Hacker News new | comments | show | ask | jobs | submit login

I'm very outspoken against the GPL so take this comment with a grain of salt.

> The AGPL is just an updated GPL.

The AGPL is significantly more than an updated GPL and there are loads of companies which have a blanket policy in place to not even get anywhere close to AGPL code because of the uncertainties about how it actually works.

> The AGPL is the very definition of "open source", because it defends openness.

Maybe it's the definition of free software but it's definitely not the definition of open source. Many of us in the open source community see our work as something that should be open for everybody to use.




If we're going to sink our time into the old copyleft vs permissive licenses debate, I wish we would be more precise with our words.

AGPL is an open source license, according to OSI, the only authority on what constitutes open source. https://opensource.org/licenses/AGPL-3.0

You say "open for everybody to use". Both open source licenses and free/libre licences guarantee that the software is open for use. You're actually talking about freedom to combine with closed source/proprietary software, not about end-users freedom to use the software.


You're not contradicting the_mitsuhiko. They said "it's definitely not the definition of open source". You answered "AGPL is an open source license, according to OSI".

That is true, but "frog" is still definitely not the definition of "animal", even though a frog is an animal.


A useful term to describe what it seems to me that the_mitsuhiko means is "noncentral example".

The red-eyed tree frog [1] is an animal, but it is a noncentral example of an animal, i.e., it is not the typical thing you think of when you think "animal". To the_mitsuhiko, the AGPL is a noncentral example of an open source license.

The term comes from the noncentral fallacy [2], which is about abusing noncentral examples.

[1] https://en.wikipedia.org/wiki/Agalychnis_callidryas

[2] http://lesswrong.com/lw/e95/the_noncentral_fallacy_the_worst...


I don't think your interpretation of the_mitsuhiko's words does reflect what was meant. Because if it was, the comment of the_mitsuhiko as a whole wouldn't make sense.

This is an interesting example for the difference between "reading by the word" and "reading by the meaning" (there's not a good English word for this, but in Germany we call this "sinnentnehmendes Lesen".)


I read the_mitsuhiko's comment with the same interpretation as Doctor_Fegg, and, as a native English speaker, i believe that this is the natural interpretation.

I also believe it makes sense. Perhaps i can restate it. the_mitsuhiko made five assertions:

1. The AGPL is not just an updated GPL, but expands the scope of the GPL's 'infective' property considerably.

2. Some people are uncertain about what exactly the consequences of using AGPL'd software are.

3. Because of this uncertainty, there are companies which will not use AGPL'd software.

4. The AGPL is an open source license, but it is neither the only nor the most representative open source license.

5. Some people wish to license their software in a way which maximises the number of people who can use it. That means not using the AGPL, because of point 3.


I believe the English-language term is "letter of the law" for literal interpretations and "spirit of the law" for interpretations based on what something is meant to do.


> You're actually talking about freedom to combine with closed source/proprietary software,

Or freedom to combine with software using any other non-copyleft, open source license.


As far as I know, AGPL is compatible with both Apache 2.0 as well as MIT/BSD permissive licenses.

Which non-copyleft OSI-approved license are you having difficulty combing with AGPL?


When is the last time you looked at the OSI approved license list? Of the most common licenses the EPL and CDDL licenses are incompatible with GPL (I suspect it's similar for the AGPL since it's a modified GPL license). When you look through the full list you will see a lot more. Basically read https://www.gnu.org/licenses/license-list.en.html#GPLIncompa... and see all the free software licenses that are incompatible with the GPL. Most of those are OSI approved.


> [...] of the most common licenses

Well, sure, but 10th- and 16th-most common (1% and <1%, respectively) isn't actually very common at all[0]. Which applies to the AGPL as well.

The potential for conflict between EPL and AGPL, or CDDL and AGPL, code in projects is tiny.

For that matter, the GPL was around first, and is the 2nd most popular license. Shouldn't the EPL and CDDL have been modified to be GPL compatible (the Apache Software Foundation managed to work this out with the FSF, over the Apache v2.0 and GPL v3.0 licenses, after all[1]).

[0] https://www.blackducksoftware.com/top-open-source-licenses

[1] http://www.informationweek.com/enterprise/apache-foundation-...


"Both open source licenses and free/libre licences guarantee that the software is open for use. You're actually talking about freedom to combine with closed source/proprietary software"

But that "to combine" is exactly "to use", especially if it is a software library.


What if the end user is a developer?


See my comment below about that.

The developer who wants to combine with closed source can contact us and work out a special deal. It's only fair. They want to be compensated for spending their time, then so do we.


Yes, but then don't talk about "freedom to use"... if something else must be done before that usage.


It isn't freedom to use unconditionally. It's freedom to use if you do same as we did for you.


If nobody uses a piece of software, its freedom is debatable.

I don't know of anyone using agpl'd code to build software people use.


You never heard of anybody using MongoDB?


@ralfn

> For example, imagine Digital Ocean using MongoDB to store server configurations. AGPL would force them to open-source their whole infrastructure. All of it. Or pay to get a different license.

AGPL licenses aren't transitive, things that touch AGPL'ed software over the network aren't suddenly required to be AGPL licensed (otherwise the whole purpose of it would fall apart, since a large chunk of the initial design was for Free Software web-applications which could still be run in proprietary web browsers).

AGPL means if you decide to fork a project and add new features, then sell it as a hosted service ala AWS/Azure then you also have to provide anyone that connects to it your modified source code. I'm actually debating using the license right now in a couple of projects I've been prototyping - I don't want to prevent people from being able to make money offering hosted services, but at the same time I don't want hostile SaaS forks that could rip off my work without contributing their changes back (I like the BSD license for libraries, but I'm starting to appreciate the GPL/AGPL more for applications for community-related reasons rather than free software righteousness).


> AGPL licenses aren't transitive, things that touch AGPL'ed software over the network aren't suddenly required to be AGPL licensed (otherwise the whole purpose of it would fall apart, since a large chunk of the initial design was for Free Software web-applications which could still be run in proprietary web browsers).

That is not necessarily true in the case of the database due to how the drivers work. This would need to be tested in court. It's unclear by the license terms alone.


Note that MongoDB clarified their understanding of AGPL in no uncertain terms [0] so they would have trouble dragging someone who developed apps using their DB to court and demanding opensourcing of the app. Without such clarification from their side we would never have touched MongoDB.

[0] https://www.mongodb.com/blog/post/the-agpl


That's why I said in the past that the AGPL was not a huge concern for as long as a commercial entity stands behind RethinkDB. Once that broke away who knows what individual contributors think of what the AGPL means (let alone a judge).


The AGPL makes this explicitly clear:

> 13. Remote Network Interaction; Use with the GNU General Public License. > > Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph. > > Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License.

Users interacting with the modified program over the network have a right to access the modified source, there's absolutely nothing about the client software (database drivers, web browsers, etc) accessing it being considered part of a combined work. You can access a AGPL licensed database or whatever from a proprietary application with absolutely no issue, you just can't modify the AGPL'ed work, expose it to users other than yourself, and not share your modifications.

Do yourself a favor, grab https://www.gnu.org/licenses/gpl-3.0.txt and https://www.gnu.org/licenses/agpl-3.0.txt and run `diff` on them, this is literally the only substantive difference in the entire license text.


> Users interacting with the modified program over the network have a right to access the modified source, there's absolutely nothing about the client software (database drivers, web browsers, etc) accessing it being considered part of a combined work.

No, but there is a definition of corresponding source which includes code beyond the direct scope of the AGPL in case of mongodb: "Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work."

This is one point of contention that was brought up by multiple people in the past because it puts client libraries into the scope.


This is the same text that is in the traditional GPL, and nobody has tried to claim that it requires additional libraries or programs like database drivers talking to a GPL'ed database must be GPL. This would immediately prevent anyone from using MariaDB, since it is GPL licensed.

Literally the only delta between the GPL and AGPL is the Remote Network Interaction section, it doesn't extend the reach of the GPL license in regards to database drivers, etc.


Note that the official MongoDB C driver is Apache licensed, which is what most developers would make a derivative work from.

https://github.com/mongodb/mongo-c-driver/blob/master/COPYIN...


RethinkDB's drivers are Apache licensed.


FWIW that was part of the problem since that's a walking license violation go the AGPL by many interpretations. It's just that Mingo/Rethink violate their own license there. However any other client? Unclear.


  [they] violate their own license
Careful with the word "violate": as a copyright holder, you cannot violate your own license. The copyright holder has intrinsic rights; licenses are permission to extend a subset of rights to third parties.


