Re: AGPLv3 Compliance and Debian Users
On Thu, Jul 11, 2013 at 08:27:31AM -0700, Clint Byrum wrote:
> Excerpts from Richard Fontana's message of 2013-07-11 06:55:12 -0700:
> > On Thu, Jul 11, 2013 at 03:12:39PM +0200, Ansgar Burchardt wrote:
> > > > I'm no expert but that would be my interpretation. Also when I asked
> > > > about the basis of the network part of the AGPL during the GPLv3 talk
> > > > at DebConf10 in NYC, Bradley said the AGPL was specifically based on
> > > > modification, _not_ on public performance or other use.
> > >
> > > You have to make the source available in this case. Otherwise it would
> > > be a trivial way around the AGPL (just have a third party modify the
> > > program and give it to you).
> > Co-author of AGPLv3 here, including the section at issue. You do not
> > have to make the source available in this case, in general. In unusual
> > cases of circumvention, like what I believe you are suggesting, the
> > answer might arguably be different, but in the context of ordinary
> > Linux distributions, when a user gets AGPLv3-licensed software that
> > the *distro* has modified, that software is *unmodified* from the
> > standpoint of that user downstream from the distro and therefore the
> > user needs to do something to trigger the section 13 requirement.
> > Otherwise you have to explain why modification was made to be the
> > trigger. If the modified/unmodified distinction was meant to be
> > meaningless, section 13 would have been drafted not to make any
> > reference to modification. Indeed, other Affero-like licenses
> > typically are broader than AGPLv3 in the sense that they work by
> > redefinition of 'distribution' and thus are not limited to cases where
> > the user has modified the software. This approach was specifically
> > rejected when AGPLv3 was being drafted.
> So are you suggesting that the AGPL's protections against commercial
> takeover are basically moot?
No. The main problem I have been seeing is in the opposite direction:
overbroad interpretations of AGPLv3, one of the reasons I am chiming
in here. It is the tendency to overbreadth that is tragic.
> How would the AGPL be applied in this
> Company A starts a business based on unmodified MediaGoblin. They hire
> a firm, Consultants-R-Us, to manage their MediaGoblin code base and
> develop a new new video encoder.
> Their contract with Consultants-R-Us keeps ownership of all code in
> Consultants-R-Us name, and C-R-U simply gives a tarball to Company A
> which they then use to serve users.
> Can we honestly say that Company A modified the software?
Possibly, in that case -- but that's entirely different from the
distro packaging scenario.
> If not, then
> what is the point of the AGPL? To protect C-R-U?
> I am not suggesting that this is absolutely not modification by Company A.
> However, to a non-lawyer like me, it sure _looks_ like a big hole.
Just a general comment which I think is important to say: The GPL/AGPL
licenses were not designed to be guaranteed to eliminate all possible
creative loopholes. They *can't*.
I don't recall anyone raising your hypothetical during the (relatively
quiet) drafting of AGPLv3 but for GPLv3, although the specifics elude
me at the moment, I recall many people, usually developers or
technical users, having raised parade-of-horribles hypotheticals that
belonged to this general category (essentially, a kind of conspiracy
in a licensing chain to evade the requirements of the license, often
by splitting 'you' into more than one licensee). The FSF's view was
essentially that reasonable legal systems would likely treat such
things as copyright infringement, without the license text having to
spell it out. I think this was consistent with some of what the FSF
had said in the past regarding interpretation of GPLv2.