Follow

Any thoughts on the AGPL free software license?

Got minimum one case of a company taking open source code and selling it as a direct, closed-source competitor. Seems fair to prevent that kind of behaviour.

@markosaric AGPL is great! Long live the AGPL!

(You'll probably want somebody critical of it to reply.)

@wizzwizz4 nice! i've done some reading this weekend and it seems like the best "don't be evil" license that exists at this stage...

@wizzwizz4 interesting. i also like that google has an issue with AGPL so that's just another plus :)

@markosaric And section 6 decrees that source must be provided when conveying the source in object code form

@brandon yeah that's how i understand it. it seems like the licence made for cloud projects and one that can prevent corporations from exploiting open source projects

@freakazoid makes sense. first time involved in an open source project. who would have thought larger companies would want to directly compete with us by pretty much selling our own software!

@markosaric @freakazoid software-as-a-service such as GitLab requires the AGPL because the GPL would allow offering a competing service without sharing any changes.

For anything that's client-side, I would recommend sticking with the GPLv3+ (or GPLv2+) to maximize license compatibility with other codebases.

@markosaric @freakazoid Apple does not allow distributing GPL code on the iOS appstore, and also hates the GPLv3 to the point of not upgrading GNU tools present in macOS after they switched to the GPLv3.

Google is opposed to the AGPL:
opensource.google/docs/using/a

@codewiz @freakazoid the fact that google is opposed to the AGPL, makes it an even better sounding option for me 😀

@markosaric @codewiz Yeah one couldn't ask for a stronger endorsement of GPLv3 and AGPL.

@codewiz @freakazoid exactly! definitely makes sense for a software as a service like us

@markosaric Woah, Plausible's MIT licensed‽ Generous, but you should probably change that before your next commit.

@wizzwizz4 yeah, we were naive thinking there would be no corporations who would do this kind of exploitation...

that's what we plan to do but was just looking for what's the best option is and AGPL seems like it so wanted to ask Mastodon first...

@markosaric Of course, AGPL won't stop other companies from cloning your *whole* business model (but potentially in a more tracky way); it'll only stop them hiding the source of their forks.

Though a fork can still be made from any MIT-licensed version; you can't revoke that. (You *can* rewrite your repo's history so you're no longer distributing MIT-licensed versions, but that's probably not useful considering it's already out there, and has downsides for existing contributors.)

@wizzwizz4 i wish there were a license that goes even further in restricting what corporations could do to use your own software to compete directly against you but AGPL will do 😀

i see. i assume they'll be too lazy to use our "old" versions as it's too much work for them to get it up to where we will be in the future. if we were to rewrite the repo history, what would be the downsides for existing contributors?

@markosaric

> i wish there were a license that goes even further in restricting what corporations could do to use your own software to compete directly against you but AGPL will do

There is. There are plenty. They're all non-free: freedom 0. (I assume that matters to you.)

@wizzwizz4 yeah of course. we don't want to go proprietary. that's the first priority :)

worrying about how corporations could take advantage of our work is a distant second

@markosaric You *could* make your GitHub release a feature or two behind your hosted version, and only provide the *source* of the hosted version (without the .git folder); this would allow people to self-host exactly the version you've got online, but make upgrades and forks a pain for them.

I'd avoid doing this unless it's necessary to differentiate yourself from a large, active company that's encroaching on your domain.

@wizzwizz4 we don't want to make it inconvenient for people who want to self-host Plausible.

not worried about the company who already released something as i don't see them getting much traction. the main reason is to try and prevent similar behaviour from larger companies who have shown interest (they have more resources, big budgets and tens of thousands of existing customers). AGPL can at least level the playing field a bit and make it more fair so we can compete better

@wizzwizz4 ok. we don't want to make it inconvenient for people who want to self-host Plausible.

not too worried about the company who already released something as i don't see them getting much traction. the main reason is to try and prevent similar behaviour from larger companies who have shown interest (they have more resources, big budgets and tens of thousands of existing customers). AGPL can at least level the playing field a bit and make it more fair so we can compete with them

@markosaric Rewriting the history would break all their forks, and mean they had to rebase. Not everyone knows how to do that; I'd have to look it up, and crack out the command-line since Git GUI doesn't support rebase-due-to-rewritten-history (iirc).

And somebody could still just use the Wayback Machine to get the commit hash, then type that into GitHub because GitHub doesn't really garbage-collect when history's rewritten in large projects.

@wizzwizz4 ok makes sense. we don't want to cause a mess.

we'll just change the license in the next few days (want to do it latest before the next big release)

@markosaric Make sure to *rebase* any unpublished commits you've worked on locally; otherwise, somebody could grab an MIT'd version before the license-change merge.

You won't have released such a thing, but it'll appear as an artefact of the Git history and I don't know how well that would stand up in court.

@markosaric @wizzwizz4

Those that tried to go too far (vs corps) where generally pruned as being non-free (FSF) anymore and in most cases, non-open-source.

But then again Bruce Perens left OSI because it was accepting weirder licences. Everyone is against Amazon (mongodb, etc.)...

@waglo @markosaric That seems like a consequence of the Four Freedoms; Richard Stallman, of all people, is not going to make changes to his philosophy to protect corporations.

@wizzwizz4 @markosaric Although now I believe it's also out of Stallman's hands too...

@waglo @markosaric Well, kind of. He's stepped down as leader of the FSF, mostly because he's not good enough at acting to be a good-for-PR “face of an organisation” and people were exploiting that, but he's still chief GNUisance and will get in their way if they go far wrong.

@waglo @wizzwizz4 i wonder why that is so (i understand corporations are against it but it doesn't seem like they necessary have the best interest of foss).

i just read briefly about the mongodb case yesterday and it seemed like they had valid reasons to try and figure out a different licence.

all the current licences were written too long time ago so they're not considering cloud and software as a service as much as they should with it being the main way to distribute software these days

@wizzwizz4 @markosaric

I was working on the mastodon ancester, StatusNet, and that was AGPL 10-15 years ago:

github.com/zcopley/StatusNet

I like #AGPL :-)

@waglo @wizzwizz4 ok thanks for sharing! this thread was very useful to me. we'll go ahead with the change, i'll prepare a blog post for the announcement and then we'll keep an eye and share any learnings in the future

@wizzwizz4 @waglo yeah that's how we ended up focusing on AGPL as it's the only relevant option really

after we do make the change, i'll report back if we encounter any loopholes with it

@markosaric

One known loophole is that 3rd parties are required to publish changes - but they don't strictly have to upstream them...

@wizzwizz4

@waglo @markosaric But you're allowed to upstream them if they're published under the AGPL, so it's almost entirely fine.

@wizzwizz4

Just don't expect (amazon's) cooperation to merge their changes to your code...

@markosaric

@waglo @markosaric If they're happy to fork, that's on them. They shouldn't expect your co-operation merging your changes, and you don't need to go out of your way not to specifically do things in a way that break their patches.

@markosaric

Agreed, GPL is more for desktop software, as it was designed decades ago.

Affero (AGPL) was the stop-gap measure, but its also strange since the licences first depend on copyright laws, and those laws only impact copy (doh!) and not use itself.

It's a really complicated matter. Add to that the fact that licenses are there to lower friction.

Nobody remembers FSF was funded by Stallman _selling_ emacs on tape :-)

@wizzwizz4

@waglo @markosaric Technically, the GPL is combined copyright / EULA. (ish.) The Affero clause is the same *kind* of clause as the “share source if you shared binaries”.

@waglo @markosaric All free licenses are odd. They're a total abuse of copyright law.

@wizzwizz4

They might be odd, but they're what makes us even 🙂

@markosaric

@federico3 @wizzwizz4 thanks! anything specific i should know / watch? a lot of videos there and i'm about to start writing a post to announce this so cannot watch it all :)

@markosaric @wizzwizz4 Yeah I was a bit surprised seeing you went with MIT. AGPL is the right choice for anything that runs on a server.

@markosaric The problem with GPL-style licences is that infringers assume the author won't take them to court due to the costs involved.

If you are the author (and I'm taking it that someone has lifted Plausible) then you might have to act like you will play hard-ball.

To get them worried you could say that if you don't get a positive response from them, you'll go after their customers.

I've seen that tactic used to good effect to pull a company into line.

@markosaric I should add that a company in your position has a problem with licensing.

A license can protect your rights to the code (and the rights of others that use it) but the license might not extend to the effect of the software.

If the software's effect is to provide a service and you've GPL'd the software there's a point that it's legal for a user to sell the service the software provides.

You could provide additional closed-source benefits to your - 1/2

subscribers that others don't get.🤔 - 2/2

@neildarlow ok, we'll have to think of something if even the AGPL doesn't prevent these issues

@markosaric You could gain the advantage in your marketing.

Make much of being the creators of Plausible and offer a "Privacy Pledge".

Emphasise that you offer top-tier support for Plausible that your imitators can't.

You'll have to win this battle through information. Getting your website at the top of "privacy-respecting web analytics" searches will help too. You're in the best position to achieve that.

In short, play the marketplace.

@markosaric Personally I tend to favor (A)GPL, it lines up nicely with I where I draw my lines.

But I don't think I can add anything beyond the other replies.

@markosaric I believe the AGPL is the best open source license currently available.

I intend to use it for all software I produce. I believe it is best to use the AGPL even for client-side software, because you never know when someone might find a way to serve up your software without users downloading copies. Imagine Google Stadia + Chromebooks, and people going back to thin clients due to some future technological developments.

@markosaric AGPL confuses me. I can approximately understand GPL2/3, but AGPL, how far does the virality go? Which ones of the backends and frontends need to be opened when only one of the components in the stack if AGPL (but the rest is making network calls to it)?

I’ve better things to spend my time on than to worry about it, but it does concern me enough that I minimize my use of AGPL’d software. And I don’t integrate it into stuff I build. And I don’t think I would use it in a business, if I’d start one.

I mean:

Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.

Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU General Public License.

plus

A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation’s users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.

If the user accesses a frontend, and the frontend accesses a key-value store, does the user interact with the key-value store? And are the frontend + key-value store actually a single ‘combined work’? A single, as it says, “larger program”?

What if you put them into a single Docker image?

I am not sufficiently a lawyer to figure that out.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.