[wegs2]

IANAL, but you're obviously not one either. A lot of what you said is false. You don't read legal text like a piece of code. Contracts and licenses don't work like that. It took me a long time to wrap my head around this.

Contracts and licenses are built on:

1) Things need to be substantially the same. If I offer to build a house for you with Brand X super-plywood flooring, and it's sold out, I can build it upgraded to Brand Y corkwood flooring since Brand X plywood was sold out, and it's substantially equivalent for the purpose, and that's okay. On the other hand, if Brand X introduces a new low-cost plywood flooring that technically qualifies but obviously isn't what we meant, you've got a case.

I can't imagine any court will care about 4b being on a per-file versus per-repo basis.

2) Damages. There isn't a magic genie which throws contract-breakers or license-breakers in jail. The extent to which these matter is damages. If I break an agreement with you, you need to care enough to sue me. Beyond that, a court will award damages, and you'll need to show you were harmed somehow, or entitled to statutory damages.

I'm not sure how you'd show you were somehow damaged by a change like whether license text is per-file or per-repo.

Contracts are written by lawyers who keep all this in mind. That's why I hire lawyers to help interpret contracts; a plain language read is often misleading. My advice is read the licenses with a lawyer, or at least someone with a basic background in contracts and licenses. Goodness knows there are bad lawyers out there, but even those will give better advice than a stranger on the internet.

Disclaimer: This is specific to common law systems, and perhaps not all of them. But that's how the US works.

[Benjamin_Dobell]

> A lot of what you said is false.

I'm not interested in sea lioning. So I'll just ask for one specific claim that is false.

[jefftk]

"You can't relicense something that is Apache 2.0 as AGPL. You need explicit approval of every single contributor" is false.

Anyone can take an existing Apache 2.0 project and change the license to AGPL 3.0. This does not require the approval of any prior contributor. Of course people can continue using versions released under Apache 2.0 under the terms of that license, but even then "approval of every single contributor" is irrelevant. See https://www.apache.org/licenses/GPL-compatibility.html

The situation where you do need the approval of past contributors is when you want to switch between incompatible licenses. For example, if they had previously released it as AGPL 3.0 and wanted to move to Apache 2.0.

(also not a lawyer)

[Benjamin_Dobell]

> Anyone can take an existing Apache 2.0 project and change the license to AGPL 3.0.

No, you cannot. The very page you've linked to makes this clear:

> Apache 2 software can therefore be included in GPLv3 projects, because the GPLv3 license accepts our software into GPLv3 works

This is precisely what I've written. You can also apply the AGPLv3, you cannot remove the Apache 2.0. The contributions made under Apache 2.0, are still under Apache 2.0. The Apache 2.0 allows sub-licensing, so any contributor who uses those contributions from now is accepting them under the AGPLv3 and Apache 2.0. The former does not supplant the latter.

[wegs2]

You're reading it wrong.

If we were to read this like a piece of computer code, the incompatibility would be mutual. GPL code does not permit further restrictions. "You cannot remove Apache 2.0" would be a further restriction. Ergo, you couldn't incorporate.

It's just that this isn't how you read or interpret legal text.

The linked page is correct. You can incorporate/sublicense Apache code into GPL code. You can't do the reverse.

[Benjamin_Dobell]

You really don't seem to understand this at all.

Please, please stop telling people they can go ahead and do something.

Also, please stop suggesting that reading a license is a bad idea. That's horrible advice. (For readers, see comment below).

We're expected to sign/accept agreements near daily. The very nature of legal agreements is such that they must be written in a fashion that is clear in it's meaning, or else there's ambiguity in its interpretation, which means courts are not going to enforce it.

Of course it's ideal to sit down with a lawyer when doing so. However, it's pathetically idealistic to pretend that every open source project on Github has done just that.

The Apache 2.0 is its own license. There's nothing in the Apache 2.0 license about the GPL.

GPL was written by the GNU Foundation and they have their own interpretation about what licenses are compatible. Seems as that list isn't incorporated in the license itself, they're nothing more than guidelines.

However, let's see what GNU have to say about the Apache 2.0 license (https://www.gnu.org/licenses/license-list.en.html#apache2):

> This is a free software license, compatible with version 3 of the GNU GPL.

> Please note that this license is not compatible with GPL version 2, because it has some requirements that are not in that GPL version. These include certain patent termination and indemnification provisions. The patent termination provision is a good thing, which is why we recommend the Apache 2.0 license for substantial programs over other lax permissive licenses.

Even the GNU Foundation acknowledge that extra requirements of the Apache 2.0 make the license incompatible with the GPLv2. They do however claim it's GPLv3 compatible.

Great, their interpretation is that GPLv3 software can include Apache 2.0 software. Good on them. GNU Foundation (and the Apache Software Foundation) are not involved in the legal agreement made between a contributor and an open source project. Their opinion is irrelevant. The open source project has to adhere to the legal agreements they have made!

Licenses aren't magic, they're the same as every other agreement two parties make. If you want to update the terms of an agreement you've made with someone - you need a new agreement, with all parties involved!

Note that it's not uncommon for EULAs to contain clauses stating they're free to arbitrarily alter the terms, time and time again these clauses have been ruled as invalid.

In this case, by removing the Apache 2.0 license text, and not adhering to the terms of the Apache 2.0, Minio are not adhering to agreement they've made with contributors. It's really that simple. What the GNU Foundation claim is irrelevant, they're not a party involved in that agreement.

I could write a license right now:

> By adhering to this totally legit license, you're also in adherence with all other agreements you've ever made, but like, you don't need to follow their terms anymore, just our terms. Is all good. Don't worry.

That's not how licenses work. It's complete insanity that anyone could possibly think that a third-party has the right to alter the agreement, or interpretation of an agreement you've made with someone else.

Mind you, the GNU Foundation aren't stupid, nowhere do they claim that the GPLv3 can supplant Apache 2.0. They just say they'll permit Apache 2.0 in GPLv3 software. They most certainly do not claim you no longer need to honour the Apache 2.0. That's nonsense.

Stop, just stop it.

EDIT: Just to clarify, here is what the Apache 2.0 license says about incorporating Apache 2.0 licensed software in another project with a different license:

> You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

Note that they specifically permit that, as long as you continue to comply with the conditions of Apache 2.0 license.

> The linked page is correct. You can incorporate/sublicense Apache code into GPL code. You can't do the reverse.

That's not what Minio have done! Have you opened the link?

They deleted the Apache 2.0 license from the entire repo. Removing the Apache 2.0 license is an egregious violation of the Apache 2.0 license's terms.

[Benjamin_Dobell]

On the topic of software engineers exhibiting poor comprehension...

> IANAL, but you're obviously not one either.

That ought to have been clear from the first two sentences of my comment.

> I can't imagine any court will care about 4b being on a per-file versus per-repo basis.

You can imagine all you like. I'll leave that to the courts themselves.

Suggesting people (even with a superfluous IANAL disclaimer) make legal decisions based on what you imagine courts will do is just poor advice; legal or otherwise.

> 2) Damages [...]

I haven't mentioned damages because it's not relevant. If you think the concept is new to me, you're quite welcome to peruse my recent HN comments.

Infringement and damages are unrelated concepts. Will someone have to pay substantial damages for infringing in the way described? Probably not, but that doesn't change the fact infringement took place. It also is going to vary wildly depending on the circumstances involved.

Some jurisdictions have minimum damages that are owed simply if an infringement takes places, irrespective of any other details of the infringements.

It's just outright poor advice to suggest people make legal decisions based on what they can imagine.

There's also a very big difference between what I'm suggesting and what you're suggesting. You're telling people to go ahead and do something. I'm telling them not to do something.

Perhaps I'm being overly conservative, but you're quite right, unless you're sitting down with a lawyer (which let's face most open source projects are not) then don't make assumptions. Just follow the license precisely to the best of your ability, until you've got specific legal advice (and insurance) to protect you if something goes wrong.

EDIT: This really shouldn't be relevant. Because honestly it shouldn't add any credibility to my statements.

No I don't sit down with lawyers every time I make decision that has legal implications - that's impossible. However, I do have first hand experience dealing with copyright/licensing lawyers specifically over IP infringement due to a third-party violating the license of software I wrote. No, it wasn't just a discussion. Lawyers took action, and infringement stopped taking place - it did not reach the courts.

Again, that shouldn't add any credibility to my claims. I have zero credibility here, as does mostly everyone else. Just read the damn license.

[wegs2]

Most of this is nonsense, but I'll point out a few things:

> "Infringement and damages are unrelated concepts"

No. They're the same concept. Infringement is okay if there are no damages. That's how a lawyer reads a contract. You're merely confusing types of damages. There are many ways to calculate damages. You're describing statutory damages. You usually run the calculation all ways, and take the greatest number which applies (but not always). That's how you might get into hundreds of thousands of dollars of damages for an MP3 collection.

> "unless you're sitting down with a lawyer (which let's face most open source projects are not)"

No, this isn't right. Most major free software projects do have access to lawyers. I've worked on several, and what I did was always reviewed by in-house counsel (and not just one organization). Even if there isn't a corporate sponsor, that's what a lot of the free software / open source not-for-profits do. I've had conversations with volunteer counsels too. Most minor projects generally won't need a sit-down session with a lawyer, but if they want access for whatever reason, it's not rocket science either:

1) Look into your social network. I have 3 or 4 lawyers who went to the same college I did. When I have a legal question, I do call them up. For something as simply as the nonsense you're spouting, any lawyer can set you straight.

2) If you are doing work at a company above a hundred people, it will have an in-house counsel. Shoot them a quick email. Most are friendly; that's what they're there for.

3) If you're not (1) or (2), you probably have someone like me in your network.

4) And if all else fails, you can go to the right meetup.

My experience is that for a volunteer project, open source, or similar, most lawyers are glad to chat.

> "Just read the damn license"

This is just about the worst advice on HN. Your options:

1) Read the license with a lawyer

2) Read the license as well as articles from actual lawyers about the license

3) Learn enough about law to read the license correctly.

You're misreading the licenses, and that's what's dangerous. It's kind of like referring people to WebMD over a doctor.

[Benjamin_Dobell]

Stop intertwining complete nonsense with tropes in order to try add credibility to your outrageous claims.

- IANAL.

- Get a lawyer.

- You probably know a lawyer.

Thank you for adding absolutely nothing to the conversation. The only common theme is that you think you shouldn't interpret a license yourself and act upon that.

What little substance is present in your comments is however in direct contradiction to that. You proceed to interpret a license, and tell people that violating it is fine, because the courts will probably think it's fine.

What? I just really hope anyone reading this can see through the tropes and realise you're in no position to be giving out advice.

The only advice I've given is read the licence, and to the best of your ability, act with accordance with the license. I'm 100% okay with that.

EDIT:

> Look into your social network. I have 3 or 4 lawyers who went to the same college I did. When I have a legal question, I do call them up.

> My experience is that for a volunteer project, open source, or similar, most lawyers are glad to chat.

These claims are highly dubious.

There are several lawyers in my extended family. I went to school with many more. They most certainly are not "glad to chat" about legal matters. Giving out any advice that may be construed as legal advice is a huge deal for them. You either know highly unprofessional lawyers, or you're making this up.