[greenshackle2]

The justification usually given for AGPL is to prevent other companies from running paid SaaS without sharing their modifications. The actual terms is that any user who interacts with the software over the network must be able to download the sources. It doesn't say anything about whether the service is paid or free.

I think the argument of FOSS people who don't like it would be something like, as a user, just running the software on my machine can potentially create a legal obligation to set up source distribution, if, like, I forgot to block a port.

[goodpoint]

> just running the software on my machine can potentially create a legal obligation

Not true: only if you made local modifications.

> I forgot to block a port

Also not true. You have plenty of time to close that port.

"""your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice."""

If you expose services on the Internet by mistake you are going to have 1000x bigger problems than the risk of being sued successfully for a honest mistake.

[Mordisquitos]

Ah, I was unaware that it applied regardless of it being a paid service or not. I imagine that would be somewhat analogous to distributing binaries of modified GPL software for free without providing the sources.

In any case, does the AGPL requirement to provide sources apply even if you are running an unmodified version? In other words, would merely pointing to the original repository not be enough?

Regarding the risk of accidental legal obligations, I suppose it depends on the details and technical wording of the licence.

If the requirement broadly covers any use of the software on the machine (e.g. some backend service that happens to help your public webserver to stay online) I can see the discomfort, especially if one must explicitly provide or link to unmodified sources too.

On the other hand though, if the requirement is limited to actual provision of the software's functionality to 3rd parties, I would argue that if someone accidentally provides it due to forgetting to block a port then they have much bigger problems than the AGPL.

[greenshackle2]

You can read the terms yourself, the network part is section 13, it's not long.

https://www.gnu.org/licenses/agpl-3.0.en.html

It just says interact remotely through a network. Interpreting what this means precisely is left as an exercise for the reader / the reader's lawyer.

  forgot to block the right port

I'm not against AGPL myself so don't take that as like, the strongest argument against it. It was meant a bit tongue-in-cheek.

[jhahdghfdjdh]

thats's just silly.

if you get notified of a security breach caused by your own incopetence, you secure it. which would effectively be the highest harm apgl can inflict on you already: stop hosting the service. which was your point all along.

[em-bee]

i think pointing to an upstream repo is probably enough in most cases provided you can link to the right version. but what do you do if the upstream repo disappears?

for a popular program that's not very likely, but lost source code is the bane of software development, so hacing your own version available would be better, at least as a backup

[LtWorf]

> but what do you do if the upstream repo disappears?

distributions keep archives. Just use a distribution and you're fine.

[krab]

It doesn't matter whether the service is paid or not.

[marcosdumay]

Personally, I am much more wary of the definition of "interaction" than of unwillingly distribute the software. The later one is a fault of the person accessing my computer against my will, not mine. But I have no idea how far "interaction" can be stretched-up, is using your software equivalent to signing some NDA? Hell if I know.

That said, FOSS authors normally aren't the kind of people that pushes to those crazy maximalist interpretations of documents. So if any risk exists, it's not large.