
Making the GPL more scary - janvdberg
https://lwn.net/Articles/768670/
======
amingilani
I'm probably going to get a lot of flak for this, but here's an opinion
supporting the MongoDB license. Two things:

1\. MongoDB has the right to do whatever they like

\------------------------------------------------------

The creator of a product:

1\. Has a rational interest in maximizing their returns

2\. Owns all the rights to their products (barring existing IP restrictions)

And if they choose to open source their code:

3\. it is of their own prerogative

4\. without any obligation to do so.

Given 1, and 2, if they open source their code, they're an awesome person
because they're revealing some portion of their secret business logic to the
public. With that, they are entitled to whatever conditions they put on their
code. That includes CLA's regardless of how much potential contributors will
protest.

It doesn't matter how "against the spirit of open source" a CLA, or an overly
radical copy-left license is. The creator of the product will always have an
obligation to their own interests first, and since they're already sacrificing
trade secrets by revealing their software source (something they were never
obligated to), they can honestly do whatever they'd like.

And this includes ensuring that _everyone_ using their software open-sources
all forks of their software. Heck, even open-sources everything they use in
support of their software.

Let's face it, if their software just weren't that good, no one would use it.

2\. This License Means More Open Source Code

\----------------------------------------------------

If the outside world wants more open source code, I don't see why they'd
giving MongoDB any flak for this. All this license will do is result in more
open-source code. After all, isn't that the point all along?

Or are zealous demands for open-source code only valid while it's all about a
single popular product by a big company (MongoDB), and not when smaller
software components by smaller companies (billing, hosting scripts by SaaS
providers)?

 _Edited for grammar and other things my brain missed_

~~~
hannob
> 1\. MongoDB has the right to do whatever they like

Well, no, obviously not. They have to stay within legal bounds. But of course
they can have any obscure license that is legal if they want.

The thing they get flak for is trying to deceive the public.

> 2\. This License Means More Open Source Code

This license is only open source in a very obscure interpretation of the word.
It's basically doing a lot of legal gymnastics to say "we don't want
Google+Amazon to sell services based on our database, but we still want to
call it Open Source". These two goals are fundamentally incompatible.

~~~
msbarnett
> This license is only open source in a very obscure interpretation of the
> word.

It's "open source" in the dead-obvious meaning "the source code is open for
inspection". I'd argue it's all of the extra baggage that the OSI have read
into the words "open" and "source" that are considerably more obscure. Neither
the word "open" nor "source" implies "free for commercial exploitation to all
and sundry"

~~~
mindcrime
The _phrase_ "Open Source" is not necessarily just the summation of the
constituent words "open" and "source". "Open Source" is a unique concept with
a unique meaning... and the de-facto definition of that concept, is the
OSD[1].

Similarly, there are are de-facto terms for the "the source code is open for
inspection" (but not otherwise Open Source) models: things like "Source
Available"[2] and "Shared Source"[3].

People trying to muddy the waters are generally being intentionally
disingenuous because they want the general goodwill and positive buzz
associated with being Open Source, without actually, ya know, being Open
Source.

[1]: [https://opensource.org/osd-annotated](https://opensource.org/osd-
annotated)

[2]: [https://en.wikipedia.org/wiki/Source-
available_software](https://en.wikipedia.org/wiki/Source-available_software)

[3]:
[https://en.wikipedia.org/wiki/Shared_Source_Initiative](https://en.wikipedia.org/wiki/Shared_Source_Initiative)

~~~
msbarnett
> The phrase "Open Source" is not necessarily just the summation of the
> constituent words "open" and "source". "Open Source" is a unique concept
> with a unique meaning... and the de-facto definition of that concept, is the
> OSD[1].

The use of the phrase "Open Source" predates the very _existence_ of the OSD
by years[1], so it's somewhat laughable to claim that people are "trying to
muddy the waters and being intentionally disingenuous" for simply not
complying with the OSI's attempt to retroactively redefine the phrase to mean
something other than the conventional and obvious meaning.

[1] The OSI was formed in February of 1998. The OSD had been drafted 9 months
prior, in mid 1997. If, as claimed, the meaning of the phrase "Open Source"
sprung forth from the ether with the OSD, then why, pray tell, is it dead easy
to find uses prior to 1997 in which people are obviously referring to the
ability to _see_ the source-code and obviously _not_ referring to the ability
to exploit it commercially?

