Hacker News new | past | comments | ask | show | jobs | submit login
A Change in License for Berkeley DB (meshedinsights.com)
79 points by kstaken on July 6, 2013 | hide | past | web | favorite | 77 comments



Personally I think this is great news. Great news for free software, great news for users, great news for the AGPL. So very few web apps are open source, despite so many of the people who develop them claiming to support free/open source software. It seems that the only way to make the web open source is to force the hand of the developers, and that means we need to start pushing copyleft licences like the AGPL. The GPL was created for a different age. So much of the software people use now runs on a different machine; we can't continue to ignore this loophole.

BDB has had a commercial licence available for a long time, this move just closes a loophole that people were exploiting to use BDB in non-free software without contributing back.

Additionally, to the people saying 'oracle are only doing this to make money', this is one of the ways you are supposed to make money/fund the development of free software. RMS talks about it here: http://www.fsf.org/blogs/rms/selling-exceptions

I consider selling exceptions an acceptable thing for a company to do, and I will suggest it where appropriate as a way to get programs freed. -- RMS


I, too, like GPL and free software, but I'd like to stress that this change hardly closes any loopholes. The previous BDB license was simply too vague and open to competing interpretations. The AGPL does not require web software using BDB to distribute its source code, only software actually modifying BDB.

The gist of AGPL is this:

* If you redistribute BDB with your software, then you must provide your software's source code (even if you haven't modified BDB).

* If you use BDB on your web server, then you must provide the source for your software only if BDB is modified.

Since hardly anyone modifies BDB (I would assume), this affects almost no one. It simply makes the license clear.


Partly true. The FSF interprets "X linking Y" as "X modifying Y and therefore subject to Y's license," which is why Microsoft got to make so much hay out of the GPL's "virality."


+1 I agree. I have been dual licensing my little open source projects under GPL/Apache licenses just because I would like wider use, but I don't feel great about doing that. Licensing is a complicated issue and obviously software developers get to choose for themselves.

It is difficult to predict the future, but I would bet that in 50 years software development will flip to either an almost all commercial world, or an almost all AGPL (or other open source license) free and open hardware designs, etc. world. Considering economics, it is hard for me to see a path to a mostly AGPL-like world, but it might happen.


  > So very few web apps are open source,
  > despite so many of the people who 
  > develop them claiming to support 
  > free/open source software.
So, if they use GPL'd software, and contribute back to it, but don't release their own software as GPL, then they are just a bunch of 'evil fat cats' that are leeching off of FOSS?


Really? Do you have to start playing that game here? Can't you at least try to contribute in a meaningful way before you start acting like this?

Let me do the same to you.

> 'evil fat cats'

He didn't say "evil fat cats", so why do you feel the need to lie and say he did? Only a worthless troll would use those words, and words like "leeching" in place of discussing what he actually said.

So really? Is that what you want from HN? Couldn't you have spent a minute and phrased that without being so rude?

Regardless, that's not what he said, so your point doesn't make sense.


  > Let me do the same to you.
<clippy>

I see that you seem to be attempting to argue from a Moral High Ground. Would you like me to:

1) Remove your Ad Hominem attack?

2) Remove your rude remarks/tone that conflict with your desire for others to be less rude?

</clippy>

I'll agree that the 'evil fat cats' remark was probably a bit too far, and I apologize for that. Let me rephrase my comment:

  I take issue with the view that someone that doesn't
  commit 100% to an ideology (e.g. Free Software)
  doesn't care about said movement. The original post
  was (in so many words) trying to claim that all of the
  web companies using FOSS software and claiming to 'love
  Open Source' are being two-faced because none of their
  own software is release under a GPL license. This Us-vs-Them
  mentality isn't magically helpful when used in a FOSS
  context instead of in a, "you're either with us, or
  with the terrorists," context.


>The original post was (in so many words) trying to claim that all of the web companies using FOSS software and claiming to 'love Open Source' are being two-faced because none of their own software is release under a GPL license.

This isn't about BSD/MIT style licences vs GPL style. The sources to most web apps are not available under any kind of licence. A few toy projects on github that nobody uses don't counterbalance spending all day working on non-free software. I do think a lot of these toy projects are motivated by a sense of guilt. You go in to work and spend all day working against free software, but you can tell yourself you are on the right side and 'contributing' if you share that script that downloads cat pictures.

Your criticism is the same one that has been made against the GPL countless times. History has proven it wrong: Linux is a huge success, thanks to the GPL.

The GNU GPL is not Mr. Nice Guy. It says "no" to some of the things that people sometimes want to do. There are users who say that this is a bad thing--that the GPL "excludes" some proprietary software developers who "need to be brought into the free software community." But we are not excluding them from our community; they are choosing not to enter. Their decision to make software proprietary is a decision to stay out of our community. Being in our community means joining in cooperation with us; we cannot "bring them into our community" if they don't want to join. What we can do is offer them an inducement to join. The GNU GPL is designed to make an inducement from our existing software: "If you will make your software free, you can use this code." Of course, it won't win 'em all, but it wins some of the time. -- RMS


  | Your criticism is the same one that has been
  | made against the GPL countless times. History has
  | proven it wrong: Linux is a huge success, thanks
  | to the GPL.
I'm curious how "my criticism" is proven wrong by Linux. While Linux does prove that the GPL can work, it is not proof that a hard-line approach to the GPL is useful (especially when it comes to advocacy). Have you ever switched to veganism because of the animal rights activist shouting, "Shame! Shame on you!" on a street corner? "Getting the message out there," isn't very useful if everyone is just ignoring you. At that point, you're just tilting at windmills, and putting in useless effort.

Even your example, Linux, has a leader that is more pragmatic about software licenses than some FOSS hard-liner.

  | I do think a lot of these toy projects are motivated by a
  | sense of guilt.You go in to work and spend all day working
  | against free software, but you can tell yourself you are on
  | the right side and 'contributing' if you share that script
  | that downloads cat pictures.
You're missing the point here:

1) Many people working for companies that don't open source their product contribute significantly to open source projects. E.g.:

- GvR worked for Google which is 'closed source' but I don't think that anyone considers Python a 'toy project on Github.'

- Kenneth Reitz created the awesome Python Requests library and works at Heroku, which doesn't release it's code as open source.

2) Not everyone can create some significant piece of open source software, even if they would like to. What is your dividing line between 'toy project' and 'serious project?'

3) Statements like these don't win people over. You're attacking people and making giant assumptions about their motivations. It pushes you so close to the troll territory that it becomes hard to distinguish if you are a troll parodying a FOSS hard-liner, or an actual FOSS hard-liner.


While I don't have made up my mind completely about AGPL but lean to liking it, changing to it for an infrastructure library, is really a backstabbing move.

Nice to see a company so consistently living up to its reputation.

And one simply must appreciate the elegant irony of using a strong copyleft license as a dagger.


> And one simply must appreciate the elegant irony of using a strong copyleft license as a dagger.

That's always been one of the ways to make money from free software. Mysql did the same thing, and I think Qt did as well at some point in its history. If I recall correctly, even RMS sort of approves of it.

Downvoters: go read some history, there's nothing factually incorrect in what I wrote above. The bozo proliferation seems to continue unabated here:-(

Here's RMS himself: http://www.fsf.org/blogs/rms/selling-exceptions


The difference being that these projects had the restrictive licenses from early on. They did not change from permissive (and in the context of web service infrastructure GPL is actually a permissive license) to something more restrictive.

On the contrary Qt changed the license from GPL to LGPL what definitely helped the proliferation (and the survival after the Nokia disaster).

MySQL ... well moving this to AGPL would give MariaDB the final push it needs (if it still needs one). So they just let it rot.

Too bad there was no equivalent project for BerkeleyDB.


You can always fork from the last version that had a license you found acceptable.

Also, a relatively restrictive (not BSD!) license has been a feature of Berkeley DB for a while:

http://en.wikipedia.org/wiki/Sleepycat_Software


Regarding a Berkeley DB equivalent, how about Tupl?

https://github.com/cojen/Tupl

> Tupl is a high-performance, concurrent, transactional, scalable, low-level database. Intended to replace BerkeleyDB, Tupl supports true record-level locking. Unlike BerkeleyDB-JE, Tupl doesn't suffer from garbage collection pauses with very large databases. Tupl also includes support for cursors, upgradable locks, deadlock detection, hot backups, striped files, encryption, nested transaction scopes, and direct lock control.


In Java. For a low-level in-process library that most people link in to their actual app Java is completely unsuitable. Not quite sure how this replaces most of the BDB use-cases, but if you are going to run in another process then there are a whole host of options to consider. Tupl looks pretty interesting and it would be fun to have a reason to play with it, but this does not handle any of the cases where I turn to BDB.



changing to it for an infrastructure library, is really a backstabbing move.

Well, Berkeley DB was already a copyleft library[1] (basically a BSD/MIT-style license with an extra copyleft clause). So, unless you had a commercial DB license, you already had to provide the source code for applications that used it. This 'just' extends it to applications that are used over a network.

