[knorker]

AGPL is very controversial. I'm clearly on the "won't touch it with a 10 meter pole" side.

There are people with other opinions, but even they agree that this is not tested in court, and it's more expensive to be sued, even if you win, than to just buy (or write from scratch) ANY alternative to the AGPL software in question.

AGPL is a legal landmine. You can't plug it into anything else, even for your own purposes.

Let's say you use these to create a guest wifi network. According to AGPL it looks like you must now opensource any and all scripts that you use to manage this environment.

In other words that one-off script you used to loop over all your access points during setup must be opensourced. Oh, it has details about your internal asset tracking system? Well, they now have to be public. Oh, it relies on your internal database? I guess that's opensource now too.

Did you even keep that one-off script? AGPL demands that others must be able to run what you run, essentially. It says that everything you do operationally to your service must now be documented and published.

You want to connect your internal SSO to the AP? Sorry, you better instead change it so that your internal SSO takes whatever protocol the AGPL software already takes. Oh, that's not feasible? Ok, give up then.

1 year later… oh shit oh shit oh shit, someone added internal SSO to the AGPL software! Now we have to opensource that, but we can't because it includes code we licensed from a third party only for nondistribution!

AGPL only makes sense for organizations that fundamentally ONLY will EVER run open source software (like FSF and that's it), and usually not even then.

Also ideologically it's a huge violation of freedom. What I do in my own home is absolutely none of your business. What executes on my hardware is my business.

For those who disagree about my examples: Yeah… I'm personally not a lawyer (but HAVE consulted with lawyers about this). You may be right. In the end a court will decide. But do you want to take this poison pill in order to find out in court if you die?

[jxj]

So GPL doesn’t have this character? Like the GPLv2 taken by Linux kernel. I have an impression that AGPL only add “A” to GPL to adapt itself to the cloud era. Because a cloud/service deployment is not treated as redistribution in GPL, considering there wasn’t cloud at the time GPL was made. So some big cloud company can deploy GPL software on cloud without open source action because they are not actually “distribute” software, instead only distribute a service. AGPL fix only this hole created by cloud.

[knorker]

Correct, GPL doesn't have this character.

You say it "fixes" GPL, but as I described it makes AGPL completely unusable for basically any purpose, and it creates a HUGE risk that's in my opinion completely unacceptable, as described.

The only way it seems to work is: 1) it's extremely unpopular by number of projects 2) most private citizens who use it violate the license 3) most potential corporate users have it vetoed by their legal department, which means they plain don't use it

That's not a great situation. It only seems to work (in the rare cases that it's used) because so few people accept it, and the ones that do violate it.

AGPL removes freedom zero, in my opinion.

> The freedom to run the program as you wish, for any purpose (freedom 0).

I think my examples illustrate this, but I'm sure I could elaborate more.

The way I read it you cannot write an automation script for managing the MongoDB databases for your Etsy store without opensourcing those scripts.

In fact I disagree that "cloud didn't exist when GPL was created". This also applies to services like banks, and banks certainly existed before GPL, and provided a service.

So that was never a "hole" in GPL.

AGPL is poison because every time you touch it, even operationally, your work belongs to someone else. To call that "Freedom" is Orwellian.

[jxj]

But in the MongoDB case (when it was still using AGPLv3), those companies who violated AGPLv3 did have a solution: pay a fee for a commercial license of MongoDB instead of AGPLv3 which is free. In this way, those companies don't need to open source their code built based on MongoDB. MongoDB get money to go further, because I guess MongoDB people need to raise their family.

[knorker]

Sure. But if anyone who seriously uses some software (even on a hobby project) is either violating the license or buying a commercial license, in what sense is it free/libre software or even open source?

That's saying that AGPL is only useful to the extent that it doesn't exist.

But it's not just software "based on" MongoDB. It's your backup scripts. It's your cluster scheduling config for the jobs. It's your provisioning script, etc…

And it implies it being non-free software. It's only one (small) step removed from a licenes that disallows "commercial use".

A license disallowing commercial use is fine. But it's absolutely not "free software". Freedom zero was so obviously a freedom that it was initially just implied, and only added later to be explicit.

[jxj]

If you are saying AGPL's virus like behavior is much more severe than the GPL's virus like behavior, I am not professional on this aspect. Not sure.

If I understand correctly, the open source action is only required when you "re-distribute" it. So, if you play it only by yourself and never give your modified software to anyone else, it is OK for you to keep all code close. If you work on it together with other people in your organization, it is fair enough that you open the source code to those people for them to work together easily. But all the code are still kept inside your organization.

Only in a step that you want to re-distribute the software (or the service) to people (like external user or other company) who you don't want to show source code, you are facing violating the AGPLv3. But generally speaking, in this step you already have a plan to make money out of external people (like user or other company), so fair enough to pay a fee for commercial license.

"free software" or freedom zero is good, but how engineers/companies who develop free software make survival? Donations? If I am already a billionaire, I totally support your point.

[knorker]

> If you are saying AGPL's virus like behavior is much more severe than the GPL's virus like behavior

Well, it is, since it extends GPLs coverage to not just "linking" (a hard to define term) but also explicitly even to automation scripts.

But I'm also saying it's not just a difference in degree, but in kind.

> If I understand correctly, the open source action is only required when you "re-distribute" it. So, if you play it only by yourself and never give your modified software to anyone else, it is OK for you to keep all code close.

For GPL this is true. For AGPL it appears to apply to any artefacts or other public interactions too.

> Only in a step that you want to re-distribute the software (or the service) to people (like external user or other company) who you don't want to show source code, you are facing violating the AGPLv3.

Maybe. It's untested in courts. A very reasonable interpretation (that I subscribe to) if your BooksOnlineExample.com uses AGPL for backend storage, then that is covered by AGPL (but not GPL).

But even worse. If you use some AGPL software to compress some data as you transfer it to your backup tapes, then you are using this AGPL software in order to run BooksOnlineExample.com (after all, without backups you don't really have a service), and thus your backup script could very well be in scope for AGPL and may have to be published.

Google has some opinions on this, e.g. this: https://www.theregister.com/2011/03/31/google_on_open_source...

> But generally speaking, in this step you already have a plan to make money out of external people (like user or other company), so fair enough to pay a fee for commercial license.

Ah, but AGPL is not about covering the "making money hole". It's about the "cloud hole". I would argue that GPL never had any intention of preventing people from making money.

Do you think Linus is upset that maybe tens of thousands of companies have their own patches to Linux to run their service? Do you think he's upset that even the ones that don't patch the kernel don't publish their kernel config. (I don't know if you've ever built the kernel, like "make menuconfig", but this is definitely not just "settings", but actually a vital step in order to "reproduce the same binaries as run on your production servers")

GPL was extreme when it was created. Compare it to the BSD license. Then AGPL came along and just went absolutely off the wall by having your interactions with the software bind you to publish.

> "free software" or freedom zero is good, but how engineers/companies who develop free software make survival?

To be clear, are you saying that the main goal of AGPL is to have people NOT use it? Because people who do accept and abide by the terms of the AGPL license do NOT pay for it.

AGPL only prevents use. You're assuming all AGPL software is dual-licensed, which is very much not the case. Luckily very little software is AGPL.

If it's about money, then why use AGPL at all? Why not just have a commercial license? Because you're not giving anyone even the most basic freedom with AGPL.

If the goal of choosing AGPL is to get paid or not use it, then that's just commercial software. Which is fine, but don't call it free software, since it's anything but.