As mentionned by two other people in the comments, this is spreading false propaganda against AGPL which only serves the interest of internet-based companies that want to benefit from FOSS code without having to share their own creations[1]: "Google wants to be able to incorporate FOSS software into their products and sell it to users without the obligation to release their derivative works."
See my reply to one of the pre-existing comments [0]: it's not Google that is the primary source of these ideas about AGPL, it's the companies who chose AGPL with the intention of choosing a license that is completely and totally viral, even over network calls. Companies like iText [1] want their customers to believe that AGPL means that there's no way to use the free version without open-sourcing your entire software stack.
Whether or not that's true, it's reasonable for Google to warn against using an untested license that has vendors using it who specifically argue that it is completely and totally viral. Interpreting that caution as a psy-op is a bit far fetched.
I'm inclined to agree. And I'm more inclined to believe that they and companies like them are responsible for false narratives surrounding AGPL than I am to believe that it's a long con by the cloud providers to get more free work for their cloud services. Vendors of AGPL software have a much more concrete and proximate motivation for exaggerating the effects of AGPL than the cloud providers do.
The fact that they won't use AGPL software isn't propaganda lol. They literally won't use it. You may disagree about whether that's good or bad for the ecosystem, but it's a fact that most serous internet-based companies (and what tech co isn't these days?) won't touch it.
As the article points out though, while most "serious internet-based companies" won't touch AGPL, they will engage with dual-licensed software. They use AGPL software under proprietary license, after paying for it.
At risk of sounding pedantic, legally speaking there is no such thing as using "AGPL software under proprietary license". In that case it is simply software under a proprietary license. This is an important distinction, legally speaking.
As a business owner I consider AGPL the same as a closed source. It's a thing I need to pay for and I'm not about to contribute free labour to it the same way I wouldn't contribute to any other commercial closed source entity.
Probably something like "a software that I can freely use without exposing myself to legal risk".
(This is just me describing reality. My private software is under AGPL to a significant extent, but I understand why my employer's legal dept does not like AGPL.)
In that case, If you end up using OSS without any necessity of contribution from you, would you pay for that OSS software? since you did not contribute labor to it.
I do pay for some more permissive open source projects that I use, even ones I contribute back to, yes.
I completely understand organizations banning AGPL software. Having an employee mistakenly violate the license is just too great a risk. The majority of AGPL projects seem to be offering the same product on a different commercial license, which is the only way I'd use an AGPL project. E.g. paying for a non-APGL license to use it without the risk.
(Not OP.) If you can, I think you should. Sometimes the type of contribution you can make is not accepted. For example, some projects don’t accept donations.
I think that's completely fair, even for more permissively licensed software, I dislike contributing to commercial open source products unless I'm being paid for it.
Drew misses a huge cause of misunderstandings about the AGPL, which is that some of the companies that use AGPL would love for AGPL to be more complicated than Drew's simple version. For example, iText PDF's entire business relies on interpreting the AGPL as being as viral as possible [0]:
> You may not deploy it on a network without disclosing the full source code of your own applications under the AGPL license. You must distribute all source code, including your own product and web-based applications.
> It’s a legal violation to use iText Core/Community and our open source add-ons in a non-AGPL environment.
Rather than interpret Google's page[1] as some sort of psy-op, a simpler explanation is that there are many companies who use the AGPL license and want it to be totally viral even over network calls, and since the license has yet to be tested in court it's safest to just assume it has the strongest virality possible.
> Text PDF's entire business relies on interpreting the AGPL as being as viral as possible [0]:
This page is just even more nonsensical than TFA. This is not "an interpretation of the AGPL that is as viral as possible", this is just a custom license that tries to masquerade itself as the AGPL. For example, the following term is batshit insane:
> When using iText Core/Community under AGPL, you must prominently mention iText and include the iText copyright and AGPL license in output file metadata, and also retain the producer line in every PDF that is created or manipulated using iText.
Yeah, no. If it was really AGPL, no one would forbid me from just removing all the watermarking code AND THEN publishing the non-watermark version to whoemever I wanted to.
There's a friggin reason 4-clause BSD is considered incompatible with the GPL. The advertising clause doesn't fit into any of the additional requirements that the GPL allows you to exceptionally introduce. A watermark is even a stronger requirement.
I'm inclined to agree that iText's position is bogus, but the point is that Google isn't inventing the idea of AGPL's virality out of whole cloth, they're using a definition that major vendors of AGPL software espouse. Interpreting it in the way that the vendors do is not a psy-op, it's just reasonable caution.
Major vendors of what? I had never heard of iText before (unless it is related to the 90s PalmOS software of the same name ? ) .
But in any case this is like trying to find problems in the GPL from a careful reading of the MS Public License. Sure the Ms-PL is a viral license from one of the "major software vendors of all history", but it is NOT the GPL.
The “viral” part of AGPL comes from the GPL itself.
If I write, say, a Java servlet that relies on an AGPL library, then by the same mechanics as effect GPL software, my servlet must now also be AGPL.
Now I host my service and the servlet runs, sending content to whoever made the request. Whoever made that request to the servlet over the network is now entitled to the source code of the servlet. This is what the AGPL does.
That whole effect stems from the original GPL, the AGPL just mucks with the new concept of network access being akin to the GPLs original use of distribution.
If the library was just a GPL library, now even though the servlet is, now too, GPLd, there’s no obligation for source code release because the servlet was not “distributed”. Simply used on site of the servlet developer.
Now if the original request is routed through a proxy, does the AGPL apply? Does the AGPL somehow “infect” the proxy? If not then a proxy is a simple AGPL firewall. If it does, let’s host some AGPL services and start make requests of AWS and Cloudflare for some of their source code.
In iText's case this is not a misrepresentation - itext core is not a product like elastic or something that you interact with over the network, it's a library that you build into your program. And yes, in this case you would be bound by the license to release the programs you build it into, to the clients who interact with it over the network.
The handwavey part is - what is "the application"? And they are not going into specifics there - it is, of course, only the application that you build it into. It doesn't virally extend to other things that interface with it over the network, and they're not going to say that part.
You naturally can thus build a minimal "wrapper app" that just provides this library-as-a-service according to some interface, so that you didn't have to release your whole program, but, it is not a misrepresentation that if you use iText core then at least this program will be bound by AGPL and must be distributed.
Just because iText lies about what the AGPL requires doesn't mean that the AGPL is bad. If one company falsely claimed that their MIT-licensed product needed a different license for commercial use, would everyone start fearing the MIT license too?
I'm not arguing that the AGPL is bad, I'm just arguing that Google isn't responsible for the false narratives surrounding it. The vendors of AGPL software have a clear and immediate motivation to exaggerate its effects (more commercial contracts), whereas the motivation that Drew posits for Google is a much more elaborate long con. Occam's razor suggests that the vendors are at fault.
That starts off with "I'm not a lawyer". So as much as people think they understand it, lawyers have to read the actual text of the entire license and interpret what could happen in a court case. With the vagueness of the license, it isn't unreasonable for lawyers to read it and say "there is risk here. if this goes in front of the wrong judge, we could be in trouble"
> there is risk here. if this goes in front of the wrong judge, we could be in trouble
This is it.
I find it a compelling argument there is tremendous risk to AGPL if Google says so. They not only talk the talk but walk the walk: Google just indemnified AI (C) without limits putting 1.7 trillion dollars behind that statement. The same company said "nah, we are afraid of AGPL".
The issue isn't that they have custom software. The issue is that their business model relies on their custom software being proprietary, and that's true of way fewer companies.
There's something much worse than "I'm not a lawyer" and that is "I'm not YOUR lawyer" -- you can practically assume that if you are reading a document produced by a lawyer you're not paying for, it is because it's trying to influence/scare you to act against your best interests (and into the lawyer's employers'). And FUD is a technique which is well defined in the handbook.
I've read plenty of documents from lawyers I don't pay that were not trying to influence or scare me. It would be really strange to assume their documents were. And when it comes to interpreting legal documents (what is being discussed here), "I'm not a lawyer" is far worse than "I'm not your lawyer".
The essay is wrong. I'm at least glad that the essay contains a disclaimer that the author isn't a lawyer. Because actual lawyers I've talked to disagree with the essay.
As I understand, what exactly constitutes linking under GPL/AGPL hasn't been thoroughly tested in court in a way that is not up for some degree of interpretation.
The AGPL is designed to infect code that isn't strictly "distributed" in the traditional sense. It considers deployment on internal infrastructure to be the same as distribution and requires code release. The core issue is what a court would consider derivative work.
I would not consider a DB schema or SQL running on a server to be derivative of the AGPL DB server's code. A judge/jury might however. Then all of my SQL and any wrappers calling it become infected.
This same question doesn't come up in a DB server licensed under the GPL, even v3. It's unlikely anyone could successfully argue that client node never publicly distributed could ever be considered distribution and therefore not derivative of the GPL code.
Because there's not much if any legal precedent it's not really propaganda to be concerned by AGPL projects. It doesn't matter what is technically true. It only matters what a judge or jury can be convinced of to ruin a business. The AGPL opens more uncertainty than the GPLv3 which opens more uncertainty than GPLv2 or less viral licenses.
I don't see how this is any different from how Java has to deal with what is considered "derivative work" under the GPL for code that uses the JRE. Similarly, I see no reason the solution employed by Java wouldn't work for your example AGPL db.
I'm talking, of course, about the Class path exceptions.
Any derivative works of AGPL-licensed software must also use the AGPL.
How a court interprets "derivative" here makes a big difference, that Drew doesn't seem to effectively counter. I'm not sure why his take on what it means will make a difference to what a judge may think it means.
Until AGPL is tested over and over in court, and all interpretations converge on Drew's interpretation here, it's not safe to have anywhere in your commercial stack.
> This is not true. They would be required to release their PostGIS patches in this situation.
There's a license that actually works this way, namely the eupl. If drew is especially interested in having a license that works this way, perhaps he should consider adopting that license instead?
Meanwhile, as someone who sells copies of AGPL software, my customers have told me they wouldn't have even considered paying for a non-free solution. I wouldn't have nearly as far of reach if I restricted how people could use or share the program -- sharing software is the highest recommendation, and leads to new customers.
Dual license? No! Everyone enjoys the freedoms of the AGPLv3 (or later). Customers can do whatever they want with the program -- that's a selling point!! Customers can use the software for whatever purpose they want. Most of them are everyday people who enjoy not having any bullshit mixed in, like product keys, seat counts, or other anti-competitive measures commonly employed by proprietary software companies.
It's a very simple business model: people pay me money, and in return they get a copy of the software and the complete corresponding source code, and all future updates to the software for 365 days.
Good software, when licensed freely, is more competitively advantageous than an equal proprietary counterpart because it does more for the customer.
That's not really true. Users need to share their modifications ONLY IF they distribute copies of the modified work, and ONLY TO those whom they distributed modified works to.
And this is the whole point: that everyone shares in the wealth of free software. And if someone makes a program better, those modifications can be reincorporated into the original work, making it more valuable.
Free software is about computer USER freedom, not DEVELOPER freedom. As a user of software, I want that freedom, and won't settle for anything less. That's why I write free software, because it's the software I want to use.
The AGPL also requires distribution of the modified work if used over a network, even if copies are not distributed. This is the entire reason AGPL was created, because GPL did not do this.
> Free software is about computer USER freedom, not DEVELOPER freedom.
What are non-developers going to do with source code? Back when FOSS was first conceptualized, all users were developers.
Regardless of anyone's opinions on the issue, the fact of the matter is that AGPL quite specifically don't let people do "anything" with it. The software comes with obligations. That is the entire point of copyleft. Sure, you might think the obligations are good -- that doesn't mean they don't exist.
> What are non-developers going to do with source code?
What do you do when your car is missing a feature that you want? You bring it to a mechanic, and you pay them to add the functionality you want. The GPL means freedom.
And telling someone they need to respect the freedoms that you grant them is not restricting their freedom. It costs nothing to share your source code, and it should be the default state of software development. It's like the silliness around the tolerance paradox. An action that creates more freedom in the world can never be seen as "less free" than one that doesn't.
> And telling someone they need to respect the freedoms that you grant them is not restricting their freedom. It costs nothing to share your source code, and it should be the default state of software development.
I agree with this. However, I don't personally believe AGPL does this as equitably as some other licenses.
> That's not really true. Users need to share their modifications ONLY IF they distribute copies of the modified work, and ONLY TO those whom they distributed modified works to.
Except for AGPL, which can require sharing your modifications even if you are not distributing copies of the modified work. Indeed, that was the whole point of AGPL.
If you consider having to propagate the same rights you were given as a limitation, you cannot also claim that MIT/BSD licenses allow users to do whatever they want.
MIT and BSD have requirements you must fulfil too. You can't just "do whatever you want" with them.
----
I don't normally reach for this level of pedantry, but some takes in this thread just boggle my mind.
That's fair. I was thinking more in terms of applicable use cases, rather than limitations on liablity/warranty/sublicensing.
Although on that note, I find it somewhat funny to speak about something like the MIT license as conveying "rights", when half of the license's purpose is to take away the licensee's legal rights.
MIT/BSD licences do not take away any rights from the licensee. They merely avoid giving licensees certain rights that would otherwise be understood to be automatic or implicitly granted alongwith the copyright licence.
Like when Anakin was reminded by Mace Windu that his seat on the Jedi Council does not grant him the rank of Master.
Glass-half-full or glass-half-empty, the fact of the matter is that they intentionally disclaim legal rights which would otherwise have automatically been available to the user in many jurisdictions.
It's crazy to me how it is completely normal for engineers in other fields to be held liable for shoddy work, but many software engineers think they're upholding users' rights by giving them software that prohibits users from holding them responsible for their work.
These limitations exist solely out of convenience for the author.
If a company calls you up and says they are uncomfortable with your license, surely that's a tremendous opportunity. You can negotiate whatever you are both comfortable with.
If a company doesn't use your software, makes money some other way; doesn't email you support questions, so they cost you nothing, gosh, isn't that okay too?
I don't see what the big problem is with the AGPL.
That's... good? The so-called "loophole" with dual licensing allows the original company to make money without being undercut by competitors like Amazon/AWS, who can win because of economics of scale, without investing much in the product.
If some company like Google doesn't allow AGPL-licensed software, that's fine. I guess it serves its purpose, forbidding leeching?
People have incredibly poor critical-thinking/media-literacy skills now, even on HN. Nobody will ever question why a particular group is arguing for this position, or consider whether they might have some self-interested reason to bend the truth, or selectively mis-present it, or just flat-out lie. And it gets worse when they see it in some popular piece of media and assume that means it's inherently credible/truthful.
For example Qualcomm's allegations against ARM last year (that ARM was "preventing 3rd party IP from being in proximity to ARM IP" etc) appear to have been entirely false and untruthful, but people didn't critically consume that and largely worked on the assumption that if QC said it, that it must be true. A year later, has anyone else had problems integrating 3rd party IP into ARM designs? No? That's because it was just Qualcomm going to the tech media with a bullshit story, and they dutifully carried it.
It's happened over and over even in the tech community: Google and the "pwease open up imessage and use RCS" page (while their proprietary encryption extensions lock everyone else out), MS/sony/epic/facebook/netflix levering open the app store/sideloading, blindly believing the EVGA ceo when he implied that poor lil EVGA barely made any profit during 2020-2021, and that this was also true of the other partners (as they scalped onto ebay, like MSI, or sold at inflated prices through first-party stores, etc) etc. People are not critical thinkers when they are presented these sorts of messages in media, they tend to assume that if it's in media it must be true, or if a company PR spokesperson says it then it must be true.
(and in fact this is a perfect example of a why there is no reason to "assume good faith" when a megacorp is trying to push a particular PR spin, and it is in fact not helpful and usually incorrect (Hanlons' Razor is wrong as a heuristic) in these PR battles. PR messaging of all things does not deserve or benefit from the application of hanlon's razor.)
I touched on all these same themes of media-illiteracy at the time too. These were pretty unbelievable stories at the time and it was very obvious that people were uncritically consuming PR spin. https://news.ycombinator.com/item?id=33822020
Anyway, back to present-day: obviously Google/Amazon/FB would very much prefer a permissive-license model where they can take the fruits of the open source community and privatize the profits (and build proprietary extensions) while contributing nothing back, whether that's apache-licensed code or RISC-V core designs. So it's in their interest to push back against commercial operators who can counter-negotiate and re-internalize those profits, or AGPL that encumbers them from doing this in the first place. But people are so very very credulous about these "pwease be nice to widdle google, we're so helpless and innocent" thinkpieces.
It's just crazy to me that it keeps working over and over, even on the HN crowd. It seems like hanlon's razor has really become a thought-terminating cliche for a lot of people, it is an excuse for credulity and avoidance critical thought. Why bother? Malice doesn't exist, hanlon's razor is always the simplest answer.
I'd guess that even here, probably less than 25% of people are media-literate, in the sense of being able to sniff out a story that doesn't make any sense overall, or identify a source as a PR spin piece. People genuinely assume that if Google puts out an article analyzing a license or something that it must be factual and balanced, or at least not contain any intentional misrepresentations, etc. And as you can see from qualcomm, or google's own RCS article - this is not always the case! Companies do just go and lie, or spread PR that is true "from a certain perspective", etc.
People used to pride themselves on "having a finely-tuned bullshit detector" and we've just replaced that with hanlon's razor. bullshit doesn't exist, hanlon says so. it is a sad state of decline for critical thought. but people love a good thought-terminating cliche.
RE: all of the drawbacks mentioned, especially those along the lines of "what would happen is that companies will avoid it entirely, and write their own instead"
Isn't that.. the point? If I were to licence something AGPL that is what I want to happen. Folks can use it freely but only I may use it commercially (with the option of licensing to businesses who also want to make some cash off it)
This is a bit of a tangent, but Google does comply with the GPL license, right?
Does this mean they've given every one of their employees legal permission to take a copy of the GPL code and its modifications home with them and distribute it as they please?
The legal permissions apply to an employee receiving the code, yeah? After all, the employee is a person and I don't see any special rules about employees in the GPL license?
Google might say that their employment contract supersedes the GPL in some way. But to the extent that their employment contract limits the GPL, to the same extent Google is not in compliance with the GPL license.
It seems to me that any one of the hundreds of Google employees could just walk off with the modifications and sell them or release them however they choose. All legal. It would be an action Google has explicitly given them permission to do in legal writ.
(I am not a lawyer, this is not legal advice. This is just my limited knowledge of the law and a bit of logical thinking.)
Google uses GPL-licensed software in their products, entire projects are checked into the monorepo (only one version of any software at a time, though).
If you're a Googler working on a personal project and you accept that Google owns it (controversial), then you would just use GPL software the normal way any developer would. If you're a Googler working on a work project, then you compile and link it into your application. If you wanted to modify GPL software, you'd sign the CLA for the project and send them patches.
I did not see anything that would suggest Google was not complying with GPL. We were advised to not make new projects that used GPL, as copyleft and the license are challenging to understand compared to the relatively straightfowrad BSD, MIT, and Apache licenses.
Does Google make their GPL modifications available?
If so, my argument does not apply to Google, but may apply to other big tech companies. I mentioned Google only as an example--a place holder for any big tech company.
It seems any company that hosts modified GPL code can't stop their employees from just walking off with it and selling it.
> It seems any company that hosts modified GPL code can't stop their employees from just walking off with it and selling it.
Sure they can, just don't distribute the code. The company holds the copyright to all code the employee wrote, if the employee took the code, they'd be violating their employer's copyright.
In general, no, if the employee is simply working on the code as part of the company, that does not count as distributing the code to the employee (unless the company explicitly did so).
Interesting legal theory. I'd love to hear a lawyer reply.
Maybe the counter argument is that the employee isn't using the software. The business is.
I've heard people have the legal theory that because there's no explicit copyright reassignment in their contract, they actually own the code they write as employees. Somehow I doubt that'll fly.
GPL should apply to anyone legally being given a copy, as the giver may be required to sublicence it under the GPL in order to be permitted to distribute that copy.
If you simply 'find' a copy, GPL doesn't necessarily apply. And employees in most circumstances are not legally 'given a copy' - just as if the employer hands them a wrench to work with, that doesn't become the employee's wrench, and that applies to all kinds of copyright issues, any prohibitions to sublicensing don't prevent the product being used by employees because it's never licensed to them, etc.
I mean isn't that the whole point of AGPL? That you can't make a webservice with AGPL components without releasing the whole source of your webservice?
This is non-sense article, AGPL is a great license to offer your code, specially if you plan to offer some alternative license through paid contracts for the ones that don’t want it.
AGPL would be my default license for new OSS projects I produce, but without copyright assignment of contributions, alternatively licenses are difficult.
I do a lot of tech due diligence, both private equity and "other". Use of AGPL is always considered a red flag, and as a result its almost unheard of to find it being used.
My company, OpenC3, successfully uses a dual licensing model with AGPLv3 for the license on our open source version. Not wanting to follow the AGPL is just another reason to buy our commercially-licensed Enterprise version. And if you are a home/non-commercial user the AGPL generally works great.
The AGPL was created by a company named Affero, Inc. It's not clear to me whether that company even exists anymore — various sources claim that their web site was affero.com or affero.org, but neither site seems to be actively used by the company anymore.
So at least for the creators, the license does not seem to have been a rousing success, although that is of course completely anecdotal.
This is pure propaganda article. AGPL is a great license. You just need to provide a separate commercial license for your customers. It looks fishy when someone advocates for open source but with option to make it proprietary. You can have it proprietary for a price.
Is it really a copyright event when a piece of software serves up an API or web UI that it triggers the copyright license? These copyright licenses which can only grant rights are acting more like EULAs and service agreements. Imagine if NGINX claimed they owned the IP(in terms of copyright) of every request your server responded to because their software generated HTTP response.
This is why no business will touch AGPL or any other copyright license that has network clause with a ten foot pole.
Copyright law allows a copyright owner to license their copyrighted work to others, and also to put restrictions on how the licensed work can be used.
This is why if you write a book, you can license it to a publisher to print copies of it and sell for profit without them automatically gaining the right to adapt your book into a movie.
Thats not copyright works. How its used is a EULA or service agreement. Your example shows this. A distributor has no rights to distribute a copyright under copyright law, you grant him those rights for something into return. A copyright license can not tell me how i use a copyrighted work outside of act of making a copy. What AGPL is saying that you're distributing their IP because it exposes an API or a GUI which is they claim that its their IP thus subjected to copyright law.
Once i have a legal of copy of code, i can do anything i want to it even if the copyright license forbids it as long as i don't distribute the code. I can make as many private copies as i want and deploy it on as many servers as i want without trigger copyright law.
What you say only makes sense in the world where printing presses have only just been invented. Copyright law, today, does not restrict only the "act of making a copy".
It restricts a whole lot of things. E.g., display, adaptation, performance — hell, even translation.
