[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Berkeley DB 6.0 license change to AGPLv3

On Wed, Jul 10, 2013 at 08:18:12AM -0400, Scott Kitterman wrote:
> Sorry, I can't quite let this pass.  I just went and looked at the AGPL v3 
> again and one implication of the license is that you can't locally fix a 
> security issue without immediate disclosure.  This doesn't fit my personal 
> ethics at all and at least IMO makes it pretty unsuitable as a license for any 
> network facing service.

You can!

There is just one caveat: you must make sure to never, ever, distribute that
piece of software, because once you do, you permanently lose your right to
use it without obnoxious and potentially crippling restrictions.

That's section 9 of AGPL v3.

So we have non-redistributable software in the main archive.  The
alternative you are allowed to ("accepting the license") can't be
considered free, as it outright violates FSF's freedom 0 (The freedom
to run the program, for any purpose) and DFSG 6 (No discrimination
against fields of endeavor).  AGPLed code can't be used for pretty
much anything that's neither a web service nor restricted solely to
a single computer.

As already mentioned in so many places, interesting banned uses include
reusing any part of the code in:
* a POP3/IMAP server
* an IRC bot that doesn't spam every user with legal messages
* a SMS/etc service
* a kiosk
* a wifi-connected lift control (don't laugh, I've seen one at Google)

Per section 13, any derived software that "supports remote interaction
through a computer network" must present a prominent offer to every user,
no matter if that's feasible or possible.  And this applies even if you
lift just several lines of code, even ancillary.  For example, two of my
personal projects include autoconfage that detects the way of spawning
ptys, copied from GNU screen, without using any part of screen proper.
Even such a minor code reuse is effectively banned by the AGPL -- both
of those projects include networking, and only one can reasonably present
an URL to its users.

The official FTPmaster response came in #495721, and it doesn't even
mention this issue, only three minor points (cost of running a webserver
with sources, private use, contaminating reverse dependencies).
Thus, could someone please explain, are there any arguments that
forbidding reuse with any protocols that don't support sending bulk
ancillary text would be free?  What I can see are debian-legal threads
considering AGPL to be non-free, and, in other places like the FTPmasters
response, avoiding this issue.

That it's uncomfortable doesn't make it any less valid.  The archive
carries a non-free section just for cases like this.


Reply to: