Genuine question, how does AGPL restrict use? From my reading of it, it is only ensuring that any modifications to the source code must be made available if you "distribute" the software, where distribution now includes hosting it as a service.
It seems more or less in the original spirit of GPLv2 but updated for a SaaS driven world. If you consider v3 restrictive then you must also consider v2 restrictive, just in a more narrow way.
Running a program, as a service or not, isn't redistribution. It is use.
The original spirit of the GPL is about identifying people doing bad things we don't like and trying to prevent them. All those bad things have to do with redistribution, not with using the program.
The AGPL is still about identifying people doing bad things we don't like, except now those people are just running the program.
This is no different from Adobe, Apple, Microsoft, ... identifying people using their software in ways they don't like, and crafting their EULA terms to turn those activities into a license violation.
A free software license simply cannot dictate uses, like where and how you run the program, and who can access it from where.
A free software license can only use copyright law, and only be concerned with copying.
EULAs go beyond coypright; they try to connect non-copying activities to copyright by the doctrine that if the user engages in the forbidden activities, their license is terminated (and thus it becomes copyright infringement for them to continue to have a now unlicensed copy of the software).
> The AGPL is still about identifying people doing bad things we don't like, except now those people are just running the program.
Its the same "bad thing" as distributing a modified binary without the source. Its a way of denying end users access to the source code.
You can do whatever you like with AGPL code, as long as you make the source available.
it is VERY different from saying "you cannot do this with your software". It is just changing the conditions under which make source available is required to keep up with how people use software has changed.
AGPL is nothing like a EULA. It is a license, not a contract. It is very similar to the GPL
The user of a program is the one who installs it somewhere and runs it.
Outside people interacting with the program are visitors. They don't have the source code because they don't have the program at all in any form. It has not been distributed to them.
The source code to the program doesn't even do them any good. They cannot use that to prevent harms perpetrated by the operators of that application.
A EULA needs to be a contract. THe AGPL is clearly not a contract nor does it meet the basic requirements for an enforceable contract in common law countries. Can you show me where I am wrong about this?
> The source code to the program doesn't even do them any good. They cannot use that to prevent harms perpetrated by the operators of that application.
It does. It means they can run their own instance instead of being permanently tied to the operator of the service. It means they can modify and run the software.
> They don't have the source code because they don't have to program at all in any form.
That is sophistry. For the type of software AGPL is designed for the functionality provided is the same as it would if they had their own install. It is called "software as a service" for a reason.
The reason the AGPL exists is because the rise of SAAS has made the distinction you are making meaningless.
> They don't have the source code because they don't have to program at all in any form.
Users of GPL software do not "have to program". The point is they can. The same is true with AGPL.
> A EULA needs to be a contract. THe AGPL is clearly not a contract nor does it meet the basic requirements for an enforceable contract in common law countries. Can you show me where I am wrong about this?
Sorry that was a typo we should have said "do not have the program" (corrected).
But no the same is not true of the user of the AGPL. The GPL user having the source code and being able to program or hire somebody is utterly meaningful. That user controls the installation of the program. They would like the program to do something differently, or not to do something unwanted. With the buildable source code they can achieve that.
The visitor to the AGPL application have access to the source code has no meaning at all. They don't have the administrative access to replace the implementation (and even if they did, that was just create conflict with the other ivisitors).
The ability to set up your own clone instance its completely meaningless. For example suppose that's some government service website is using AGPL software. What do you gain by downloading the software and running your own instance? That's not where your data is; you can't use that cloned instance to communicate with the service agency.
It is the AGPL that's using outdated concepts in a new context where they don't make sense. (Licensing helped us win the open source war in the 1990s and 2000s, so it'll work this time too right?)
You also may be thinking of the software of being something like a photo editor or word processing application that is hosted, but in which the visitor works with only their own files in isolation from other visitors, and from the site operators. I don't think that's the main target for the AGPL. That may be called "strawman AGPL". I tend to agree that the AGPL may be effective in this limited situation. But effective is not the same as free. A "free for personal use" software license is also effective at achieving the aims of its purveyor but isn't free.
It helps in strawman cases when users have the data, and the platform doesn't have social features. For instance, oh, an online photo editor used by the user in isolation, on either local files or easily downloadable files. User doesn't like that instance, so they find the AGPLed source code and run their own, bringing all their files.
(Why, in that situation, would the user be entitled to the custom modifications in that instance they are abandoning? If you don't like that instance for whatever reason, but like the features, tough luck. Code your own.)
Nope. It can just be a piece of text you agree with when opening a classic mass-marked app in a shrink-warpped box ("shrink-wrap EULA") or a dialog box with text where you have to click that by using the software, you agree with the licensing terms.
Exactly the same as when you deploy an AGPL program for visitors, you are agreeing to its EULA.
Regardless, it can't be the case that the GNU Affero GPL is not a contract, whereas some Microsoft EULA is, or vice versa. They are an instance of exactly the same category.
> The original spirit of the GPL is about identifying people doing bad things we don't like and trying to prevent them. All those bad things have to do with redistribution, not with using the program.
It's not. It's about making sure users can fix the bugs in the software they want or need to use, and share those fixes with others. Rules about redistribution are a means to that end.
The GPL was originally written in an era of mainframes and terminals, the idea of running a program via some intermediate system is not novel. But no-one in that era would have dared try to argue that a program hadn't been distributed to you because it was running on a machine in a different building rather than one under your desk.
> This is no different from Adobe, Apple, Microsoft, ... identifying people using their software in ways they don't like, and crafting their EULA terms to turn those activities into a license violation.
If you make your equivalences broad enough then anything is equivalent to anything else. "This license is written in text, making it no different from that license that is written in text".
> A free software license can only use copyright law, and only be concerned with copying.
You're confusing ends and means. The free software movement was actively opposed to copyright law and wanted software to be uncopyrightable. But that was no reason not to use a copyright license that served their goals.
The GPL is not simply about fixing bugs. It's about preventing the existence of versions of the program in which you cannot easily find or fix bugs, and the underlying ideology that they should be no such programs. And not only bugs but deliberate undesirable or malicious behavior. The problem with closed source proprietary software is that you don't know what's hiding in the binaries.
If software were uncopyrightable, they would still be binaries without source code, which you would have to reverse engineer to find out what harm they perpetrate actively or possibly through their security flaws.
Moreover, if you wrote a piece of free source code, anyone could do anything with it they wish, including removing your name, and not attributing you in any way in the documentation accompanying the compiled code.
Stallman was a control freak who insisted that people modifying his code give back the contributions to the project. In the world without copyrighted programs he would have had no leg to stand on, and he knew that. A world in which programs are not copyrighted would need laws which ban the distribution of binaries without buildable source code, and all the tools needed to build it and their source code.
A program is not distributed to you if someone else installed it on a machine you don't own and you're just borrowing that machine. It doesn't matter if you're physically at the console, we're at a remote dumb terminal or smart client. The program was distributed to your school, company or friend or whoever.
I don't think that even the people who drafted the AGPL believe the nonsense doctrine that the visitors to a server have been distributed the software. That's just something invented by the downstream AGPL apologists. (And of course vendors of proprietary software like the doctrine also. If you buy a program and let 10 people use it via remote access to your machine, they would like the legal system to believe that those people were distributed the program and that you should buy ten more licenses).
The doctrine is not required for the AGPL to work. The software distributed to the individual or organization installing it and running it for visitors. The license is concerned with the behavior of that individual or organization, and uses the power of copyright to make their permission to have a copy of the program conditional on their usage behavior. The visitors to the running application are not parties to the license.
The GNU AGPL contains these definitions:
> To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well.
> To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.
> If software were uncopyrightable, they would still be binaries without source code, which you would have to reverse engineer to find out what harm they perpetrate actively or possibly through their security flaws.
True. But reverse engineering could happen openly, and tooling for it would improve. The benefits would outweigh the costs.
> if you wrote a piece of free source code, anyone could do anything with it they wish, including removing your name, and not attributing you in any way in the documentation accompanying the compiled code.
Depends where you are. Many jurisdictions recognise attribution as a "moral right" separate from copyright.
> A program is not distributed to you if someone else installed it on a machine you don't own and you're just borrowing that machine. It doesn't matter if you're physically at the console, we're at a remote dumb terminal or smart client. The program was distributed to your school, company or friend or whoever.
Up to a point. If you pressed the "buy" button, paid the money, and are using it from your machine like a program, then it shouldn't matter where it's metaphysically located. Plenty of software will "phone home" to company servers or even falsely claim to be running computation on the company's machines (SimCity), but that doesn't mean the software hasn't been distributed to you. Just as the courts don't allow you to stream TV from an OTA capture card in a remote datacenter and consider that to be OTA viewing, having a program that you use from your local machine do some of its execution in some remote datacenter (whether through VNC-style remote access, a web UI, or something else) shouldn't make it any less your program that's been distributed to you and that you're using.
I'm still not following - you're talking about restrictions on use, but what restrictions on use does AGPL apply? What can I not do with AGPL software? What are the forbidden activities you reference?
The only caveat seems to be making the source code available to users of the software, which is also the case with GPLv2, just under narrower conditions.
I have no dog in this race, nor any particular attachment to any particular license, I'm just trying to better understand what these restrictions are that you're referencing.
No it isn't; under the GPLv2, the source code must be available to those to whom compiled code has been redistributed. Whether they are users doesn't matter.
The restrictions are that if you violate the license, your use of the program is infringing.
> What can I not do with AGPL software?
You cannot change it and run it yourself, without hosting the source code.
You cannot combine an AGPL program with proprietary code and operate it, because you cannot release the proprietary code.
Depending on the license of the proprietary software and who is creating the software derived from both of them, that derivative work could easily be in violation of both licenses. lol
> You cannot combine an AGPL program with proprietary code and operate it, because you cannot release the proprietary code.
Question (IANAL), but isn't it also the case that you can't combine AGPL code with GPLv2 code? Like maybe you write a patch that glues Minio's (AGPL) and Git's (GPLv2) source code (I just picked the two first projects that came up when searching for those licenses).
Maybe your glue patch can be dual-licensed and that specific patch wouldn't have any problems.
But since (1) both licenses are viral and require that everything touched by them is licensed under that exact license; and (2) you are unable to change either project's license; then it seems to me that you would be unable to release your patch since it wouldn't be considered independent.
Or if you can release your patch as a separate project somehow, I think you still wouldn't be able to host this modified version of Minio because you can't satisfy both licenses at the same time.
So, expanding on your message:
>> What can I not do with AGPL software?
> You cannot change it and run it yourself, without hosting the source code.
> You cannot combine an AGPL program with proprietary code and operate it, because you cannot release the proprietary code.
(My addition) "You cannot combine an AGPL program with other open source software, unless their license is compatible with AGPL (e.g. MPL 2.0 or GPLv3)."
My understanding might be wrong though, because IANAL and these licenses are unapproachable to a mere mortal like me, but I just wanted to point out that AGPL also prevents combining with other open source software even if their license is another GNU license.
> You cannot change it and run it yourself, without hosting the source code.
So your point is that people should be free to take whatever they want for free and dont't contribute back? I'm glad there is a license made to put a limit on people like you then
I've spent thousands of hours writing code which is under the BSD license. Nice try trying to make the argument about me.
(I've not put anything under even the dubious GPL license in over 15 years, and never will.)
Yes, a free software license must not require people to "contribute back", or anything of the sort.
For instance, a "free for non-commercial use" license is not free. Even the people who came up with the AGPL understand this, and go to great pains to explain it.
I understand the social problem that the AGPL is trying to combat, whereby visitors are held captive by saas applications over which they have no visibility or control.
The AGPL approach is to use the power of a non-free license against the problem which makes it a cure worse than disease, and repugnant to developers of truly free software.
It's almost certainly the case that the saas problem cannot be engaged via software licensing terms, if those terms are to amount to a free software license.
I don't have a better idea, either, but that doesn't change the fact that the AGPL is a non-free license which crosses over into governing use rather than just redistribution.
Also one issue is that the AGPL doesn't actually solve anything. Visitors having the source code to my evil saas platform doesn't solve the problem that they're locked to it. It doesn't solve the problem that I can change the code at any time and they cannot. Or that I can shut it down and wipe out their data, or share it with third parties. An AGPL conforming application also need not provide visitors with any way to export their data.
> Also one issue is that the AGPL doesn't actually solve anything. Visitors having the source code to my evil saas platform doesn't solve the problem that they're locked to it. It doesn't solve the problem that I can change the code at any time and they cannot. Or that I can shut it down and wipe out their data, or share it with third parties. An AGPL conforming application also need not provide visitors with any way to export their data.
Please enlight us about how the BSD license do it much better in this area. You first complain that AGPL is restrictive now complain that it should restrict even more? I agree with you, maybe it is time for another version of AGPL that includes data sovereignty. Let's make it more difficult for corporations to profit from FOSS free labor, not more easy.
> Running a program, as a service or not, isn't redistribution. It is use.
Hard disagree. You're redistributing the software in a manner for people to easily use it.
If you rip a movie you own, there's no distinction that I'm aware of in copyright law between hosting the .ISO on an FTP server and hosting the .MKV as a stream. They're both redistributing, it's just that one is designed for ephemeral consumption.
Well, yes. While perhaps some metadata is lost, the content that is worth fighting for is captured in both cases. Practically speaking, there is no difference between the original source, an ISO rip, and an MKV rip. At least to the untrained eye, they are in every way equivalent. They both are redistribution, indeed.
That is not the case for SaaS in question. What you download during use can in no way be reconstructed into its original form. You can't use the software for a while and then, from what you've collected, start running the software on your local machine. The artifacts of use are very different from the software itself. To stick with your analogy, watching a movie on Netflix does not give you a copy of their server software. Distribution has not occurred.
That's broadcasting. The recipient of a stream can capture the film to create their own .MKV they can further stream or pass on.
Equating the running of a program with broadcasting is the kind of sophistry we might expect from Apple or Adobe or Oracle or their ilk.
Certain portions of a service program may be broadcast, like for instance certain string literals carrying text that appears at the remote end point. The bulk of the software is not transmitted. It transmits and receives messages, which are mostly not that program. The remote end cannot recover a copy of the program from these messages. Some bits of literal data, but none of the code. (There are obvious exceptions, like programs transmitted to web browsers for local execution.)
That analogy does not work because in all the cases you describe a copy of the movie ends up with the viewer.
When you connect to a remote server over a computer and upload data and receive back results produced by the server software you do not receive a copy of the program. You receive a copy of the output that the program produced.
That is false; the license doesn't speak about any such right.
Rather, the copyright holder of the AGPLed work is exercising their right to dictate the following:
[Y]our modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.
Under the AGPL, the visitors to the program need not request the source; it must be prominently available for them to obtain in a self-serve manner. No mention is made that they have any kind of right. They are not parties to the license at all. A copyright license can only grant rights to licensees.
By the way, "all users interacting" could be interpreted to literally mean all users, including users who visit the login page, but do not have an account (and are not authorized to have one due to not belonging to the organization that runs the service).
> if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network [...] an opportunity to receive the Corresponding Source of your version [...]
From the Merriam-Webster dictionary:
> interact, verb: to act upon one another
When distributing a binary from a compiler to a user, the user does not act upon the compiler. So the user is not interacting with the compiler, so you don't need to distribute your modified compiler's code any more than you would with the GPL.
That's not what is in question. Of course if you someone has reason to comply with section 13 of the license, then users who download the code are having the code distributed to them.
The disputed claim is that users who interact with a remote program are, by that interaction, being distributed the program.
The GNU AGPL itself explicitly disagrees with this; check its definition of "propagate" and "convey".
Depending on the license of the compiler, yes, the binary is related to the compiler in some way. In practice it literally contains code from the compiler.
The AGPL does not restrict running the program. Only if you run modified versions, things get complicated.
That being said, I think the AGPL is only appropriate for programs that come with a built-in source redistribution mechanism that ensures that modified versions automatically comply with the source code redistribution requirement.
You realize that would create a problem for some organization whose idiot employee combined proprietary code with the AGPLed program and the thing automatically redistributed the whole infringing mess to the world.
Even if there were safeguards against such a situation, someone would blow past them.
It seems more or less in the original spirit of GPLv2 but updated for a SaaS driven world. If you consider v3 restrictive then you must also consider v2 restrictive, just in a more narrow way.