[btown]

I think this is a misunderstanding of how vague the AGPL actually is.

The key clause is "your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version."

Would putting AGPL software behind a reverse proxy change the fact that you're a user interacting with it remotely? What about a reverse proxy that changes/adds some headers? What about a really smart reverse proxy that reformats some of the output or repackages it or mixes it with things from other data sources? Is that materially different from the API that powers the "proprietary UI" you're describing?

And say you're pretty confident that you're on the right side of things. Can you point to any case law where courts have established precedent about what "interacting with it remotely" means in this context? No? Then to be on the safe side, you'll probably need to maintain a source code repository for your Corresponding Source, remember to update it every time you update a minor version of the service internally, and maintain an info screen in your product with "prominent" links to that source code repository, which likely means it needs sign off from a product team if not a legal team as well. All things that add expense and barriers to entry.

I think the AGPL is great for services like Grafana's UI itself, where there's likely to be a "human gap" between the software and anyone outside your organization. But things like Loki that are designed to power other proprietary systems that may well be touched by end users through a computer network, where Loki's output may have influence or side effects on the output the user sees? I don't think it's nearly as clear what liability that entails.

(Obligatory: Not a lawyer, the above is not legal advice.)

[PeterisP]

Most companies who use Grafana or Loki as part of some deployment would use an unmodified version, so the only AGPL specific clause, which you cite, would not apply and is irrelevant.

[rlpb]

This kind of hand-wringing is what the naysayers were doing with GPL software in the 90s. That the GPL would never fly in business because lawyers would get hung up in "what if" interpretations that were never the intent or spirit of the GPL in the first place.

It turned out alright.

[p_l]

Not really. GPLv2 had more sensible legal language, even if that turned out to burn FSF intentions at times, but over time lawyers started digging in more into "derivative software" clause. Also a lot of the naysayers were fueled by RMS himself doing whack a mole by forcing projects to adopt GPL in not nice manner (and I'm not talking about them using something big or critical from GPL project).

TL;DR FSF is heavily responsible for the "GPL is viral" message sticking.

[Thaxll]

And 99.99% of users don't modify the code so it's irrelevant.

[Rapzid]

I don't understand the point you're trying to make with the reverse proxy as it doesn't seem related to anything the parent wrote.

[btown]

Sure! Saying that the parent’s “develop an proprietary UI and use Loki as backend” is a slippery slope to “user sees data that incorporates data served from Loki” which I am arguing could be interpreted as data that would require the developer to maintain a source repository for Loki under the AGPL.

[Rapzid]

I see now and yes the AGPL seems vague in that regard.

If it's anything like dynamic linking and GPL that could be considered okay even if it's not the intention of the licensee. Seems like the license should be more explicit about what "interacting with" entails.

[Dylan16807]

> that would require the developer to maintain a source repository for Loki under the AGPL.

Is that a problem? Fork it on github, and update the repository every once in a while or upon request.