[1] From the Berkeley DB license:

3. Redistributions in any form must be accompanied by information on how to obtain complete source code for the DB software and any accompanying software that uses the DB software. The source code must either be included in the distribution or be available for no more than the cost of distribution plus a nominal fee, and must be freely redistributable under reasonable conditions. [...]


The old license only required providing source code if you redistributed it. The new license requires it even if you never distribute anything, e.g., you use it in the backend of a SaaS app.


That more or less just brings the license up to date with the original intent. You used to typically have to distribute apps if you wanted end-users to run them. Now you can half-distribute the app by only distributing the client half to browsers, and claim that that doesn't constitute redistribution. The AGPL, on the other hand, defines that kind of half-distribution as distribution.


> you can half-distribute the app by only distributing the client half to browsers

Calling the client portion of the code of an SaaS application "the client half" is a stretch. 1% is a better estimate, and "1%-distribution" is a better word than "half-distribution". The client portion of code has its source distributed at the same time as when it runs on the browser.

> That just brings the license up to date with the original intent

The only clue to intent users of software have is the specific wording of the license. Changing the license cripples the software. How do we know the original intent wasn't to bait users in with an wrongly used license, then change it later on?


Yes, that's what I said, it's the definition of copyleft.

For most companies the open source version was not acceptable anyway. E.g. most customers with sensitive information (such as government organizations) require on-site firewalled installations of your software anyway. So, you either pony up the relatively high per-CPU cost, or use a less restrictively licensed alternative such as leveldb.

This change will mostly make a difference for web applications. But my point was that Berkeley DB was already licensed quite restrictively before, contrary to some people's beliefs.


So fork it from the older version - that is still available under the old license.


The AGPL requires no such thing. If you use BDB in the backend you don't have to open anything; only if you actually modify the BDB source code.


What an absolutely horrible company Oracle is. They are without a doubt the biggest enemy to free and open source software, and I'll be glad when they're gone.


I agree with much of this, but mainly on their sales and marketing tactics.

However, what does your rationale for finding them reprehensible have to do with the article? The Affero GPL/GPLv3 is arguably the most open source license available.


The Affero GPL has a clause requiring the operators of network servers that use AGPL code to provide full source of the network server. Berkley DB is used in, amongst other places, Subversion - so when they next do a distro upgrade in a few months, a whole bunch of developers are going to find they're no longer license compliant and have no easy way of becoming license compliant.


That's nonsense.

Using SVN has nothing to do with SVN being under GPL2, GPL3, AGPL, Apache or any other license that allows for free use, as long as you don't modify SVN and distribute (or provision over the network, in case of AGPL) the modified version. Using SVN to hosting your code repository is in no way modifying and distributing it.


Unless you are modifying the code the section 13 of the AGPL does not require you to distribute source at all so most distribution users would never notice the difference. I guess this might effect you if you had some crazy internal fork of BerkeleyDB that you were regularly merging upstream into but that doesn't seem like a huge use-case for this software somehow.


Subversion is Apache licensed, so I fail to see how this would be a problem.


Subversion uses bdb as its backend.


And the Apache licensed Subversion is still compatible with AGPL licensed BDB. What am I missing here?


Apparently the Apache License is not compatible with AGPLv3. I confess I do not understand why.

http://lists.debian.org/debian-devel/2013/07/msg00041.html


I thought the BDB backend for Subversion had been deprecated for years...


As TFA says, the problem is the anti-tivoization clause, which creates issues for web developers, issues which weren't there with the previous licenses and that should push more people to buy commercial licenses as insurance.


No, the article does not mention the anti-tivoization clause. The AGPL requires you to share the source code with users, even when the software is hosted on your machines. That's what differentiates AGPL from GPLv3.


Apologies, I thought that was exactly the anti-tivo provision of gpl3/agpl ? Not that I've looked too hard, it's really not my field.


It's a slight bummer but not really a big problem. If the community doesn't like the license it'll just fork and we'll end up with a similar situation to MySQL and MariaDB.

i.e. we're better off in the end. Open source lives because of it's contributors and can not be killed off by a corporation.

EDIT: Removed my 'opinion' because it's not important :-)


So the problem, if I understand it correctly, is that you want to create a commercial product out of free building blocks, and you're angry that the author of one of those building blocks in changing their license so that you can't use it any more and still sell your product?


I don't understand the sentiments in this thread. They own the thing. They do whatever they want with it. They have paid good money for it. Yet they have chosen to give it away as free software (with a license even Richard Stallman and the other FSF folks would approve). What is this sense of entitlement here on HN?


It is not the change of license in itself that makes people think it is a questionable move, it is the strategic nature of this decision.

When building a solution/product, you have to choose the components you use, and invest in it, in time and sometimes money, and its technical and legal specificities can have strong implications on your solution.

License change is a hazard than can happen, and it is also one the harder to foresee, and when it happens to a product to you depend on it can have a big impact.

And it is Berkeley DB, same house as BSD known for the ultra permissive license. I wouldn't have anticipated that, and I guess with many others.

Given the fact that you may not be able to move to another product, and that your business may depend on the license permissiveness, it can be assimilated with totally legal, but nonetheless, extortion.


I wish people acted like this when Sparrow essentially stopped being developed. But the collective came back with: "You got what you paid for" and "You can still use it" and "You shouldn't have expected free updates for life."

And when free services shut down, or start charging, they say "If you aren't paying for it, you are the product" or "You can't complain if you didn't pay for it."

So now the same thing happens for the BDB, and people are upset. But it's the same exact thing. Well, except the BDB's older versions are still available with full source available, and there has always been a paid license available. And the AGPL only applies if you are modifying the BDB source.

It's the two-faced nature of this current culture of developers. We'll consume open source products. Hell, we'll contribute back open source tools. Hell, we'll ship it under BSD because we are want to be permissive and "really free." But we won't do it with our real products.

> Given the fact that you may not be able to move to another product, and that your business may depend on the license permissiveness

As has been said time and time again: there is nothing forcing you to upgrade. Nothing forcing you to change. You are free to continue using exactly what have depended on.


BerkeleyDB was distributed with the "Sleepycat License" since 1996 which is similar to GPL in terms of permissiveness so it's not like BerkeleyDB has been distributed with a permissive license in the past. If the Sleepycat License suits your needs but for some reason AGPL doesn't, why don't you just take the last Sleepycat-licensed version and keep using that? It still does everything it did when it was released. People could even fork it and make improvements to it.


Your comment demonstrates the difference between legal obligations and social obligations. Oracle has forced their way into and destroyed multiple communities. They have that legal right, but we also have the right to dislike them for it.


> What is this sense of entitlement here on HN?

HN (as a general rule) doesn't support free (as in speech) software.

It's interesting to contrast Oracle with webapp providers who haved move from free to paid models. HN (as a general rule) supports the latter and responds to the complainers with "you shouldn't have expected anything from a product you weren't paying for".


I don't understand why is that contrast interesting. Most of those webapps were already proprietary, and some of the paid ones are also Free (as in speech), like NewsBlur. They're completely different situations.


The comparison is actually quite apt. In fact, Oracle is doing less harm than many apps that switch to a paid model, or get acquired and shut down. Consider that BDB is still licensed under the GPL. It's just the new releases are released under the AGPL. You can still use the GPL version.

When an app switches to a paid model, you aren't left with a choice. So even if you invested time and energy into integrating it into your system, you are sunk. You generally don't have a choice.

And if the app stops being produced (e.g. Sparrow), it can never be improved. At lease the BDB allows people to improve the GPL version if they want.

So really, the issue is only a problem if

* You were already modifying the BDB source * You need the latest version

Considering the people with the problem are already modifying source, it's not as if they can't fork BDB. Sure, the cost for using BDB has now gone up, but that can be compared to adopting the AGPL and the changes needed.


Oh, I realize the problems with proprietary software, you're preaching to the choir ;) But I still don't see the point in comparing the two situations.


The problem is that they're changing the license to something more restrictive and less open mid-stream. The clauses in the AGPL, ostensibly made to make things "more fair" result in a lot more needed bookkeeping and management of the resulting software. Utilizing a modified version means you have to provide source, and nearly every instance of bdb has modifications from the Oracle source to patch various behaviors, etc.

Furthermore, there are other, more open libraries that do what bdb does, yet don't have those restrictions. The breach of trust Oracle performed in adding more restrictions makes me not want to use this software in any circumstances, out of apprehension that they may provide more new "freedoms" in the future.


No one (as far as I see) is arguing what they're doing is illegal, they're just being dicks


How is giving it away as open source software a dick move?


Giving away isn't dickish. However, changing the terms to a license with more expensive terms of conditions is. Because of the requirement of providing source with "modified" versions, you have to now provide a source download with your software, even if you make the most subtle of changes. Furthermore, as most OS distributors patch their version, even using the provided version becomes legally suspect. All of this makes lawyers nervous, and more apt to just throw money at Oracle instead of having to do a ton of auditing at the risk of expensive court action.


I understand what your are saying yet I can't help but feel that you guys are being a bit unreasonable. You know what would be a dick move? If they killed the open source version and sued the current users of the open source license with some ridiculous patent claim. That would be a genuinely dickish move worthy of an evil empire such as Oracle. Yet they are doing exactly the opposite of that.


Those people who think this is some sort of enormously evil event that will kill BerkeleyDB because the AGPL is the evilest most restrictive free software license ever should probably read Section 13 here http://www.gnu.org/licenses/agpl.html

This pretty much only affects you if you are running some weird internal forked version that has upstream merged into it regularly. I don't get the impression that this is a common situation for BDB users.

(Although since Oracle did it it's probably inherently evil anyway of course.)


You are absolutely right about the license, but I think you're confusing Oracle with Google. Oracle aren't evil, they just want your money. It's Google that wants to know everything about your life so that it can give you an IV line of ads. Google - evil, Oracle - just greedy :)


Wow, Oracle has did again. Oracle has proven again it is now the single most evil software company out there, surpassing Microsoft. What they are doing is to incrementally convert open source free software into their proprietary cash cow.


Oh that AGPL cash cow... Damn you Richard Stallman and your capitalistic ways!


how does this affect Python users? Berkeley is part of the default standard library and is installed by all Python users everywhere.


Wasn't it removed in python3, and deprecated since 2.6?


still included with the batteries in 2.7, which comes with most distros.


Oracle angering people with questionable money-driven greedy decisions? Yep, sure sounds like the Oracle we've come to know over the years. While the licence in itself isn't bad, making such a big change like that and essentially forcing people to buy licences is a dog move.


In Python 2.x there was a module for Berkley DB which is removed in Python 3 (bsddb module). I'm curious that since Berkley DB has always had a strong copyright license and it was not PSFL, how things worked legally. There is no mention in the docs[1] that if you use an import bsddb in your code you have to make it open-source. When they decided to remove it there was no mention of the license, just difficulty of maintenance[2].

So, was it possible to use Berkley DB without releasing your code as open-source before this change or was it because no one thought it was necessary to mention it in the docs?

[1] http://docs.python.org/2/library/bsddb.html [2] http://jessenoller.com/2008/09/04/stirred-up-dem-bees-should...


I thought bsddb was not actually shipped with CPython, and had to be manually built (which was a pain and would invariably fail, IIRC). I guess people were supposed to check source docs.


No, not really. This is what happens in my normal Python installation in Windows:

    Python 2.7.5 (default, May 15 2013, 22:43:36) [MSC v.1500 32 bit (Intel)] on win 32
    Type "help", "copyright", "credits" or "license" for more information.
    >>> from bsddb import db
    >>> print db.DB_VERSION_STRING
    Berkeley DB 4.7.25: (May 15, 2008)
    >>>
And this[1] works completely. Just replace bsddb3 with bsddb.

[1] http://code.activestate.com/recipes/189060-using-berkeley-db...


It was only possible if you bought a commercial license from Oracle. You do check licenses for everything you import don't you - you should!


I check the license for everything I install. And I always thought the whole Python installation was under PSFL.


Oracle is the Wall Street of IT industry. Toxic business practices and disregard to customer interest. Profit is the only imperative.


Why do people complain when Oracle changes the license to a Free license? Just kidding. Denounce Oracle but also denounce the "Free" software zealots who invented unfair licenses like AGPL.


To be more precise: AGPL was invented by commercial software vendors to combine the aura of free and open software with a (largely unsuccessful) Shareware/Freemium business model.


What makes the license "unfair"?


Fortunately for those not keen on the new licensing scheme, it seems like there are some other solid options on the market now for on-disk embedded key-value storage, under a variety of licenses: LevelDB, Kyoto Cabinet, and the new LSM library from sqlite4.


If you change a software license, are users of that software bound to the new terms if they don't "update" to the version of the software released with the updated terms?


No, you can’t apply licenses retroactively—if you have a version with the old license it is still under that license.


But you can stop supporting the older versions, say, by only applying fixed bugs to the newer versions.


My startup works on free alternative (apache licensed) db engine. When I saw title I was really woried they would change license to more liberal. That would affect our future sales seriously. But this is great new for us! :-)


Why are you worried about the "future sales" of your free bob alternative?


We sell non-free tools and services.


I feel this post has shown that many don't understand what AGPL is or just assumed that because the article is about Oracle and licensing then it got to be evil, let's bash Oracle!




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: