I am reminded of an story posted here on HN many years ago about a professional photographer who published photos under cc by-nc with an option to buy for commercial use. The amount of infringements online were massive to the point where they had no chance to even respond to them all, and most of the time when they did inform an infringer who used the content on websites or advertisement campaigns the company either removed the content or ignored the author.
The amount of piracy done by companies is pretty significant and there is sadly not many ways to prevent it.
Funny enough, when Yo do license something, folks on the internet won’t believe you. A few years ago we licensed an amazing animation we found on dribble and folks on Twitter accused us of stealing and removing the artists name...
Enough people accusing you of this that it actually got under your skin?
If I created an amazing enough animation that random strangers on twitter recognized it... I mean, I'd say that if you're getting called out for using it and removing the artists name that's pretty amazing in general even if it sucks in this specific instance.
I find it shocking that strangers would actually stand up for an artist on the internet that seems to be having their work used without permission. Shocking in a good way.
Easy enough to address I hope with a note from the artist, though maybe I underestimate how fast Twitter dog piles happen...
Is there a technical issue where an authoritative source responding to the issue gets obscured? That sounds kind of intentional. If people are only replying to the claim and never even see the authoritative proof it seems very bad.
Maybe it's a Hard Problem. I've seen people send me twitter links as evidence and it's just embarrassingly wrong. Like the sources in the twitter posts didn't even say something related to the claim the twitter post did. It was weird that it was viewed so uncritically by people quite familiar with the internet in general.
>I find it shocking that strangers would actually stand up for an artist on the internet that seems to be having their work used without permission. Shocking in a good way.
This happens a lot. Artists have followers who like them and want them to succeed, and those followers will get mad and notify the artist if their images are being sold/used illegally.
It seems like people have normalised "paying in exposure" (by keeping the artist's name), and the fact that someone actually pays for art is outrageous...
Last night I was looking up CNC controller boards for sale online. Many of them come with Mach3 software, with instructions to copy a special 'L1c3nse.dat' file to your C:\Mach3 folder.
Yep, I bought a Grbl board. Still, the accepted amount of piracy around Mach3 is surprising. There's a whole cottage industry based around pirating that software.
Yeah, I bought a Mathematica 12 license from a company on eBay for $100 recently. I figured maybe they acquired it in some sort of liquidation sale, or something. $100 wouldn't be an unreasonable price in that context, since it typically sells for around $350 for a personal / hobbyist licence. Turns out they want you to download the app from some shady site that has nothing to do with Wolfram Research, then email them for a license code.
Yeaaaahh, no. I know you're asking me to download some pirated shit and then just running a keygen. I could do that myself for free if I was interested. No, thanks.
All I'm really wondering now is if there's anyone other than Wolfram Research and eBay that I should report this to.
There are, you hire a company to track down public usage, and scaring infringers into reparative licensing fees with the threat of court time. I think we all hate these companies, but they have a place if their methods are fair (eg let you C&D without payment if the usage isn't too gross).
Seems pretty trivial to automate too. There are an abundance of search APIs, content detection has gotten easier, and keywords probably get you 90% of the way there.
You can automate the detection but if you try to automate the scare-o-gram you can come across as a scammy douchebag. It can hurt business if you start threatening nunneries and schools, and persistent threats could be considered harassment; get you in trouble.
As much as I hate agents, they're good for taking flack. You can publicly fire them if they make children cry, etc. You'll still want to keep an eye on them but might be worth the disengagement just for general mental-load purposes. Let you focus on direct customers rather than even worrying about infringement.
Last year, I enforced the CC-BY license. It's not even a copyleft license, but the outcome was similar.
Affinord, a cheese seller, used on their own website a photograph I had shared under the CC-BY license on Wikimedia Commons, without any attribution (the only thing required by the license). So I sent them an email saying that I was very happy they used my photograph and explaining how the CC-BY works, asking them to fix the attribution issue. I never got an answer to my email, but the next day, the photograph had been taken down :-(
I think a likely explanation is that the non-technical person who got the email thought it would just be easier to remove the image than try to figure out how to add the proper attribution to the website.
And they were almost certainly correct... that's probably what I'd do if the image was not especially important. But I'd also create my own graphics in the first place.
I'm definitely not a GNU fanboy, but AGPL is the best open license if you're scared about heavily commercial usage from 3rd party. There's another options, like proprietary license, proprietary must-have addons/parts/kernel - here you losing fame & contributors.
AGPL scares away both users and contributors. I would not touch either with a 10 meter pole.
So no, it's not the best license.
Case in point: This story is about how someone would rather not use the product at all, than be subject to the AGPL. Same with me as an employee, and as a hobby individual.
AGPL is good at one thing only: scaring away people.
It's designed to scare away open source hobby programmers? And users? This seems like "avoid success at all costs".
The way I see it there are two kinds of potential AGPL software users and contributors:
1. Those who have not read and/or understood the license, and just go with it. They likely will be fine, because who's going to sue John Doe who built his first website in PHP, but didn't publish his AWS script for launching mongoDB?
2. People who nope the fuck out when they read the license, and don't become contributors or users.
(1) are violating the license. (2) are not using it at all. So what an AGPL software author does is take the pool of potential users and contributors, and divides them into those who nope out, and those who violate the license.
And is that really good honest work you can be proud of? That reminds me more of the music industry of 15 years ago. They gave their customers two options: Have to deal with spinning plastic, or pirate. In this comparison the former is "nope, guess I won't listen to that band, then".
AGPL software authors often make the point you are: Well nobody is using plastic, and so what if they pirate the software? They're not profiteering on it, and it was free anyway.
Just make a license that says it's not allowed to be used by companies of size greater than X.
> Just make a license that says it's not allowed to be used by companies of size greater than X.
That kind of license would not be free or open source. Such a restriction is not allowed in both the Free Software Definition and the Open Source Definition.
> A free program must offer the four freedoms to any user that obtains a copy of the software, provided the user has complied thus far with the conditions of the free license covering the software. Putting some of the freedoms off limits to some users, or requiring that users pay, in money or in kind, to exercise them, is tantamount to not granting the freedoms in question, and thus renders the program nonfree.
The AGPL is both a free software license and an open source software license because it ensures certain freedoms for end users, including source code access. Intermediaries who want to host modified AGPL-licensed software, but do not want to release the source code for their modifications, have the option of negotiating a commercial license with the original developer. The commercial distribution of the software would be nonfree, but it would fund development of the free software.
> That kind of license would not be free or open source.
I agree. And I'm saying AGPL is de facto not free software, because ~100% of serious (even hobby) installations violate it, even if it's free software de jure.
And independent of this I also think AGPL violates freedom 0. E.g. the AGPL explicitly forbids you from running a service combined with proprietary software. You are NOT allowed to run a service by combining AGPL software with a binary blob you don't have source code to. How could this possibly be "The freedom to run the program as you wish, for any purpose"?
If I'm not allowed to run X with Y, how is it "as you wish, for any purpose"?
> have the option of negotiating a commercial license with the original developer.
Only if ALL contributors (aka copyright holders) agree to this. Copyright reassignment is needed from the beginning of the project, for all contributions.
I am in no way an expert, just a novice in gpl licensing but I have some questions.
Why do you say agpl is not for free software / hobby ? From my understanding which could be wrong, is that you are free to use "this" software if you give the same freedom to your downstream work and any modification you do must be given back to original work. Why is that difficult ? If I am using libreoffice and I develop a fix for bug that I found in my usage, why not give it back to the entire community so that the software is made better for the entire mankind?
Second, which is more important than anything hobbyist use, if I am a for profit corporation looking to earn money, why should I be allowed to take existing code built by God knows how many volunteers, make slight changes and market it as "my" product and totally ignore the work done by these people?
From what I have been reading over time, no one is going to come after a "serious hobbyist" if they ran GPL code in their projects having proprietary blobs. That is just scare mongering.
Leeching off of work of community and passing it as own work without passing modifications and improvements to community is what the issue is and unless you want to do that, fine. Use commercial or software that is permissive only.
> Why do you say agpl is not for free software / hobby ?
I mean it's not free software, even in the context of the user using it as a hobby thing. Is that what you're asking?
> From my understanding which could be wrong, is that you are free to use "this" software if[…]
So that's a problem right there. You are free to use this software "if…".
FSF's free software definition includes freedom 0: "The freedom to run the program as you wish, for any purpose (freedom 0)"
So I guess I can flip the question around to you. How do you mesh these things:
0. The freedom to run the program as you wish, for any purpose
1. I wish to run this software intertwined with some proprietary code
2. The purpose is to run it as part of a service offered to the public
3. The software is AGPL
4. The AGPL states that I cannot combine 1-3.
5. But I wish to combine 1-3 together, and 0 says I can run it as I wish for any purpose.
> Why is that difficult?
It's not difficult, it's logically impossible. My conclusion is that AGPL throws away freedom zero. And if that's out, then the license could just say "may not be used by companies above size X". And it's not free software.
> If I am using libreoffice and I develop a fix for bug that I found in my usage, why not give it back to the entire community so that the software is made better for the entire mankind?
Indeed. The problem here is that what if it wasn't a bugfix, but a feature where you added support for your company's SSO system, and used libraries that are not open source?
Or what if you're writing a script to launch openoffice in your VMware cluster, to convert from .doc to .docx. You now have to publish that script, if in any way connected to any service that anyone else would possibly and indirectly access.
Like, you can't use openoffice as a report generator in this way without publishing the script that launches openoffice on your cluster system.
And if you edit /etc/init.d/mongodb, you do have to publish that new version.
> Second, which is more important than anything hobbyist use, if I am a for profit corporation looking to earn money, why should I be allowed to take existing code built by God knows how many volunteers, make slight changes and market it as "my" product and totally ignore the work done by these people?
I don't think your scenario here is right. All open source licenses require copyright to be clear. Even BSD license without advertising clause doesn't allow you to claim it as your own.
But reading your question as only applying to services. Hmm… how is this different from you running a blog and not acknowledging all the work that went into the Apache webserver? Why does the public have the right to your startup scripts and apache.conf?
Why do they have the right to your cronjob script that installs a new letsencrypt and restarts the webserver?
Because this is what AGPL demands.
Nobody thinks Amazon invented xen or Linux. Nobody operates in a vacuum. Even Nobel prize winners didn't derive physics from first principles.
The AGPL is the most extreme. I don't think you should consider it the norm. There are many popular licenses that deliberately chose to allow modified binary releases. BSD, for one. And that's fine.
> From what I have been reading over time, no one is going to come after a "serious hobbyist" if they ran GPL code in their projects having proprietary blobs.
Don't confuse GPL and AGPL. Doing that is entirely allowed by the GPL, and thus there's nothing to "come after". Because GPL has freedom 0.
AGPL though, yes you're right nobody is going to go after you and your blog. But you're still in violation. You are pirating that software, because if you don't follow the license then you have broken the contract under which you're allowed to have it, and it defaults to you not.
So you're not actually using AGPL. You're just pirating.
But no, nobody's going to come after you. Unless they're a dick. But you're in the wrong, so if you do get sued you'll likely lose.
> Leeching off of work of community and passing it as own work without passing modifications and improvements to community is what the issue is and unless you want to do that, fine.
I do recognize the problem. The best weapon against it that we have is that it's expensive to maintain your own fork, and to keep merging it with upstream. Part of the reason Google et al contribute to the Linux kernel so much is the selfish reason that it's MORE expensive for them to maintain their own fork with local patches they have to apply every time there's an upstream release. It's why many companies contribute. I've done it too, and small and big companies. It's just cheaper to upstream your patch, and have it show up a while later in an apt-get upgrade.
That won't always work, though. But choosing AGPL all but guarantees no corporate users or contributors. And many many non-corp too. And your project is all the worse for it.
And do you want to make good software for the world to use, or do you just want to stick it to the man? To end on a similar note to you: if your goal is not to make something good, but to stick it to the man, then fine, use AGPL.
one thing.
Distribution. isnt the point of these licenses applied when you convey to the public, or users or such? from what i understand, you are fine whether AGPl or GPL or LGPL as long as its internal and not for distribution or selling or whatever.
in your example, if your SSO script is used internally, i dont think you need to open source your properietary blobs and all source code. it is only when you sell the product, or distribute it to your customers on the web for example is when you need to care about this thing.
AGPL triggers not only when you distribute the binary, but also when the AGPL (or derivative work, or "corresponding source") is part of a service offered, even if it's not distributed.
This is the so-called "hole" that AGPL is intended to plug, and is unique among well knows licenses.
IOW if you use mongodb as a backend database for your photo website, then it gets triggered.
> It's designed to scare away open source hobby programmers? And users?
Just giving my two cents: I don't have any trouble contributing to AGPL projects. Mind you, I haven't contributed much in general, but still.
As for using AGPL projects: Well, I wouldn't want to offer someone else's project as a service and poach potential users for the maintainers in the first place. But if I did, I wouldn't mind contributing back any modification I made.
Now, using them as dependencies—for just one part of an application that you want to keep otherwise private—is a little trickier because I'm neither a lawyer nor has the AGPL been tested in court as far as I know. The crux of the issue lies on whether dynamic linking makes a piece of software derivative; the FSF thinks it does (at least from what I read in their FAQ), but that also hasn't been tested in court (again, AFAIK) and one's interpretation could be entirely different. If it isn't derivative, then there's no problem with using AGPL software strictly as dependency. And, if it is, well, in the world of microservices you could just create a thin wrapper over the AGPL library, run it as a service, and release only that.
Then again, if one assumed that linking doesn't make a work derivative, then there's not much difference between the GPL and the LGPL (once again, AFAIK). It's a nuanced issue, to say the least.
It’s rather effective in that regard. When I worked in BigCorp, the open source contributions had to be reviewed. There was a blanket policy that anything GPL/AGPL was not to be touched under any circumstances.
What a weird reaction by that company. The time it took them to discuss it, investigate, and respond could've easily been used to comply with the license. I'm already happy with my current hosting but they've been added to my shitlist either way.
They probably had hacks in the code they didn't want to show, but all in all I suspect they were making so little they just thought it wasn't worth continuing with it.
Most of these sites simply vanish at some point, with kind of defeats the purpose of using them to simplify their operation as you need to be ready to look for an alternative on short notice and it's a security concern.
OTOH what are the chances that the code changes would be of any use to the author?
We can only speculate, but my suspicion is that they simply felt a bit ashamed. Telling a person they have been breaking the law for years, especially if they have a personal need to feel professional, can easily send them into panic mode. Removing the site and any record of it gives them a way to put it behind them.
Complying with the AGPL license actively (continuing to use it, and redistributing the modified source) is only possible if the modifications are GPL-compatible.
It could be that the time it took to discuss and investigate the issue led them to realize that they don't want to release the material, or possibly cannot.
If a program is only GPLed, then it can be put into service with GPL-incompatible changes. In that form, it cannot be redistributed, but since that is not required, there is no problem.
If a program is AGPLed and is put into service with GPL-incompatible changes, then there is a double problem. It must be redistributed, but in its present form it cannot.
Not necessarily. If they were to comply fully they’d need to release appropriately licensed source code for all previous versions of the site too. As in, the OP could say: “I visited your site X days ago, please provide the source for the code I ran”.
No, that’s not how it works. If someone runs a web site with code released under the AGPL, but they have removed the source code download link, they have violated the AGPL, and therefore violated copyright law. There is no way out for them by offering to send source code after the fact.
The copyright holder can choose not to pursue the matter if the web site hosters send the source code, but that has nothing to do with the requirements in the actual AGPL.
The AGPL requires you to provide a link? That would be weird. AFAIK, the GPL does not demand that. It suffices to send the source code on demand. Besides that, what would happen if your link would stop working?
Where I work, we use a lot of free software to build our product (various licenses) and I am happy to hand over the sources of these libraries to anyone asking. So far, no one has asked, though.
> If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later.
So if you don’t send the source along with the binaries then you need to make a written offer to your users. However, [2] states that:
> If you make object code available on a network server, you have to provide the Corresponding Source on a network server as well.
So you can’t publish the binaries online but only distribute the source via physical media, for example.
It requires you to prominently state the license choice and some consequences thereof, and if you don't provide a link or a physical copy of the source then you must proactively provide a notification that the source is available (there are constraints on that notification, but I don't remember them off the top of my head).
It definitely does not suffice to simply send the source code on demand without additional up-front work.
To be precise, the AGPL requires that, if such a link is present, you may not remove it. And yes, this is precisely why AGPL exists and GPL is not always sufficient.
Do the GPL licences specify any archival requirements? I would have thought that when you stop distributing the product containing the source code the responsibility to continue hosting the source code ends too?
> Do the GPL licences specify any archival requirements? I would have thought that when you stop distributing the product containing the source code the responsibility to continue hosting the source code ends too?
It doesn't cure the past violation, but a whole lot of legal importance rest on knowing violation, and continuing after being informed of the violation can, in addition to being evidence that you violation after the notice was intentional, weaken your argument that the violation before was not, so stopping a violation once you are informed of it reduces, though does not entirely eliminate, the legal risk. So, a hard stop on use when you are informed your currente use may be illegal is a perfectly sensible response in most cases even if you are evaluating whether your use was illegal and whether, if it was, you should, in the long term, either stop the use permanently or conform to whatever legal requirements attach to use.
> and respond could've easily been used to comply with the license
I agree it's a weird reaction to take the site down when pushed, and try to get away with it to begin with, but I also think that them removing the site entirely was a very likely outcome from the beginning, and probably the best move for that company.
If they missed the AGPL requirement from day 1 (likely) and they're developing at the typical level of a small business who misses things like licencing requirements, then their source code is likely not something they can release. It's likely to have hard-coded credentials, and it's even possible that the licence for their translations don't allow them to distribute them elsewhere! They might have conflicting licences.
As unsatisfying as it is, taking the site down is a reasonable step – it mostly addresses the complainant's request by ceasing to violate the AGPL.
> could've easily been used to comply with the license.
The AGPL is pretty much impossibly to comply with. Read the part about "Corresponding Source" and think about just how much Corresponding Source is out there.
E.g.: If this company ran the service on AWS, then the source code for their provisioning scripts for AWS to run the service would be in scope. And those scripts probably pull in internal libraries.
Or not. You may find out after a multi-year court battle that this part of the AGPL is unenforcable. Who knows? It's lose-lose anyway.
It's absolutely not worth it to run AGPL. It's not a weird reaction at all. It's probably the only possible action.
The AGPL is designed to be impossible to comply with if any modifications are made to the program which are GPL-incompatible.
That's the purpose of the AGPL.
It's a political tool for the GNU ideology whose intent it is to prevent the free software from being used for building services that are are also built on proprietary software.
Those situations cannot comply with the license, by design.
The AGPL is not about the user freedom at all. The user has no freedom because the user has no administrative access to alter the service software.
The software can do bad things that are harmful to the users, yet fully comply with the AGPL. The users have to accept that, or not use the service. The FSF wants it that if the users are going to be abused by an online service, at least this should be done with entirely free software, and that's where the AGPL comes in.
The AGPL (and copyright licensing in general) is completely the wrong tool for actually doing something to combating the social problem that people are becoming dependent on SaaS that is out of their control.
No, you don't have that option for any site that matters. For instance, even if your bank uses nothing but AGPLed software, you can't just "git clone" their code and run your own fork of their online banking site.
Or: even if Facebook were thoroughly AGPLed, running your own copy would be next to useless because only you and three other people would be there.
Not having a copy of the exact software that services are running is not what is gnawing away at your freedom. It's completely the wrong problem to be focusing on.
This feels like the kind of scaremongering that was common about open source on general a few decades ago.
A script that calls a piece of software is not a derived work. Otherwise, all build systems that have ever been used with GCC would have to be GPL-licensed.
> A script that calls a piece of software is not a derived work
If that script relies on that software, it is a derived work. If that script is GPLed, then that software must be GPL-compatible, or else it must be interpreted as falling under the "system library exception".
> all build systems that have ever been used with GCC would have to be GPL-licensed.
The tools required to build GCC on a proprietary OS can be regarded as landing under the system exception.
It would almost certainly be a GPL violation to add a patch to GCC which causes it to require a third-party proprietary program or script in order to build (something not coming from a target system itself).
> A script that calls a piece of software is not a derived work.
Probably not, but it is "Corresponding source" in the AGPL license.
> Otherwise, all build systems that have ever been used with GCC would have to be GPL-licensed.
No, because:
1. AGPL is not GPL. GPL doesn't have the concept of "corresponding source". AGPL does.
2. Build systems were not built for the purpose of building software X, they were built for building any software. In other words, a completely freestanding source code that can ONLY link with the Linux kernel IS in scope for GPL, as derivative work. E.g. see legal status of out-of-tree binary kernel modules.
Or another comparison: Your LD_PRELOAD library that overloads write() will work with any software, and therefore is not derivative work. Your LD_PRELOAD that is made only for a GPL tool does in fact link with it, and probably (don't know if there's a court case on this yet) does mean it's GPL.
Your script that can only be used to launch an AGPL software thingy IS "corresponding source" and/or (could be both, a court has not tested this) "derivative work". It's certainly not neither, and therefore it falls under AGPL and must be published.
Uh, a lot of people are missing the point on AGPL here. AGPL wasn't meant to be easily used in every project by every individual or company out there, it was meant exactly for the effect it's having: Making you skip it if you're not willing to contribute back, while keeping the abiliy to free software creators to easily use it.
I agree, this is the reason that I release software under the AGPL: I intend for consumers of my projects to adhere to the terms of the licenses they were released under, otherwise I wouldn't have released them at all.
Another point that people seem to be overlooking is that even if the software had been released under a more permissive licence like the BSD licence the site still would have been in violation of it because they didn’t provide attribution, and even had the temerity to claim the code was theirs.
In all likelihood the outcome would have been the same regardless of what licence was used.
... and despite all the doom-and-gloom, that's how most AGPL / GPL enforcement goes in practice. People fix the issue. Everyone moves on.
A few legally naive organizations avoid AGPL due to perceived liability. I have yet to see a case with that million-dollar payout. Perhaps lightening will strike and you'll be the first, or perhaps there's minimal risk because that's not how laws work.
(Disclaimer: Above applies to common law jurisdictions, like GB and US; I have no idea about French legislative law, Asian courts, etc.).
GPL was found to be inapplicable in French copyright court, however it should be applicable under contract law. The developers lost 9 years and a good chunk of money suing, they even had to pay some legal fees.
It sounds to me from this article like the case was dismissed because the plaintiff didn't sue for the right thing, rather than specifically the GPL being judged inapplicable.
> GPL was found to be inapplicable in French copyright court, however it should be applicable under contract law.
Do you understand exactly why the GPL was inapplicable? I was unable to figure it out from the article. My guess is that the defendant may not have actually been copying or distributing the GPL-licensed program. The defendant ran a portal for a client which incorporated the program, but it's not clear that their derived software was being distributed. So, if they did not copy or distribute the program, then their actions would not fall under copyright (or author's rights) infringement. If the copyright action failed, then the plaintiff might try a contract claim, but that doesn't mean that the GPL will necessarily be treated as a contract.
Also, could you cite some authority for the assertion that there is no distinction between licenses and contracts in French law? The concepts are quite different.
Why? See the edit in my other comment https://news.ycombinator.com/user?id=user5994461 that's the single line explanation of why (and yes it's really dumb to waste 9 years on that and lose the case).
Is this largely because no one previously thought to consider the GPL, a US legal invention, under French law?
The English speaking tech industry often forgets other countries are other countries.
How could they spend 9 years and 14000 Euros on a dispute that should have been settled in 1 day by any French lawyer? ("Licenses don't apply to counterfeit law in France; a license is treated as a contract")
They considered it, that's partly why the GPL is drafted as a contract and it is the way is, to be enforceable in countries that accept contracts but may not accept copyright.
There's a similar issue in US law, you could make a case base on copyright ground or on contract grounds. You should typically sue on both grounds (and anything else you can think of) to leave no escape plan to the offender. I believe that copyright is "stronger" and can award more punitive damages so it's preferred, it's all about money of course.
France have droits d'auteurs (authors rights) and contract law. There's also different ways you could sue for different outcomes, the developers went for counterfeiting hoping to seek the most damages (a very reasonable choice). The judge ruled that you can only go to contract court because GPL is a contract and that's it, he pretty much ditched the case.
edit: There's a French principle stating you can't be pursued for both a contract and a civil violation, the contract takes precedence, in a sense by having GPL the developers ditched their right to hold their authors rights. lol
Of course there's another 10 major details covered by 10 other laws that conflict with one another and could have justified any outcome. It's all fascinating and incredibly messy. If you thought they should have gone to the right court, it's not simple, "right court" wasn't a defined variable (and it is still not because the case is going to appeal to try to redefine what's the right court).
> "License" is an American concept that doesn't exist in France and much of the world.
The concept of license exists in France even if the word used is different. In common law countries, we say that a contract must be supported by obligations on at least two parties in order to be enforceable. What we call a license fails that requirement because it is one-sided and merely gives permission to do something, usually with conditions. But the distinction is largely academic and the concepts are similar (e.g., permission to do a thing is functionally the same as a promise not to sue if the person does the thing). From your article, it appears that the word contrat is used in France for for both bilateral contracts and these types of permissive use agreements, e.g. contrat d’utilisation, which seems perfectly reasonable because of how similar the concepts are. So, the concept clearly exists in France even if the word used is different.
Similarly, the rights that common law countries call copyright are encompassed by Author's Rights, specifically the "economic rights". Author's Rights, however, also include "moral rights" that are not a part of copyright. Those rights may also exist in common law countries, but they may fall under some other area of law, such as "Right of Publicity" or "Right of Personality".
In both examples the concepts and rights exist (mostly) in various legal systems, even if the words used are different or if the rights are found in different sections of the law.
I think there's a bit of unkindness in your post. It isn't that nobody in the last 31 years working with the GPL has ever slapped their forehead and suddenly realized "Oh my gosh! Other countries exist!" It's that trying to write something like the GPL to work in multiple major legal systems at once is somewhere between superhuman and impossible. In the "impossible" case, there may be legal systems where neither it nor anything substantially like it can either in theory (by the letter of the law) or in practice (by how people behave, such as places like China that have historically treated foreign IP contracts as suggestions at best) is possible.
It is a bit strange that the lawyer did not file a case under the right law and under the right court, since one would guess that is the job of the lawyer to know.
Then again a copyright license is a bit of a strange beast. I could rewrite a license as being a simple set of permission, with a list that goes through every combination of behavior for which the license permits. However doing so would be extremely impractical, so we instead have a bunch of permissions with added conditions. This in french law seems to then become a contract which has parties that has rights and obligations.
See the infamous case of someone using scumvm to make games for console...
To make a console game you need to follow an NDA that you won't release source to avoid revealing the API, thus you can't make a GPL console engine unless it is dual license.
What could the consequences be, other than the awarding of damages?
It's not easy to calculate actual damages for the three years of use, because the violation was only that the modified source code was not released.
The idea is that the users of a service are being harmed by not having access to the source code. If none of the users asked for the source code over three years, it's hard to establish a case for damages.
If the original author of the AGPLed software is not actually a user of the site, he or he has also not suffered any damages.
Even if that made sense, a court cannot reasonably order such a thing. The site source code can only be released if it can be made GPL-compatible, which may not be possible. For instance, it may be relying on some proprietary third-party piece.
In fact, quite the opposite, the code could be such that if it were being distributed in source form, that activity would have to be ordered to cease.
> Releasing the source code used for the web site when it was still online.
A court will not order specific performance of license terms as a remedy for copyright infringement. It's just not an option. The remedy will be monetary damages only.
