[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GR proposal: the AGPL does not meet the DFSG (take 2)

On Wed, Nov 11, 2009 at 11:11:40PM +0100, Wouter Verhelst wrote:
> On Wed, Nov 11, 2009 at 08:52:23PM +0100, Bill Allombert wrote:
> > 2.1 This clause restricts how you can modify the software.  
> >     Doing a simple modification to a AGPL-covered software might require you to
> >     write a substantial amount of extra code to comply with this clause.
> How is this any different from the requirement in the regular GPL to
> provide source at no cost? Often this is done through website, too.

If I use a server licensed under the GPL with manual modifications, but
do not further distribute that server, I am not obligated to release the
source.  With the AGPL, I am required to do exactly that.

> This clause applies to service providers who provide a service based
> upon a slightly modified piece of AGPL software. The requirement to
> distribute the modifications only applies to your service:
> "if you modify the program, your modified version must [...] offer [...]
> an opportunity to receive the Corresponding Source of your version"

This obligation does affect the DD who modified the software, but not
Debian users, assuming they do not modify the source.  Honestly, I'm not
sure if it's a good idea to put additional workload on DDs.  Also, this
applies to any Debian user that submits a patch.  I don't know about
other Debian users, but I certainly am not going to submit a patch for
software that is AGPL'd, because it creates a lot of hassle that I just
don't want.  It creates a lot of potential issues for someone who just
wants to do some QA work.

Also, there's the meaning of "you".  Is this "you" the DD?  The
ftpmasters?  Debian?  SPI?

> >    -- The code is modified to interact with the user using a network protocol
> >       that does not allow to display a prominent offer.
> This is actually your best argument so far, but I don't think it's
> completely true either.
> First, network protocols that "do not allow to display" anything are
> abundant, since no network protocol "displays" anything -- clients that
> use the protocol do. This is true for HTTP, FTP, SMTP, and whatnot.

This is not the language used by the AGPL.  Network protocols for which
there would be substantial difficulty in complying with this license
requirement include DICT, POP, IMAP, WHOIS, DNS, and myriad others.

For example, while IMAP could theoretically use ALERT notifications for
this purpose[0], POP has no such mechanism.  The protocol has no support
for displaying anything to the user whatsoever.  DNS is also designed to
be transparent to the user.

> If the software uses some other protocol that doesn't allow you to do
> some lay-out like HTTP does, then you simply need to make sure that
> people using your software are informed out-of-band. For instance, if
> the service you provide requires a username and password, then the
> registration email could provide the required information.

Again, this is not the language that the AGPL uses.  It requires that
"your modified version must prominently offer all users interacting with
it remotely through a computer network" the source.  Notice the text
"your modified version".  It's not acceptable to offer it out-of-band.
Also, it says "all users".  That means anyone who calls connect(2),
whether they can authenticate or not.  POP can't do that.  Neither can
DNS.  Those protocols almost never have any indication to the user that
they are working.  Most users don't even know that they're there.

This doesn't even mention the situation for HTTP, where it could be
interpreted to mean that every response requires a modification of the
data in some way so that the user can be offered the source, since the
header is not displayed to the user, let alone "prominently".

> The clause says 
> "your modified version must prominently offer all users interacting with
> it [...]"
> I don't think that must necessarily be interpreted into saying that it
> must be done by the software itself, rather than by anything that would
> be used in cooperation with the network server.

I don't agree.  If it said "you" and not "your modified version", then I
would agree with you, but that's not what it says.

Honestly, I don't have a strong opinion on whether this should be
considered DFSG-free or not, but I do think that it can create a lot of
practical problems that may make it infeasible to support in the
archive.  It may also deter users from sending patches to fix bugs or
add new features.

[0] Any person trying to send IMAP ALERTs to achieve compliance with the
AGPL should be shot.  Repeatedly.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: