
AGPL License - theawesomekhan
https://en.wikipedia.org/wiki/Affero_General_Public_License
======
betamaxthetape
I've always wondered about whether the AGPL is a good fit for software that
isn't accessed over the network. At first glance this would appear to offer
the exact same rights as the GPL in this scenario, however you then have the
protection of the AGPL if the software was ever incorporated into a networked
program.

Does anyone have any experience with this? Are there pitfalls to using the
AGPL for a regular program that I'm not thinking of?

~~~
theawesomekhan
I recently used the iText Library for PDF parsing in java. Everything was
alright until I discovered their AGPL license.

[https://itextpdf.com/en/how-buy/agpl-license](https://itextpdf.com/en/how-
buy/agpl-license)

Since our product was proprietary, we had to remove the library since our
product would also come under the AGPL license or we would have to buy their
commercial version, for which we can get a
"quote"([https://itextpdf.com/en/how-buy](https://itextpdf.com/en/how-buy))

~~~
daurnimator
What did you replace it with?

Why wouldn't iText deserve your money if you were using it in your commercial
product?

~~~
brazzy
> Why wouldn't iText deserve your money if you were using it in your
> commercial product?

Because they're not even saying _how much_ money. "Call us for a quote"
usually means "Let's start the sales dance in which we try to gauge how much
we can fleece you for", which also means it's not going to be a quick answer.

For me it means the software is immediately categorized as "to be considered
only once all other options have been exhausted".

~~~
andybak
I agree with your feelings on this last point. I wonder how it's working out
for them as I imagine it's a turn off for corporate buyers as well as lone
devs and small shops.

~~~
mumblemumble
I doubt it's a turn-off for corporate buyers in the large, but it's
_absolutely_ a turn-off for dev teams within corporations. Especially nowadays
in an increasingly Agile world where everything is due 2 weeks from when you
start work on it.

A developer might be quite willing to go to their manager with, "Hey, can we
buy X? It will cost $Y, and save us $Z worth of time." But "Call for a quote"
is a quagmire: They can't (and don't want to) negotiate prices themselves, and
they also don't want to annoy their boss by causing them to spend the next 3
months being hounded by sales people.

------
theawesomekhan
Google does not allow usage of AGPL code.

[https://opensource.google/docs/using/agpl-
policy/](https://opensource.google/docs/using/agpl-policy/)

~~~
fmajid
If you work in a startup, it will bite you during due diligence when a
potential acquirer is evaluating your intellectual property. I would give the
AGPL a wide berth.

~~~
giancarlostoro
This is why I avoid AGPL projects for potential ideas / side projects that
could potentially turn useful.

~~~
tptacek
You avoid _using_ it, or avoid using third party code that uses it?

The latter makes sense. The former does not, as you can relicense any time you
want.

~~~
ymse
Only if you are the sole copyright holder, i.e. no (nontrivial) external
contributions.

~~~
giancarlostoro
Which is why I avoid it directly, unless I'm not touching the code at all. If
I'm just using it as-is, then I don't care.

------
smarx007
I was thinking that ALGPL is a worthy addition. We need a licence that still
applies to use in microservices and other code that is not shared with the
user but still shows consideration for investment into proprietary code and
only limits its provisions to the code under the given license. I would gladly
license my work under ALGPL if it existed.

~~~
tbrugz
These references also argue for ALGPL:

[https://redmonk.com/dberkholz/2012/09/07/opening-the-
infrast...](https://redmonk.com/dberkholz/2012/09/07/opening-the-
infrastructure-stack-why-we-need-an-affero-lgpl/)

[https://softwareengineering.stackexchange.com/questions/5803...](https://softwareengineering.stackexchange.com/questions/58033/is-
there-any-copyleft-gpl-like-license-with-both-the-affero-and-lesser-modific)

------
newfeatureok
I have some questions about AGPL if anyone has answers:

1\. If you have code, let's say FooProject, that's AGPL. In which of these
scenarios is someone in the wrong for using it?

1a. Google uses FooProject in delivering one GoogleApi, but does not
opensource GoogleApi with AGPL.

1b. Facebook uses FooProject in an internal project, FacebookInternal, that's
not exposed to the internet, but does not open source FacebookInternal with
AGPL.

1c. Microsoft uses FooProject in a special version of Office, which is only
distributed via BluRay and does not open source Office under AGPL.

1d. Netflix uses FooProject in AlienNetflixViewer, which is used over the
internet, and makes some modifications to FooProject as its used in
AlienNetflixViewer. They open source ModifiedFooProject under AGPL, but not
AlienNetflixViewer

2\. If you have FooProject, and you have 3 libarires, LibraryOne, LibraryTwo,
and LibraryThree included in FooProject that are under the MIT license, can
someone take Library[Number] and use it under the MIT license? Let's assume
these are not actually separate projects, and for all intents and purposes
it's the same project as FooProject, but for whatever reason the folders
associated with each library has its own license.

3\. Assuming someone uses an AGPL project and does not follow the license,
what's the penalty? What if its so incorporated into its project its
effectively impossible to remove?

4\. How do you enforce someone using the AGPL?

5\. If you go to a public facing site and suspect that they're using an AGPL
project (perhaps because of the nature of the API calls or the client facing
JavaScript) can you demand to see the full source?

~~~
hkolk
IANAL (ofcourse) but in my limited experience:

1a: Not allowed provided because of AGPL (though would be allowed if it is
GPL)

1b: Allowed, provided it is purely internal (as described here:
[https://www.gnu.org/licenses/gpl-
faq.html#InternalDistributi...](https://www.gnu.org/licenses/gpl-
faq.html#InternalDistribution) )

1c: Not allowed (this is a distribution, and actually is also in violation of
general GPL)

1d: Not allowed, linking against the library means using it, which means GPL
violation.

2: If (x) is licenses as MIT and does not contain AGPL underneath (it
shouldn't, they are not compatible), you can take X under that MIT license.
Regardless of actual repository layout.

3: Penalty is a pretty grey area, and this is a civil suite, not a criminal
suite. As a result it goes into damages etc

4: I reckon EFF etc. Look for "GPL enforcement" (AGPL is not very different)

5: You can try.. but I reckon only in the discovery etc for a lawsuit a judge
can force them to give access to the source-code to verify your claim.

For all intents and purposes, AGPLv3 is GPLv3 with the addendum that
distribution also covers "As a Service". Also.. at our company we completely
banned AGPL because we simply don't want to deal with any potential
violations. So I reckon 1b in your example would also not happen in a place
like Facebook (I reckon all 4 companies have an AGPL ban in place :) )

------
brylie
Copyleft, and AGPL specifically, seems like a good fit for large applications,
whereas more permissive licenses work well for smaller libraries.

~~~
mikekchar
I specifically use it because while I'm committed to writing free (as in
freedom software), my downstream users may not be. I'd rather they didn't have
more options than I do if they decide to compete against me. Free software
empowers the downstream user, so I kind of think of it a bit like surfing. You
potentially have all this extra energy, but that energy can crush you if you
don't walk a very tight line. As the upstream author you have a bit of an
advantage, but it's easy to squander it if you don't think carefully about
what you are doing. I'm always a bit perplexed when people write free software
but intentionally avoid copyleft. There are lots of places where permissive
licenses are the right way to go, but also a lot of places where your are just
creating an uneven playing field with yourself in the worst position.

~~~
telmo
For a lot of people, free software is about collaboration, not competition.

~~~
mjs2600
Enforcing and incentivizing collaboration also seems like a good argument for
licensing open source projects with the AGPL. It prevents people who are not
willing to contribute things made using your software back to open source from
using it.

------
api
We considered AGPL but recently adopted the BSL:

[https://www.zerotier.com/on-the-gpl-to-bsl-
transition/](https://www.zerotier.com/on-the-gpl-to-bsl-transition/)

Lots of open source people don't like it as it is not technically an OSI open
source license. I'm not in love with it either, but it was the best solution
available _for now_. We are exploring other alternatives.

The problem with the AGPL is unfortunately that it has the letters G, P, and L
in it.

You'd be shocked to learn just how many potential customers have no-GPL
policies or are otherwise just allergic to the GPL. There is a lot of FUD and
misconceptions out there. Lots of companies won't allow anything GPL to be
used internally in connection with any code or product. (Linux seems to get
grandfathered in, but they don't like GPL for anything new.)

Most of this is fallout from Microsoft's 1990s - early 2000s anti-GPL FUD
campaign, and the memes from that are still circulating. Lots of people think
GPL code is "viral" in the sense that if it touches your code in any way
whatsoever it somehow magically GPLs it. MS spent millions to muddy the waters
around the GPL.

Yes it's FUD and it's typically rooted in misconceptions, but it's very common
and from a sales point of view it's a waste of time to try to fight it. It's
hard enough to educate customers about your product without also having to
educate them about the license.

If it weren't for this issue we'd consider AGPL, but it's really not perfect.

What we really need is a modern license that addresses the "SaaSification"
phenomenon, which AGPL does partly but not fully, while at the same time being
simple to understand and compatible with as much of the rest of the OSS
ecosystem as possible. AGPL is more complicated than I would prefer while also
not being quite the right thing.

I'm starting to think we'll have to make one. If we do we will open source it
for others to use.

------
Dayshine
If you're considering adopting AGPL and the reason is to prevent commercial
abuse of your work:

Please consider adding a non-commercial use exemption, for charities and
academic research. These organisations can't afford the cost of open-sourcing
their entire project.

~~~
zeveb
Why would charities and academic institutions be writing anything _but_ free
software?

~~~
ben-schaaf
I never understand this. I get not wanting to build a community around a
project, handling contributions, etc. But why not just dump the source code
somewhere?

~~~
ansgri
Because it's huge (perceived) risk for (often) little gain. These projects
(I'm especially familiar with research) aren't known for code quality and
following best practices regarding security etc. So you open yourself for
shaming and casual hacking for some unquantifiable benefit of open-source
contributions.

~~~
Nullabillity
> and following best practices regarding security

Who cares, as long as you make it clear that it's a pure research project?

The problem with Actix was that they marketed it as production-ready.

------
eitland
My questions are:

\- if I allow users to use an AGPL product on my server and that AGPL licensed
product connect to a commercially licensed application server or database on
my intranet, will that be a problem?

\- will it be a problem if the commercial application server connects to the
AGPL licensed product to fetch data?

Except for these two points I now feel I'm starting to understand the AGPL,
kind of.

~~~
Dayshine
My understanding is you can simplify it into roughly three tiers of
"connection":

1\. Same application, dll linked

2\. Same computer, IPC linked

3\. Different computer, HTTP/etc linked

Companies that use AGPL will tell you that _all three_ are covered by AGPL.

More reasonable people will tell you that _1_ is definitely covered, and _2_
is a grey area.

~~~
eitland
I've recently read someone who I think is affiliated with FSF say that
MongoDB(?)and others have misinterpreted the AGPL intentionally to create
necessary FUD to sell commercial licenses, so this is my opinion as well but
when I tried to find out on the FSF page earlier this week the was still not a
word in the FAQ about it.

------
pojntfx
I license all my software under the AGPL. Best license IMHO.

------
bo1024
Not common that you see a philosophy more radical than Stallman's.

As I understand Stallman's free software philosophy -- the GPL -- the idea is
that code must respect the person running it / using it.

Under this philosophy, if I am communicating with you, it's not up to me what
tools you use in formulating your responses. And whether those tools respect
your freedom or not. So GPL only applies to those directly using the code, not
others they interact with using the outputs of that code.

I'm wondering if the AGPL is supposed to come from a different philosophical
foundation, or if it would be better understood as an economic / power-
structure tool?

~~~
pornel
SaaS is a workaround for GPL, and AGPL is a bugfix for that.

Nowadays people run code remotely, and GPL didn't take that into account. AGPL
is still about giving users freedom to control the code they use, and works
regardless whether the code is run on a local machine or a remote server.

------
sneak
I don’t think that copyright enforcement should be used against me based on
whether or not I run a webserver alongside a modified application or not.

I’m all on board with copyleft in general, but the “service provider loophole”
just seems like anti-business sentiment. People using modified free software
to provide services useful enough to pay for is a _good thing_.

Forcing someone to publish their own changes simply because they run a
business always seems to me like violent coercion, using copyright as a stick;
much moreso than forcing someone to release source for object code they are
already releasing.

Free software is a tool. Using that tool to create a successful business isn’t
cheating anyone out of anything.

The software is absolutely not free as in freedom if I have one set of rights
with the ethernet cable unplugged and a different set of rights with the
ethernet cable connected.

Stop the service provider hate and avoid the AGPL and AGPL software.