If you want to be sure it works in the EU I guess you could use the EUPL instead of AGPL which gives many of the same gurantees, but fits into european law.
"Most" isn't good enough unfortunately, especially since it relies on the author/rightsowner to be happy with moving on.
What if one of the many contributors to some AGPL software that accidentally made it into your production service considers your company the Big Bad Evil and tries to be less reasonable?
> Four days later, they responded, stating that they had discussed internally and decided to take the site offline.
> That concludes our conversation, they took down their site and never complied with the license. I think they're not violating it now, but have done for a few years.
This makes me wonder what their thinking was. Did they decide to take it down because of potential/unknown (to them) legal implications of using it for three years without providing a way to get the source? Or did they think this site is done because of legal issues and then go to the drawing board for creating a different site with a lot more changes (to avoid detection) so that they don’t have to comply with this at all?
> This makes me wonder what their thinking was. Did they decide to take it down because of potential/unknown (to them) legal implications of using it for three years without providing a way to get the source?
Probably. Maybe combined with asking an actual lawyer who likely would look at the license go NO NO NO NO, SHUT IT DOWN NOW, AND NEVER TOUCH AGPL AGAIN!
How does the AGPL differ from some of the other cloud protected licenses that have been discussed here recently? Specifically, the polyform licenses[1] and the TimescaleDB license[2]?
AGPL is compatible with the OSI's definition of "open-source".
Those other two licenses you listed are either fully non-commercial (polyform) or have a clause preventing cloud hosting SaaS (timescale).
I am not going to get into discussion about who has the right to define "open-source", but having the right to commercially profit off of the software is one of the key OSI defined tenets which those two licenses lack.
In the end, AGPL may be able to achieve the same goal of preventing parasitic SaaS solutions that don't contribute back into the community.
The AGPL, like the GPL, does not restrict your Four Freedoms (unlimited use, modification, distribution, and distribution of modifications). Both, however, require you to distribute source code and sublicense when certain conditions are met. The conditions are just different: GPL requires that you fulfill the copyleft when you give people a copy of the program while AGPL expands that to making it available over a network. Both of these ultimately let you have the same Freedoms as long as you don't take action to restrict anyone else's.
Whether or not a copyleft can be considered to be Free is a long-standing argument between the "GNU" and "BSD" schools of thought, albeit the former has long since won out in the broader marketplace of Free Software. I personally hold copyleft as Free, because the conditions that you have to satisfy in order to exercise your freedoms are marginal. In contrast, Polyform and TimescaleDB place a whole host of permanent restrictions on user freedom. It's not "oh you need to give someone the source if you're also giving them a binary", it's "you can't ever host this on a cloud server without paying us". You are defining a particular use of the software that only you can enjoy and nobody else can.
> Whether or not a copyleft can be considered to be Free is a long-standing argument between the "GNU" and "BSD" schools of thought
No, its really not.
Pretty much everyone agrees that copyleft is Free (and Open), they just disagree on whether, and for what purposes, it is a more desirable Free/Open license style than permissive.
Probably not. The consequence of violating the (A)GPL is you lose the right to use, distribute, and modify the software. They could in principle be sued because they were violating the license while the website is up but you'd need to demonstrate losses and you couldn't force the release, only get some compensation (though you could try to use that as leverage to settle for the release of the code). (IANAL, etc)
Right, I think that is a common misconception. A license like the AGPL cannot force people to release their modifications, it can only force people not using the AGPL-licensed software. At best you can sue for damages due to unlicensed usage.
Aren't losses trivial to demonstrate: You didn't get the source code. And in the happy case you can be made whole just by them releasing the code, which is easy if it wasn't modified such that it contains proprietary shit.
Losses are paid in money. So you need to specify a certain monetary value and have the court to agree. While it would be the easiest for settling the case to just release the modified source, I don't think you can enforce that.
IIRC (A)GPL stipulates that you need to make available source, on request, to the people who use your version. This is often interpreted as you need to release publicly, but that is not the case. If I'm remembering rightly then the author can't make them give him a copy of the code at this point, but one of their users could. If they have/had no users that care, there is no more that they need to do. Unless the author having visited their site counts as them being a user of the code protected by the license, then it swings back the other way.
“Visiting the site” does not count as distributing it under the GPL: “ Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying”. If you don’t distribute the work, you don’t need to provide sources.
Doesn't AGPL only _require_ you to distribute the source code when requested? Sure they violated it when the author requested the source code, but surely you'd need to demonstrate that other requests were made over the duration of when the site was up where they refused to provide the source code.
You also have to notify that it is under the AGPL and provide access (e.g. a link) to the license. Technically the source code could be behind an ask-wall though.
I am a developer that contributes to open source both by releasing projects and helping fixing bugs and improving stuff whenever I can.
I always release my own open source projects under permissive licences like MIT. I even did some WTFPL in the past.
I like free software and open source because of freedom. Restrictive licenses are the opposite of that.
It is perfectly fine to me if a company decides to not release a change. They probably have good reasons to do that. And if they don't, then it is just a dumb decision that will end up costing them more anyway.
>I like free software and open source because of freedom.
The MIT license is less free than GPL in the sense that as a user of MIT software I don't get to see the source, modify, and distribute it, whereas with the GPL I can.
The MIT license is more free in the sense that as a developer I don't have to give those freedoms to my users.
It's perfectly fine to prefer developer freedoms over user freedoms, but be aware of both of them.
As far as I understand the licences, this is not true. You can do all of that with the MIT licence, but you are not forced to release everything that uses it at MIT.
> I license all my personall stuff under the GPL and AGPL (where applicable) and dislike the permissive licenses (MIT, 3 clause BSD, X11, Apache) because they allow people to take your stuff and never contribute back. I prefer strong copyleft licenses that force you to contribute. Here is a good article going into permissive vs copyleft licensing.
This is a fair point, however the way it seems to end up working is that people just don't use the software due to the viral nature of GPL and AGPL.
I'd be happy enough to contribute modifications back to projects under GPL and AGPL but, the reality is, if I embed some GPL or AGPL component, service, or product into my site or service we're now in this (at best) legal grey area where we have to figure out how much of what I've done is a modification, and how much is distinct, and there's a risk I just have to hand it all over (whch I don't want to do).
It quickly becomes enough of a nightmare to deal with that it's easier to either (a) find an alternative that uses a permissive license, or (b) build something oneself that offers the required functionality.
It's a shame because it leads to, I think, both OSS and corporations losing out. It would be great if there was some sort of middle ground license that protected against corporate abuse, and forced corporations to hand over changes without the risk of having to hand over large tranches of their other IP. I'm not sure what that would be though, or whether it could be made to work.
The minute it is required to hand over anything, even a single line of code, you will find someone raising the objection you mentioned (“it’s too burdensome to figure out if I have to release 6 characters or 5 characters!”). Stock corporate lawyers don’t like uncertainty, and the smallest of grey areas will be seized upon to block anything “in order to protect the company”.
The reality is that in 99.99999% of the cases, nobody will ever come after you for trying to do the right thing. If you engage the GPL community in good faith, things will work out fine with minimum fuss.
So no, we don’t need another license, we just need people willing to do the right thing.
The problem with GPL is, that it doesn't only require you to hand over any modifications to the GPL code - this would be easily to do, but to any code in a product built containing GPL code. And that is where the problems usually start.
The reality is, not everyone agrees what the reality is and especially a company which takes licenses serious will be very careful to check, whether using GPL code is possible in a project.
And no, we don't need another license, there are plenty of licenses available which resolve the issues. Be it the permissive licenses (MIT, BSD, ...) or GPL with linking exceptions.
> but to any code in a product built containing GPL code.
Citation please. I don't think this is accurate, and is another common misunderstanding of the gpl license family. I frequently see proprietary systems that have a notice list of the licenses they are using, including gplv2/3. Are they all in violation? I doubt it.
GPL is my license of choice, (I have an almost completely gpl daily stack), so I'm not just being rhetorical, if there is something I'v missed I want to learn!
Surprisingly hard to find a simple explanation from FSF, but here is a "proof by contradiction" explaining why should use GPL instead of the LGPL- https://www.gnu.org/licenses/why-not-lgpl.html
Basically, the LGPL exists because the GPL requires any binaries linking to GPLed code to inherit the GPL.
My understanding is that properitary programs can utilize / incorporate GPL binaries via interprocess communication (pipes, TCP, shared files, etc), but if they cannot do intra process communication without potentially violating the GPL.
So it depends on how your define "build" here :)
Regardless, because my role involves creating and distributing potentially proprietary software, I generally handle GPL projects with caution. I'll happily use Linux, but I don't look at the sources. If I see a GPL license on github, I'll generally move on. If I see something is AGPL licensed, I'll move on very quickly.
> Basically, the LGPL exists because the GPL requires any binaries linking to GPLed code to inherit the GPL.
This was my understanding too, but other comments in this discussion seem to imply that this might not be the case.
If you could statically or dynamically link to GPL'd binaries without having to license your own code in the same way, then in the real-life examples I've seen we'd have had no concerns about either using GPL'd projects, or contributing modifications to the GPL'd projects back.
Right. Contributing changes to the GPL'd software itself back isn't the issue. It is the intended "viral" nature of it, that also enforces the GPL onto all code linked to it. See for reference the issues with GPL-symbols in the Linux kernel, ZFS, or libreadline,
That is the problem, it entirely depends on how you use the GPL code and there is no definite legal precedence.
If you use GPL code as part of your executable, the whole code used for building this executable falls under GPL. See for example the question, whether the non-GPL ZFS code can be linked against the GPL Linux kernel and the result distributed. See also all the GPL-only symbols the kernel exports.
Another example is libreadline, which is put under GPL to force all applications using it to be licensed under GPL too.
So there are clearly cases where using GPL code in your product can require the whole product be distributed under GPL. Of course, there are also cases, where this can be avoided. If I ship a product and I also ship emacs along with it, that doesn't influence my product. But if the product executable itself is derived from the emacs sources, it would.
> Citation please. I don't think this is accurate, and is another common misunderstanding of the gpl license family.
I believe you, but I also think (as stated in another comment) that if this is the case the GPL doesn't do a very good job of explaining itself. At the very least this creates friction when considering its adoption.
> the GPL doesn't do a very good job of explaining itself
The copious amount of side-notes [1][2][3] is likely to clarify most doubts, if one is willing to go through it. Obviously "contract law applied to software" is not a fun read though.
I think there is some truth there, but I think a lot more of the FUD on the copyleft licenses originates not from unclear licenses, but from a network effect where so many people repeat falsehoods, and to be honest, I wouldn't be surprised if some entities actively encouraged them.
> but to any code in a product built containing GPL code.
No, to any code that is a part of a derivative work of GPL code; a product may often be an aggregate of code that is not a derivative work of GPL code and derivative-of-GPL code.
What is legally a derivative work, OTOH, is not always simple and straightforward to determine, so to avoid conflict one might go the whole way out to the product boundary.
With "containing" I didn't mean just delivered together as in shipping emacs together with your product, but making the GPL code part of it, especially linking with GPL code or even compiling together with the GPL code.
Linking is an interesting case, because side notes from the FSF indicate that they think linking makes things a derivative works, but its far less clear if that is true under the law, especially for dynamic linking (API copyrightability, which is currently before the court, might have a lot to say about this).
> The reality is that in 99.99999% of the cases, nobody will ever come after you for trying to do the right thing. If you engage the GPL community in good faith, things will work out fine with minimum fuss.
> So no, we don’t need another license, we just need people willing to do the right thing.
What I'd actually like is for the license to be clear enough in its intent that I don't need to engage anyone in a consultation with either a lawyer or the community to figure out whether I can use a project or not.
> If you engage the GPL community in good faith, things will work out fine with minimum fuss.
Who is the "GPL community"?
Stallman and FSF/GNU/SFLC? Linus Torvalds? A non-profit foundation like Apache/Mozilla/GNOME? A community of enthusiasts with a web forum and a GitHub org? A random solo author library of a random JS package on GitHub? Google? Microsoft? Oracle?
Because the sort of intuitive risk feelings I'd have for each differ quite considerably.
First port of call should be authors, since they are the copyright holders and can clarify intent beyond the letter of the licence. Failing that, you can ask FSF/GNU.
(Not sure why you'd bring Apache or Mozilla into this, considering they went to the trouble of writing their own licenses rather than using the GPL...)
The intent needs to be clear in the licence text itself. In a dispute, courts will look to intent somewhat, but generally the law assumes that when parties to a contract or licence or deed state their intentions in the form of written text, that text will be primary in understanding the content of the agreement that was made.
The authors of legal texts don't have magic powers. Let's say you buy a product from a company, C. They wrote a contract which you both agreed to. They are a big company, and you are just an individual person, so your bargaining power is pretty minimal compared to them, and basically amounts to "take it or leave it". So you buy a thing on their terms. Some term of the contract later turns out to be unclear, so you ask them to clarify it. Is the clarification they provide going to be beneficial to their interests or yours? Theirs, obviously.
Stallman's interpretation of the GPL in the case of uncertainty or lack of clarity is going to be to read it in such a way as serves his goals: making sure there is more free software in the world, and protecting the Four Freedoms. A corporate lawyer working for Oracle is going to interpret unclear provisions in a perhaps rather more conservative way, especially if it financially benefits Oracle. The fact Stallman wrote the license doesn't give him any particular special hermeneutical status when working out how a court will interpret it.
"Hey, just trust us" isn't useful either, because there's a difference between being asked to trust randomhacker849 and being asked to trust a multinational megacorporation like Google or Oracle. While randomhacker849 may follow the broad spirit of any particular open source licence and expect licensees to follow the broad spirit too, I'm pretty sure Oracle are going to follow the exact letter if doing so is in their financial interest.
The whole point of legal instruments is the need for trust is reduced because you have rights and obligations that a court will enforce. And the whole reason we turn agreements into written legal texts is precisely because "hey, just trust us" doesn't scale—when millions or billions are on the line, you want those agreements formalised.
(I included Apache and Mozilla because they represent examples of open source non-profit foundations, not because they use the GPL, incidentally. Other than GNOME and FSF, most of the projects that have their own foundation—LibreOffice's Document Foundation, Perl, Python, Mozilla—have permissive licenses rather than copyleft. The point isn't about the wording of the text, but more the question of "if I were going to rely on a disputed bit of license text in my use of this software, what risk would I face of litigation?"... and that risk differs considerably between randomhacker849, a non-profit foundation, Stallman/FSF, and a huge scary litigious corporate beast like Oracle.)
During my consulting, every fork I've made that was integrated into a project, was upstreamed via a PR. Either that or just, you know, leave the fork available on a company Github account. And if an org requires sensitive, and proprietary modifications, maybe that org ought to be investing the time and resources to make it from scratch?
Sure. I can't talk about specifics but I've worked several places where GPL code was forbidden, particularly in products we built that were installed on premise, and LGPL regarded with suspicion.
(IANAL) LGPL isn't generally a problem (from my reading of it), but it gets grey the moment you include a library (even unmodified) that is released under GPL. And this is where everyone starts getting nervous, regardless of whether it's OK to do that without handing over your source code or not.
That confusion, if it is an invalid concern, suggests that at the very least the GPL does not do a good job of explaining itself.
The company could have chosen to open source their work, but they didn't. So I think you have the blame pointing the wrong way.
By the way, the reason that most people AGPL is not for credit (and you can see in the blog post, credit was not enough to satisfy the author) but because they think that users of software should be able to have access to its source.
The company was rude. My point is the author choose to expend effort dealing with them. He could have instead used that effort for something that made him happy. Open source can be a source of joy and sharing, if you want it to be.
AGPL sounds quite toothless regarding enforceability, and very unattractive from an open source user's perspective. If my changes aren't visible in the UI, I doubt I'd respect the terms, either. Author should choose a more explicit, enforceable licensing model (which would likely make their product expensive and even more unattractive).
I personally would have liked to see my code being used by someone else (even a company) instead of it being deleted.
Nonetheless, the blog author decided to use AGPL, i do respect that fully.
General speaking, i always try to contribute back but holy shit is that shitty. There are enough projects out there were people don't want to add features because they don't need it, they don't care or whatever. You hit so fast a point were it is much easier to fork it and keep the fork up to date than contributing back :|
One project did a great job, came up with the idea on how to make money from it (not successful) by removing the docker images and making the docker images private.
I get it but do you think he would be happy for a PR which adds proper documentation on how to build those docker images? Or a multi stage docker build which will take care of building it for you? -> no
Every person getting born has to learn the open source software mentality fresh. We have so many people and minds which have not yet learned this and there will always be a percentage of people of it.
The amount of piracy done by companies is pretty significant and there is sadly not many ways to prevent it.