1. 55
  1.  

  2. 5

    I wonder whether they got permission from all their open source contributors to re-license the code? Or maybe they use a CLA like Shopify and co. do, where you waive all your rights to the code you own once it’s merged to the main tree?

    1. 12

      It sounds like it was previously mit, and if I understand the law correctly you can make modifications to mit software and release the modified version under gpl without issue (so long as you preserve the original mit license text).

      1. 3

        Hmm… but relicensing code requires the permission of the code’s author, no? For the company’s own code that’s probably fine, but what about any outside contributors that might not agree with the license change? They might have the right to rescind their code.

        1. 22

          They gave that permission by using under the MIT License. It is when you go in the ‘other’ direction that you need to ask for everyone’s consent/permission. ej. Racket had a huge multiyear thread asking everyone if they were OK when changing from LGPL to MIT.

          Btw I remember in the 00’s some BSD complained that Linux developers would take their driver code, use it and license it under the GPL, making it impossible to merge any improvements upstream.

          https://opensource.stackexchange.com/a/5833

          1. 8

            Btw I remember in the 00’s some BSD complained that Linux developers would take their driver code, use it and license it under the GPL, making it impossible to merge any improvements upstream.

            I mean, isn’t that exactly the purpose of MIT? “Here’s some code, do whatever you want with it, you don’t have to contribute improvements back”.

          2. 12

            Technically the old code would still be MIT and the new code would be AGPL. However, since AGPL has more strict requirements the whole project is effectively AGPL. They’d still need to preserve the original MIT license text though.

            1. 7

              The code’s authors licensed their code under the MIT license, which allows that code to be relicensed by anyone else under new terms (such as the AGPL).

              1. 1

                No, re-licencing is not permitted. If I write fila A of project X, using MIT, and someone else writes file B under AGPL - then another user who gets A and B would get both under AGPL - however, they could still (in general) use A according to MIT.

                If this makes a difference or not will dependa lot on the projectas a whole, and the content of A.

                A could be a self contained c allocator, or a clever implementation of a useful ADT. Or it could be a smallpart of what B provides, like an implementationof a print macro/trait for Canadian post codes.

                1. 2

                  Sure. But say you write some file and license it publicly under the MIT license. I can then take that same file and, in accordance with the terms of the former license, license it to someone else under the terms of the AGPL license. They will then not be able to use it under the terms of the MIT license.

                  In practice, this is not such a big deal, since the original version is likely still available and indistinguishable from the version I provide. However if I change something small—like, say, the wording—then my changed version is distinct from your original, and if I license it as AGPL it won’t be possible to use it under the terms of the MIT license.

                  1. 2

                    No, as far as I understand this is not correct - a bsd or mit license is connected to copyright - and you need to make substantial changes in order to claim copyright. Without copyright you cannot re-license.

                    Remember -in most jurisdictions, the default is copyright. If I write a poem here - you could quote me, but not publish my poem - you have no license to redistribute it. If I explicitly give you a license - you cannot change that license.

                    This does get a bit muddy with the various viral licenses you point out -but as far as I understand mixing file A under mit, with file B under gpl (or AGPL)- does not really allow you, the distributor of A and B, and the recipient of A to re-license A.

                    Your downstream users would/should still get A with mit copyright notice, and will be free to distribute/use A (and only A) under mit.

                    Doing so would not make the GPL license for A and B invalid.

                    Ie: you include an mit malloc in your “ls” utility. A user that gets the source from you, could go in and see that, ok, this malloc bit (assume it’s not modified)- I can use that as mit.

                    This is because you as the distributor, do not have copyright to the upstream mit bit.

                    People will claim differently, and I don’t think it’s been tested in court - but AFAIK this how the legal bits land.

                    1. 8

                      You don’t need to claim copyright over something to relicense it. You can grant a license to a copyrighted work if your own license to that work permits it, which MIT explicitly does.

                      including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software

                      1. 3

                        Ah, thank you. I wasn’t aware of this difference between MIT and bsd. I suppose I’ll have to check apache too.

                        Some more on mit vs bsd: https://opensource.stackexchange.com/questions/217/what-are-the-essential-differences-between-the-bsd-and-mit-licences

                    2. 1

                      Note that this is different from explicit grants of re-license, like GPL v2 (i think) has a provision “or any later version”.

                      So if I get a gpl2 file I can choose to distribute it as gplv3.

          3. 3

            Only thing I am worried about is the JS code injected into other pages, especially when you want to use some of it’s functions more directly (for example for better integration with stuff or so on). I hope that they will keep that under more permissive license as otherwise it can cause some problems in some applications.

            1. 6

              thanks! we’ll keep the JS code itself on MIT just to avoid any possible confusion in the future.

            2. 3

              Note that AGPL can still be exploited by cloud providers, and unfortunately it doesn’t always play well with other open-source projects that have more permissive licenses.

              1. 9

                what do you mean that it “can still be exploited by cloud providers”?

                1. 2

                  If you’re really curious, read on why mongodb, confluent and redis (among others) changed their license to ones that aren’t authorized by the OSI.

                  1. 3

                    so by “exploit” you mean they can benefit from it for free, while sharing any modifications

                    1. 3

                      No, I mean they can drive the authoring entity out of business, without ever having to make any modification in the first place.

                      1. 1

                        Like re-implementing the project and offering as a service with compatible interface?

                        1. 3

                          Sounds like Google vs Oracle =)

                  2. [Comment removed by author]

                    1. 23

                      You just described GPL and not AGPL, which was made to counter this exact scenario.

                      1. 5

                        As sibling comment said, the Affero General Public License has an explicit clause which requires the server software’s source to also be released.

                        1. 3

                          Yes, but the edge cloud providers have isn’t the modifications they make to the source code, but rather their enormous computing resources, which they can even sell for a loss only to drive the competition down.

                        2. 2

                          The main difference between the GPL and the AGPL is how “distribution” is defined; in essence providing access over the network is considered “distribution” for the AGPL.

                          An AGPL web server would require an offer of source code access/distribution to all clients. An AGPL database server would need to offer source to consumers of the service (but not transively - eg Automatic hosting WordPress would be given access to the database source, the WordPress service could be closed or open source).

                        3. 1

                          I think they are talking about one of the scenarios the article explicitly wants to avoid.

                          We want to prevent corporations from offering Plausible as a service without contributing to the open source project

                          With the AGPL, they are only forced to share the code, they can don’t have to actually improve it. After all plausible is selling a support service, not software. A bigger company can offer the same service.

                          1. 4

                            plausible doesn’t seem to be worried about that, since they are moving to the AGPL. i would think the developer of a product would have an edge in the support market over other companies offering support for a product they don’t develop.

                            but i see how any use of a product could be considered “exploitation.” it’s just the nature of free software that anyone can use it and modify it as they wish.

                            1. 4

                              There doesn’t seem to be a license that’s accepted in the open source world and that prevents the cloud companies from offering the product as a service. What MongoDB and others did doesn’t seem to have been well received even though I do understand their concerns and think that’s there’s a need for a license like that.

                              AGPL at least makes the playing field a bit more even and fair as a large corporation cannot just take from us but have to be clear about the relationship, give us credit and open any of their modifications. Then it’s up to us to make sure we communicate well so people are aware of what’s happening and can take that into consideration when they’re making a choice who to use.

                              1. 1

                                Nothing stops someone from hosting a managed service and also releasing all of their changes. If the win is that actual hosting, then that is the actual value. The only thing actually stopping them is not wanting to release the code, which is kinda ironic.

                                1. 1

                                  With AGPL the have to allow any users to get a copy of the source. This isn’t quite the same as “contributing” (upstreamin changes) but since any of those users could send the changes upstream many consider it “good enough for rock ’n roll” to say it requires contributing

                              2. 4

                                Do you have an example of other permissive licenses that conflict?

                                1. 3

                                  To the best of my understanding, a project that’s MIT or Apache 2.0 cannot use a GPL or AGPL project, because xGPL licenses are copyleft and effectively turn any project that uses them into xGPL as well.

                                  If the goal is mainly to prevent exploitation by the big players, then it’s a bit like burning your home to get rid of the ants. There have been attempts to produce licenses that are better suited for this purpose, however most of them end up doing it by “descriminating between fields of endeavor” (e.g. cloud hosting), and so the OSI deems them as “not open-source”, but rather “source available”.

                                  1. 4

                                    An MIT licensed project may have an AGPL dependency, but the distributed combination (or binary when linking, exact artifacts depend on stack) will be effectively AGPL. Some projects even have optional depndencies based on the license you want for your artifacts.

                                    Having an artifact be AGPL is only an issue if you plan to distribute as “cloed source”.

                                    1. 1

                                      Yes, it means every project that depends on you must be open-source as well, including small start-ups that try to remains competitive using their unique technology. Perhaps that’s what you want, but it’s not necessarily the best scenario for the world of open-source, or the world in general.

                                      1. 5

                                        Really not sure how preventing a startup from taking our freely given work and using it to produce something that is not open source is bad for anyone? That seems like the goal. They can release their code, or spend the money to write their own and not steal from the public commons.

                                        1. 4

                                          i think the mindset is that anything that could prevent an entrepreneur from bringing a product to market could be bad because the product might end up helping people. some people have that mindset.

                                          1. 1

                                            I could try to argue the point, but instead let me ask you: Why do the MIT and Apache licenses exist in the first place, and why are they so popular? And why have they been gaining popularity every year in the last decade? (see: https://resources.whitesourcesoftware.com/blog-whitesource/open-source-licenses-trends-and-predictions)

                                            According to your logic, most open-source code should choose to be GPL, no?

                                            1. 1

                                              because more and more open source projects are funded by tech companies that would like to use them in their proprietary projects

                                              1. 1

                                                So 70% of opensource is funded by commercial tech companies?

                                                1. 1

                                                  i would think less

                                      2. 2

                                        Ah, yes, that sounds right. I was worried that there was maybe something I didn’t know about in case the licenses are combined the other way around. Ie. an (A)GPL project using a MIT/Apache 2.0 library should be fine, I think?

                                        I understand the concern about using AGPL for libraries, frameworks, etc, but it doesn’t look like a bad pick for application-type stuff, like OP’s product. The only type of derivative would be a fork/branch.

                                  2. 2

                                    It’s my understanding that AGPL3 mean you also have to open source any application that uses this library?

                                    1. 2

                                      If the javascript snippet one have to put on their web page to have analytics work [1] is also covered by AGPL3 then it seems that would be the case. But I’m not a lawyer.

                                      [1] don’t know if that’s the case, just assuming as they are competing with google analytics that does this.

                                      1. 3

                                        In other comment they stated that they will keep MIT for the JS parts of the system for that reason.

                                        1. 1

                                          Thanks for clarifying, in such case this shouldn’t be a problem for anyone (beside those who just don’t like projects changing licenses as it indicates potential future risk factor).