[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Berkeley DB 6.0 license change to AGPLv3

* Stefano Zacchiroli <zack@debian.org> [130710 13:07]:
> On Sat, Jul 06, 2013 at 05:41:16PM +0200, Bernhard R. Link wrote:
> > No, there is a really important difference. With GPL you only have to be
> > careful when you give binaries to anyone, that you also give the source.
> > This is a bit of a hassle, but worst case means that you cannot help
> > others with the software changes you have done (bad enough but worth the
> > hassle to have the source) if you miss some of the sources. But if the
> > sources may contain any passwords or other internal data you cannot/do
> > not want to share, so will likely the binary so that is no difference.
> On this level, the analogy GPL/AGPL still seems correct to me.

For me GPL is like police patroling in the streets and AGPL is like
policy getting the right to visit my bedroom at evening to look under
the bed for monsters at their discretion.

> A software distributed under AGPL will likely come with mechanisms
> already in place to point to its source code --- that might not be the
> case today yet, due to the scarce popularity of AGPL, but that's a
> separate matter.  That means that you can easily run unmodified version
> of an AGPL'd program, for any purpose, without particular restrictions.

I hope will all agree that the unmodified case does not matter at all.

> If you modify the software you might get in trouble but, according to my
> personal ethics, that's the trouble you should have.

I accept that I am not allowed to modify some software. But I refuse to
call such software free.

> However, please
> note that as long as you run the software only for yourself, you don't
> have any problem.

This is not the 1990ties anymore. Not allowing net access is quite an
big contraint. Some better definitions might reduce the problem here.

But given the way section is formulated I see nothing that would
make an exception for something only used by me and everyone else
interacting with it only by getting a loging prompt and a failure
message when they do not provide my username and password.

> You might encounter problems only in the case you've
> modified the software, you want *others* to use it over the net, and you
> don't provide the source code that include your modifications.

So if I patch a IRC client for my personal use to also show me some
other information (as I do not want too many open windows) and that
client contains AGPL code, does that fall under section 13 (assuming
it supports CTCP)? Have I lost the right to patch my programs locally
in a quick and dirty way embedding hostnames and passwords and logic
to access some private services in it without implementing a fake-irc
server for that information or some general message passing mechanism?

Even if defining the undefined "interacting" to need more interaction,
let's look at some website provided by some of the "all-in-one" thing.
Assume it has some content mangement part, partly showing public
information, partly only accessible by me (or if "I" in this example
was a company by my employees). And also a blog with comments (as
I think it will hard to define "interacting" so narrowly that it
will not contain that). Now if I want the private part to show me
some information from some other source, I am again forced to have
split things 'cleanly' on my systems with AGPL.

> That shift is coherent with the shift in the most common deployment
> [...]

Not every solution can be shifted. If some fly does not allow me
to sleep by its noise, I will either kill it or open an window and
throw it out. But if I had a cat and that would be too loud, neighter
would be a solution (perhaps the second if I lived at ground
floor). And if you have a baby, ...

There can be no freedom without restricting them to actually have them
in the one way or the other. But for such a restriction to be justified,
it needs both to be effective in protecting another freedom and not
cause greater harm than it brings.

In every way I see that you could make the definitions, AGPL will fail
at the one or the other:

Assume a AGPL program being modified or a program using AGPL libraries
to be interacting only via answering HTTP Requests and returning all
it's source code when "/source.tar.gz" is requested and giving proper
notice of this and the license and so on.

Either the AGPL permits such a program (or any AGPL program transformed
into such a program) to be run bound to a private IP or localhost
and all user interaction via a reverse proxy or loadbalancer that
returns 403 for "/source.tar.gz" or it forbids it.

In the first case the added restrictions are totally useless, especially
against the big "software as a service" players that it claims to
target, as those will likely have some loadbalancer doing some filtering

In the second case it the restrictions to my freedom are so severe, that
I cannot see how it can do more harm than good. What worth has the
source to all the software in the world and the right to modify it, if
I lose the right to run things on my systems in so elementary a way?

        Bernhard R. Link

Reply to: