Hacker News new | past | comments | ask | show | jobs | submit login

You could AGPL and sell proprietary exceptions. Amazon won't touch AGPL code.

Others are happy to provide AGPLv3 code as SaaS, look at MongoDB's issues. You can build a ton of tooling around said code to enhance performance, adding features and billing, all while not modifying the core AGPLv3 code and thus avoiding the need to contribute back. This is a scummy business practice, but technically legal.

Why is it a scummy business practice?

Because your core business feature is done by someone else and you just take it and use it for your own profit without giving anything back. Do you need a definition of what scummy means?

No need to be rude. I know what scummy means. It's just not clear to me why this is considered scummy. Anyone is welcome to take the open source and benefit from it as long as they comply with the license. This is a very fundamental aspect of open source.

A company invests money and engineers in building commercial tooling, which you then pay for because there is added value. You are not paying for the open source - which is freely available. How is that scummy?

I apologize for the brash response.

The "comply with the license" part is the problem you're not seeing, using open source as SaaS is a loophole not a license feature.

An example being, I license something as open source which means if you don't pay for it (assuming there's an option for that), you are bound to follow the license I provided which means all further work has to be open source (the same license I used) and source has to be provided with the product. In an ideal world this would mean either:

1. We both get paid

2. We both contribute to open software which is available to anyone

But in our world it means, technically I'm not selling software but a service so I don't have to do shit. so the result (with scummy companies) is the following:

1. I don't get paid for software critical to your business

2. No one gets the benefit of the new product created despite my license

Hence, scum.

> technically I'm not selling software but a service so I don't have to do shit.

This is entirely untrue. If it were the case that 'I don't have to do shit', then why doesn't someone else do it too? Running a service takes a WHOLE LOT of work, and writing the software is, in many cases, the easy part.

We know this is true because whenever there is a conflict with a software license, the big cloud vendors just re-write it themselves.

Using someone else's work and making money on it without contributing anything back (code, funding) is morally wrong.

So there's "Server Side Public License" based on GPL.

Maybe. At least our company won't touch GPL code; as one colleague described to me, if you violate a proprietary license, a company will come after you for money, while violating a GPL license gets the EFF involved who will come after you for your source code.

I'm still wary, though. I could imagine if the resultant fines or source code releases from violating a GPL license weren't a strong enough deterrent, you could win by using a GPL-licensed product enough, then parry off attacks from EFF/FSF until you do a complete rewrite of the product underneath, then pay the fine/contribution to EFF/FSF while toppling the original company. If the company is big enough, and can afford enough good lawyers, there may be legal ways to get around laws.


(Usually not the EFF; more likely Software Freedom Conservancy or someone. EFF is more digital rights and privacy stuff, not copyright.)

A copyright holder can't get anything more from you by using the GPL. Infringement is infringement. The difference is that a company is usually happy to settle in exchange for a properly paid license, and an open source hacker instead is happy to settle in exchange for complying with the license. You're always free to take it to court and pay the damages from infringement, but you're not going to end up with a valid license in either case, so you'll have to stop distributing the software.

The actual difference, probably, is that you're a (moral) competitor of the open source hacker, and if you're not a competitor of the proprietary company, they have no interest in undermining the secrecy of your code or causing you to go out of business, even if the could potentially force that if they went to court. They're likely to consider "pay us a percentage of revenues" as a win condition.

Also, lawyers are not like Pokemon. You cannot beat the opposing team's lawyers by having more stronger lawyers. You can certainly lose by having bad lawyers, but you can only be guaranteed to win by being in the right.

You can't actually be guaranteed to win by being in the right. You can be in the right and lose.

>> Also, lawyers are not like Pokemon. You cannot beat the opposing team's lawyers by having more stronger lawyers. You can certainly lose by having bad lawyers, but you can only be guaranteed to win by being in the right.

> You can't actually be guaranteed to win by being in the right. You can be in the right and lose.

What he's obviously saying is that there is a seriously decreasing marginal benefit to more expensive (and presumably competent) lawyers.

It's better to have competent lawyers and be right than have amazing lawyers and be wrong.

Obviously there are shades of grey, nuisance lawsuits are a thing, etc.

Well his intention is clear. But stating you are guaranteed to win if you are in the right strikes me as naive at best and woefully neglectful of reality at worst.

It's probably best stated like "lawyers are not _always_ like Pokemon". Sometimes they very definitely are.

Yeah, my phrasing was sloppy: you're not guaranteed to win whenever you're in the right. But being in the right is a precondition of being guaranteed to win (along with having competent lawyers, a competent judge, etc.).

The only claimants to your source code are those to whom you've distributed binaries built from GPL sources. Anyone else can pound sand.

If you were the author of a GPL piece of code whose licence was violated, and the EFF came to you and said "we'll pay for the lawyers and in exchange we get publicity", most people would say yes.

not the case for AGPL: then it's everyone who has access to your online service built with the code.

I don't think it works like that.

This is a copyright license at its heart. It is a contract between the copyright-owner and the service owner. The end user is just 3rd party.

Wait, isn't the whole point of AGPL that the "user" entitled to the source code is now the service user, i.e. potentially everyone?

That's true, but GGP comment mentioned AGPL presumably for a reason :)

You actually can't magically lose your rights to code you created. You could rewrite your code so it doesn't depend on gpl code if you found you had included code you had no right to.

I mean if you're planning to violate the license then does it really matter what the license is? Your company sounds shady if you evaluate software icenses based upon how much it will hurt when you violate them.

There's a difference between "planning to violate the license" and worrying about what happens if you do because someone didn't pay attention.

Well, most enterprises wouldn't: https://blog.dgraph.io/post/relicensing-dgraph/

Has the AGPL ever successfully held up in court?

Yes, Artifex sued Hancom over their use of Ghostscript [1]. (The article says GPL, but Ghostscript has an AGPL license.) The judge denied a motion to dismiss the claims, and they reached a settlement for an undisclosed amount.

I don't think many developers are aware that Ghostscript has an AGPL license, and I've heard that the commercial license costs $25k per year. It's very easy to just `apt-get install ghostscript` when you want to work with PDFs (e.g. with imagemagick), but this violates the AGPL license when you are running a SaaS application.

There are some permissively-licensed libraries (Apache 2.0) that provide similar functionality, such as PDFBox [2], or PDF.js + Node.js.

[1] https://www.fsf.org/blogs/licensing/update-on-artifex-v-hanc...

[2] https://pdfbox.apache.org/

[3] https://mozilla.github.io/pdf.js/

$25k seems a bit on the high end - https://ironpdf.com/licensing/

Also, it's 2019 - Artifex, it's OK, you can publish your prices (https://www.artifex.com/licensing/)

> but this violates the AGPL license when you are running a SaaS application

Only if you modify the Ghostscript source code.

From what I was reading, I think your interpretation might have been the intention of the people who wrote the AGPL license.

But I also know that the AGPL license is usually adopted because they want to sell a commercial license, even if the source has not been modified. Artifex is very explicit about their intention on the licensing page of their website.

It depends on the definition of “modification” and “derivative work”. Artifex is adamant that any software using Ghostscript is a derivative work, and the copyleft will apply, so all of your source code must also be released under the AGPL license. This is especially true if your software cannot function without Ghostscript.

If you are only distributing your application (i.e. not a SaaS app), then you could make Ghostscript an optional plugin that people can manually install (like LAME for Audacity.) But a SaaS app provides access to the application over the network, so you cannot use Ghostscript without a commercial license, or without releasing your application’s source code.

I didn’t see anything about Hancom modifying the Ghostscript source. It was the fact that they distributed Ghostscript along with their own application, and their application depended on Ghostscript for some functionality. That was enough to trigger the GPL copyleft, so they were violating the terms of the license and had to settle out of court. The AGPL means that you would be violating the license by providing access to your app over a network.

Surely it doesn't need to—either you accept the license or you don't accept the license. If you don't accept the license, you can't use the software.

I'd imagine that the challenge with the AGPL is catching and suing the non-compliant services.

If the source is available, I absolutely can use the software—regardless of license. The only thing preventing me from doing so would be either criminal or civil law, and while IANAL, I don’t believe there are criminal penalties for license violations. The copyright holder would have to sue me, and prove that I violated the license, and then they might be able to get a court to force me to stop, pay them, or both.

I am curious whether there are any practical observations, one way or the other, about the AGPL’s enforceability.

Obviously you can use the software. Of course you'll probably get away with a license violation if you're not shouty about it. Similarly, I can use a pirated copy of Windows XP too, with effectively zero risk of getting caught.

Nobody is suggesting that an AGPL licence violation would result in a criminal penalty, but if you got caught you may be forced to release any changes you made to the source code. And you could lose the ability to use the software in future—if your business relied on it you might be screwed.

Personally I think the AGPL is stupid, but people are free to pick whatever license terms they like for their copyrighted works. Whether I like it or not is irrelevant.

The way you get forced is by someone filing a civil suit. My question was has anyone done that and been successful. It looks like the answer is yes, although it was settled out of court and not adjudicated. I am curious if a judge has ever found the AGPL to be a valid license constraint.

Personally, I find “you are licensed to use the software without releasing your modifications on your internet connected computer, however if you open a port and offer it as a service, you are not” to be entirely ridiculous. It seems to me that a license can’t (or at least shouldn’t) hinge on what other software I am or am not running on my computer (eg a webserver).

That is why I asked. I’m all for copyleft (despite the fact that its validity hinges on an inherent affirmation of the validity of the concept of intellectual property), but I passionately hate the AGPL because I think it is an unjust infringement upon my freedom as a user. It’s like saying “you have a license to use this software as long as you don’t run a browser that accesses porn on the same machine”. I think it oversteps the boundaries of copyright-as-designed.

agpl will not save you if they choose to re-implement the solution.

Nor will anything else, I reckon.

That's basically how the first GPL software came into being -- as a (partial) reimplementation of commercially licensed unix.

keeping the system proprietary will make it harder for them to understand what you are doing; but that will also be very limiting move - in the enterprise software space.

But will anyone else?

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact