free Software means freedom, so when you grant your users freedoms, your users might end up using your software in ways that you don't support. Freedom is never a _loophole_, freedom is just freedom.
In this regard I think FSF has derailed from its own spirit. E.g. GPLv2 just demands for the source code to be available for any distributed binaries, being a simple copyright license. GPLv3 on the other hand extends that with extra clauses to prevent Tivoization, another supposed _loophole_. In the words of Linus Tolvards:
> If you're a mad scientist, you can use GPLv2'd software for your evil plans to take over the world ("Sharks with lasers on their heads!!"), and the GPLv2 just says that you have to give source code back. And that's OK by me. I like sharks with lasers. I just want the mad scientists of the world to pay me back in kind
When you start noticing _loopholes_ everywhere and closing them, pretty soon you're left with something that is no better than a proprietary, freeware license.
GPLv3 may be acceptable, but AGPL should have never been accepted as an Open Source license by OSI.
> Freedom is never a _loophole_, freedom is just freedom.
By that standard, the only truly free "license" is the public domain.
FSF and other license authors have a different philosophical representation about what freedom means: we are not discussing the freedom of the person using the code (that is maximized simply by ceding him all intelectual rights, ideally with the exclusion of everybody else); we are concerned about the agregate impact the licenses have over the way society uses and engages with technology.
That is such a broad topic, lending itself to such diverse political views, that it's impossible to say FSF or GPLv3 are "wrong" without acknowledging their premises and examining your own hidden political assumptions. (I use 'political' here in it's broadest sense, an attitude regarding the functioning of the society).
>> The freedom to run the program as you wish, for any purpose (freedom 0).
> The AGPL denies recipients this freedom.
The disagreement here is of course about who the user is. If you are running the software on a server for others to use, you are not the user in the eyes of FSF.
Luckily multiple licenses exist, so when you write a piece of software you get to decide what definition of user you want to grant freedoms to.
Probably this is a misunderstanding of the parent post. It might be useful to explain: AGPL does not forbid running a piece of software as a network service, of course you can do that. You must, however, provide the users with the source code to the software, and their data (upon request, you can even ask money for this service). With the source, you must include the right to redistribute the source further.
This is the same demand the GPL always demanded of users, however the advent of cloud software has enabled a sort of loophole in the sense that making software based on GPL software available for users through a web interface was not regulated and thus imposed no demands for source redistribution (same for other distribution "through the cloud", for instance, some companies do this using VNC, RDP or Citrix. There's also custom protocols). If outlook used the Exim mail service, for instance, you would be able to get the source for that service from Microsoft.
It also closes the RPC loophole. If you build a GPL piece of software into another piece, connect them up using some sort of RPC interface, in GPLv2 it is somewhat unclear whether this constitutes redistribution (and therefore requires full source) or not. In AGPL/GPLv3, there is no doubt: it does require source to the whole thing.
What if I took, say iText (the PDF library that is licensed under AGPL) and I made a "data to pdf" conversion server with it...then I made the iText library optional by building in support for multiple PDF libraries?
Clearly, this server is a stand-alone product. However, it's also a piece of infrastructure that could be used by my other servers to do work for users.
Is the AGPL well defined for this case? Do I have to release the source for my entire product or just the PDF conversion server?
Perhaps I should also mention: Generating PDFs is a very, very small feature of my overall product. It's not the whole product. So, IMO this type of usage should be completely fair.
If there is, say, a high-quality AGPL hash-table implementation, and I combine that into my TCP stack, the resulting work is AGPL, sure. But I can't actually use the TCP stack - I have no way to make source code available to people who connect to my TCP stack. There's no TCP option for a URL for source code.
So, I cannot run the program as I wish for any purpose. I can run it for limited purposes: those where there is no network interaction, and those where the network interaction is rich enough to support offering source code.
You do not have to offer the source code using the source code or through the service it provides. If you just throw it up on GitHub or whatever it still counts.
That still means that I must offer the entire source code for my TCP stack to the world. That's not how any other free software license works - if I'm running a GPL'd TCP stack like Linux's, and I've made modifications to it, I don't have to offer the sources for it unless I'm distributing the program. Merely using the modified code to be on the network does not imply a source obligation.
I mean, it is probably reasonable, in the abstract, to have licenses that say "You may not modify this software internally and use it at all unless you make the changes public." Plenty of licenses have required that. Those licenses are non-free in the FSF sense, and they have rejected such licenses before.
And the GPL restricts freedoms 2 and 3. Both are explicitly designed to preserve freedom for everyone forever, not to maximum freedom for the next person in the chain. In the view of the FSF, the freedom to deny other people the same freedoms that you have is not a freedom worth preserving.
> as it redefines simple usage to be redistribution
This is an incorrect interpretation of AGPLv3. AGPLv3 only requires that you provide corresponding sources if you have modified your copy of a program, and you make it accessible to users over a network. Aside from this one provision, AGPLv3 is the same as GPLv3. From the text of the license:
> [...] if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version
That AGPLv3 explicitly states that allowing access to software through a network does not constitute "conveying", and so many of the requirements don't apply in that case. I would consider the above to be far beyond "simple usage" of a program.
> your users might end up using your software in ways that you don't support.
This appears to be a carried-forward error from your misinterpretation of AGPLv3. AGPLv3 doesn't restrict usage (no GPL license restricts usage). It adds restrictions for redistribution, and for allowing users to access modified versions of software over a computer network.
> In this regard I think FSF has derailed from its own spirit. [...] GPLv2 just demands for the source code [...] GPLv3 on the other hand extends that with extra clauses to prevent Tivoisation.
I used to feel the same way, but what caused me to change my mind is to ask why "Tivoisation" is bad and what the long-term rammifications could be of allowing such a practice. In short, the problem is that you have some software that you practically don't have the ability to change, even though you have the source code. The end result is that you will have a world of free software made effectively proprietary because you cannot exercise your freedom to change the software. That is why the FSF felt it was an issue.
Now, you may not agree with the scale of the issue, and feel that the FSF over-stepped the mark. But I don't agree that the FSF has derailed from its spirit -- the spirit of the FSF is to promote free software and to protect user freedom. Disallowing a mechanism to be used that stops users from exercising one of their freedoms is very much in keeping with their spirit.
The rationale of the GPL is that if one allows a commercial closed-source derivative of an open source project, then the commercial derivative will always be the best one, since it can incorporate any changes from the open source project, but the open source project cannot do the same.
This means that the best software will tend to be proprietary software as long as there's anyone at all making such proprietary derivatives, which is the opposite of the FSF's mission.
Instead, by preventing non-free derivatives using the GPL, proprietary software can only be better if the total amount of work put on it is greater than open source software, which is a non-trivial barrier.
AGPL just extends that logic to remote services.
Part of the GPLv3 instead seeks to reduce the commercial success of freedom-denying hardware by preventing it being shipped with GPLv3-licensed software.
You're viewing this from the wrong perspective. GPL was designed to protect the user, not somebody else. To give and ensure freedoms to inspect, edit and redistribute.
The user of a GPL webapp is afforded none of those freedoms (except what is sent) and that might go some distance to explain why there's so little GPL activity in this area.
