For use by businesses, the AGPL is a nightmare from my perspective. What does it actually require on behalf of a company using AGPL components? If I write my own library and link statically I need to release that? What about if I link it dynamically? What if the library is running on a separate machine and is separated by the network?
I'm sure there will be people commenting in this thread that they understand exactly what the AGPL requires, and it's not that bad, but their opinion matters much less than the opinion of lawyers.
I've never been able to get lawyers in a business setting comfortable with us using AGPL components, for fear that it will be interpreted at some point to require us to release our application source code.
As a result, we've never been able to use anything licensed AGPL in a corporate setting.
> if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version
> To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work.
Calling over the network is definitely not "adapting (...) in a fashion requiring copyright permission". While the AGPL might not be very much tried in court, copyright is.
Maybe the license is pretty clear, but interpretations differ. E.g. Minio provides a very aggressive interpretation of AGPL, equating to "if you use it in closed-source commercial product, it's a violation of AGPL": [0], [1], [2]. For me the whole problem with AGPL is that it's so subjective.
It’s not the network call, it’s what you do with it.
Let’s take redis, pretending it’s AGPL.
Adding a new command to the source code: definitely a modification.
Adding a new feature to the redis client: also a modification.
Creating a class (RedisPlusClient) that inherits from its client and adds a feature: Maybe a modification? Feels modification-adjacent.
Building a microservice that uses the redis client and exposes the exact Redis API? I don’t know! Maybe? Feels like a technicality that it is “using a network call” so it doesn’t count.
The thing is, I don’t want to think about any of this. I want to build things. We have seen overwhelming evidence that for-profit companies give back to open source, both through contributions and open sourcing their own code.
Are these licenses limiting the actual impact of the projects in exchange for ideological purity? There is consistent feedback from engineers that this is the case.
I think it's worth considering that stuff like Elastic and Grafana tooling at most places is just internal ops & analytics.
Elastic yes moreso can be used for user-facing search, but in general the point of these ops technologies is plug it in and let your employees use it.
If you wanna modify and have SSO and re-sell it sure yeah you should expect you're gonna need the enterprise license unless you're gonna host a purely vanilla version and layer your own auth over it, which is also possible.
I didn’t mean to. I very much don’t know what would or wouldn’t be considered a violation. I think there’s a not-insane-or-bad-faith argument that each of these violate what AGPL is trying to do: force modifications to software into the public domain.
To the people who do love copyleft, I could imagine them not agreeing with a network being a clear line of modification, especially with how common distributed systems are.
For me and how I read it, I agree with you that it’s not. I also understand lawyers who don’t want to be the test case.
Those are the same reasons for why I avoid AGPL (and GPL frankly, because I dont want to make my frontend code fully open source either). I always thought that when a project is AGPL then I might as well consider it off limits for myself because if any of my code is touching it and then that code indirectly eventually reaches users via the network then wouldn't that also mean that I have to open source everything? I mean otherwise you could just put any AGPL software behind a proxy and you'd be instantly fine which I don't think that's how it works. In an ideal world we would have a license where you're required to open source only the changes you make to the 3rd party code, not everything that surrounds it and without restrictions on linking or network. But I guess that is too hard to enforce.
> In an ideal world we would have a license where you're required to open source only the changes you make to the 3rd party code, not everything that surrounds it
Good news! That license mostly exists: it’s called AGPL.
The one where you have to open source “everything” (not really everything, but close to it) is SSPL [1], but that requirement only applies in certain circumstances.
I'm sure there will be people commenting in this thread that they understand exactly what the AGPL requires, and it's not that bad, but their opinion matters much less than the opinion of lawyers.
I've never been able to get lawyers in a business setting comfortable with us using AGPL components, for fear that it will be interpreted at some point to require us to release our application source code.
As a result, we've never been able to use anything licensed AGPL in a corporate setting.