[woofie11]

In that case, your post was a complete non sequitur. Drew is responding to this aggressive and misleading Google page:

https://opensource.google/docs/using/agpl-policy/

He is not responding to a random post from a Googler on HN, or to Google's internal policies or decision-making processes. Google has a bunch of scary-sounding public-facing FUD about the AGPL, containing a bunch of legal nonsense, which is scaring a lot of people. That's out-of-line with Google's former policy of not being evil. This whole discussion has that as the overarching context.

That a reasonable Googler posted a reasonable argument somewhere about why Google made the internal decision has no connection to this discussion. If Daniel's rationale is why Google made the decision, Google should by all means post it on the page above.

As a footnote, most companies I know which use AGPL code keep a clean bright line between AGPL and non-AGPL. That's a pretty sensible policy. AGPL is mostly used for things like stand-alone apps, which don't link to anything, rather than for things like libraries which link to internal systems. People contribute code to AGPL projects without hesitation if there's a bug.

[joshuamorton]

Can you explain what about Daniel's explanation is incompatible with what's at your link? I don't see how they disagree.

> AGPL is mostly used for things like stand-alone apps, which don't link to anything, rather than for things like libraries which link to internal systems.

Right, except for when they don't, which is just as (if not more) important from a legal perspective.

[woofie11]

Google's page has toxic and false anti-AGPL FUD like this:

"This viral effect requires that the complete corresponding source code of the product or service be released to the world under the AGPL license. This is triggered if the product or service can be accessed over a remote network interface, so it does not even require that the product or service is actually distributed. Because Google’s core products are services that users interact with over a remote network interface (Search, Gmail, Maps, YouTube), the consequences of an engineer accidentally depending on AGPL for one of these services are so great that we maintain an aggressively-broad ban on all AGPL software to doubly-ensure that AGPL could never be incorporated in these services in any manner."

Daniel's explanation doesn't have false FUD like this. It has reasonable legal analysis of the effect of AGPL when you have a large labor pool, which is in-line with everything else Eben, I (not-a-lawyer), or any sane lawyer would say. It's a simple distinction.

Google lies that if you so much as touch the AGPL, you risk your business imploding and the end of Google products like Maps, GMail, etc. which suddenly become open source! That's really scary! That's a lie that scares a lot of people.

There is no "viral effect" -- that's smear language designed to scare people about having a commons -- there's a share-alike. And that implosion cannot happen -- it's simply not the result of a copyright violation. It doesn't take Eben or Daniel to tell you that. If you make an accident, the worst-case outcome is you pay damages. Damages aren't a trillion dollar punitive thing -- they're designed to set things right. You pay either:

* Statutory damages (peanuts for Google)

* Profits (how much you would have made if you hadn't used the AGPL code but e.g. licensed the code otherwise)

* Damages (how much the other party lost due to your use; typically zero)

And a little bit of engineering work to remove the AGPL stuff so the violation does not continue. Then you move on.

AGPL provides no dangers beyond those of normal, licensed commercial code. If I pay for five licenses and accidentally install ten, or similar, the exact same thing happens. The AGPL is careful NOT to explode as Google describes, exactly for this reason. It's a simple rights grant. If you do X you can do Y. If you don't, that doesn't mean I can suddenly force you to do X; it reverts to traditional copyright.

There are decades of GPL enforcement actions out there, so the no precedent stuff is nonsense too; you don't need to go to a Supreme Court to understand how these things behave in the real world. It hasn't gone to a court of appeals precisely because it doesn't need to. There is little unsettled law here.

There is a little bit of ambiguity about where the line for 'derivative work' sits, but it's also not the sort of scary thing Google makes it out to be. There is some case law around this as well, just not around the AGPL. It's not rocket science to translate.

Google is trying to kill an open ecosystem, adopting exact tactics from Microsoft's nineties-era anti-Linux playbook, right down to adopting the exact same mean, dirty language to scare people. That's a nasty, dirty thing to do.

(and in the meantime, Microsoft became, by some metrics, the world's largest open source contributor; how times change!)

[joshuamorton]

> Google lies that if you so much as touch the AGPL, you risk your business imploding and the end of Google products like Maps, GMail, etc. which suddenly become open source! That's really scary!

I mean, this isn't a lie though. Statically linking AGPL software, even by accident, does put all of Google's services at risk. It's not a certainty that they'd need lose, but you're denying that it's a risk. That's false.

Consider the values: We link AGPL software and there's an x% chance we have to spend 10 billion dollars in litigation, engineering effort, and fines to keep our stuff closed source. At what value of X do you make this rule?

> Damages aren't a trillion dollar punitive thing -- they're designed to set things right. You pay either

Punitive damages exist. They're a thing. Why are you pretending that they aren't?

> Google is trying to kill an open ecosystem, adopting exact tactics from Microsoft's nineties-era anti-Linux playbook, right down to adopting the exact same mean, dirty language to scare people. That's a nasty, dirty thing to do.

I don't follow this argument at all. What ecosystem is Google trying to kill? The AGPL "ecosystem", which is what exactly? You yourself keep insisting that AGPL only really makes sense for products, not libraries, so in what sense is there an ecosystem to kill? A random collection of products isn't an ecosystem.

[woofie11]

> Consider the values: We link AGPL software and there's an x% chance we have to spend 10 billion dollars in litigation, engineering effort, and fines to keep our stuff closed source. At what value of X do you make this rule?

That X% is at most the same for using proprietary software. AGPL does NOTHING beyond an ADDITIONAL license grant beyond that. You can pretend AGPL code was Copyright (c) All Rights Reserved. Google ought to ban all software not written in-house under that argument.

In practice, since you've set the bar at $10 billion, that X% is 0%. There is no AGPL software in existence where damages would go over a few million dollars. If you're gonna swing around paranoid conspiracy theories with 10 billion dollar numbers, as you seem prone to, you should build all your data centers underground in case aliens form Mars attack. At what X% does that stop making sense? You're risking a TRILLION dollar business.

> Punitive damages exist. They're a thing. Why are you pretending that they aren't?

You're clearly not a lawyer here. You're confusing copyright law, normal business law, and tort law. Can you please name a realistic scenario where Google might be at risk for punitive damages under the AGPL?

https://www.leagle.com/decision/1983925714f2d2111873

In a worst-case, if the copyright violation is intentional, which is astronomically unlikely, you'd be looking at treble damages. Which goes from peanuts to 3x peanuts.

re: last comment. I apologize I accused Google about lying. Never confuse malice for stupidity. It's very possible Google is just being grossly idiotic. I still have vague memories of the old Google which used to hire smart people, so perhaps I just overestimated the company.....

[joshuamorton]

> That X% is at most the same for using proprietary software. AGPL does NOTHING beyond an ADDITIONAL license grant beyond that.

Can you explain to me how I'd import proprietary software into google's source code repository? The concern is about source code under the AGPL. Google treats AGPL source the same way as proprietary source: you don't stick them into the source repository unless you have access under a dual (or in the case of proprietary, single) license.

> There is no AGPL software in existence where damages would go over a few million dollars.

While I was incorrect about punitive damages, you're also incorrect about "profit" as damages, it's not the lost profit of the infringed, but the illegitimate profit of the infringer. So the potential loss isn't the cost of a negotiated license, but the total profit of Gmail or Youtube or Ads or all three over the infringing period. Yes, that's potentially billions in copyright claims.

See for example the Oracle v. Google case, where the copyright claim is for $8.8 billion in damages. So we have prior art for a ridiculous sounding copyright case with ~10Bn in damages that's currently awaiting a supreme court ruling. So X is clearly >0.

[woofie11]

> Can you explain to me how I'd import proprietary software into google's source code repository?

You grab a .dll file with a library you like, or a .so, and you commit it into git. Voila! This happens all the time.

> The concern is about source code under the AGPL.

No, the concern is about AGPL programs in general touching anything Googly. Google has batshit crazy text like this: "Do not install AGPL-licensed programs on your workstation, Google-issued laptop, or Google-issued phone without explicit authorization from the Open Source Programs Office." If you run an AGPL drawing program, you've broken Google policy.

> While I was incorrect about punitive damages, you're also incorrect about "profit" as damages, it's not the lost profit of the infringed, but the illegitimate profit of the infringer. So the potential loss isn't the cost of a negotiated license, but the total profit of Gmail or Youtube or Ads or all three over the infringing period. Yes, that's potentially billions in copyright claims.

No, you're incorrect about everything so far. I gave a correct explanation of how damages are calculated in this thread:

"1) How much did Google profit from the code? 2) How much did the other party lose?3) Are statutory damages greater? Pick the highest of the three. If it's intentional -- and in this case it isn't -- you triple it. You might toss in legal fees."

Profit isn't "total profit of Gmail or Youtube or Ads or all three over the infringing period." That'd be fuckadumb. Profit is the DIFFERENCE in how much Google made with the AGPL code compared to if didn't have that code (so loss in profit from a bit less functionality in Gmail/Youtube/Ads, cost of licensing the functionality elsewhere, or cost of developing similar functionality).

Java is core to Android. Ergo, potential damages were high. If Google decided to replace gmail with an AGPL email client, than you're correct. Perhaps if everyone at Google is as dumb as this conversation suggests, you're right, that might happen without a policy like this. In that case, X>0, and this policy makes perfect sense. If your employees can't tie their shoelaces, you need draconian policies to prevent really dumb things from happening. I was assuming a slip-up where a little bit of AGPL code slipped in, though. Not something like that.

The alleged logic behind it doesn't make sense, but I can see why Google wouldn't post "Our employees are idiots, so we won't allow the AGPL. We might shoot ourselves in the face with it if we did. We're installing padded walls too, because our hiring didn't work out, and we don't want the liability if someone runs into the wall repeatedly." Perhaps Google is saving face here.

[dragonwriter]

> That X% is at most the same for using proprietary software

In general (leaving out the specific $10 billion threshold, which I would agree is silly but detracts from the valid point being made), no, it's not, because AGPL software is far more likely to have lots of copyright holders who haven't transferred copyright, each of whom could sue Google, widening the litigation risk, and those copyright holders are more likely to be ideologically rather than financially motivated, which means they are more likely to pursue a case when the cost of litigation is disproportionate to the potential returns.

[woofie11]

Years of GPL enforcement don't show this to be the case.

In either case, the outcome is damages. If I've contributed 5 lines of code to an AGPL program, damages to me are peanuts. If Google makes a reasonable settlement offer, and I decline, I'm likely on the hook for Google's legal fees.