AGPL ensures those freedoms. That obviously makes it pretty undesirable for commercial deployment but that's not the goal of the license, enduring freedom for users is.
He makes it clear his issue is only when the site is doing something that could be done locally (in the photos.google.com example, if you are sharing the photos with others that could not be done locally) or if there is unfree javascript running on your computer (which is a very different issue than the one you're raising - you can access and modify the javascript, but it is nonfree).
If I install Wordpress on my own server and do modifications to it for my own purposes, I am nothing more than a user of Wordpress.
> If I access photos.google.com, I am a user of photos.google.com – yet I can not access the code. This is a problem.
If you borrow my own laptop and use one of my applications installed on it, would you also like access to its source code?
And here we have the crux of the matter ... GPL was about distribution as defined by copyright law. AGPL is no longer about distribution, AGPL is an EULA, restricting what users (yes) can do.
No. You aren't being denied your freedoms on someone else's computer because you have no right to exercise them to begin with---it's not yours.
It's the same concept with the AGPL---I have no right to modify the source code on someone else's server; I'd need to install it on my own.
If you had to have access to the source code for everything you used, it'd be an almost impossible burden. rms takes public transportation in Boston, for example. Those terminals are interactive touchscreens, required for payment and printing tickets. He'd be unable to use the transit system.
From stallman.org:
> However, if I am visiting somewhere and the machines available nearby happen to contain non-free software, through no doing of mine, I don't refuse to touch them. I will use them briefly for tasks such as browsing. This limited usage doesn't give my assent to the software's license, or make me responsible its being present in the computer, or make me the possessor of a copy of it, so I don't see an ethical obligation to refrain from this. Of course, I explain to the local people why they should migrate the machines to free software, but I don't push them hard, because annoying them is not the way to convince them.
> Likewise, I don't need to worry about what software is in a kiosk, pay phone, or ATM that I am using. I hope their owners migrate them to free software, for their sake, but there's no need for me to refuse to touch them until then. (I do consider what those machines and their owners might do with my personal data, but that's a different issue, which would arise just the same even if they did use free software. My response to that issue is to minimize those activities which give them any data about me.)
> That's my policy about using a machine once in a while. If I were to use it for an hour every day, that would no longer be "once in a while" — it would be regular use. At that point, I would start to feel the heavy hand of any nonfree software in that computer, and feel the duty to arrange to use a liberated computer instead.
> Likewise, if I were to ask or lead someone to set up a computer for me to use, that would make me ethically responsible for its software load. In such a case I insist on free software, just as if the machine were my own property.
That's orthogonal to the issue. Of course you have the freedom to refrain from use of any technology, unless you're somehow being mandated by law to use it.
Well, since we are already orthogonal, lets turn this the other way round. Would you support the idea that any software that you are mandated by law to use, should be required to be open source?
And just like I won’t give you my source code unless you give me the source code of your laptop, I won’t give Google my source unless they give me the source code of all their products.
I have that very same right with any Service-as-a-Software-Substitute as well
Characterizing it as wrong is missing the nuance with respect to rights.
The whole “origin myth” of why Stallman did what he did was based on being unable to use a printer. As computing moves to this model where your computer is more of a TV, that problem moves and as an individual you lose sovereignty over your data.
That has many other implications — there are many discussions here of what third party doctrine means in a legal sense. I don’t know that software licensing is the solution is the best answer, but it’s an honest attempt to address a serious problem.
I see an agenda when people bring out freedom to mean one thing and only one thing without then mention the massive work done in the last hundred if not thousands of years in the field of philosophy. Freedom is not just freedom, and we have words like liberty, negative rights, positive rights, human rights, and so on to define all the variations that we put into the word freedom.
When a organization is working to bring freedom I don't say that they are derailing the spirit by demanding laws that define individuals rights. Laws are restrictions, but they are also conditions which are common to everyone. There is a rather large distinction between finding and fixing loopholes for common rights and creating a despotic environment, and that is the intent. Laws that fix common rights are intended to increase liberty. Laws that create despotic environments is intended repress those without power.
Linus Tolvards care about DRM but don't think a copyright license is the right way. That is his opinion. If someone want to produce code that can not be reused because of DRM then he do not care, or at least not enough to want a software license to enforce it. Other people disagree and that code that can't be used is of no use and thus any rights to have useless code is useless. They think that a software license is a good place to enforce this.
Which option? Allowing AGPLv3 use in Google? IANAL, but the usual reason is:
a) use is redistribution,
b) redistribution means you have to produce the source on demand,
c) now you have to produce unknown parts of google3 on demand
With the added kicker that smart people (Eben Moglen, Lawrence Rosen) disagree on exactly what you have to do for the copyleft clauses to kick in. For example: if you import an AGPLv3 Python library versus it loads you versus dlopen a library vs statically link one.
There is no legal precedence to define when a combination of different work create a single work. In theory a program linked with a library could be seen as one work, or two works that interacts, and this is where the disagreement comes when lawyers discuss linking technology. The reason why there is no legal precedence is that no lawyer of a company being accused of copyright infringement has argued the point of the work being multiple rather than a single one.
Why has no company done this? Lets look at an example. Back a few years ago when "cloud" was a major buzz word people were suggesting to turn gaming into a service. A cloud provider would buy a single copy and serve millions by running the game locally and providing a remote desktop like environment to the user. The game industry reply was that this would be copyright infringement. A single copy and millions of users would obviously be wrong, no matter what technology is used to enable it. Their bet is that a judge would see very similar on the issue.
The question about what a judge or jury would think is very significant. Do they care if a library is linked statically or dynamically, or if the programming language is intepreted or compiled? Will those technical aspect determine the question about what constitute "the work"? My bet, and many others including Eben Moglen seem to be that judges and juries will not. What do you think?
For a company to design a policy as a method of avoiding risk, they don’t have to believe that’s how it should work, but rather just that it’s plausible. My point is that, like you said, we don’t know: we can only guess.
I disagree, it looks like AGPL actually works for users' benefits, prohibiting usage by corporations that require various lock-ins or secretive spying to make money on users. It also works for developers' benefits by not destroying a potential business model of selling your software to corporations, but still remaining free for anyone to use and try it out.
Personally, I've been looking for a license that somehow prohibits usage by large corporations, but still doesn't cause problems for anyone else.
I made a small tool to check the licenses of your installed npm dependencies, which you can execute it by running this on the root of your project:
npx legally
It will search for licenses in the LICENSE file, Readme.md and package.json (and alt spellings) and make a small report of: what licenses are in use, and some anomalies. The repo:
Nice. We may use this. TBH, licenses in NPM seem like such an afterthought. And the past few companies I've worked at all took advantage of it, greatly. Mostly with SaaS, so they should be OK, but also with commercially distributed software.
> WTFPL not allowed. We also do not allow contribution to projects under the WTFPL.
I am assuming this does not apply to personal projects, but then why would you contribute Google code to something that you cannot use anyway due to licensing issues?
Google's contention has always been that there is no such thing as a personal project. You can fill out a form to officially get permission to have a "personal project", however, but I doubt many people want to deal with the bureaucracy.
You will notice 6 missing years in commits to my personal github. That is why. Every "personal project" I did ended up in the Google repository instead.
How do they justify that belief? If something is done outside of work hours, not using a work computer, then how would they have any claim over it whatsoever?
It is a widely held belief that writing computer code is an intellectual and creative endeavour (IIRC codified so in European law or something†), therefore it is not tied to a specific timeframe within which you work: you are very much able to think about and solve a work problem under your shower, that's why the corresponding intellectual property of that solution is owned by the company you work for, independent of the time of day you thought about it.
So to cover that, typically law basically defaults on granting your company IP rights on anything you create anytime while you're an employee, and should there be need to challenge that, it's up to you to uphold in court that project X has nothing to do with your company business or tech, or to ensure beforehand that your contract has special provisions granting you IP rights in known situations.
† At the very least this is also the basis as to why software is not patentable in EU, unless they are an integral part of a very concrete process that itself solves an issue (e.g say you invent an industrial process that allows you to synthesize molecule X more efficiently, and that process involves a bit of code as an integral and required part of said process because it is deeply tied to it in a fundamental way, then that precise bit of software can be covered by the patent of the process)
To extend let's change the field a bit: Imagine you are a scientist working in a lab, employed to develop new technologies. One day you're falling in the shower and scribble an idea for a flux capacitor. Could you patent it? Or the company? What if it happens in the office? If that makes a difference: How to prove? Most employment contracts (at least the ones I have seen) make the assumption clear, that all results of "software development" are treated as work for the company. Many companies than have ways to allow hobby projects info uelds different from the actual work (while that definition is quite unspecific and has to be decided case by case)
From what I have seen, a lot of companies have very restrictive IP clauses in employment contracts (at least here in IE).
The first draft of my current contract wanted a claim to all creative work produced, at all hours, on any equipment, in any medium. (e.g. the copyright on a photo I took on holiday would technically have been owned by my employer.)
They also wanted me to give up all "moral rights" which meant I could not say I created anything I did while being employed, and more worryingly, I could not say I didn't create something that the company said I did.
So if you do some volunteer work on a weekend for the web site for a non-profit (say a community center you're a member of). Does that mean that Google doesn't allow that? Does this clause cover any creative work (such as a unique desk that you designed for your home lab)?
This is surprisingly normal. A majority of programmers have contracts that vaguely specify ownership over everything you produce. It's why "personal github as CV" is such a terrible idea.
Interesting. By that do you mean that you chose to release your personal projects under Google or that your personal projects were useful to Google and hence you got their official blessing on them?
There is a clause in the work contract that claims that Google has ownership of all your IP relating to Google's current or planned businesses. Given that it's Google, that's... a very broad category.
You can apply (the process is described on the same website as TFA) to have Google declare that a certain project definitely is not one of their businesses and therefore not covered. You could also make your own judgment, but (having talked to a lawyer about this when considering a Google offer) my impression is that that is a very bad idea and you should go through the process.
(I only know about the US-but-not-California version of the contract; it might be different in other jurisdictions.)
I think that laws should feature these extremelly large fines to companies for keeping clauses in contract that are already known to be in conflict with existing laws.
A very large number of contracts will be so much better and more slim, and a lot of people will not be harrassed by scare tactics.
It's not just because they can't use the code, it's also because WTFPL doesn't include some very important things for a license (like a warranty disclaimer), meaning just contributing to the code could get you into legal trouble.
The legal system and lawyers aren't just some kind of conspiracy that only exists to funnel money into their system, they solve a very real purpose.
"Do what the fuck you want" isn't even a good sentence, let alone a statement on what you can do, how your liability is limited, rules on naming and attribution, etc...
Questions like "Can I use this without attribution?", "Can I hold you liable for the code you wrote?", "Will you charge me for using this code?", "What does the license cover? (documentation? just the program? just source code?)", and "Who owns the copyright for this work?" are not answered by the license, leaving them all up in the air.
I'm not going to use code that someone can attempt to charge me for using later, and I'm not going to contribute to code that can cause me to be sued for my contributions not working.
I get the want for simple licenses, but I feel that licenses like MIT or Apache2 are simple enough to be understood by most people, and they fulfil all the checkboxes of a real license.
It's especially telling that the WTFPL contains a clause which calls out a lot of this information for the license text only (must be distributed verbatim or have the name changed, all are permitted to distribute it, and a copyright for the license text).
The answers to those questions seem pretty clear to me
Just do what the fuck you want with everything in the repo. No copyright, if you want to say that you created the code and rebase all history, it's also your right. Feel free.
And it seems kind of obvious you can't hold the author liable for any trouble (though I don't know anything about law so maybe it's more complicated than it looks). Also it says in the FAQ that you can just add a warranty clause if you need one.
>And it seems kind of obvious you can't hold the author liable for any trouble
But legally it's not obvious. I'm not a lawyer, and I don't pretend to understand all of the concepts, but I believe there is a concept of "fit for purpose" where unless you specifically say otherwise, it is assumed that your "creation" will do what it says it will do, and if it fails to do that in a way that harms someone, you can be held liable. A company that makes ladders can't claim it's not their fault that it collapsed unless they put in very obvious and clear wording that the ladder has no warranty or purpose and they can't be held accountable. Similarly, your code that pads strings on the left is expected to do so, and if it doesn't and that causes harm to someone, then they could claim that you are liable for at least part of those damages.
Also, there is no such thing as "no copyright" in many parts of the world. IIRC in the US EVERYTHING has copyright automatically and until it expires, even if it's not declared. You can't "give up" your copyright, all you can do is license it. Again, i'm not a lawyer, but this is how I understand the system works.
Answers to those questions may seem obvious to a layperson, but they aren't to a legal system. And choosing to not participate in the legal shit doesn't mean you are immune to the law.
If it were a conspiracy to fuel business, I'd expect them to say use it then unpick the mess when someone brings a legal action.
It's just too vague to be useful - legitimate questions such as "does it cover code only or documentation as well?", or "is the author disclaiming any warranties or liability that may be implied by the law?" are left unanswered.
There seems little reason to use it over e.g. MIT or FPL-1.0.0, both of which accomplish similar ends and are quite readable without introducing a bunch of uncertainty for both parties.
WTFPL can include a warranty clause (see [0] «Why is there no “no warranty” clause?»)
Also, the Google guidelines consider that WTFPL is recognised as open source by OSI, yet there seems to be some opinion from FSF people that it is free software (see [0] «Is the WTFPL a valid license?»).
Guess nothing I release will be used at Google. Oh well, none of it is particularly good or relevant anyway. Funny though, because they are doing exactly the opposite as what the license allows them to do.
I guess this is a case where the intent of the license might be obvious, but the legal details of the license not worked out well enough. I really don't understand why people, who basically want to open their sources to everyone, don't just take one of the more established licenses for that purpose, like MIT/BSD.
Proper licensing of software is a technical requirement, if you want your software to be used. The technicalities of the law might be unneccessary complex, bizarre even in some cases, but thats how the law is. We programmers are not goint to change that. So, if you really don't care, just take the MIT license, which is about the simplest of the widely used licenses. With that license, anyone interested has a clear base to use your software. Unless of course, you don't intend to share your software for real in the first place.
Your original comment said you "didn't understand," not that you "didn't agree." The former prompts a very different answer than the latter, but you're acting as if you said the latter.
