Hyland Connect

rdanner · ‎03-16-2008

I am curious what people think of the GNU AFFERO GPL http://www.opensource.org/licenses/agpl-v3.html
The OSI recently approved this license and it attempts to close the ASP loop-hole. GPL is a viral license, that means if you include GPL code in your application and you distribute it, it is forced to be licensed under the GPL. SAAS providers have been able to skirt the GPL viral clauses because the don't technically distribute their software.

From Frabrizio's blog: http://www.funambol.com/blog/capo/2008/03/agpl-is-osi-approved-sweet-victory.html

Funambol submitted AGPL v3 to OSI. AGPL is the exact same as GPL v3, with a sentence that closes the ASP loophole. If you run AGPL code as a service, you need to return the changes to the community. Distribution of software as a service is distribution of software. Simple as that.

What do you think?

loftux · ‎03-16-2008

My first reaction is that iof course SaaS providers should be forced to contribute back, so the AGPL looks good for that. But then lets say that Adobe would not have chosen Alfresco for its Share application (https://share.adobe.com/) if it was AGPL, we would not get anything back. That of course assumes that they will contribute something, just not the complete solution. And we do expect that :wink:
So maybe just a small contribution is better than none.
I can see another situation that the AGPL would be hindering a small startup to use an AGPL licensed Alfresco. This startup has a very clever idea of a service solutions they want to provide, do some coding for this, and with very limited funding start providing their solution. Then comes along big bucks company and just takes their solution (ie 'very clever idea') because they can. Maybe 'solutions' is protected by other means, someone else maybe can fill in here.

I'm not saying AGPL is wrong, just starting to think of pros and cons.

/Peter LÃ¶fgren

pmonks · ‎03-16-2008

Keep in mind that Alfresco is dual-licensed - only the community version is GPL; the enterprise edition is provided under a commercial software license. http://www.alfresco.com/legal/licensing/ has all the details, but basically this is the same model that other open source vendors (including MySQL and RedHat) use. The upshot is that if the GPL is a serious obstacle for a company that's using Alfresco, they have the option to subscribe to the enterprise edition and bypass the GPL entirely.

As to my personal opinion on the AGPL in general, I do wonder a bit how practical it'll be, given the difficulties in policing violations by ASPs / SaaS providers. Unlike desktop software where the binaries are readily available (providing an avenue for investigation if there's suspicion that an open source package is being used in violation of its license), hosted software is far less accessible making it much harder to detect (let alone prove!) violations. I guess it boils down to whether you believe that the existence of the clause alone is sufficient to encourage contribution and discourage abuse, or whether ASPs / SaaS providers would simply flout the license because they know it can't really be enforced.

Cheers,
Peter

rdanner · ‎03-21-2008

Dual License is a really important feature - Cash or Code baby – nobody eats for free. I see this as absolutely fair.

I suppose the fact that it is difficult to police SaaS vendors might be a significant hurdle. I would like to assume that organizations are honest but that's not the way it works.

I think that legal causes, in many ways are sufficient. A company can be certainly be dishonest (and often are), and with the source code they can disable any mechanism for calling home etc – but dishonesty comes at a high price IMO. It's too easy for information to leak out of an organization – why take dumb risks?

One question I have about AGPL is how it becomes viral. It is kind of unreasonable to think that if Mysql were AGPL that every system that touched that database and that was distributed as a service would be required to adopt the AGPL and distribute its source code.

What about services that leverage services that leverage AGPL?
I'm not trying to be difficult – I agree with the concept that SaaS providers should not be able to get around the distribution clause; but I'm not sure it's possible to change one to three lines in the GPL and sew this issue up. To completely close the loophole requires a very viral policy — which of course goes too far practically speaking.

rivetlogic · ‎04-13-2008

One question I have about AGPL is how it becomes viral. It is kind of unreasonable to think that if Mysql were AGPL that every system that touched that database and that was distributed as a service would be required to adopt the AGPL and distribute its source code.

What about services that leverage services that leverage AGPL?
I'm not trying to be difficult – I agree with the concept that SaaS providers should not be able to get around the distribution clause; but I'm not sure it's possible to change one to three lines in the GPL and sew this issue up. To completely close the loophole requires a very viral policy — which of course goes too far practically speaking.

Russ,

Like the GPL, AGPL is viral in the sense that any changes to "The Program" must be released under the same license. However, the GPL/AGPL do not require programs that link to an "Interface" or "System Library" to be licensed as such. In other words, AGPL does not virally infect other programs by merely touching it.

So to answer your question about MySQL assuming it had been licensed under AGPL: If Google or any other SaaS provider merely uses MySQL as a database server, the provider would not have to release their entire code base under AGPL. On the other hand, if they have made modifications to MySQL itself as part of their production service, then they would have to release (only) their changes to the MySQL source code.

As an aside, I think AGPL is good for open source and great for the software industry. At Rivet, we plan to release any and all of our contributions that could be hosted as a service under AGPL v3.

–Mike