For instance, here's a post from 1993 on comp.os.ms-windows.programmer.win32
([https://groups.google.com/forum/#!msg/comp.os.ms-
windows.pro...](https://groups.google.com/forum/#!msg/comp.os.ms-
windows.programmer.win32/WoBvPB0U9Co/wXfpq5nEJTYJ)):

> If a developer wants money for shareware, paying the fee should
> automatically grant the user a copy of the source code for their personal
> use. Restrictions could prohibit modifying and redistributing binaries, but
> should allow distribution of "deltas" for bug fixes, etc.

> Anyone else into "Source Code for NT"? The tools and stuff I'm writing for
> NT will be released with source. If there are "proprietary" tricks that MS
> wants to hide, the only way to subvert their hoarding is to post source that
> illuminates (and I don't mean disclosing stuff obtained by a non-disclosure
> agreement). Open Source is best for everyone in the long run.

Or this email from 1996 ([http://www.xent.com/FoRK-
archive/fall96/0269.html](http://www.xent.com/FoRK-archive/fall96/0269.html)):

> Caldera Announces Open Source for DOS.

> ...

> Caldera believes an open source code model benefits the industry in many
> ways.

> ...

> Individuals can use OpenDOS source for personal use at no cost. Individuals
> and organizations desiring to commercially redistribute Caldera OpenDOS must
> acquire a license with an associated small fee.

I guess somebody should travel back in time and tell them they're "muddying
the waters and being intentionally disingenuous"?

Or maybe, _just maybe_ , it's the OSI that muddied the waters by trying to
redefine a term to add their own ideological baggage to it.

~~~
mindcrime
Just because OSI wasn't formed as a legal entity until 1998 doesn't mean that
the people involved weren't around and involved in those earlier discussions
of "open source". All OSI did was formalize what was in common usage. And
sure, you can cherry pick a few exceptions where individuals used the term in
different ways. That has little or nothing to do with contemporary usage.

And in today's vernacular (dating back to at least 2000 or so) the de-facto
definition _is_ the OSI definition. A few lone-wolf dissenters don't change
that.

~~~
zzzcpan
Languages don't work like that. You don't just come up with a definition and
try to force everyone to use it. People learn definitions from how they are
used and mentioned in the things they encounter.

In reality almost no one is aware that OSI definition exists and those who do
can't even remember what it is exactly. So, no, de-facto definition of open
source is definitely not an OSI definition, but mostly literal meaning of open
source software with most people presuming freely usable software as well to
some degree. Take SQLite for example, it's open source, but not OSI open
source and everyone is ok with that. Because this is where common meaning is.
And trying to claim authority over it just invites bad PR for OSI. I guess OSI
is already that irrelevant and it's pretty much consequence free to use a
proper common meaning of open source.

~~~
mindcrime
_You don 't just come up with a definition and try to force everyone to use
it._

Right, and nobody did that.

 _In reality almost no one is aware that OSI definition exists and those who
do can 't even remember what it is exactly._

I haven't found that to be the case. At least not for people who are actually
involved in the open source community to any serious level. Maybe for casual
bystanders.

------
wowamit
The change in licence terms sounds too stringent — far beyond just the scope
of derived works which is typically the case. Especially “requiring a
relicensing of the Linux kernel if a MongoDB service runs on Linux”?

MongoDB can very well stop calling itself an open source software then when to
use it in any significant manner, one needs to get into a proprietary license
agreement. Wish the license doesn’t get approved as a valid open-source
license.

------
aequitas
> "Service Source Code" means the Corresponding Source for the Program or the
> modified version, and the Corresponding Source for all programs that you use
> to make the Program or modified version available as a service, including,
> without limitation, management software, user interfaces, application
> program interfaces, automation software, monitoring software, backup
> software, storage software and hosting software, all such that a user could
> run an instance of the service using the Service Source Code you make
> available.

How could one even practically conform to this license? Unless you are a 100%
pure open source house, every company uses proprietary software in some form.
Be it the OS/Apps on your developers/operations (management software) laptops
(macOS/Windows) or firmware/tooling (ILO, DRAC, etc) of your server stack.

I understand they want us to buy a proprietary mongo license, but I don't see
how it would even be possible to run mongo as a service without.

~~~
cyphar
It should also be noted that they require the "Service Source Code" to be
provided _under the terms of their license_. So it's not possible for anyone
to follow these restrictions even on a fully free software stack if any part
of that stack is copyleft (for instance, Linux).

~~~
aequitas
That was what first caught my eye as well, which would make it impossible.

> The affected code must not only be released, it must be made available under
> the SSPL.

But I think it should be interpreted that if you modify the code (mongodb)
under SSPL it should be distributed under the same license, like is normal for
other open source licenses.

~~~
cyphar
No, while they don't have the AGPL section, the wording in section 13 is
pretty clear:

> you must make the _Service Source Code_ available via network download to
> everyone at no charge, _under the terms of this License_.

Now, this only applies if you've modified the source code. But being barred
from the effective right (due to the requirement mentioned above) to use
modified versions of software makes it obviously proprietary.

------
lolc
I wasn't aware Mongo had the kind of market-share that would allow them to
pull this off. While some people might pay, it's just going to remove trust.
Who's going to recommend Mongo after this? Good chance it won't even be
considered Free Software anymore.

------
qwerty456127
Do I understand it right, that whatever a project I build using MongoDB (i.e.
any website/app that uses a MongoDB instance as a backend to store data
directly or via a middleware layer or has a feature of connecting to MongoDB)
I must open-source it completely? This feels a way too radical if so.

~~~
pmontra
> The only substantive change is an explicit condition that any organization
> attempting to exploit MongoDB as a service must open source the software
> that it uses to offer such service

If you're building for example an ecommerce that uses MongoDB as database,
you're not selling MongoDB as a service, so you don't need to license your
software with this new SSPL.

If you're building an ecommerce as a service with a MongoDB database, again
you're not selling MongoDB as a service, so you're safe again.

IANAL + usual disclaimers.

~~~
bad_user
That's not how licenses work.

------
jbeard4
I wonder why the RPL isn't more popular for this. It's an OSI-approved license
that is meant to fix the "SAAS loophole":

 _PREAMBLE_

 _The Reciprocal Public License (RPL) is based on the concept of reciprocity
or, if you prefer, fairness._

 _In short, this license grew out of a desire to close loopholes in previous
open source licenses, loopholes that allowed parties to acquire open source
software and derive financial benefit from it without having to release their
improvements or derivatives to the community which enabled them. This occurred
any time an entity did not release their application to a "third party"._

 _While there is a certain freedom in this model of licensing, it struck the
authors of the RPL as being unfair to the open source community at large and
to the original authors of the works in particular. After all, bug fixes,
extensions, and meaningful and valuable derivatives were not consistently
finding their way back into the community where they could fuel further, and
faster, growth and expansion of the overall open source software base._

 _While you should clearly read and understand the entire license, the essence
of the RPL is found in two definitions: "Deploy" and "Required Components"._

 _Regarding deployment, under the RPL your changes, bug fixes, extensions,
etc. must be made available to the open source community at large when you
Deploy in any form -- either internally or to an outside party. Once you start
running the software you have to start sharing the software._

 _Further, under the RPL all components you author including schemas, scripts,
source code, etc. -- regardless of whether they 're compiled into a single
binary or used as two halves of client/server application -- must be shared.
You have to share the whole pie, not an isolated slice of it._

 _In addition to these goals, the RPL was authored to meet the requirements of
the Open Source Definition as maintained by the Open Source Initiative (OSI)._

[https://opensource.org/licenses/RPL-1.5](https://opensource.org/licenses/RPL-1.5)

~~~
tannhaeuser
Interesting. I guess the RPL however is as toothless as the AGPL when it comes
to extend its scope to the provisioning software cloud providers use to run
your AGPL-licensed software for their customers, which is the problem I
believe MongoDB, Inc. wants to target.

~~~
jbeard4
IANAL, but I guess this comes down to the interpretation of "Required
Components".