To understand it, all you need to do is understand that some folks take actions based on ideological beliefs, often to the exclusion of pragmatism, knowingly or not.
No, it doesn't. I really do not understand why one thinks this is a good idea. Yes, people are free in their beliefs and expression. But if they try to do this with a nonstandard license, it only means, that the software is effectively not published as open source.
The technicalities of the law are very complicated. Tiny mistakes can render a license unusable or just invalid. So, the best advice I can give any author is to stick to one of the well-known license, as this makes it very likely that the software can be used by others.
WTFPL is essentially an ideological stance against the concept of intellectually property. To use the software you have to partially reject the importance of license compliance.
Nice to see the new web projects like Mastodon, Owncloud etc being released under AGPL. I hope projects like OnlyOffice, IPFS etc to move to this model
> I hope projects like [...] IPFS etc to move to this model
I work on the IPFS project so might be biased, but why do you prefer AGPL over MIT (which IPFS is currently licensed under)?
Personally I prefer short and sweet licences, MIT is so short and simple that even I can understand it. But then again, I don't know enough about AGPL to know why I would prefer it over MIT.
Edit: I also came across this wording: "Using AGPL software requires that anything it links to must also be licensed under the AGPL", that sounds like the opposite of freedom. I don't know much so probably getting something wrong here...
AGPL is a very different spirit than MIT. MIT is pretty much “do what you want, but no warranty applies, and you have to give credit”. AGPL is a strong copyleft license that requires redistribution and even extends redistribution requirements to indirect users, specifically users of the services you run using AGPL code.
Do what you want with no laws, conditions or restrictions is not freedom for me in any other area of life so why should we use that as the definition for software licenses?
Absolute freedom is horrible. In every place it exist it causes massive damage and reduce peoples liberty. Practically every philosopher on the topic acknowledge that absolute freedom, the law of the jungle, result in devastation for those with less power.
What make software so difference that the law of the jungle is suddenly the only right definition for freedom?
So I don't know much about licensing (and don't do any active decisions about it, I pretty much default to using MIT on a personal level) but doesn't "requires redistribution" restrict freedom here? Freedom for me would be "do what you want, but I don't give you any warranty" while AGPL would mean less freedom directly. Forcing people to redistribute the source, doesn't mean freedom to me.
The freedom to see and modify code if you're not a developer? Bypassing how that would work, it's 99% freedom, as there is still restrictions on what you can do with it. You cannot, for example, package it, call it something else and distribute it without the source. I don't see how that can be called freedom. Either you have the freedom to do whatever you want with the code, or you don't have the freedom. 99% freedom is (for me at least) not good enough.
It's like the license (that I can't remember the name of right now) where you can do whatever you want with the software EXCEPT use it for evil. That's not freedom, freedom is: do whatever you want, literally. At least for me.
The GPL is used for a very large amount of free software, so I'm a little confused by your rejection of the very concept.
But the general idea is that the GPL guarantees the same freedoms to everyone (the right to use the software, modify it, and distribute it). But the only way of guaranteeing the same set of freedoms is to restrict people from taking away others' freedoms. Personally, I think that's more than fair, because the net effect is that everyone has software freedom (which is what the whole free software movement is about).
> That's not freedom, freedom is: do whatever you want, literally. At least for me.
To give an extreme analogy, the "freedom to murder" or the "freedom to incarcerate other people against their will" is not permitted in free countries. Is this an attack on people's freedoms? No, it's required in order for everyone to be able to exercise their freedom to live and free movement.
> You cannot, for example, package it, call it something else and distribute it without the source. I don't see how that can be called freedom.
It's intended to maximize freedom to modify and inspect as a whole not at every individual while ensuring that the freedom to do so it preserved for future users. It's a pretty simple and consistent goal and it focuses on the freedoms of the user instead of the freedom of developers. Where those come into conflict like a developer using the code then it defers to the freedoms of 'end' users because in every case the developer of any given application that's used will be outnumbered by the users of that application.
The problem comes in that by granting the developer the ability to do whatever you want, that also includes denying the user the ability to do whatever they want. So, the developer gets 100% freedom, and the user gets 0%.
I dislike the notion that the fluency of a user in programming matters at all - nothing prevents them from learning how to program from the code made available to them (a proven benefit), or from hiring someone to look over the code on their behalf.
Ultimately, the original software's developer's definition of freedom trumps all of ours. Our freedom is to pick whether to use software that has that license or not.
With permissive licences like the MIT licence, Evil Corp could take your code and improve it, but make their improvements proprietary. Evil Corp then has a better product than you. They can continue to benefit from your future work, but you can't benefit from theirs.
The same is true of the GPL, as long as Evil Corp never distributes the binaries to the end user. This is the service-as-a-software-substitute loophole.
With the AGPL, if Evil Corp modifies your code and allows their customer to run it, their customer is entitled to receive the source under the AGPL, which allows them to contribute it back upstream to you. You then have a product just as good as Evil Corp. They benefit from your future work, and you can benefit from theirs.
> With permissive licences like the MIT licence, Evil Corp could take your code and improve it, but make their improvements proprietary.
Sure, they could, and as it turns out, that seems in practice to make them more likely, not less, to not only use but also contribute back to the permissively licensed project.
> With the AGPL, if Evil Corp modifies your code and allows their customer to run it, their customer is entitled to receive the source under the AGPL, which allows them to contribute it back upstream to you.
Yeah, but the Evil Corps won't touch it; the first Evil Corp that wants to do something similar to what you are doing as a proprietary project but also have the benefits of open source community will spend the money to reimplement your system with a permissive license as well as building proprietary extensions, and Evil Corps 2...n will also use (and often contribute back to!) the permissive core while differentiating with their own proprietary extensions.
> that seems in practice to make them more likely, not less, to not only use but also contribute back to the permissively licensed project.
Yes, and that's good! I agree that open source is a better way of making better software.
Suppose your software is in a particularly innovative area (AI, cloud-based marketing buzzword generation, whatever's fashionable) where there's first-mover advantage; or in an area where there's a network effect. In those situations, Evil Corp might plausibly want to embrace, extend and out-compete the community-driven effort.
Google Play essentially did this with AOSP: embrace and extend with proprietary features. Consumers choose the larger feature-set over the community-driven competitor.
So the AGPL can defend community-driven projects from being out-competed by in-house projects who take permissively-licensed code and choose not to contribute back.
> spend the money to reimplement your system with a permissive license as well as building proprietary extensions
Yes, and that's fine. They may lose the first-mover advantage if the AGPL community-driven software can get into users' hands first. And they don't have the leg-up of simply importing code from the community project. This helps the community project to compete.
> Google Play essentially did this with AOSP: embrace and extend with proprietary features.
No, it didn't. Branded Android has always included Google proprietary apps and services (Google Play is the most recent name for that), and AOSP is a cathedral model open source project driven by Google which has whatever bits of Android they both can and choose to make open, it's not a community open source project they embraced and extended with proprietary features.
I suppose my point was that originally, “Android” was mostly open source. Google then quietly replaced parts with proprietary equivalents with a few more features, and now AOSP is nowhere near as useful (to ordinary consumers) as Google's proprietary distribution of Android.
