Hacker News new | ask | show | jobs
by ninkendo 1014 days ago
Except it’s not just hosting the covered work itself as SAAS that triggers a distribution, but any derived work. If you use (say) AGPL MongoDB in your SAAS bug tracker, your bug tracker now needs to be AGPL too. The virality doesn’t stop at hosting a SAAS MongoDB.
2 comments
candiddevmike 1014 days ago
That's probably not correct. While the AGPL is a little ambiguous, it probably does not infect other apps. That's why I created the Candid Public License (CPL): https://github.com/candiddev/cpl
link
ninkendo 1014 days ago
Every lawyer I’ve talked to takes my interpretation. It may be overly cautious of them, but in practice, if something becomes the prevailing legal view, it de facto is the correct interpretation, at least until it is tested in court.
link
candiddevmike 1014 days ago
I would find new lawyers, the AGPL is just the GPL with the addition that network access counts as distribution:

https://www.gnu.org/licenses/why-affero-gpl.html

https://fossa.com/blog/open-source-software-licenses-101-agp...

link
ninkendo 1014 days ago
Recall that the GPL (non-affero) categorizes runtime linking to GPL’d binaries as a derived work. (This is why the LGPL exists, to allow for what the regular GPL restricts.)

The logic of the lawyers I’ve talked to (2 different companies on multiple occasions with different lawyers) is that the same wording that causes network access to count as “distribution” in the AGPL, also causes networked API access to count as a derived work.

It’s not all that crazy of an interpretation, IMO. My lawyers may suck and be overly cautious, but I’d wager this uncertainty is exactly why any sane company stays as far away as possible.

link
dragonwriter 1014 days ago
> Recall that the GPL (non-affero) categorizes runtime linking to GPL’d binaries as a derived work

If its not a derived work under copyright law requiring a license, a license offer can’t transform it into a derived work requiring a copyright license.

link
ninkendo 1014 days ago
So, thought experiment: say I do want to take AGPL MongoDB, alter its source code, and host my modifications as a SAAS without releasing my modifications, and get away with it.

One way I could do this is by completely implementing its wire-format API of MongoDB as a proxy server to my derived MongoDB, and offer that up as my SAAS.

I could use a defense that I’m not distributing MongoDB, I’m distributing my proxy service I wrote myself. It just happens to be that my proxy service talks to MongoDB to do its job, but according to you that’s not a derived work, because network access doesn’t count.

For AGPL to still protect MongoDB in this scenario, the proxy-plus-mongoDB combo would have to count as the derived work, and I think the only way to do this is to count any API access as deriving a work. I think this is at least how the lawyers I’ve talked to described it.

GPL has already established that runtime linking counts as a derived work. If what you’re saying is true about “not a derived work under copyright law requiring a license”, then I don’t understand why the LGPL exists.

link
Znafon 1014 days ago
The AGPL says "including scripts to control those activities" but if I understand what you are saying properly it means that the text of the AGPL is overreaching and some parts of it wouldn't be applicable?

Would the details depend on the country? Like it might be one thing under US law, and another in another country?

link
tzs 1014 days ago
> Recall that the GPL (non-affero) categorizes runtime linking to GPL’d binaries as a derived work.

Generally a bug tracker (SAAS or not) that uses a database does not need to link to the database unless the database is SQLite.

link
ninkendo 1014 days ago
If the AGPL defines network access as distribution, it stands to reason that network access also counts as linking. See my other comments about a hypothetical proxy that thinly wraps mongoDB as an AGPL workaround, for why this gets hairy very quickly.

https://news.ycombinator.com/item?id=37400264

link
imtringued 1014 days ago
You guys will do everything and anything except read the license terms and then make up whatever lies you want, to make the AGPL look bad.
link
imtringued 1014 days ago
AGPL does not add any distribution clause... all distribution clauses are taken from the GPL...

The AGPL adds a modification clause so that if you ever modify the code even if you do not distribute the application, you still have to share the code or at least link to the version of the source code that you use. The loophole that AGPL fixes is that there are ways to avoid distribution.

This AGPL/GPL virality urban legend should have ended years ago.

link