 _1.12 "Required Components" means any text, programs, scripts, schema,
interface definitions, control files, or other works created by You which are
required by a third party of average skill to successfully install and run
Licensed Software containing Your Modifications, or to install and run Your
Derivative Works._

You have to make the source of the required components available under the RPL
(section 6.0-6.1).

Would provisioning software to operationalize a database within a cloud
environment be considered a "required component"? Maybe. If the cloud provider
made modifications to the db source to get it to run well inside of their
cloud environment, and did it in a way that made it impossible to run the
modified db outside of their cloud environment, without using their custom
provisioning scripts, then I would argue that those provisioning scripts would
be considered "required components" under the definition in 1.12. But if they
are able to run the db without making modifications to it, so that it is the
same as upstream, and a third party developer does not need the provisioning
scripts to run the modified db, then the provisioning scripts would not be
considered required components.

So, the RPL is perhaps stronger than the AGPL, but not strong enough for
MongoDB or Redis Labs.

------
dongping
Open source (~= free software) is aimed to protect the freedom of the user,
not the freedom of the (proprietary) software developer.

By forcing developers to disclose their changes to MongoDB essentially makes
the end-users more free, since they can then replicate more parts of the
program they are using.

\------------------------------

Proprietary software developers use copyright to take away the users' freedom;
we use copyright to guarantee their freedom.

\------------------------------

[https://www.gnu.org/licenses/copyleft.html](https://www.gnu.org/licenses/copyleft.html)

~~~
bad_user
> _(proprietary) software developer_

Don't know from where you pulled that off, probably inspired by the communist
manifesto, but such software developers are also users and the distinction is
entirely superficial in order to advance an agenda.

Down with the bourgeoisie, heh?

> _By forcing developers to disclose their changes to MongoDB essentially
> makes the end-users more free, since they can then replicate more parts of
> the program they are using._

So wait, "end users" are empowered developers now?

Oh, is this a good guys versus bad guys thing?

------
enriquto
The AGPL is a great license for free software development. It is also great to
be coupled with a proprietary license, something that does no often make sense
with other licenses.

~~~
StudentStuff
I have found AGPLv3 useful, everything I do is under AGPLv3, if people want to
use it under other terms, they can pay me for a branch under a mutually
acceptable license. I will not maintain the alternatively licensed branch
unless paid, and these branches after a few months are generally missing
significant features.

Its a fine revenue stream for me, and in the context of what I am building and
the companies that are using it, there is absolutely no reason to not use the
AGPLv3 licensed master branch or releases, as I know they will never extend my
software. Yet some people have an axe to grind with AGPLv3, to which I get to
respond "Pay me money or fuck off". Seeing as none of them understand how to
write software, they tend to pay me :P

Worst case someone extends one of my AGPLv3 projects, adding features and
improving it. I'll accept a pull request with no CLA so long as the code is of
decent quality.

~~~
danieldk
_I 'll accept a pull request with no CLA so long as the code is of decent
quality. _

If you accept contributions without a CLA, you are not the sole owner of the
copyrights anymore and you cannot offer a proprietary paid branch, unless all
contributors give you permission to relicense their AGPL code as proprietary.

~~~
StudentStuff
Yep, and I'm perfectly fine with this. If someone wants a non-copyleft branch,
they can pay me to rewrite the features I didn't author, otherwise I will
exclude the added code from said pull request.

Its a definite edge case, but if I can get active contributors, I am not about
to ask them to sign a CLA.

~~~
akjha
Keeping track of and excluding commits authored by others seems a lot of work.
I am curious if you use any kind of tooling or process to make it easier.

~~~
dragonwriter
A bigger issue might be trying to filter anything that might be _derivative_
of contributed work not covered by CLA.

~~~
akjha
Yes, I am not sure how I will do that. I guess it can create enough FUD to
scare away any commercial client.

------
weinzierl
>Like Redis Labs before it, MongoDB has concluded that this license allows a
bit too much. In particular, cloud providers are offering access to MongoDB
instances without cutting the company in on the resulting revenue stream, and
that doesn't feel right. In response, MongoDB has just announced an immediate
shift to its brand-new Server Side Public License (SSPL).

This paragraph conflates Redis' application of the Commons Clause [1] to its
add-ons with the switch of the license for MongoDB from AGPL to its own
license called SSPL[2]. This are in my eyes two very different things.

The Commons Clause is a commercial restriction and its creators are very clear
about the fact that it is not an Open Source license.

The SSPL, on the other hand is, in my opinion, an adaption of the GPL to new
distribution channels that goes even further than the AGPL. I see this as very
much in line with the original spirit of the GPL, regardless whether MogoDB's
motivation might be primarily commercial or not. These are just my 2 ct from a
curious glance and I'd be very much interested how RMS sees this, I hope we
will get a statement from him or the GNU project.

>There is a lesson here for contributors as well. The request for license
approval notes that: "As of this writing, the MongoDB GITHUB repository shows
over 43,000 commits, 680 releases, and over 350 contributors." To become one
of those contributors, a developer must first sign MongoDB's contributor
agreement, which assigns copyright ownership to MongoDB. Those contributors
all gave MongoDB the right to relicense their code in this manner [...]

CLAs are pretty common nowadays and they can be a problem for potential
contributors but pointing at MongoDB, for just doing what many other large
OpenSource projects do, isn't fair.

[1] [https://commonsclause.com/](https://commonsclause.com/)

[2] [https://www.mongodb.com/licensing/server-side-public-
license](https://www.mongodb.com/licensing/server-side-public-license)

~~~
cyphar
> I see this as very much in line with the original spirit of the GPL,
> regardless whether MogoDB's motivation might be primarily commercial or not.

I disagree. GPL was never about relicensing other people's software. The SSPL
basically requires this if you read Section 13.

> CLAs are pretty common nowadays and they can be a problem for potential
> contributors but pointing at MongoDB, for just doing what many other large
> OpenSource projects do, isn't fair.

Just because many projects do this doesn't mean it's a good thing to do -- the
FSF CLA is the only CLA I would find acceptable because it's purpose is to
ensure they can relicense to later GPL versions as well as have litigation
rights in the US. Several other "CLAs" (like Apache's) are actually just
beefed up versions of the DCO.

But unconditional and asymmetric CLAs are the reason that OpenSolaris could
become proprietary under Oracle, as well as many other horror stories in the
history of free software. Many people use them, but that doesn't justify it.

------
pessimizer
Weird thought, but I think that with this license MongoDB has managed to
attack the OSI without attacking the FSF. To me, this is perfectly acceptable
Free Software but so strict that it basically reads "do not use this software
commercially, it requires you to open every piece of software that any of your
employees have ever seen or heard of, including software you do not own.
Purchase a license from us." In other words, commercial usage is allowed in
the post-revolution Free world that Free Software hopes to bring about, where
people have access to the contents of the computers that they interact with,
and the freedom to mess with the ones they own.

The Open Source concept, however, is not philosophically based; its primary
goal is to allow businesses to collaborate on building blocks, but not to
prevent them from taking one of those blocks and carving it into something
that they're not willing to share. Since their primary goal is to help
business, they can't help but disapprove; since they don't explicitly state
this goal, they have no nominal basis to reject it without rejecting Free
Software in general.

I predict some eventual announcement that the license is "effectively closed
source" and instead of accompanying that announcement with a specific
supporting argument, they'll accompany it with a questionable written history
of the OSI. They'll disapprove, or approve with asterisk.

edit: and, of course, what kemitchell said.

~~~
dragonwriter
> Since their primary goal is to help business, they can't help but
> disapprove; since they don't explicitly state this goal, they have no
> nominal basis to reject it without rejecting Free Software in general.

Without engaging with your characterization of OSI motives, the OSI has a
clear basis to reject it without rejecting Free Software in general; unlike
all other existing Free Software licenses, SSPL (which might be Free Software)
violates criterion 9 of the Open Source definition by restricting licensing of
other software not derivative of, or part of a shared work with, the software
originally distributed under the SSPL.

------
platz
SSPLV2: If you want to use my software freely, you must open source every
piece of software you've ever touched or been in contact with, even if you
don't own it, or I get to sue you.

QED

~~~
binomialxenon
The SSPL is what Ballmer thought the GPL was.

