[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: AGPLv3 Compliance and Debian Users

Excerpts from Richard Fontana's message of 2013-07-11 10:45:00 -0700:
> On Thu, Jul 11, 2013 at 08:27:31AM -0700, Clint Byrum wrote:
> > Excerpts from Richard Fontana's message of 2013-07-11 06:55:12 -0700:
> > > On Thu, Jul 11, 2013 at 03:12:39PM +0200, Ansgar Burchardt wrote:
> > > > > I'm no expert but that would be my interpretation. Also when I asked
> > > > > about the basis of the network part of the AGPL during the GPLv3 talk
> > > > > at DebConf10 in NYC, Bradley said the AGPL was specifically based on
> > > > > modification, _not_ on public performance or other use.
> > > > 
> > > > You have to make the source available in this case. Otherwise it would
> > > > be a trivial way around the AGPL (just have a third party modify the
> > > > program and give it to you).
> > > 
> > > Co-author of AGPLv3 here, including the section at issue. You do not
> > > have to make the source available in this case, in general. In unusual
> > > cases of circumvention, like what I believe you are suggesting, the
> > > answer might arguably be different, but in the context of ordinary
> > > Linux distributions, when a user gets AGPLv3-licensed software that
> > > the *distro* has modified, that software is *unmodified* from the
> > > standpoint of that user downstream from the distro and therefore the
> > > user needs to do something to trigger the section 13 requirement.
> > > 
> > > Otherwise you have to explain why modification was made to be the
> > > trigger. If the modified/unmodified distinction was meant to be
> > > meaningless, section 13 would have been drafted not to make any
> > > reference to modification. Indeed, other Affero-like licenses
> > > typically are broader than AGPLv3 in the sense that they work by
> > > redefinition of 'distribution' and thus are not limited to cases where
> > > the user has modified the software. This approach was specifically
> > > rejected when AGPLv3 was being drafted. 
> > > 
> > 
> > So are you suggesting that the AGPL's protections against commercial
> > takeover are basically moot? 
> No. The main problem I have been seeing is in the opposite direction:
> overbroad interpretations of AGPLv3, one of the reasons I am chiming
> in here. It is the tendency to overbreadth that is tragic.
> > How would the AGPL be applied in this
> > scenario:
> > 
> > Company A starts a business based on unmodified MediaGoblin. They hire
> > a firm, Consultants-R-Us, to manage their MediaGoblin code base and
> > develop a new new video encoder.
> > 
> > Their contract with Consultants-R-Us keeps ownership of all code in
> > Consultants-R-Us name, and C-R-U simply gives a tarball to Company A
> > which they then use to serve users.
> > 
> > Can we honestly say that Company A modified the software? 
> Possibly, in that case -- but that's entirely different from the
> distro packaging scenario.

Right, I want to understand AGPL's motivations is all.

> > If not, then
> > what is the point of the AGPL? To protect C-R-U?
> > 
> > I am not suggesting that this is absolutely not modification by Company A.
> > However, to a non-lawyer like me, it sure _looks_ like a big hole.
> Just a general comment which I think is important to say: The GPL/AGPL
> licenses were not designed to be guaranteed to eliminate all possible
> creative loopholes. They *can't*.
> I don't recall anyone raising your hypothetical during the (relatively
> quiet) drafting of AGPLv3 but for GPLv3, although the specifics elude
> me at the moment, I recall many people, usually developers or
> technical users, having raised parade-of-horribles hypotheticals that
> belonged to this general category (essentially, a kind of conspiracy
> in a licensing chain to evade the requirements of the license, often
> by splitting 'you' into more than one licensee). The FSF's view was
> essentially that reasonable legal systems would likely treat such
> things as copyright infringement, without the license text having to
> spell it out. I think this was consistent with some of what the FSF
> had said in the past regarding interpretation of GPLv2.

I don't think this is all that horrible. The sustainable model that the
GPL supports is exactly this. Instead of bilking people for license fees
you charge for your time in customizing, and provide them with a license
that gives them and you total freedom with the code going forward.

I think it is a likely reality that a company or individual will build
a business on customizing AGPL code that nobody, including that code's
users, will ever know about or see. It would not, in my mind, be copyright
infringement as they'd be complying fully with the license terms.

So my point isn't "oh look the whole thing is invalid". My point is that
this loophole seems rather large.

Reply to: