[slaymaker1907]

IANAL, but this may be illegal. I noticed that they have a large number of contributors yet seem to have no contributor agreement with ownership assignment. This generally means that any license change would need the agreement of every past contributor (as it should). There are good reasons (for the primary author(s)) to enforce copyright assignment for contributions.

Besides legal issues, I consider changes like this to be very slimy since you are kind of pulling the rug out from under people. I would expect a huge discussion to take place before doing something like this to try and let people move off of the platform if AGPL does not work for them for whatever reason.

[bhickey]

The AGPLv3 and Apache 2 licenses are compatible. The maintainers are welcome to relicense their own contributions under the AGPLv3 and distribute the whole subject to that license (and the Apache 2 license), but that doesn't magically make contributed source AGPL. Removing the Apache license is suspicious because there are a heap of commits that are still covered by this license and without it the core MinIO devs have no right to use it. This is a full on cluster.

[khuey]

As is this clearly doesn't satisfy clause 4 of the Apache License for external contributions in the absence of a copyright transferring CLA.

[bgwhn]

What's more concerning IMO is that despite the fact that I can't find a CLA, their pricing page claims that if you buy their support contract that they'll give you the software under a "Commercial" license: https://min.io/pricing

[chillfox]

They might just have figured that none of the people with standing is actually going to sue them.

A license is only as strong as the likelihood and severity of consequences.

[khuey]

They have venture investors. YOLOing IP law like that is not going to pass any sort of due diligence.

[seoaeu]

Imagine if the only APGL enforcement action on this was by contributors against MinIO. Not exactly the intended outcome of this re-licensing...

[clarkevans]

GPLv3 is compatible with Apache 2.0. This copyright statement should have addendum which indicates that portions of the code (written by contributors) are under the Apache 2.0 license. This could be addressed.

There's no pulling the rug under people here: it's not like the previous releases, under the Apache license, are rescinded. Someone can still fork the project and keep it under the Apache license.

If they are using a proprietary license for their commercial offering, they will probably require future community contributions to be donated under the Apache 2.0 license.

[mbreese]

> This could be addressed

You’d think they would have thought of this first. The fact that we’re having this conversation isn’t a good sign.

[monocasa]

IANAL also, but since Apache is considered compatible with GPL3 and AGPL3, I think they have the ability to, since they can simply relicense their parts of it, and the resulting work is de facto AGPL3 taken as a whole. They might have to drop a 'portions are licensed under the Apache...' blurb somewhere, but the overall idea should be OK.

[rytill]

Would it be possible to simply fork an MIT-style license and relicense the new fork as AGPL? The pre-fork version can continue with its old license, but the new fork is AGPL.

[Laremere]

IANAL. The lack of forking isn't the issue here. When someone writes code they (or their company) owns the copyright to it. They then contribute the code to the project using the terms of the project's license. Eg, for GPL, it allows others to modify, build, and run the code. However those modifications must be released to the public under the same license. (skipping over some minor technical details)

Unless you get everyone who has contributed code to also release their code under the new license, the old license is the only one which all of the code has.

It is possible to start contributing code to a project under a new license (effectively re-licensing the project in the eyes of the community), provided that the new license does not violate the old one. Specifically the Apache license REQUIRES that the code be distributed with a copy of the Apache license. Just removing or changing that license without the copyright holder's permission is in violation of that copyright.

A lot of projects avoid potential future issues by having a contributors agreement in addition to the project's distribution license. Essentially, you give an extremely permissive (possibly up full ownership) of the code you write to the project. That is, some legal entity such as a person (the head maintainer) or a foundation. This legal entity then distributes the project to the community using the license of their choice.

[cygx]

You can't just change the license of code contributed by someone else without approval. But you can relicense your own contributions, which - unless that code can be trivially ripped out - would basically have the same effect as placing the whole thing under the AGPL.

[Quekid5]

You can't really just 'slap a new license on it' AFAIUI. What you can do is fork and license any new derivative work under a new license (which is one-way compatible with the old one). Effectively that means that the fork can only be used under the new license.

[bluefox]

I'm not sure it's "illegal"... but according to [0] the Apache license is subsumed by AGPL3, so I think this means they can add AGPL3 code freely and the result still makes sense to lawyers. They may also relicense code fully authored by themselves as AGPL3. Perhaps it may be even possible to relicense contributor code given these specific licenses? I don't know. They can push to that repository, so it's their prerogative to add whatever. Of course, people could use their own forks without these commits, not upgrade, etc.

[0] https://www.gnu.org/licenses/license-compatibility.en.html

[jcadam]

The rationale for doing this escapes me. Is minio concerned about one or more cloud providers forking minio and then going closed source with their modifications?

I generally only run minio from the official docker image, so I don't reckon this would affect "normal" usage?

[zamalek]

> forking minio and then going closed source with their modifications?

Which is somewhat bizarre given that aims to MinIO emulate a closed-source system. Open source businesses usually use AGPL or similar to prevent "Big Cloud" from stealing their business, this is a very strange inverted approach and I can't figure out why.

[the_duke]

There are many companies that might use and modify a S3 compatible object storage.

The world does not run exclusively on AWS, Azure and GC.

[zamalek]

Correct, but that misses the point I was making entirely. Running S3/Elastic/API-X wherever you'd like is a separate issue to the kind of problem that Elastic faced with AWS. AWS soaked up a huge amount of Elastic's potential market, because they are so big and entrenched. Only AWS, Azure, and GCP are big enough to do that - and I don't see anyone "stealing" a reasonable degree of S3 customers from AWS by using Minio (let alone any business model that Minio might be exploring).

[sdesol]

> I noticed that they have a large number of contributors yet seem to have no contributor agreement with ownership assignment.

I did a quick analysis of the project and there were 41 contributors in the last year that contributed more than 10 lines of code churn to go files. See the following for an analysis:

https://public-001.gitsense.com/insights/github/repos?q=file...

If you switch to the impacts view, you can see that of the 41 contributors, there was 1 frequent contributor, 3 occasional contributors and 37 seldom contributors.

I can't tell how many of the contributors are Minio employees, but I'm guessing in the worst case scenario, they could look at re-implementing contributions by non Minio employees, since the vast majority of code changes were by Minio employees. I know re-implementing previous contributions is a strategy that some use when they change their license, but I'm not sure how practical this is for Minio.

As a side note, do not install my tool as the docker image has expired license that I need to update.

[koolba]

How does “reimplement contributions” work in practice? For trivial changes there’s often no alternate implementation (e.g. correcting a typo) and for anything substantial anybody currently involved in the project would be tainted with exposure to the implementation.

[Jach]

I would expect that in the limit it would follow clean-room design (see https://en.wikipedia.org/wiki/Clean_room_design) -- you only have to do enough to prove to a court that you or someone you got to rewrite something according to your spec weren't sufficiently tainted by the original code to rise to copyright infringement (even if the result is bitwise identical due to primarily one obvious way to do it).

The GNU project offers a bit of guidance for what counts as "legally significant changes" to them: https://www.gnu.org/prep/maintain/maintain.html#Legally-Sign... They use about 15 lines rather than the GP's 10 lines, but point out there could be context where even many lines of repeated change (renaming a symbol) is not legally significant. My opinion is there's no hard line, like always you need to weigh the risk of getting sued (some contributors might even be unreachable or identifiable) against the cost of reimplementing even things legal counsel says are insignificant (at the end of which you still might get sued anyway and have to prove you did clean-room/changes were insignificant/it's fair use/whatever).

[sdesol]

I honestly don't know, but I would have to imagine something like fixing typos would fall under "this is obvious" and you can't claim copyright on it. And likewise, if your algorithm that you contributed was obvious, it would fall under the same rule.

Note, I'm just speculating of course, but I do know changing license is something that does happen and I'm sure Minio is probably looking at getting people to sign off on previous contributions. And if they can't get the contributor's consent, will look at re-implementing things or just not use previous contributions, since it is possible that the previous contribution is no longer used.

[hda2]

> trivial changes there’s often no alternate implementation (e.g. correcting a typo)

IANAL, but simple changes like these likely don't meet the threshold of copyrightablity.

[ChickeNES]

I suppose we'll see a fork this weekend if they don't come to their senses, because it very much appears like there was no discussion about relicensing, nor is there a CLA