A similar story could happen to a proprietary fork of a permissively-licensed open source project. Copyleft licences are designed to prevent proprietary forks.
And of course if you don't want that, you can license your code using a permissive licence. But that's why someone might choose a copyleft licence.
If I'm the writer of the original code, that's fine by me. If EC wants to expend the money and effort to replace my code, and that's their prerogative.
Getting changes back upstream is not the goal of the GPL and associated licenses, it's just a handy side effect. The goal is to ensure that the end users can see and modify and audit and redistribute what's running on their machines. It's to ensure the betterment of all software and the empowerment of all users, not just programmers.
> Sure, they could, and as it turns out, that seems in
> practice to make them more likely, not less, to not only
> use but also contribute back to the permissively licensed
> project.
This is a common argument from MIT/BSD/Permissive licensing folks, but there are many counterexamples.
NetApps entire OS is based on FreeBSD. There is no WAFL filesystem donated back to FreeBSD.
Isilon (now EMC/Dell) is based on FreeBSD. There is no OneFS distributed filesystem donated back to FreeBSD.
Apple MacOS is based on FreeBSD. There is no HFS+ filesystem donated back to FreeBSD.
There are many examples of corporations donating back to permissively licensed projects, but enough counterexamples (I use the storage space as that is what I'm most familiar with) that I don't think in general you can say that "in practice... it makes them more likely.. to contribute back."
> Evil Corp could take your code and improve it, but make their improvements proprietary
Yeah, but isn't that what software freedom is all about? People can get the code and do whatever they want with it? Of course it's nicer if they share back, but if they don't, it's their loss, they won't get contributions.
If users truly value the license and to be able to contribute back, users would naturally chose to use my code rather than using the code from Evil Corp, since it has the "wrong" license from them.
Limiting the usage and distribution feels like the opposite of freedom, but I want to re-iterate that my knowledge about licensing is so limited, it feels like I'm misunderstanding something here.
I'm very grateful for the answers, so I can educate myself :)
You make good points and are certainly using one valid definition of "software freedom". It focuses on the people who write code.
The idea of such "copyleft" licenses is to go further and use copyright law as a tool in what is seen as a broader fight for freedom. This fight (see the Free Software Foundation for more) focuses on the people who run the code --- not the people who write it.
The premise is that my fundamental rights and freedoms are infringed when I run non-free code. Therefore, the argument goes, we should use copyright law to ensure that our code cannot be used in such ways to exploit or hurt people, by requiring that anyone who uses our code makes the source available to the people running it.
It's about end-user freedom, not developer freedom.
It prevents the developer from limiting others' freedoms later.
If upstream uses a permissive license, then a developer can build on it without giving back to the open source part, and anybody using that derivative has lost software freedom.
But a developer can still have nearly complete freedom even with the GPL; they simply must distribute their source under the same license. Not very onerous.
Thanks for providing your point of view, appreciate it!
So the point of AGPL is to force people into a world of open source? Not because it's better and people prefer it, but because the license requires it? I'm not sure I'm a fan of that, as that's the opposite of what I see freedom being.
"nearly complete freedom" and "they simply must" feels like it's missing the point. As someone else in this post said: "freedom is just freedom". By defining what conditions freedom vs not-freedom is ok, aren't we missing the entire point of freedom?
If you give people freedom, they might use that in a way you don't approve of. If you give freedom, unless you do X, it's not freedom anymore, it's just a set of constraints.
It's not to force open source, but to ensure that free software stays free.
Freedom is good, right? The GPL is based on the belief that everlasting nearly-total freedom is better than transient total freedom.
Restrict exactly one freedom now, the ability to release without source, and you guarantee all the remaining freedoms (all of them!) to all future end users.
Allow that one last freedom to developers, and you potentially deprive freedom from later users.
The GPL doesn't stop people from using software in ways I don't approve. It only prevents further restrictions on freedom.
> I'm not sure I'm a fan of that, as that's the opposite of what I see freedom being.
Your freedom ends where other people's freedom begins. That's just basic ethics. No freedom is absolute.
And by releasing important software under Free/Libre licenses, one enables a lot of other people's freedoms that way.
Whereas the distinction of freedom you're looking for is egoistic and self-serving. Which is okay, I guess, for code that you wrote all by yourself, but not for projects where other people participate as well.
I'm not sure why Google is being singled out here. It would be much more unusual for a company even 100x smaller than Google to _not_ have license requirements for projects they use.
> notably the Mule ESB and most of the code that backs Reddit, cannot be used at Google
Interesting that they mention reddit specifically. On the other hand, it‘s the first time I hear about the CPAL, so maybe reddit is just the most prominent user of this obscure license.
Mule ESB is apparently a Java-based enterprise service bus from MuleSoft (which is in talks with Salesforce about an acquisition).
"google3: The internal name for our main Piper source repository, and identifies the third incarnation of the source layout for Google production code."
In addition to what the other commenters said, I believe it is also the name of their web server executable which includes the core Google search code. Written mostly in C++ but also ships with some Python scripts and protobuf linking it to other services.
I don't work at Google, this is just what I heard.
These kinds of lists are fairly common; we have a similar list at Pivotal. There's nothing sinister about it and the lawyers are not ignorant of opensource or how it works. Big companies simply have a very different legal threat profile from individual contributors.
If you want your code to be used by a major company, my impression is that the Apache 2 license is the winner.
To my fellow programmers, consider for yourself why should gigantic, massively wealthy corporations get to use our code for free. Use the most restrictive version of the GPL to keep your code free for other individuals like us, and provide a paid license option for gigantocorps.
There's a very legitimate answer to your question: some people believe that having your code be actually used, at scale/ in the real world, is a benefit in and unto itself; you get a "portfolio", a "brand" - things that are intangible but still valuable. If your code makes it into some mission-critical system, you have a fair shot at consulting for that "massively wealthy corporation".
I guess it all boils down to: "do you get more value out of people using your code, or out of keeping the code to a restricted set of people?". Similar to how there are two ways to approach your billion-dollar-startup-idea: either guard it with NDA & limit sharing; or talk to everyone about it. Both are legitimate approaches, but really, in a lot of cases the "billion-dollar-idea" is not really worth that billion dollars. Same with code - in a lot of cases, the code is not as valuable as we'd like to think, until it's actually used (& gets a chance to be refined by many users, and to evolve in the right direction(s)).
Turns out that WTFPL has the effect of being ultra-permissive, while effectively preventing use by gigantocorps with teams of paranoid lawyers.
Win!
(Edit: this also happened with a project that I started and licensed as WTFPL. Maintainership quickly passed onto someone else, but the licence remained and was a problem for precisely no-one until Intel decided that they wanted to use the software... except their lawyers wouldn't accept WTFPL. The maintainer decided to relicense as ISC and that's cool, but it's further proof that WTFPL effectively immunises against gigantocorps.)
My employment contract prohibits me from accepting outside money for software engineering work. I can't offer a paid license option, and moving to a company that has no such restriction im the contract would be a huge pay cut, beyond anything I could hope to make from license sales (unless, perhaps, I do that full-time).
We cannot solve capitalism with capitalism. If we want to stop gigantic, massively-wealthy corporations, let's do that with legislation, not by monetizing our free-time projects.
