Hacker News new | ask | show | jobs
by stgraber 914 days ago
Anyone is welcome to use my code in a proprietary piece of code, indeed the Apache2 license allows it.

What it doesn't allow is for my code to be re-licensed to AGPLv3 nor can they grant themselves a license to do whatever they want (their CLA).

So indeed they could keep importing Incus bugfixes and new features into LXD, but that code would need to have an exception carved out in their current contribution requirements as the code would not come from an author that has signed the Canonical CLA nor would it be under the AGPLv3 license.

They would also need adequate tracking of this so they don't accidentally assume that the code belongs to them and that they can re-license it as they wish for other projects. Also anyone who stumbles onto that code in the LXD codebase should be properly informed that they can include that code in a non-AGPLv3 project as that bit of code is Apache2, not AGPLv3.
4 comments
Macha 914 days ago
The reason they need the CLA is to exempt themselves from the burdens of the AGPL license, however.

It's not much work to use Apache 2.0 in a proprietary (or AGPLv3) project. Unlike the AGPLv3 it doesn't impose many burdens or the project using it.

link
jraph 914 days ago
I guess you already thought carefully about all this, but wouldn't you actually prevent them from reusing your code (in a closed version) if it were released under (A)GPL?

Because if you keep releasing your code under Apache 2, you prevent yourself from taking their code while allowing them to take yours. You could lose at this game.

If you released under AGPL, you would reverse the direction. They would not take your code without the CLA but you'd be fine with taking theirs.

I know, you mentioned companies disliking AGPL.

link
stgraber 914 days ago
Of course following the move and going AGPLv3 would solve the project contribution issue. In fact it'd back Canonical into an interesting corner as Incus would be allowed to freely take LXD changes, but the opposite would not be possible unless they let go of the CLA.

It certainly would put Incus in a great situation, if it wasn't for the fact that we think keeping the Apache2 license is the right thing to do. The Go packages provided by Incus are used in hundreds of other codebases, a switch to AGPLv3 would cause those codebases to have to follow which would only lead to reduced adoption for Incus and a lot of pain in the Go ecosystem as a whole.

And then there is the fact that many large companies, including some that have been relying on LXD in the past, have policies specifically against the consumption of AGPL code. One prime example of that would be Google, which last I checked make up more than 50% of the LXD user base thanks to LXD being used on Chromebooks for the Linux shell feature.

Overall, the thing I hate most with this change is that it's going to make what was otherwise a pretty cordial relationship between the two projects now turn into a very stressful one where we need to basically be careful not to look at each other's stuff... It may seem that LXD and Incus were straight up competitors, but in reality, we were doing behind the scenes debugging together, sending each others' link to pull requests and specifications, ... this effectively all ends today and it's a shame.

link
kragen 914 days ago
i don't know about you, but i have no interest in subsidizing bad policies of large companies with my leisure time, much less my work time that they're not paying me for. maybe those large companies should either abandon those policies or develop their own software without our help. or pay us
link
kragen 914 days ago
i agree with Proven's [dead]ed comment that "Free software doesn't exist to reward developers and contributors." in the sense that the reason it's good for free software to exist is that it rewards users, not developers and contributors

on the other hand, the events which cause it to exist are that developers and contributors write it, so in that sense it does exist because it rewards developers and contributors in some sense

different people find different things rewarding. perhaps some people do find it rewarding to subsidize large companies with bad internal policies. but i don't

link
Macha 913 days ago
I wonder if the answer here is LGPL?

Still permissive enough for the goals of Incus and for anyone using it as a component. You can even use the LGPL code in the AGPL build of LXD fine. But if they want to release a proprietary build containing the LGPL code, the LGPL code needs to be held at a bit of arms length, so it could be used as a library in proprietary code for example, but couldn't have patches intermingled and incorporated wholesale into it.

link
kragen 914 days ago
i'm not entirely clear on what you're saying

are you saying they're permitted to use your code in a proprietary piece of code but not in an agplv3 piece of code?

if that's not what you're saying, what is the difference between the latter and what they are in fact doing? are they removing your apache2 license headers or something?

link
stgraber 914 days ago
They changed COPYING from Apache2 to APGLv3 without introducing any SPDX headers or similar to denote what is Apache2 and what isn't. So yes, while AGPLv3 is compatible with Apache2, it doesn't grant anyone the right to relicense code.

Anyone is allowed to take my Apache2 code and do what they wish with it so long as it remains Apache2, you can't just go and replace the license text from one license to another and call it good, that code is still Apache2.

link
kragen 914 days ago
i think the apache2 license actually permits modifications of the code to be licensed under a different license, including microsoft's eula or the agpl, and doesn't require the original licensing to be preserved for the individual source files (like the mpl) or for the modifications to be kept separate, as a patch (like perl's artistic license), and this was an intentional choice on the part of the apache2 drafters

however, it seems to me that the copyright and license headers (if any) on the individual pieces of code you wrote must be preserved, as well as (as you say) the overall copyright notice:

> You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works

from https://www.apache.org/licenses/LICENSE-2.0

link
pessimizer 914 days ago
Is there some part of the Apache 2 license that insists that people using Apache 2 licensed code in a project clearly mark what code is Apache 2 and what code is under some other license? Of course not.

Nobody is relicensing the code on other people's computers. If you downloaded code under Apache 2, somebody other than you incorporating that same code into their AGPL project won't relicense the code on your computer, but it certainly will relicense the code on theirs.

link
kragen 914 days ago
> Is there some part of the Apache 2 license that insists that people using Apache 2 licensed code in a project clearly mark what code is Apache 2 and what code is under some other license? Of course not.

yes, there is

i quoted the relevant part of the apache 2 license in my sibling comment above

link
pessimizer 914 days ago
> You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works

Leaving the notice files in is in no way "marking which code is Apache 2 and which code is under some other license."

edit: this entire discussion evaporates if we abandon the idea that somebody would (or could) go through an AGPLv3 project that incorporated Apache 2 licensed code, and pull out just the Apache 2 code to use in another project. The only way to do that would be to download the Apache 2 licensed code from its original source and diff it against the AGPL project in order to distinguish the code you can use from the code you can't.

It doesn't make any sense. There's no sane preference for copy-pasting from the AGPL project rather than the original code that you've obtained under Apache.

link
kragen 914 days ago
i guess you could comply by leaving the apache 2 license in there but then not say which files it applies to, but then you'd be licensing the whole work under the apache 2 license

i don't think you can comply by just removing the apache 2 license

you're right about 'jeez' and i've removed it

link
diffeomorphism 914 days ago
> What it doesn't allow is for my code to be re-licensed to AGPLv3 nor can they grant themselves a license to do whatever they want (their CLA).

According to

https://softwarefreedom.org/resources/2007/gpl-non-gpl-colla...

it does both with minor caveats.

For the "relicensing" it will have to preserves license information, e.g.

> (C) new guy AGPL license text

> Also incorporates work with the following license

> (C) stgraber apache license text

In practice that is the same as being AGPL licensed because doing otherwise would violate new guy's license.

For the CLA nobody ever suggested they can do "whatever they want". What seems entirely possible however is for them to offer an entirely apache2 licensed version (the original version is apache2 and, only at their discretion, so are all future changes) as well as an AGPL licensed version.

link