Unless people want to change the mongodb code that they would be using, using the agpl software should be a non issue and there are not problems with it. People should start understanding the available licenses instead of spreading fear.
Very cool, thank you. It seems like the original AGPL license should have worked for companies like MongoDB. But, their company, they can do what they like and lose users.
MongoDB also makes their interpretation of the AGPL pretty well known - unfortunately it’s at odds with established interpretation of the normal GPL.
Requiring GPL/AGPL software as a dependency even if you don’t link to it, but instead talk to it over the network does not mean you haven’t developed a derivative work in terms of the letter and spirit of the license. This is in-part why I steer 100% clear of MongoDB, there’s nothing stopping them from changing their view on the license and deciding to pursue legal action against people who use it in non-AGPL compatible manners down the road.
I haven't worked for a company in four years that permits the installation of AGPL software because the ramifications are still unclear and largely untested. MongoDB asserts, for example, that just using MongoDB doesn't require you to do anything, even though the license text is in clear contradiction to the assertion. I do not think MongoDB understands its own license.
Chris DiBona has spoken in public about Google's reasons, but he was kind. I cannot discuss other experience I have publicly, so I'd simply suggest doing some research on the large unknowns in deployment of AGPL software underneath a proprietary Web service somewhere, and then think about all the integrations you'd wire up to something like a Slack derivative.
I am not a lawyer and would strongly suggest consulting one before using AGPL software anywhere in your infrastructure, at all.
Thanks. I had read that also a while back, so this sounds like the MongoDB developers offer a sort of waiver to the straight-up AGPL, effectively making it the GPL. In any case, kudos to the MongoDB developers; I have used it on almost every project I have done this year.
It's an interesting point, but I think you are looking at it from the wrong point of view. As far as I understand, the AGPL kicks in on "propagation" -- which in the important case means "making available to the public". The license is with the operator of the service, not with the end user of the software.
The consideration is the software itself. In exchange, you are granted a license. The license requires (in part) that you offer the source code to any user that uses the software. As the service provider, it is copyright infringement to make available the AGPL licensed software unless you agree to the license.
The problem with MongoDB is that they are using the AGPL in a way in which it wasn't intended to be used. This confuses the issue about what you are and are not allowed to do.
Some of those project (e.g. MongoDB) were under AGPL, and created new license that are not the same as AGPL, so on what basis do you claim that AGPL would do the job just fine?
I can't see it being an issue. As mentioned in the useful MongoDB link you shared, the licence will require sharing only when modifying the database code, but not require automatic sharing of the rest of the software stack.
Have there been any court cases involving AGPL violations? I wonder if some of Gil Yehuda's fears are partly out of lack of clarity on where the reach of the AGPL ends? For example claiming the MongoDB drivers 'violate the AGPL license', I´d prefer to see a response from GNU on this.
Doesn't it prove GP's point? If you use MongoDB in your commercial software it gets infected with AGPL, because people interact with it over the internet - just like linking does with GPL.
Yeah, AGPL seems to be one of those licenses that aren’t popular here. I’ve never understood it myself - especially for something like a db which folks are generally less likely to modify.
What would you say is the problem with AGPL? I was thinking of releasing a product under it myself.
I can only give you my opinion as I'm not involved with MongoDB, I'm not a lawyer and I'm not an expert on AGPL. However, I spend a fair bit of my spare time reading licenses and thinking about them.
There are really 2 issues you need to keep in mind: 1) there is a difference of opinion about whether linking to an unmodified, GPL or AGPL licensed library is considered to be a "modification" of that library; 2) GPL and AGPL are different in terms of software that is only accessed via a network (i.e., the user does not receive a copy of the executable code).
In the first point, the FSF (who maintains these licenses) believes that linking to a GPL or AGPL license creates a "combined work" that requires a license that is compatible with the GPL or AGPL. In other words, you can't "convey" (distribute) the combined program unless the overall license has compatible terms. Other people disagree. To my knowledge, this point has not been tested in court. While the GPL itself is well tested in court now, that is for applications that are clearly based on a GPL licensed piece of code. Whether or not a library that is providing a utility function has that same legal protection is still untested (as far as I know).
However, there are a couple of things that I think are important about this. First, the intent of the licenses is clear. It's a completely jerk move to use a GPL or AGPL licensed library without considering the intent of the authors that chose that license. You might get away with it legally, but why be a jerk just to save a few bucks? (Not that it stops people...) Secondly, the intent of the license is clear, if you want people to use the software in a different way, please pick a different license! There are many appropriate licenses (and probably the LGPL is what a project like MongoDB should be licensed as). I'll talk a bit about that at the end.
With the second point, it's important to understand the difference in use cases for the GPL and AGPL. The GPL is intended for applications that are meant to be "conveyed" (distributed) to the user. The user then runs the program themselves. With a GPL or similar license, they enjoy the 4 freedoms of being able to run the software for any purpose, inspect the source code, modify the source code, and to distribute their modifications if they wish (as long as they grant the 4 freedoms to their users).
The AGPL is designed to give similar freedoms to people who do not receive an executable -- their only interact with the software is through the network. The only reason for choosing the AGPL is to ensure that users can receive the source code to: run the code for any purpose (rather than just the purpose the service provider allows), inspect the source code, modify the source code, and distribute their changes.
I don't know the history of MongoDB, so I don't know why they chose the AGPL. It is frankly a bizarre choice, IMHO. My only guess is that they intended that users of an online service be given access to the MongoDB source code. Why they thought that was important, I really don't know. The MongoDB developers are pretty adamant that the license does not restrict people from building services that are not AGPL.
In practical terms, for the moment anyway, it's not a big deal. Even if the AGPL applies to the combined software (and FWIW, I believe that it does), the only people who have standing to sue are the copyright holders of MongoDB. They have clearly said that they are happy with people not offering the 4 freedoms when making services using MongoDB. In other words, you can be relatively sure they aren't going to sue you -- and nobody else has standing to do so.
On the other hand, it's still a legal liability. If MongoDB changes hands some day and the new copyright holder has a different opinion, will you end up getting sued? Although I think it is incredibly unlikely, it could definitely happen. Crazier things have happened.
To sum up, AGPL is not problematic at all, if you are using it as intended (as an aside, I actually don't like some of the wording, which I think is a bit hand-wavy at times, but it's the best license that I know of for the niche that it occupies). The only problem is that MongoDB developers are using it in a way that differs from its intended purpose and are thereby muddying the waters in terms of communicating what they want. I suspect they simply made a mistake originally and now it's just too difficult to make the license change.
I wonder to what extent the AGPL license actually facilitates the creation of a commercial business based on the software; large online service customers who would be willing to use even GPL software without paying anybody for it might be more likely to opt to negotiate a commercial license for AGPL code.
If that is the case, though, and their revenue model is based on providing non-AGPL access to MongoDB, doesn't that rather put MongoDB in the position of commercially exploiting the work of developers who contribute their code under the expectation that it will be freely shared under AGPL?
Just dual license your code with an AGPL and commercial license. Proprietary software companies hate AGPL, and won’t take the risk to use it, instead preferring to pay your commercial license. MongoDB does that very successfully!
I don't think even AGPL software is safe from the SaaS menace; the tooling around AGPL software can simply refrain from actually linking to it, ie, generate configs and manage the software service doesn't trigger the AGPL, so you never see the code.
I think MongoDB has had trouble with that despite AGPL license, which is why they did the entire SSPL thing.
If all that developers see happening to their free software project is that SaaS corps take it and squeeze it for money without giving back a single cent, people won't license as free software anymore.
Atleast with open source licenses the expectation of that abuse is always somewhat present but people will similarly stop using it if the abuse is too great.
Why not just use Affero GNU General Public License v3 for these? It seems like a lot of you guys are using ASL 2.0 (a permissive license) and getting upset when people fork and proprietarize the code for their services and solutions.