This really depends on what your goals are. For example if you want a standard that is defined by your software to become an accepted and widely used world wide standard, then Apache or MIT may be a good license. If your application could use a lot more contributions, and most companies won't lose anything if they contribute back their modifications, then AGPL may be better. If you want to make some money off your software, then maybe a Free license isn't appropriate at all. Or maybe it is, if your software lends itself to making money off of side services (support, bespoke enhancements, paid plugin modules, etc).
If your open source project is significant enough that a company would license it, yes, dual licensing GPL and closed source is a good business model. The success of QT was based on this business model. This however means, you cannot accept contributions by the communite to the code basis without a licensing agreement with every single contributor.
For most projects, it is the goal to share the code and get back contributions by the user community. That includes any company using the code. But for that, the license needs to be permissive enough for commercial usage.
> To my fellow programmers, consider for yourself why should gigantic, massively wealthy corporations get to use our code for free. Use the most restrictive version of the GPL to keep your code free for other individuals like us, and provide a paid license option for gigantocorps.
If it can't be used by anyone without restriction, it is neither opensource nor free software. You don't get to pick and choose who uses your software. That's the entire point.
I really like Apache’s explanation linked from that page of the Apache license as a “universal donor” and GPL as a “universal recipient”. It’s the cleanest analogy about open-source licenses I’ve seen.
Question: suppose Google had code running on their servers that was licensed under AGPL. AFAIK that means they have to release the code running on their server(s) , but because Google's code is proprietary and closed what would happen? A whistle blower notices and exposes them?
Seems that unless someone is dumb enough to use AGPL, commercialize it and open source their code they would never be caught. Same with most licenses, really.
> AFAIK that means they have to release the code running on their server(s)
This is incorrect. If they want to comply with the license, then that is what they have to do. They don't have to comply with the license. You never have to comply with a license. However, by not complying with the license, you are infringing on copyright. If they sue you then you may get an injunction to stop using the software, and/or you may have to pay money. It's certainly not a good situation to be in, but it's copyright infringement -- no more and no less.
It's pretty hard for someone externally to discover this, but Google has 20k+ software engineers, and I believe they all have access to the monorepo. All it takes is a single person with a grudge to leak a single screenshot to the right people, and Google is facing an immense lawsuit.
I am not a lawyer, but I expect that the core defences to such a lawsuit would be showing that you had a policy against using such code, showing you take active measures to avoid introducing it and showing rapid action if someone brings an example to your attention.
I don't think it would be an "enormous lawsuit", except against the individual trying to maliciously introduce code against policy in order to harm their employer. Torts ahoy.
Yes, I agree that this policy provides reasonable guards against someone introducing AGPL by accident, or even maliciously. But I took GP's point to imply a hypothetical where Google decides to more or less actively flaunt the restriction.
btw -- "flout" is usually what's meant in terms of breaking laws, rules etc. It's basically a pedant's dream, which is doubly appropriate in a legal context.
Obeying the terms of a license correctly is not about getting "cought", but a thing of integrity. If a certain license is incompatible with how a company runs their business, then completely staying away from software licensed by that license is the honest and right thing to do.
If Google put Citus (for example) on their servers, they would have to release the source code for Citus and everything it's linked to, which might include PostgresSQL but wouldn't include anything else.
It's a pretty big stretch to believe that just checking Citus into their monorepo, exposing it to the world and accessing it from an internal service would constitute a link and require release of any of their proprietary code.
Google may not want to take that risk, but that risk is miniscule IMO. IANAL.
So does that mean that AGPL code isn't suitable if you need to interface it to, for example, an Oracle DB as you don't have the source or rights to release Oracle (as an example)? If that's the case, then I could see why it would be on the no-list. Google has a bunch of internal secret sauce that may need to be called on by an external-facing app.
Not at all. You don't have copyright permission to modify Oracle DB, yet you are using it lawfully, therefore via the definition of "modified work" in the AGPL it's not covered by the AGPL.
Right. Any other interpretation is the "GPL is cancer"-FUD propagated by enemies of free licenses, like Microsoft under Balmer. Though lawyers like to err on this side of license interpretation.
Why is this being down-voted? It's totally correct. GPLed code linked into a program doesn't magically make the program GPLed. The GPL guarantees that as long as you provide the source code of your code under the GPL, you automatically get a license to use other GPLed code in your code. If you use GPLed code, but don't provide your code under the GPL, then you are probably infringing copyrights. That can be mitigated (assuming you're honorable and don't just hide it) by possibly paying the authors of the GPLed code to get a license under different terms, or possibly removing the code in question and maybe paying the original authors, or by fighting in court and possibly being forced to stop distributing the code and then removing the code and paying fines, or (as many assume is the only option) releasing their own code under the GPL as well.
The details of what would occur almost certainly depend on the circumstances (was it known, when was it known, was it on purpose, did it have any real effect or was it a random bit of source code that was basically unused, etc.) and jurisdiction as well. Regardless it's definitely not the case that the GPL just magically infects any code it touches. That is a ridiculous simplification that is mostly spread by ignorance or those spreading FUD. Hell the GPL doesn't even do anything at all until the programs themselves is distributed.
It's perfectly reasonable to prefer other licenses over the GPL, but let's not make up reasons to dislike it.
I think that the topic is too complicated. Too many developers not firmly on the FOSS-side simply follow the FUD, or they follow their lawyer's [typically overly risk-averse] lead when saying to steer away, or when the virality is described elsewhere. The knowledge that even GPL2-definition of virality for linked code is debatable (what exactly is linked code, what does being part of something mean exactly? To not get started with derived work), what GPL3 means in this context, and that the court's decisions in different jurisdictions are not straightforward is simply not there. Thus downvotes, as you saw.
The questions with the monorepo and having code checked in is the perfect example.
On the other hand, it is understandable. In a crazy jurisdiction like the US where Oracle can win with absurdly claiming copyright on Java-APIs I can understand everyone trying to minimize risk.
This is splitting hairs. If you link GPL’d code to your proprietary code (and distribute your proprietary code to users in executable form), your only options are to release your code under the GPL or violate copyright law. You can address your illegal action in the ways you’ve described but you’re absolutely engaging in illegal behavior at the point you link the GPL code without licensing your own code under the GPL.
The “viral” description of the GPL is reasonably accurate. At least for people don’t who want to engage in illegal behavior. Forced (re)licensing is specifically the intent of the GPL.
It absolutely is not splitting hairs. This means that if you have a large codebase and accidentally link GPLed code into it, you have many different options that do not involve GPLing your code. Many people incorrectly believe that is not the case which is proved by many of the responses in this very thread.
One of the original examples here in this thread (by bryanlarsen above) was even about checking GPLed code into a repo. Any company can do that and can experiment and decide they really like the code and then they can e.g. contact the copyright holders and offer to license under different terms or another large number of options. This sort of misconception is widespread only one example of why most people's understanding of the "GPL is viral" is simply wrong. Calling this splitting hairs is ridiculous. It's fundamental.
Who thinks that “accidental” linking is the problem? And how does that really even happen? You accidentally check in some GPL code, build and link to it, and then also accidentally distribute the resulting binaries?
Bryanlarsen above specifically called out that checking into a repo is not linking.
