Thursday, March 13, 2008
AGPL is OSI approved. Sweet victory.I just found out that the OSI (Open Source Initiative, the stewards of the Open Source Definition (OSD) and the community-recognized body for reviewing and approving licenses as OSD-conformant) has approved AGPL v3.
For those who don't follow this blog (hey, why are you reading it now, then? ;-) the fight against the ASP loophole in GPL has been one of my long-standing battles. In GPL v2, those who ran open source software in a Software-as-a-Service (SaaS) environment, and modified the open source code, were not required to return the changes back to the community (just because of a technicality, since the clause of copyleft applied to physical distribution of the software, not distribution of software as a service). For me, this has always been one of the worst risks for open source oblivion. If you can take and you do not give back, defeating the copyleft concept, you kill open source. The ASP loophole is the cancer of open source.
One company benefiting from it is Google, abusing open source software for their benefit (aren't you interested in seeing the modification to the Linux file system they did to run their gazillion of servers? I am ;-) In fact, they pushed for the ASP loophole to be ratified in GPL v3 and they submitted it to OSI for approval. They love the loophole. They made a business around it (and what a business!!). They got GPL v3 OSI approved...
Funambol submitted AGPL v3 to OSI. AGPL is the exact same as GPL v3, with a sentence that closes the ASP loophole. If you run AGPL code as a service, you need to return the changes to the community. Distribution of software as a service is distribution of software. Simple as that.
Google wasn't thrilled, obviously. Chris DiBona, the Open Source Programs Manager at Google recently wrote on the discussion list that AGPL needed improvements... Although I understand why he would say so ;-) I strongly disagree, so did the OSI and Eben Moglen with the FSF.
“AGPLv3 is a useful tool for developers of, for example, web applications who are seeking to ensure perpetual respect for end-users’ freedoms. SFLC believes there are many development projects that would benefit from considering the use of AGPLv3, and we welcome the OSI’s decision“Amen. AGPL v3 is here. It is OSI approved. The fight is over. Sweet victory. The loophole is closed forever. Let's open some Italian spumante.
Now we just need developers to understand that using GPL v3 instead of AGPL v3 is just dumb. Your software is going to be used as a service, if not today, in a few years. Yes, YOUR software. Everything is going to be used as a service, even word processors... They can take it and do not give any changes back to your community. Wavemaker is smart and they are now using AGPL. Many will follow.
Don't be dumb, give it an A.
Posted by Fabrizio at 16:07
Marco Barulli said...
Great! Thanks for the effort you put in to achieve this result.
In few days Clipperz will release a personal/community version of its online password manager and it will definitely come with a AGPLv3 license!
Now everybody can run a zero-knowledge web application on his/her own server and return changes and improvements back to the community.
Comment Posted at 01:59
The ASP loophole is more of a benefit than anything. I just spent time trying to convince a friend that he could use FOSS for development without fear of having to release all of his work unless he was distributing it. Now he will no doubt stray away from it. To stop someone from distributing a customized product is one thing. But to stop them from USING a customized product is ridiculous.
To me this is what made the GPL a good model. I don't want to see what Google does on the inside of their business by force. If they want to release it then fine. But I don't think any business should be forced to show their internal tweaks to the public as long as they intend to use it all in house. This defeats the beauty of the Linux platform and is flat out an invasion of privacy. I don't want somebody running up to me and saying "if you use linux in your system then you need to show me all the mods you made NOW".
There are other ways to give back to the community besides sharing every mod you make to some code.
Comment Posted at 11:24
Dan Kegel said...
"aren't you interested in seeing the modification to the Linux file system they did to run their gazillion of servers? I am ;-)"
I believe Google gives back everything
of interest of their linux kernel patches.
A good example is the containers work.
Another example is zumastor.
And then there are the bugs Google
finds and fixes, and pushes upstream.
is a bug that only hits when you are
using a sampling profiler and try to
use thousands of threads; Google has
an engineer trying to come up with a
Is there something specific you're
I think perhaps the real issue is simply
that you don't trust Google to give
back all their improvements, even if
they're doing it today. Fair enough;
it is indeed hard to predict the
behavior of large corporations.
My guess, though, Google is
likely to continue to contribute back
to the Linux kernel everything of
interest into the forseeable future.
(FWIW, I work for google.)
Comment Posted at 11:37
"To stop someone from distributing a customized product is one thing. But to stop them from USING a customized product is ridiculous."
That's not what closing the loophole does. You can modify and use the code for internal purposes as much as you want without having to share the modifications. However, if you distribute your version of the software, or if you use the software to provide a service to external customers, the license requires you to make the code available.
"I don't think any business should be forced to show their internal tweaks to the public as long as they intend to use it all in house."
Apparently SAAS is not considered an in-house use under the new license. This is good for the community, and bad for people who want to profit from others' work without contributing anything back to the community.
The simplest thing for companies and developers to do if they don't want to be subject to the terms of the new license is not to use software licensed under it. There is lots of open source software out there that is licensed differently. People who do not like a license's terms have alternatives.
I am continually surprised by people who don't understand that it is the legal right of a copyright owner to decide how the intellectual property can be used. Why is it such a bizarre concept for so many? If you want to use a program I wrote, I am the only person who can grant you the right to use it. If I put a restriction on your ability to redistribute my program, you are legally obligated to comply with the restriction. Such a restriction can range from forbidding you to distribute the program at all, to requiring you to license any derivative works using the same license I provided you. If I want, I can let you do anything you want to do with the program, including selling it, modifying it, etc., without restriction. The point is that it is my decision what happens to my intellectual property.
Comment Posted at 12:54
This is a step backward.
We want GPL'd software to take off, not limit it. Forcing it to be given back when distributed physically is the exact balance we (as developers) want. Once you include "service" the waters get murky.
For example, if I customize some GLP'd code so I can lookup specialized information and offer a help line for people to call in and ask questions that isn't part of your "software as a service" limitation. Why should it be different when I offer the same lookup directly as a web service? What if I look up the answer in my customized GPL code and then re-type the answer into my pure GPL'd web server? Does that change if I automate the entry from my customized GPL system to the pure one?
In other words, the result of software is always a service of some sort, what you are promoting is a license that splits hairs over how that service reaches its end user.
The GPL was insightful in that it focused on physical distribution, distribution as a service was not omitted as an oversight or mistake, it was simply the right thing to do.
Your Google example ignores one critical reality. Would you prefer to have your code enhanced by Google and not see 100% of their changes as they dominate their industry, or is it better you force them leave your code alone completely? Those are the real choices.
If we continue down the APGL's paranoid path we will soon find that we've protected ourselves into oblivion. Not really the future I'm looking for.
Comment Posted at 14:08
To understand the situation better, for every time you mention google and how good a OSS citizen they are, replace Google with Microsoft. They can (ab)use OSS without AGPL protection.
Comment Posted at 14:40
sorry I am falling behind with the comments. Thanks all for your feedback. Let me summarize my comments here.
@marco: Clipperz rules. Go for AGPL!
@philip: the AGPL does not change the modifying vs. changing paradigm of GPL. You do not have to return any changes if you do not distribute the code, either physically or as a service. Funambol Community Edition can be used in the Enterprise without returning any change (although I would recommend you do it ;-)
@dan: glad to see Google does much more than I thought. I still have a problem with the idea you can pick what to return and what not to ;-)
@marck: the argument of SaaS making the distinction of what trigger copyleft "murky" is a weak one. The concept is simple. People can go around it as much as they want. But it is simple. It is the same for GPL, you have ways to go around copyleft there (e.g. have your customer download the product directly, then modify it and not distribute it) but it does not change the priciple.
@jim: are you really defending Google saying that Microsoft is worst? Defending a new monopolist because an old monopolist is worst? Nah... I do not buy it :-)
Comment Posted at 21:15
How does it work? If, for example, Apache or PHP were licensed under AGPL, would everyone using these tools to set up a web site need to reveal the source code for their web site (HTML or PHP code)?
Comment Posted at 12:09
@mozz1e: I think publishing web pages is not required. If the program for running a web server is released with AGPL, you are required to distribute changes to that program, not the data (web pages in this case).
Comment Posted at 08:45
I guess the ASP loophole is exactly on the boundary between usage and distribution. So, having both AGPL and GPL one can license with slightly better precision than with only one of them.
However, AGPL is yet another OSS license. This adds even more complexity to where we already have too much of it.
On the positive side, if sombody erroneusely uses AGPL instead of GPL, or vice versa, the damage will be minimal.
Comment Posted at 14:59
Michael Bernstein said...
I don't see Eben's comment on the license-discuss list. Can you link to wherever he said that?
Comment Posted at 06:39
it is in our press release (e.g. he told us and gave us permission to write it).
Comment Posted at 09:56
Milking the GNU said...
A key and interesting question is: why is there no Affero LGPL?
Comment Posted at 10:10
Lars Rune Nøstdal said...
yes, ALGPL is needed
i want users to be able to make proprietary web applications using my library/framework
Comment Posted at 22:08
Do you want to buy a new phone? Do you want to know about roaming partners and network? Just go to http://www.gsmprofile.com and view, search and show your phone specification .If you loss your mobile manual you can get it from http://www.gsmprofile.com easily.
Sony Ericsson W380
W380 Sony Ericsson
Sony Ericsson W380