Thursday, May 31, 2007
Don't be dumb, give it an A (GPL)
Today the FSF has introduced the latest draft of GPL v3 and, at the same time, of AGPL v3. I am not going to comment on the changes of the GPL v3 (although the compatibility with Apache licenses is a great step forward), but I would focus on the AGPL v3 (a.k.a. GNU Affero GPL).In a nutshell, AGPL v3 is the same exact document of GPL v3, with an additional paragraph on Section 13, which says:
Notwithstanding any other provision of this License, if you modify the Program, your modified version must give all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to copy the Corresponding Source from a network server at no charge.What this means is: if you run this software as a service (SaaS), everything else here applies. You must give back the source code. It closes the in(famous) ASP loophole.
Now, my suggestions on the last draft were:
- Do not make the provision as in the current Affero license, that forces the ASP to offer a service to download the source code while you are using the program (insane, think how you could apply this to mobile phones)
- Do not let Affero Inc. own the license but make sure it is managed by the FSF
- Make it OSI approved
- The provision stated above is just perfect. You have to give the users an opportunity to receive the source code. CVS will do it.
- They changed the name of the license, adding GNU at the beginning. It is pretty clear who owns it now ;-)
- It is exactly as GPL v3 and I bet it will be OSI approved the day after it is final
Bottom line: if GPL v3 and AGPL v3 are exactly the same document and are 100% compatible, why would an open source developer choose to allow people to run its software as a service without returning the code to its community? It does not make any sense... Zero, nada... Every single developer that will have to choose between GPL and AGPL will go for AGPL. I guarantee it.
The only risk is ignorance. Therefore, the next fight is making sure that the entire open source community knows about AGPL. Let me start here.
Do not use GPL. Don't be dumb, give it an A. That's AGPL (and yes, I might have a t-shirt for OSCON ;-)
Posted by Fabrizio at 14:14
11 Comments:
Doesn't even AGPLv3 still leave the possibility of using one's program/code/library via API so that one does not have to publish one's source code?
I'm thinking of an inhouse application using AGPLv3 stuff as part of the solution.
Comment Posted at 04:13
Andrew said...
Doesn't this potentially do more harm than good? As a site owner, this potentially strips my "freedom" to express myself uniquely. If I use AGPL software, and hack it slightly for my purposes on my site, you are legally entitled to pester me for my changes, whether I want to share them or not. Imagine Joomla! or Drupal went AGPL - 3 million sites in the world suddenly become fair game for the so-called leaches to demand the sources for the subtle changes, not for the good of the community, but purely for self-interest (or am I reading this completely wrong). If that is indeed true, then the problem you generate is far worse than the problem you are trying to fix.
While I respect some of what the AGPL clause is trying to do, I also feel that it's mutating the spirit of Free [as in freedom] Open Source to "freedom on my terms and I want any changes you make thankyou very much".
Comment Posted at 16:00
Fabrizio said...
Hi Andrew,
sorry, I totally disagree with you :-))
Sharing your changes with others is the basis of open source and copyleft.
It is exactly as today with GPL when distributing software.
Is anybody "pestering" Red Hat today when they make changes to Linux? They just provide the source code of their software, that's it. They HAVE to.
Should Red Hat decide what is a "subtle change" or not, providing source code only for not-so-subtle changes? No. They have to provide everything. Let the people decide what is important or not.
My point is: distributing open source software as a service is not different from distributing it in a floppy.
Open source is not free as in beer. You have to return your changes to the community.
If you feel that returning your changes to the community strips some of your freedom, then you should not use open source software. Buy a license from someone and they won't ask for your changes.
Cheers,
fabrizio
Comment Posted at 09:51
Andrew said...
> You have to return your changes
> to the community.
I disagree totally with the notion that Open Source is about "giving away but you must give back". For me, using an Open Source model is about ensuring that my code that I give to the community (maybe hundreds of thousands lines of codes over more than a half-dozen projects now) always remains free [as in freedom]. I don't care what people do with it, how much money they make, whatever. I've let it go, I know it will always remain free to use ... I'm happy.
The "community" has a right of usage but I'm very concerned by a growing attitude that the community has some assumed rights over the way other people use distributed code. That infringes my liberties of individual expression.
Just because nobody has gone after Red Hat is immaterial. Bottom line is under the AGPL I could ask any AGPL site owner for their changes to the site and they have to give it to me. The big guys (which I'm assuming is the target of the AGPL) are not going to be affected. They have the budget to fight things and they aren't going to go AGPL anyway. The little guy is the one who is going to be affected and potentially preyed upon.
All I'm saying is that this license model has the potential to shift the problem onto otherwise innocent site owners who have made a couple hacks.
And in my view, the greater community has no right over the way people use source code given away for free. If some people give back to a project great (I actually find the problem is there is too much help offered). If some people don't, or give back in non-source ways (which to me is far, far better) then that's fine too.
Comment Posted at 14:26
Fabrizio said...
Hi Andrew,
I believe we disagree on the importance of copyleft in open source. In my opinion, it is what made open source what it is TODAY.
And, yep, it forces you to return the code. Even if you are an innocent small developer... It affects everybody.
BTW, I really do not see an issue with providing the source code of what you changed in an OSS project. You just put it on your web site, not really an hassle.
Bottom line: I feel we agree to disagree :-)
Cheers.
fabrizio
Comment Posted at 09:23
Andrew said...
You miss my point. The problem I see is that you are introducing an un-freedom that legislates forced distribution.
Imagine a small break-even business that takes an AGPL CMS and does something simple but really cool with it. The right channel is for them to be free to inject the change back through the project. However, under the AGPL you take out the project as the middle-man and expose the implementor directly.
Imagine the feature is slash-dotted. The site owner directly gets unmaintainable requests directly for the source code - and *must* comply whether or not he/she has the resources.
It's also absurd to think that people won't expect some level of support. No, of course they shouldn't but they will and this could further swamp the innocent site owner with genuine and stupid mail. And when the masses find a security flaw in the hack, well, you know who they are going to point the finger at (a clue, not the dummy that downloaded it because they had the right to).
To me this breaks a golden rule of good software development. Don't distribute if you are not prepared to support it.
But I guess the failsafe is to put a price point on the forced distribution that keeps demand to a manageable level - and the FSF's own commentary doesn't mind how much that is (yet).
Comment Posted at 14:15
I am the author of a semi-popular PHP script. I would not like some big company to come in and offer a hosted version of my service without contributing their modifications back to the community.
However, many of my users make small modifications to the code. This license would make them have to provide a copy of that code, right? Seems like a big inconvenience to them.
And what about karim's question?
Comment Posted at 14:35
Fabrizio said...
> However, many of my users make small modifications to the code. This license would make them have to provide a copy of that code, right?
Right, but only if they offer the code as a service to the public. Not if they use it in house or for themselves.
Hey, where is the inconvenience? If they are offering a web service, they have a web site. What the license requires is that the code they changed is on the same web site for people to download. I honestly see the excuse of the "inconvenience" as a weak one. Put out the service on a web site, provide a link to download the source, that's it.
fabrizio
Comment Posted at 19:23
Because my original question did not get answered, I'll rephrase it a bit and make it more Funambol:
If I create a marvellous addition to Funambol DS Server, but only use it (Funambol code) via documented APIs, do I have to publish the source when Funambol is under AGPLv3? (I presume it is in the future.)
Even if running it SaaS or similar?
(Funambol DS Server is used as an example here.)
Comment Posted at 17:33
Fabrizio said...
Hi Karim,
sorry for not responding to your comment earlier. From my point of view, the answer is yes, you should publish your connector as AGPL (as today for HPL). However, I am not a lawyer and I have limited understanding on the details of AGLP v3 on this topic. I plan to study the issue more in the next weeks.
Cheers,
fabrizio
Comment Posted at 00:09
Chris Marino said...
Fabrizio, I completely disagree. The Affero license will keep the lawyers busy for years to come.