The only real misconception is that use of GPL software by a company will somehow result in all software owned by that company becoming GPL licensed. This is of course not true. It is true that linking proprietary software to GPL code and then distributing executables must result in either the proprietary software being licensed under the GPL or a copyright violation.
Your comments about getting different license terms is proving my point. Your proposed solutions to the GPL redistribution clause all boil down to not using GPL software.
> The only real misconception is that use of GPL software by a company will somehow result in all software owned by that company becoming GPL licensed. This is of course not true. It is true that linking proprietary software to GPL code and then distributing executables must result in either the proprietary software being licensed under the GPL or a copyright violation.
Other than the fact that you can of course negotiate another license to that GPLed software, I agree. Said more succinctly, distributing copyrighted materials without a license is a copyright violation and that has nothing to do with the GPL. My point is that the remedy for the copyright violation need not result in your original codebase being GPLed. This is even true if the original authors absolutely refuse to issue you a separate non-GPL license or refuse to negotiate. In that case they can probably get an injunction and statutory damages (of course assuming they pursue legal action).
Regardless, I don't think we disagree here. However, you seem to be ignorant of the FUD that is often spread about the GPL. Many people believe claims like if Microsoft linked GPLed code into Office that they would have no choice but to GPL all of Office. That is false. As long as we agree about this I don't see any point in discussing this further.
> Your comments about getting different license terms is proving my point. Your proposed solutions to the GPL redistribution clause all boil down to not using GPL software.
Well if you'd like a clear statement about my beliefs it's this: Don't use software if you aren't prepared to meet the terms of its license. But that doesn't really have anything to do with the GPL specifically.
I concur that we generally agree on the facts. We seem to have different interpretations of what those facts imply, though. This comment I disagree with:
“Regardless it's definitely not the case that the GPL just magically infects any code it touches. That is a ridiculous simplification that is mostly spread by ignorance or those spreading FUD.”
The GPL does infect the code it touches. If you link your proprietary software to GPL software, now and forever the binaries you produced with that linking are “tainted”. You distribute the source under the GPL or you do not distribute those binaries (or you violate the law). You can certainly back out the offending change and future binaries will clean and clear, but the GPL does, by design, force the choice between copyright violation and opening up proprietary software. It does not, however, perpetually “taint” source that touched it in the past and anyone who thinks it does is misinformed.
The characterization as viral/infectious remains reasonable, though, given the intent and the legal implications.
> If you link your proprietary software to GPL software, now and forever the binaries you produced with that linking are “tainted”. You distribute the source under the GPL or you do not distribute those binaries (or you violate the law). You can certainly back out the offending change and future binaries will clean and clear, but the GPL does, by design, force the choice between copyright violation and opening up proprietary software.
We are in agreement that you can of course also negotiate another license right? (Assuming the copyright holder(s) go along.) I don't want to beat a dead horse here, but I just want to make sure we're clear about that one thing. Your sentence here seems to present a binary choice when of course it isn't binary.
edit: I only bring this up because another misconception many (not necessarily you) have is that software cannot be simultaneously GPL as well as another license. This should be basically obvious to most when they think about it (basically all business to business software is negotiated under different licenses for example), but most somehow still don't realize it when it comes to the GPL for some reason.
> We are in agreement that you can of course also negotiate another license right? (Assuming the copyright holder(s) go along.) I don't want to beat a dead horse here, but I just want to make sure we're clear about that one thing. Your sentence here seems to present a binary choice when of course it isn't binary.
Of course. If you negotiate a different license, then of course you are no longer bound by the terms of the GPL. That doesn't say anything about the intent or effects of the GPL itself, though.
> edit: I only bring this up because another misconception many (not necessarily you) have is that software cannot be simultaneously GPL as well as another license. This should be basically obvious to most when they think about it (basically all business to business software is negotiated under different licenses for example), but most somehow still don't realize it when it comes to the GPL for some reason.
That is an option in theory, and lots of software is dual- or multiple-licensed. It depends on how the software was written, though. If a single entity (or small number of entities) owns the copyright to the software, this is definitely viable. Lots of authors who retain their own copyright on their contributions gets a lot harder. You technically need all contributors to agree to the relicensing if they haven't signed over their copyrights to someone else (as the FSF requires for software they maintain).
I'm actually not sure about the legality of some of the open-source relicensing that happens. I've seen projects announce that they are relicensing without getting signoff from all contributors. This is shady and unlikely to be legal. Using software that's been relicensed this way is probably a terrible idea (from a dev standpoint; doesn't matter much for end users).
> "GPLed code linked into a program doesn't magically make the program GPLed"
> Lots of people for debatable but legitimate reasons believe that GPLv2 does this.
> They don't realize that this doesn't apply to GPLv3, nor to the AGPLv3.
Honestly I simply think you're not understanding me. Let me summarize: linking GPLed code without GPLing your own code and without having any other license to do so is copyright infringement. There are multiple ways to avoid infringement. You can pay the authors for another license, you can possibly remove the code and pay the authors enough so they're drop the matter, you can go to court, or you can release your own code under the GPL.
You do understand that that is not the same as saying that "linking GPLed code to your code makes your code GPLed" right?
edit: Apologies if I misunderstood you when you said: "Lots of people for debatable but legitimate reasons believe that GPLv2 does this." Maybe you don't believe this yourself (which is what I assumed when drafting my reply here). I agree with you that lots of people believe this, but it basically isn't debatable and certainly is wrong. Put another way: What is the legal rationale for the claim that linking GPLed code immediately makes the linking code GPLed?
Assuming that linked code is distributed. You can use it internally as much as you want. (With the caveat that distribution has a broader meeting under AzGPL.)
You are 100% correct that you can execute/link/etc. GPLed code without following the terms of the license when you're not distributing your code. But I'm not referring to distribution. I'm saying that if you were to link your own non-GPLed code to GPLed code _and_ you were to distribute it, your code would not automatically become GPLed code. You would be infringing upon copyright. There are multiple options to stop that infringement which do not involve GPLing your code.
It would be obvious if they were running something which is very similar to an existing AGPL application. If they changed it significantly then you'd probably have to rely on whistleblowers.
>Question: suppose Google had code running on their servers that was licensed under AGPL. AFAIK that means they have to release the code, but because Google's code is proprietary and closed what would happen? A whistle blower notices and exposes them?
I don't think they have to do anything, even if they did had AGPL.
The license is only relevant if they distribute the source (or a product written in it), not as to what they privately do with it on their servers.
Now, if they had used that code on, say, Android, that's a different thing.
The main difference between GPL and AGPL is that with AGPL, running software and exposing it on the web also effectively counts as distributing the software.
There are some contentious points with AGPL. For example, lets say your website is backed by an AGPL-licensed database. Do you have to open-source your website? Or only modifications you make to the database software? Or only if you expose the database software directly? Very often these questions are not clear with the AGPL, but just having these ambiguities is enough for a company like Google to stay clear completely.
This is incorrect, as far as I know. The FSF page [1] says as much. IANAL, but the relevant portion of the license appears to be this:
You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways:
d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. [2]
No, that's the point of AGPL. It extends rights to users of a hosted application, as well a users of hosted applications linked to it. As the linked motivation states, "Even if you think you aren’t linking to anything important, it still presents a huge risk to Google because of how integrated much of our code is".
The lines between "distribute the source (or a product written in it)" and "what you privately do on your servers" is (I think) hard to discern for a lot of Google's code.
If I have open source code that estimates your shoes size based on your IP address, and I make a website that will output your result... which category of code is this? What if I use this code to customize the UI for a shoe store?
Honest question, is there an established way of deciding whether something counts as "distributed"? Is it simply a question of what machine it runs on?
Hasn't been tested in court to my knowledge, but my understanding is that leading IP lawyers who otherwise disagree on a bunch of things about the GPL (Eben Moglen, Lawrence Rosen) agree that e.g a modified GPLd publicly accessible web server doesn't count as distribution.
No, RTFL. AGPL doesn't need your product/binary/code to be distributed, it's enough that you offer a (web) service based in part on AGPL-licensed code.
Surprising that they do not address the issue of derivative works for instance in relation to the EPL. The documentation correctly states that modifications to EPLed code must be made available. But it is also the case that any work that in itself is a derivative work of EPLed code must also be licensed under the EPL.
I also find that supremely ironic. Google's reasoning is probably sound from a legal perspective, because 'do what you want' with it can be argued that the responsibility of the original code lies with the original author, and it's not clear. But yeah, it's humorous that a license deliberately designed for this reason isn't accepted.
The restrictive licenses bring nothing to the table. It is an outdated dogma. We ought to choose licences that actually enable software to be written, without needless hurdles.
Apple, MS and Google understood this, and they release swathes of stuff under _useful_ licences. If you make something open-source, you probably want it to be legally usable.
Personal opinion - If I'm writing software and releasing it as open source, and you want to use it to lessen your own workload, then I expect you to do something in return - make your changes to it available to others.
You're getting the results of my labor, and my "payment" for that labor is "paying it forward" as it were. Old fashioned values perhaps, but paying it forward not a huge ask in my book.
You'll mechanically get rewards in terms of bugs reported, paid bug fixes, paid enhancements etc. Useful software brings value to it by the virtue of being useful.
There is also a mechanical incentive to contribute back, which is "not having to maintain a fork".
Nothing prevents the bug reports, fixes, or enhancements in a GPL/AGPL world.
> Useful software brings value to it by the virtue of being useful.
To be blunt, tell that to OpenSSL and ntpd. Both are broadly used and freely licensed, yet they're chronically short contributers, bug fixes, funding, etc.
Being useful to others is somewhat psychologically rewarding, as are the occasional patches and bug reports. But it's not why I (and many others) open source their software.
This is a pretty uncharitable description of copyleft. There are those of us who don't want our code to be used in proprietary software. When you say "licences that actually enable software to be written" or "_useful_ licences", the part you're leaving out is "licences that actually enable software to be written [and embedded in proprietary software]" and "_useful_ licences [for embedding in proprietary software]".
When I write proprietary software (or code that can be used in proprietary software), I want to be compensated for it. For everything else, there's copyleft. I certainly don't want or expect everyone to follow this standard, and I'm also perfectly happy for others that share their code under permissive licenses, but for me (and others like me), copyleft is not "an outdated dogma".
The problem is this interact badly with the nature of software which is valuable by being reusable, and extract added value from what can be automated.
Where there was perhaps a market need for 1 library for doing task X, now there are countless libraries doing X, each with incompatible licences and programming languages. But the added value to extract hasn't moved.
Like too diverse programming languages, I feel like this creativity in licensing only weakens software quality worldwide through rework and contributes to the "too much software" problem.
(edit: and it's worse with licences who aren't actually legal anywhere)
I've chosen a license (MIT) accepted by Google (and many others) specifically because it enables abuse and exploitation, as a sort of defensive tactic. It's a kind of game theory approach, though it doesn't speak well for the future of open source…
I'm from the music and the music-instrument industries, so it's natural for me to recognize consolidated power when I see it. From where I stand, the only people who've ever achieved a platform from which they could express anything (up to and including the Eagles) got there through a stage where they could be ruthlessly exploited and sucked dry of all they had, with no recompense.
Open source can be like that, which is why the GPL exists: it's a counterbalance. That alone is extremely valuable. In my music example the GPL can be the Irving Azoff, going to war against software unfreeness and making its clients wealthy and successful and granting power in a practical sense.
However, in my opinion you can't get there from zero: trying to wield that power from a starting-up position will only get you shunned, and so we see here in the Google banned license list. The only licenses allowed are those where the original creator can be completely exploited.
You have to both be good, and prepared to be horribly exploited, to get access to power and attention on a viral scale. If you try to strike a fair deal from the start, it's a recipe for being shunned or blackballed.
By definition the power differential between a lone creator and idea-haver, and a vast company, is huge. No license phraseology can take that away.
So, since I do things with software that I want to proliferate and become popular, I have to select a license that allows for companies and individuals to abuse me. In so doing, their self-interest is evident. In return, the license asks for 'exposure' on my behalf: credit, and even that's not a given.
So my tactic in handling this stuff is to try and set up a scenario where I'm also praising to the skies anyone who uses my source, in hopes that they in turn see PR benefit in praising me. It's power again: from my position of minimal power and ownership of useful code, I have to signal to the more powerful entity that I'll let them completely take advantage of me if only they throw me some crumbs.
Then, if one day I do end up powerful, I hopefully come up with something really indispensable, and THEN I GPL it and chuckle merrily when they come to me for alternate terms.
Until then, open source licensing has absolutely no power to better my situation, and its ability to aid the freedom of the code under its umbrella applies only to that code and not to any of the people responsible for thinking up the code. They've got to be either completely self-sacrificing, or making a machiavellian calculation about relative power much as I am.
Sharing can only be done from a position of power and abundance. Once that's granted, you learn how badly the sharer needs to maintain their position of power…
Though you've taken a different path with licensing than I have (I release under GPLv3, even though I don't actually consider myself a Free Software fundamentalist), I very much respect your decision and your post here. You're probably the only person I've seen advocate for MIT et. al. who acknowledges the major power disparity between individual maintainers and gigantocorps. It's given me something to think about with regards to my own projects. I still may not release under MIT, but it may lead me to working in very different ways.
I'm sympathetic for its goals of closing the "_application service provider loophole_", but you know what, Open Source, nay Free Software means freedom, so when you grant your users freedoms, your users might end up using your software in ways that you don't support. Freedom is never a _loophole_, freedom is just freedom.
In this regard I think FSF has derailed from its own spirit. E.g. GPLv2 just demands for the source code to be available for any distributed binaries, being a simple copyright license. GPLv3 on the other hand extends that with extra clauses to prevent Tivoization, another supposed _loophole_. In the words of Linus Tolvards:
> If you're a mad scientist, you can use GPLv2'd software for your evil plans to take over the world ("Sharks with lasers on their heads!!"), and the GPLv2 just says that you have to give source code back. And that's OK by me. I like sharks with lasers. I just want the mad scientists of the world to pay me back in kind
When you start noticing _loopholes_ everywhere and closing them, pretty soon you're left with something that is no better than a proprietary, freeware license.
GPLv3 may be acceptable, but AGPL should have never been accepted as an Open Source license by OSI.