Any thoughts on the AGPL free software license?
Got minimum one case of a company taking open source code and selling it as a direct, closed-source competitor. Seems fair to prevent that kind of behaviour.
@markosaric AGPL is great! Long live the AGPL!
(You'll probably want somebody critical of it to reply.)
@wizzwizz4 nice! i've done some reading this weekend and it seems like the best "don't be evil" license that exists at this stage...
@markosaric Douglas Crockford had a bit of an issue with a “don't be evil” license: https://wonko.com/post/jsmin-isnt-welcome-on-google-code
@wizzwizz4 interesting. i also like that google has an issue with AGPL so that's just another plus :)
@markosaric The AGPL explicitly prohibits this from what I understand in section 5c) of the license
@markosaric And section 6 decrees that source must be provided when conveying the source in object code form
@brandon yeah that's how i understand it. it seems like the licence made for cloud projects and one that can prevent corporations from exploiting open source projects
@markosaric That's exactly why you should use AGPL.
@freakazoid makes sense. first time involved in an open source project. who would have thought larger companies would want to directly compete with us by pretty much selling our own software!
For anything that's client-side, I would recommend sticking with the GPLv3+ (or GPLv2+) to maximize license compatibility with other codebases.
@markosaric Woah, Plausible's MIT licensed‽ Generous, but you should probably change that before your next commit.
@wizzwizz4 yeah, we were naive thinking there would be no corporations who would do this kind of exploitation...
that's what we plan to do but was just looking for what's the best option is and AGPL seems like it so wanted to ask Mastodon first...
@markosaric Of course, AGPL won't stop other companies from cloning your *whole* business model (but potentially in a more tracky way); it'll only stop them hiding the source of their forks.
Though a fork can still be made from any MIT-licensed version; you can't revoke that. (You *can* rewrite your repo's history so you're no longer distributing MIT-licensed versions, but that's probably not useful considering it's already out there, and has downsides for existing contributors.)
@wizzwizz4 i wish there were a license that goes even further in restricting what corporations could do to use your own software to compete directly against you but AGPL will do 😀
i see. i assume they'll be too lazy to use our "old" versions as it's too much work for them to get it up to where we will be in the future. if we were to rewrite the repo history, what would be the downsides for existing contributors?
> i wish there were a license that goes even further in restricting what corporations could do to use your own software to compete directly against you but AGPL will do
There is. There are plenty. They're all non-free: freedom 0. (I assume that matters to you.)
@wizzwizz4 yeah of course. we don't want to go proprietary. that's the first priority :)
worrying about how corporations could take advantage of our work is a distant second
@markosaric You *could* make your GitHub release a feature or two behind your hosted version, and only provide the *source* of the hosted version (without the .git folder); this would allow people to self-host exactly the version you've got online, but make upgrades and forks a pain for them.
I'd avoid doing this unless it's necessary to differentiate yourself from a large, active company that's encroaching on your domain.
@wizzwizz4 we don't want to make it inconvenient for people who want to self-host Plausible.
not worried about the company who already released something as i don't see them getting much traction. the main reason is to try and prevent similar behaviour from larger companies who have shown interest (they have more resources, big budgets and tens of thousands of existing customers). AGPL can at least level the playing field a bit and make it more fair so we can compete better
@wizzwizz4 ok. we don't want to make it inconvenient for people who want to self-host Plausible.
not too worried about the company who already released something as i don't see them getting much traction. the main reason is to try and prevent similar behaviour from larger companies who have shown interest (they have more resources, big budgets and tens of thousands of existing customers). AGPL can at least level the playing field a bit and make it more fair so we can compete with them
@markosaric Rewriting the history would break all their forks, and mean they had to rebase. Not everyone knows how to do that; I'd have to look it up, and crack out the command-line since Git GUI doesn't support rebase-due-to-rewritten-history (iirc).
And somebody could still just use the Wayback Machine to get the commit hash, then type that into GitHub because GitHub doesn't really garbage-collect when history's rewritten in large projects.
@wizzwizz4 ok makes sense. we don't want to cause a mess.
we'll just change the license in the next few days (want to do it latest before the next big release)
@markosaric Make sure to *rebase* any unpublished commits you've worked on locally; otherwise, somebody could grab an MIT'd version before the license-change merge.
You won't have released such a thing, but it'll appear as an artefact of the Git history and I don't know how well that would stand up in court.
i just read briefly about the mongodb case yesterday and it seemed like they had valid reasons to try and figure out a different licence.
all the current licences were written too long time ago so they're not considering cloud and software as a service as much as they should with it being the main way to distribute software these days
Agreed, GPL is more for desktop software, as it was designed decades ago.
Affero (AGPL) was the stop-gap measure, but its also strange since the licences first depend on copyright laws, and those laws only impact copy (doh!) and not use itself.
It's a really complicated matter. Add to that the fact that licenses are there to lower friction.
Nobody remembers FSF was funded by Stallman _selling_ emacs on tape :-)
@markosaric The problem with GPL-style licences is that infringers assume the author won't take them to court due to the costs involved.
If you are the author (and I'm taking it that someone has lifted Plausible) then you might have to act like you will play hard-ball.
To get them worried you could say that if you don't get a positive response from them, you'll go after their customers.
I've seen that tactic used to good effect to pull a company into line.
@neildarlow ok thanks, makes sense!
@markosaric I should add that a company in your position has a problem with licensing.
A license can protect your rights to the code (and the rights of others that use it) but the license might not extend to the effect of the software.
If the software's effect is to provide a service and you've GPL'd the software there's a point that it's legal for a user to sell the service the software provides.
You could provide additional closed-source benefits to your - 1/2
@neildarlow ok, we'll have to think of something if even the AGPL doesn't prevent these issues
@markosaric You could gain the advantage in your marketing.
Make much of being the creators of Plausible and offer a "Privacy Pledge".
Emphasise that you offer top-tier support for Plausible that your imitators can't.
You'll have to win this battle through information. Getting your website at the top of "privacy-respecting web analytics" searches will help too. You're in the best position to achieve that.
In short, play the marketplace.
@neildarlow for sure!
@markosaric Personally I tend to favor (A)GPL, it lines up nicely with I where I draw my lines.
But I don't think I can add anything beyond the other replies.
@markosaric I believe the AGPL is the best open source license currently available.
I intend to use it for all software I produce. I believe it is best to use the AGPL even for client-side software, because you never know when someone might find a way to serve up your software without users downloading copies. Imagine Google Stadia + Chromebooks, and people going back to thin clients due to some future technological developments.
@skyfaller makes sense, thanks for sharing!
@markosaric AGPL confuses me. I can approximately understand GPL2/3, but AGPL, how far does the virality go? Which ones of the backends and frontends need to be opened when only one of the components in the stack if AGPL (but the rest is making network calls to it)?
I’ve better things to spend my time on than to worry about it, but it does concern me enough that I minimize my use of AGPL’d software. And I don’t integrate it into stuff I build. And I don’t think I would use it in a business, if I’d start one.
Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.
Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License.
A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation’s users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.
If the user accesses a frontend, and the frontend accesses a key-value store, does the user interact with the key-value store? And are the frontend + key-value store actually a single ‘combined work’? A single, as it says, “larger program”?
What if you put them into a single Docker image?
I am not sufficiently a lawyer to figure that out.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.