Hacker News new | ask | show | jobs
by knorker 1189 days ago
> The thing that prevents them from contributing is the license that would require them to contribute?

Yes. Because the way it which it mandates upstreaming means that it creates a huge liability and unclear exactly what is in scope of the mandated contributing.

E.g. real lawyers looking at it have said that if you build a web app, and it uses mongodb (AGPL) to store some state, then you may need to opensource your web app.

It's not even clear if the AGPL software needs to be in the serving path. Maybe your billing pipeline uses mongodb, and now you have to opensource your frontend?

The counter argument from AGPL proponents I've seen is almost always "Good. They should need to opensource everything on their servers. I should be able to spin up exactly what they run, on my own servers".

Even a narrower interpretation that only in-scopes your patch to make mongodb work with your in-house SSO means you need to opensource things that you don't necessarily even own.

Again, the answer from proponents is "Good, all in-house SSO should die".
3 comments
pabs3 1189 days ago
I note that MongoDB is no longer AGPL, it is SSPL now, which expands the scope of the AGPL to the entire service:

https://en.wikipedia.org/wiki/MongoDB https://en.wikipedia.org/wiki/Server_Side_Public_License

link
pabs3 1189 days ago
If you don't modify the AGPL software, you have no obligations under AGPL at all. The extra network provisions only trigger for modified versions of the software. I would wager most companies don't modify their database software. Even those that do, don't let end users interact with that database, so should have no obligations either.

https://www.gnu.org/licenses/agpl-3.0.html

link
knorker 1188 days ago
So says you, but not actual lawyers.

AGPL is not LGPL, so is the client library of a client/server thing enough to infect you? Probably.

If there is no client library, what's the license on the example code that you used in your app?

link
pabs3 1188 days ago
Actually the license says that, I just read it.
link
pabs3 1189 days ago
The AGPL and GPL in no way mandate upstreaming, they mandate downstreaming to end-users. It is only via a culture of valuing upstreaming and or the maintenance burden of non-upstreamed changes that upstreaming happens.
link
knorker 1188 days ago
A distinction without a difference for the problem with AGPL.
link
pabs3 1188 days ago
Sure, just correcting a factual issue in your comment.

Edit: although, I disagree AGPL is problematic, see my other comment.

link