------
thu
Wouldn't it be possible for an entity such as Amazon to establish a separate
legal entity and thus circumvent MongoDB's Server Side Public License ?

The separate entity would provide the "raw" service (where there wouldn't be
much to open source) to Amazon, possibly running MongoDB directly on their
infrastructure, then Amazon would turn it into a full-fledged SaaS offer.

~~~
gowld
A SaaS offer sounds like offering MongoDB as a service. The lawyers would
enjoy hashing that out for billable hours.

------
fabianhjr
Dmytri Kleiner has something to say about this and published a Copyfarleft
license called Peer Production License.

[http://www.networkcultures.org/_uploads/%233notebook_telekom...](http://www.networkcultures.org/_uploads/%233notebook_telekommunist.pdf)

~~~
yarrel
No he doesn't. It's the licensing equivalent of trying to hold your breath
until your opponent's face turns blue.

------
polyomino
This has the potential to backfire spectacularly. If anyone is able to abide
by this license and offer mongodb as a service, they will dramatically lower
the barrier to entry for mongodb hosting.

Mongo is betting that their service is uncommodifiable.

Perhaps they want to get out of the hosting game altogether, make their money
consulting. In that case they’d have made a very competitive hosting market to
drive down prices and spur adoption.

~~~
gowld
Why would a competitor be better at hosting mongodb than mongodb company
itself?

~~~
bad_user
Because it can be cheaper.

------
antt
I would like to make it explicit that only flesh and blood individuals should
have access to freedom 0. These licenses are a step in a direction closer to
what I would like to see, but aren't quite there yet.

If you as a person want to run software xyz and try to make money off of it,
go ahead. As soon as you open a limited company to reduce your exposure you
should be hit with paying license fees.

I don't get the hate for the licenses that try to remove freedom 0 for
corporations. At work I suggest horrible propitiatory software solutions all
the time because it doesn't matter how locked down the stack is.

So long as it has a ROI of >3% over the fixed and running costs it's a good
solution.

No one is harmed by human first open source software, other than a legal
fictions bottom line.

~~~
codetrotter
> I would like to make it explicit that only flesh and blood individuals
> should have access to freedom 0.

So basically, turn freedom 0 into not freedom 0.

For reference, GNU freedom 0 is “the freedom to run the program as you wish,
for any purpose”.

What you are saying seems to go against the principles of freedom 0, and I
don’t get your motivation either, because at the same time you don’t seem to
mind proprietary software.

My main issue with what you are saying is that it’s not clear what you mean by
“removing freedom 0 for corporations”. Do you mean specifically when they are
offering software written by someone else as a direct service to customers?
What about using it in the backend? What about employees using FOSS?

There is a lot more to be said and discussed about this.

~~~
neolefty
Rather, I'd say it reinterprets "run the program" to be "have access to the
program over the web".

In other words, if I use your website, I should also be able to stand up my
own version that uses my own data.

------
gowld
Title is misleading. The article is about a new license, MongoDB's Server Side
Public License, that is scarier (to freeloaders) than the GPL.

~~~
LeoPanthera
People who use free software are not “freeloaders” and there’s no need to use
such a derogatory term here.

~~~
xphx
Could you explain how the term does not apply? Its meaning seems to be: "to
impose upon another's generosity or hospitality without sharing in the cost or
responsibility involved".

~~~
dragonwriter
Free software users are voluntarily given use of the software with only
specified conditional responsibilities; them using the software and not taking
on additional responsibilities is not an imposition of any kind, and not
freeloading.

~~~
xphx
Isn't that the same as when someone offers me a couch to surf and a kitchen to
use? Sure, it's unconditional and I'm not violating any agreement, but if I
use their stuff and don't give anything back, am I not a freeloader?

~~~
dllthomas
But in that case, you are taking up space on their couch and eating their food
- their resources are diminished by your use of them. That's not the case
here.

I think "free-rider" is probably a better choice of term.

------
yarrel
Way to run with the anti-GPL FUD, LWN.

~~~
kaddio
The GPL has more than run its course and it’s time to move on. Many people
recognise that, and that’s what we’re seeing.

~~~
binomialxenon
This is just typical "people are saying" weasel words. The GPL and similar
licenses still definitely have a role to play in the current state of
software.