For example, under US law, a copyright holder is expressly allowed "to determine and decide how, and under what conditions, the work may be marketed, publicly displayed, reproduced, distributed, etc."
And this is just from the list of "Economic rights". Copyright also includes sth it calls "Moral rights" which has nothing to do with copies being made. If you post on Xitter claiming you wrote the LOTR books, you are technically in infringement of the moral rights of J.R.R Tolkien.
----
When you say, "I can do anything I want to it even if the copyright license forbids it as long as I don't distribute the code", you are very conveniently (and illegally) ignoring the copyright holder's exclusive right to control how their work is displayed or performed.
When you say, "I can do anything I want to it even if the copyright license forbids it as long as I don't distribute the code", you are very conveniently (and illegally) ignoring the copyright holder's exclusive right to control how their work is displayed or performed.
--
If that were the case. Movie rental videos wouldn't exist. Neither would libraries. Like i said you have to make a copy for the a copy right license to come into play.
Its easy for engineers to read the AGPL and share opinions, but this doesn't really get us further to understanding where the AGPL is appropriate. At the end of the day, it's what the lawyers think. If lawyers are advising companies that the AGPL is dangerous to them, then that is the reality, since lawyers are who decide such matters in court.
>The issue with this “loophole” is that it allows a company to promote itself as free and open source while cutting off SaaS competition.
If "venture capital firms" like these complain about not being able to harness libre tools to build their digital serfdoms without giving anything back, it means the AGPL is working.
> it’s unclear what other code may be exposed to the virality of the license. The fear is that a company could be forced into open-sourcing software that was not intended to be open source.
wikipedia says agpl was brought in 2002. so around 21 years of people using this license and no one knows clearly what it does?
>if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network
this is the most important part of the license that everyone just gleans over.
There is no SSPL-like virality in AGPL.
you can use unmodified AGPL code alongside proprietary code, all you have to do is put the license file up there.
IF you modify the code, that modification NEEDS to be shared to customers on demand. That's it.
this means if i use AGPL software in a SAAS environment and i modify 1 character line from a file, all i have to do to comply with the license is to make that DIFF or modification available to customer saying "i used AGPL software ABC, here is the modified version".
that's all there is to it.
edit:
> It’s founded on the ethical principle that all software should be free.
Free as in freedom. If you get a readymade code for a software, all this license enforce is that you can't use it to fork it into a proprietary software and not giving your downstream users the same rights you were given.
>Many corporations will forbid end-users from installing any AGPL-licensed code on corporate devices out of an abundance of caution.
this may be a reality but doesnt make it any less bullshit. i recently read an auditor might flag using open source software, like what?
Please prove me wrong about AGPL
Lawyers are clear what AGPL means, and they are not confident they can limit the other code that someone would accidentally combine with AGPL if it was used at all so they ban AGPL. While it is possible to monitor and control what code is combined, they are not sure they would do that correctly as a large company with thousands of engineers any one of which might make a mistake.
What companies want is if someone does violate a licesne they can argue it was a rouge employee and so ask the court to just apply a small monetary damage fine as opposed to something large [like opening up all code a AGPL demands]. However in order to argue this in court they need to show the court they made a good faith effort to ensure violations didn't happen in the first place. Those are good enough that most companies won't violate the license in the first place.
AGPL demands opening up AGPL code if you modify it, otherwise just say you used this particular agpl code, where does it say you have to open up your entire codebase?
This does not match my understanding. The AGPL does not include any linking exception, so if I include a 500 line JSON parser in my 5 million line app, and that JSON parser is AGPL licensed, then all 5 million lines are considered to be "based on" the JSON parser, and all 5 million lines must be made available under the AGPL. This is true even if I don't modify a single character of the parser. Am I wrong?
It's not easy but one should always recursively check the licenses of every dependency. If one doesn't, one can't even enforce a ban on AGPL software because it might slip into a project deep inside the node_modules directory or the equivalent in that code base.
A simple implementation could be looking for LICENSE files or files containing some keyword. If the file matches the standard licenses you know what they are. If they don't, they could be custom licenses and should be checked.
To be fair, it's not yet clear from the courts perspective what constitutes a derivative work in the world of software. There's a not-insignificant possibility that a future court decision will give a definition for "derivative work" in software that erases the difference between the LGPL and GPL.
IMO, it's even somewhat likely. It's entirely unclear why the legal system would care whether something is statically linked or dynamically linked with regards to interpreting derivative works in software, so the question would likely boil down to simply "does linking a library make the application a non-fair use derivative work of the library"? If no, then there is no difference between the LGPL and GPL. If yes, the status quo remains.
> wikipedia says agpl was brought in 2002. so around 21 years of people using this license and no one knows clearly what it does?
Not commenting on the rest of the article but “usage” does not equal “understanding”. Plenty of people use computers without an understanding of what they’re doing or capable of. Plenty of people use AI models today without understanding what they’re actually doing. Heck a huge chunk of modern medicine is stuff we have no understanding of how it actually works, we just know that it does and have a small amount of empirical evidence to give use some fuzzy boundaries.
Many users of AGPL contend that if you connect to their AGPL code by API, your entire application needs to share its entire source code (including to anyone who accesses it over a network/internet.)
For example, the founder of iText feels very strongly about this. As you can imagine, that makes iText almost impossible to use in a commercial setting, if you want their AGPL version. You need to buy their commercially licensed version.
"If user A pushes a button in product X, and by doing a technical effect is triggered that results in an action in (A)GPL library Y, then product X needs to be released under the same license as library Y to user A no matter how product X is technically implemented!"
>> The fear is that a company could be forced into open-sourcing software that was not intended to be open source.
> wikipedia says agpl was brought in 2002. so around 21 years of people using this license and no one knows clearly what it does?
The fear referenced here isn't about what the license does. The fear are the unknowns about how it will affect business operations in the future after building a business around a piece of code with that licensing obligation attached to it.
> you can use unmodified AGPL code alongside proprietary code, all you have to do is put the license file up there.
You cannot. AGPL only has one linking exception, and it is for code licensed with GPL.
> The issue with this “loophole” is that it allows a company to promote itself as free and open source while cutting off SaaS competition.
Cry me a river. Start with the fact that I only publicly post software that I'm at least notionally willing to support. If you demonstrate competence and ask nicely, I might have other software to offer just to you. ;-)
On the software that I publicly post I generally use an Apache license. I use the AGPL on a very specific and unique piece of software where I want to maintain architectural control: show me a use case which can't be pushed right or left and we can talk.
In fact, I give away examples for that software in a separate GitHub repository under the Apache license. The principle is simple: if you substantially transform the data separately from my software, you don't need to give your transformational workings away to the data consumer as long as you do it separately from my software. Shift right, shift left; here is effing how.
I would be surprised to see my AGPL product exposed to the internet (even with a proxy in front of it). I don't want it modified and exposed to the internet as a cheap hack by self-serving sociopaths who figure they're justified in "by any means necessary" by their high salary, I would view that as dilution and AGPL is preferable to having to contemplate suing for disparagement when the inevitable shitstorm happens: if you're going to expose it to the public, I want to see the software. Expect me to read it and comment on it publicly.
So internally you shift left / shift right, and the people working on it have access to my source code: what's the problem?
> While the downloadable version is open, the SaaS version is closed off from open source collaboration, innovation, and competition.
This is blatant sociopathic projection where the author's own intent, or that of their owners, is transferred to the Other and then disparaged. In any case if they did a SaaS version it would be closed off from such collaboration.
The author isn't going to spend their own money and is not the decisionmaker so declaring "negotiate a licensing or support contract, or pound sand" is a waste of time.
[1] https://drewdevault.com/2020/07/27/Anti-AGPL-propaganda.html