Aside from MongoDB, who seems to be changing the license simply to kill off MongoDB's vendor ecosystem to benefit itself, everyone else seems to be using ASL 2.0 and then regretting the natural consequences of doing so.
The usage of the AGPLv3 license seems to be enough to ward off large SaaS competitors (Amazon and Google stay away from areas that are heavily AGPLv3 or similar).
They of course have the legal right to do this and given that they require contributors to hand over copyright, they have no legal right to complain about this either. As the only copyright holder, Mongo gets to license their contributions anyway they want.
Of course the latter practice is very common with this style of licenses and doing a bait and switch like this on the license is always a bit controversial, no matter what the intentions. AGPL style licenses without copyright transfer agreements are very uncommon as re-licensing becomes near impossible without full agreement of all copyright holders. This means none of them are able to use the software they worked on other than under the strict terms of the license, which typically precludes many potentially interesting ways of using the software. AGPL as a license is only interesting if you can opt out from it. This is only possible if you own the copyright.
Ok. Actually I never (and don’t know who) call AGPL software a free software. Let’s just call it AGPL software! Problem solved.
Just curious, if AGPL is so evil, who made it for what kind of purpose from the beginning? You give me an impression that AGPL is totally wrong and shouldn’t be born.
I am not saying that AGPL is born to prevent people to use AGPL software. Instead, AGPL definitely encourages people to use for free under the license, or use it after purchase commercial license. Why you have impression that AGPL was born to let people not use the software?
Like MongoDB, it selected AGPL from the beginning, and many people were using it (so you can’t say AGPL stop people to use MongoDB), until some big commercial companies began to deploy it in cloud and violate AGPL (refuse to open source). This hurt the protocol and MongoDB, so MongoDB decided to change the license to a more explicit and strict license written by themselves to rule explicitly that if you deploy the MongoDB in cloud you should be open source. Otherwise you need to purchase a commercial license. From this point of view AGPL or the more strict MongoDB protocol find a good balance between open source and commercial usage. Please tell me if MongoDB uses more free software style license, like GPL, Apache, MIT, I guess many companies will use it in non open source style without violating the protocol, then how MongoDB can survive? If MongoDB can not live a good life, who will contribute to it, maintain it, help user continuously? MongoDB dies and the world gets nothing. Happy ending?
I am glad that google doesn’t like AGPL. To me this implies that the thing, that is not liked by big company, could be interesting. Google has become a gigantic monster. AGPL just prevents the big companies , like google, amazon, to use open source software for free.
MongoDB made an explicit exception to AGPL. Normally a driver wrapping an AGPL database would have to be AGPL too. In turn every app using the driver would be AGPL. But Mongo, as owners of the driver and DB, made an exception for users.
The only situation where AGPL wouldn't affect other components is where you're using industry wide standard APIs. E.g., I can use Firefox to connect to an AGPL website, but that doesn't make Firefox AGPL. This is what Stallman is getting at when he talks about intimacy of API communication. He points to a simple call to main as an example that's not intimate communication and thus has no licensing consequences.
Also you can't say "we license this as AGPL for non-commercial use". That violates the rights of the user to not have additional restrictions placed on the AGPL. And if you think through the practicalities of how that would work, it's not feasible anyhow.
Edit to add: AGPL does not prevent private modification of code. Your are required to license the code as AGPL and distribute the AGPL licensed project to users, but if the user is just you, there's no practical effect. However, once you start sharing it internally in a company, it's a giant grey area especially if you have contractors or any non-employee ever access your infrastructure. Employees might also be able to claim they are entitled to an AGPL copy of it. The only thing that's allowed internally is having someone "make modifications exclusively for you, or provide you with facilities for running those works", which would be effective for a trial or POC. Essentially you should either plan to abide by the AGPL or plan on buying the dual license at some point (the license allows violations to be fixed within 30 days).
(This post is for entertainment purposes. I am not a lawayer, and this is not advice.)
reply