That's fine because Mongo is a company that plans on making money and holds the copyright. If it turns out AGPL is an issue they can relicense.

The worry with RethinkDB was (at least mine and people I talked to) that it can become a liability if the AGPL turns out to be an issue since some third party owns the original copyright and then who knows what happens with future contributions.


Yeah, that would be a great example of AGPL used to FORCE many parties to PAY for a non-AGPL license.

For example, imagine Digital Ocean using MongoDB to store server configurations. AGPL would force them to open-source their whole infrastructure. All of it. Or pay to get a different license.

I don't have a moral argument to make here -- just making sure people realize the actual trade-offs. AGPL is theoretically for a world where closed source software is simply not allowed to co-exist with opensource, even if you don't distribute it, but simply run it / host it / use it. But that world doesn't exist, so it does the opposite: it is actually used to make sure some of your users have to pay. It enables a business model.


> For example, imagine Digital Ocean using MongoDB to store server configurations. AGPL would force them to open-source their whole infrastructure. All of it. Or pay to get a different license.

I don't think that's correct. From MongoDB the company[0]:

> Note however that it is NOT required that applications using mongo be published. The copyleft applies only to the mongod and mongos database programs. This is why Mongo DB drivers are all licensed under an Apache license. You application, even though it talks to the database, is a separate program and “work”.

[0] https://www.mongodb.com/blog/post/the-agpl


> AGPL would force them to open-source their whole infrastructure. All of it.

Citation needed.


I don't think that's even possible today, if you arent born on the Mars :-)


We rationally and happily chose AGPL for our platform. I advise everyone to do the same in my longer comment on this page. You can ask me why by replying to it.


Very large companies and governmental entities are using AGPL-licensed copies of OpenERP (now Odoo). In my experience, working for a company that provided services based on it, the license was never a problem.


There is little uncertainty -- the terms are in plain language. OP implied that the GNU Affero GPLv3 is an updated GPLv3 "in spirit" to reflect how today a lot of software is run on the backend, instead of distributed to clients directly. I believe this is an accurate characterization. Compare the GNU GPLv3 and the GNU Affero GPLv3 yourself [1].

[1] https://www.diffchecker.com/1J4xEohZ


> There is little uncertainty -- the terms are in plain language

Just because a license says something does not mean that everybody interprets it the same way or that the clauses are valid in it. The "Remote Network Interaction" section has never made it to court and there are countless different interpretations one can draw from this.


Deploy some game theory here. Regardless of what the drafters of GNU Affero GPLv3 intended, there are really four outcomes here (with wording since edited for clarity):

Precondition: Take a GNU Affero GPv3 product, modify it, and expose it over a network, directly or by proxy, over a network, for users to use.

Your four possibilities:

(1) If you provide source, and the courts uphold the 'Remote Network Interaction' clause: you're fine.

(2) If you don't provide source, and the courts uphold the 'Remote Network Interaction' clause: you're screwed.

(3) If you provide source, and the courts don't uphold the 'Remote Network Interaction' clause: you're fine, but you would've been fine not providing the code in retrospect.

(4) If you don't provide source, and the courts don't uphold the 'Remote Network Interaction' clause: you've defeated the GNU Affero GPLv3 in court.

You can absolutely make the argument for or against the business risks of releasing source code, but you can't make the argument for 'uncertainty'.


What does "interacting with it remotely through a computer network" mean?

If I take some caching algorithm from RethinkDB and put it in my fork of OpenSSL, do I have to make it possible for everyone who connects to my SSL server to download the source of my fork? Do I need to start stuffing the URL of corresponding source into my certificate?

I'd hope the answer is no, but what in the license makes it clear that the answer is no?


In general, it's takes a court decision to make it clear - set a precedent - on what's expected.

As the AGPL hasn't been tested in court, we're all mostly guessing.


> I'm very outspoken against the GPL

I'm curious as to why. The GPL has manifestly built the modern internet (cloud servers are mostly Linux, most IT startups use Linux, etc.)

There are other open source licences which are also widely used (Apache, BSD, MIT). So I think the key thing to this wide-spread success is open source in general, and not the license in particular.

Would you say that the GPL is negative? I.e. would we have been better off of Linux was BSD licenses? If so, why? If not, why be against the GPL?


> I.e. would we have been better off of Linux was BSD licenses?

For the most part it does not matter if Linux is GPL or not because GPL functions very differently for operating systems than for libraries and applications. However the GPL is causing issues for Linux as well and there are some ongoing lawsuits involving the GPL in the context of the Linux Kernel which will be interesting to see.

I do not know what a world looks like where the GPL does not exist so I won't judge that. The GPL was and is amazing to help the Open Source movement however it's becoming less and less relevant for new projects.

> why be against the GPL?

It's a very complicated license, impossible to evolve and means that you can build something that you cannot ship on another platform because that platform is GPL incompatible. For instance you will never see GPLv3 code running on iOS because you just can't have it there. The mechanics of the license are very complex and I do not agree with the "force people to contribute" approach. Good contributions come anyways, the bad ones I do not care. If someone wants to fuck over a license holder over they can do it regardless (for instance by providing close to unreadable GPL code :)


> For instance you will never see GPLv3 code running on iOS because you just can't have it there

That would be a case against iOS, take it up with the masters of your walled garden.


> Good contributions come anyways (...)

That is hard to say. Some contributors only contribute to GPL projects, since they want that derivative works of their work to stay open-sourced. I think they should have a right to require that.


Then that's fine. The contributors that do not contribute to my projects are irrelevant for me :)


Personally, I find it hilarious that people will proclaim copyleft as the "most free", when it not only is more restrictive, but forces people who use it to open source their own contributions as well. I don't think any license should be able to tell people what to do with their own work, which yes, includes contributions to existing work.

Even though I personally believe in open sourcing everything possible, when all else is equal, I would always choose something that isn't copyleft over something that is. Because I shouldn't really have to be bothered by copyright infringement concerns when using open source software.


You have to open your contributions when you build upon GPL'd software, not when you use it. The GPL is very much centered around the end user, not programmers who build things. We often talk about the GPL as programmers and forget it was really built to protect the average joe from being locked out.

It's most free for end users.


I suspect we talk about the GPL as programmers because the relative freedom level of a software license matters far more to us than it does to actual end users. Restrictions on what you can do with the source code only matter if you're both interested in and capable of modifying that source code. On a practical level, the Average Joe is "locked out" from modifying an application's source code by virtue of not being capable of performing that modification, not by the license. I have a lot of non-developer friends and acquaintances who use LibreOffice, and I can assure you that they're using it for the "free as in beer" aspect, not because of a philosophical attachment to free software. For most end users, freedom is contingent on data portability, not license terms: if I can open my word processing document or Photoshop file, it doesn't matter to me in practice whether the editor is open or closed source. If the application stops being developed, I can move to something else with minimal pain.

But if we're talking about tools for a developer audience--like RethinkDB, and frankly a whole lot of other open source software--then developers are the end users, and so the license really does matter. I've long thought that one of the strengths of the GPL is that it's more restrictive from a developer standpoint, rather than less. If I was trying to build a company around open source software, the (A)GPL would be attractive expressly because it makes it more difficult for competitors to build on. If the company goes away and there's no way for someone to buy a commercial license with a different set of restrictions, that can become an issue, as we've seen with RethinkDB -- but the (A)GPL isn't necessarily an impediment to strong community development, as we've seen with, well, a lot of other software over the last two decades.


> because the relative freedom level of a software license matters far more to us than it does to actual end users

Nah, it's not that simple.

Ever saw a giant chorus singing "oh almighty developers please make this and that" for tiny features? I think every other product support forum is just like that. And I also saw situations when someone on the outside had hacked features that weren't provided by original developers. Both free software projects and proprietary software.

So freedoms actually matter to the "common folk", they just don't consciously recognize that and surely they don't know the terminology.


Sure, I get that. But that makes it a very opinionated form of free and open. While permissive licenses like Apache and MIT do have terms, they are much more akin to saying "here is a thing I made, and I'm sharing it with whoever wants to use it and whatever they want to do with it". Whereas copyleft licenses are more like "I'll share this with you, but you have to use it in accordance with my beliefs".

While I accept that the OSI definition of "open source" is pretty much universally accepted and probably isn't going to change, I personally don't really feel like copyleft should qualify because of that level of control it exerts.


That's a good point. Copy left and open source have very different targets and just happen to share many characteristics.


GPL makes the code free. The permissive licenses make the developers free.


GPL makes the code free in perpetuity, and therefore the users free from developers (or, more precisely, from those who hire developers).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: