Re: issues with the AGPL
Greg Harris <glharris@panix.com> wrote:
> MJ Ray <mjr@phonecoop.coop> wrote:
> > Greg Harris <glharris@panix.com> wrote: [...]
> > > - What exactly is it that someone wants to do that they are
> > > prevented from doing by the terms of the AGPL?
> >
> > Use it on their website without being liable for the cost of download
> > for code that they have not written or modified.
>
> "This site runs free-app plus X; here's where you can get it." If such
> a notice is believed not to satisfy some interpretation of specific
> language in the license, what needs to be changed in the license
> language to resolve that concern? (It ought to be remembered that
> contracts (including licenses) as a general rule are legally
> interpreted with an implied term of reasonableness unless specific
> language imposes a more rigorous obligation.)
I think the simplest thing is to explicitly permit some or all of the
Corresponding Source being made available from a publicly accessible
network server as part or full (respectively) satisfaction of the
requirement. This was the gist of comment 3501 in the AGPLv3 drafting
process and - like many submissions to that process <rant>by the
people who were running the right software to be allowed in</rant> -
appears to remain unresolved.
http://gplv3.fsf.org/comments/rt/readsay.html?filename=gplv3-draft-3&id=3501
If there is some justification for pointing to a publicly accessible
network server and not having to check its availability as being
allowed as a consequence of the general implied term of
reasonableness, then I'd welcome an explanation of why. IANAL.
This leaves one troublesome subcase, of private use on a public
network server, which might be fixed by narrowing which users have the
right to download the Corresponding Source.
[...]
> I was unintentionally obscure. I'm making an assumption that the AGPL
> is intended to address the following type of hypothetical situation.
> Developer A releases an interesting cloud application with future
> potential. Choose-your-random-malicious-corporate-bad-actor Z adds some
> nifty widgets to the free application and runs it on its servers for
> hefty subscription fees. Z withholds the source code for its
> modifications; A is not happy. Because A foresees this possible
> outcome, he or she wants to prevent it by appropriate licensing terms.
Here the scenario becomes impossible IMO - if Z is truly a bad actor,
Z will always either find a way to withhold their source code or
develop on an alternative A's application. AGPL may hinder Z, but
would not prevent it. I hesitate to highlight the loopholes, but I
think they've been posted here before.
I feel that the question is: how much is A willing to cost good users
in order to hinder bad actors like Z? How much should one limit
freedom in the name of freedom? Why should A be supported in trying
to do the impossible?
This is a problem I'd met in other contexts in the past.
http://mjr.towers.org.uk/writing/fightingshadows.html
is pretty much where I got with it.
[...]
> > > - Is this discussion really about nothing more than what
> > > "distribution" means in the context of a public-facing
> > > server-based application?
> >
> > Mostly but not exactly: I think it's also about who is a user in the
> > context of a private server-based application on a public-visible
> > server.
>
> As a working first approximation, it seemed to me that this is exactly
> where developer A's concerns get triggered: offering the
> derivative application to public users but withholding the source.
In the context I'm trying to highlight, the derivative application is
only visible to the public so that they can request access - it is not
doing any significant work for them beyond that. Does that clarify
this part of the discussion?
Hope that helps,
--
MJR/slef
My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct
Reply to: