This article contains a stereotypical engineer’s understanding of psychology. If you create a set of rules, that defines the system and the system will operate along the lines established by those rules. This is not the case with humans, and this is the reason that the GPL and friends have never achieved their stated goals.
If you tell humans ‘here is a set of rules that you must follow’, they will push the boundaries of those rules. They will come up with ways of complying with the letter of those rules but not the spirit. They will come up with ways of violating the letter that you can’t do anything about.
If you want to change behaviour, you need to give people incentives such that their interests are aligned with your goals. Most people don’t murder their neighbours because they’re afraid of prison, they don’t murder their neighbours because they don’t want to live in a society that normalises murder.
As soon as you try to enforce behaviour with a license, you’ve set yourself up in an adversarial relationship. If you establish cultural norms and show people that they’re in a better world if they behave in a certain way, you’ll have much better luck making them behave in that way.
One of the biggest problems for F/OSS is that, fundamentally, most users don’t care. Consider OpenOffice vs MS Office. You can extend MS Office in VBA, so you have the ability to improve it as an end user if you have a little bit of experience programming. You can even create simple extensions (macros) by just recording a sequence of actions and running it repeatedly. Assume that the equivalent functionality in OpenOffice is as good. With OpenOffice, you also get an enormous pile of C++. How does that help you? If you find a bug, you can fix it (hah!) or you can hire someone else to fix it (for how many thousand dollars?). Practically, the fact that you have the legal right to access the code and make changes is of very little benefit. I wouldn’t know where to start looking to fix bugs in most of the F/OSS software that I run, why do you think most users should care?
This last point is why I wish F/OSS projects would focus more on end-user programming. If people learn that there are concrete benefits from being able to modify programs, then they will start to demand that ability. The more that they try to do, the faster they’ll hit the wall of ‘sorry, no user-serviceable parts inside’ in proprietary software. That’s how you drive demand for Free Software.
Things like federated protocols also help here, because the benefit isn’t from you being able to do something, it’s from a large set of other people being able to do things for you. You don’t need to be able to touch the Mastodon codebase to benefit from the fact that there are Mastodon instances run by people who care about a load of different audiences and, if you want your own, there are multiple companies that will host an instance for you in exchange for money.
This reply contains a stereotypical philosopher’s understanding of systems. Humans really do operate within rule-oriented systems, even if those rules are imperceptible in daily life. Moreover, reward hacking is not unique to humans and we have varied examples of computers doing it during optimization; Wikipedia’s examples all come from machine learning, but it also occurs when compilers exploit undefined behavior or compressors exploit unintended patterns.
The adversarial relationships come from the underlying tension between corporations and their laborers, not licensing. A license merely makes the relationship explicit by placing restrictions on the corporation’s ability to exploit laborers. An employment contract is adversarial, too.
Things like federated protocols also help here, because the benefit isn’t from you being able to do something, it’s from a large set of other people being able to do things for you.
Only if the activity itself is so good that people flock to the service. I don’t think Mastodon is yet where it needs to be, penetration wise, to drive this sort of sentiment.
I’d say more importantly that people need to be taught the benefits. Many people I’ve spoken to outside of tech love open source when I’ve described the benefits. Just like sustainability and democracy, it’s just a bit more abstract why it matters, especially for non-tech people. But I am convinced that people really do care about it if you tell them why they should.
I think “TL;DR: use the AGPL” doesn’t help. The AGPL doesn’t make sense for a lot of tools that operate over the network but don’t use HTTP, and the license text is massively confusing. I like the EUPL. It’s a shame there’s no examples of it being enforced outside of the EU (yet), but the license text is clear. The FSF has a bogus opinion on the EUPL that it’s GPL-incompatible because of it’s opinion on combined works, but the primary author of the EUPL disputes their assement here.
Author here: thanks for the pointer, I didn’t know that FSF was disputing compatibility of EUPL with GPL. I like EUPL too.
But people like you were not the real target of this post. It is mostly people using MIT and it worked : several readers told me they reconsidered using MIT for copyleft licenses.
I was remembering this thread, notably @kyrias’ comment - how can you prominently offer the user access to the source code over a non-HTTP protocol like SIP? Is putting it in a header that might be stripped prominent? I wouldn’t want to fight with lawyers over it for sure.
I think this discussion and the linked one are mixing two completely separate points:
First is whether third-parties who aren’t direct recipients of a work have the right to source code access. I think it’s clear that this was intended in the intent of the license, and the Vizio case is testing the legal merits.
The second point raised seems to be whether it’s legitimate under AGPL to make the offer of source “outside” the native protocol of the work when it doesn’t have an obvious facility to do so “internally.” It seems obvious to me personally that shoehorning via such a protocol extension would explicitly violate the “through some standard or customary means of facilitating copying of software” clause, and clearly not a requirement that was intended… but others seem to interpret that otherwise, and I don’t know of any cases that have tested that.
The problem is not about Open Source or Free Software. The problem is everything else.
Open Source utopia, as envisioned until the first decade of this millennium, was to create a huge, powerful stack of open-source software that would serve as the foundations of any human endeavour. Including building businesses or, for some, proprietary products.
We were naive.
What we got is more or less the opposite: huge monopolistic corporations and lots of small fragmented free software pieces that connect them.
I question this framing … There seems to be an implicit assumption that there are 2 distinct groups of people:
“We”, the people who create FOSS
“huge monopolistic corporations”
What I think is being missed is that huge monopolistic corporations create a lot of open source software, probably most of it.
I’m pretty sure the large majority of Linux is created by / paid for by huge monopolistic corporations these days, and that’s been true since the 1990’s.
That’s Meta, Oracle, Intel, Samsung, and pretty much everyone you would expect (or maybe some people didn’t know that). They pay the salaries of the people who contribute to Linux.
Monopoly profits also fund all of Chrome and Firefox development, which are big pieces of FOSS, especially when you consider their usage by the general public. (Not to mention components like Skia, the graphics library used in Chrome) [1]
Also, all Go development, and Rust development. Even when Rust transferred out of Mozilla, it was Meta and Amazon who hired core Rust contributors.
They are not making Rust in their “mom’s basement” (to use a cliche for someone that doesn’t have a full time job)
Anyone have a link to any actual numbers?
[1] It looks to me like Ladybird will also be built on some components paid for and open sourced by Google, and to the extent that produces an “independent” browser, that’s a good thing. Google also bought and released proprietary video codecs with patents attached, IIRC.
Skia Inc. originally developed the library; Google acquired it in 2005,[2] and then released the software as open source licensed under the New BSD free software license in 2008
The 2023 Tidelift report point that 60% of maintainers that responded are not paid. It also probably naturally skew toward paid maintainers due to Tidelift own goals and actions. So the “real” number is probably larger.
Note that we know, for a fact, that the vast majority of opensource is from the libraries in programming language ecosystems. These are largely not funded like Linux.
The Linux Kernel, if anything, is an exception in the landscape.
At this point, every evidence we have point towards the vaaaaaaaaaast majority of open source SLOC being maintained by unpaid hobbyists.
For Rust: weeeeeeelll it is not like Mozilla paid well. And while some of the core contributors are paid to work on it full time, that is far from the majority of them. I know quite a few, they are not paid for it.
OK but the relevant point here is that, the number of Big Corporation developers working on OSS/Free Software projects is a drop in the bucket compared to the number of BigCorp devs/customer service people putting pressure on OSS/Free Software projects. How many BigCorp devs develop log4j? OpenSSL? xz? curl? pcre? These projects are just the tip of the iceberg. They’re the names that immediately come to mind. With a little bit of digging, we can name many more OSS projects whose maintainers have suffered from undue pressure due to large corporations.
The top three contributors are Red Hat (10.7 percent), Intel (7.2), and Novell, which is now owned by the Attachmate Group (3.3). But the largest chuck of contributors have no corporate affiliation (16.2 percent).
I think that these numbers are misleading. I would say that at least Red Hat acted as a consultancy, and the case can be made for others. Red Hat’s contributions are generally received on behalf of Red Hat’s engineers and also Red Hat’s customers, who are usually anonymous, but they were understood to not be motivated by Red Hat’s internal desires.
Take open GPU drivers as an example. Intel’s drivers are produced by Intel, and they are obfuscated-source with no documentation. nVidia’s drivers are produced by Red Hat and the community, and they are reverse-engineered. (nVidia also published an obfuscated-source driver with no docs.) ATI/AMD’s drivers are produced by AMD and the community, and they are open-source, written from open datasheets, including reverse-engineering whenever patents get in the way. I’ve argued that Intel and nVidia aren’t actually contributing open source to the community, but rather that the community tolerates them and reverse-engineers whatever they aren’t willing to explain. I’ve also argued that e.g. Microsoft is a burden on the community despite not contributing code, because they exercised patent control over S3TC so that they could make a dollar per GPU sold.
It’s okay to go with your interpretation, but then you’ll always be at the mercy of the next Weather Channel event. (We only have good ATI/AMD drivers because The Weather Channel paid for the r200 driver, giving us a roadmap for future ASICs.)
Yes, it’s definitely important! I think the black and white framing doesn’t help though … in reality open source is a mix of people and organizations using similar licenses, for very different reasons
I think the article’s general point of using AGPL or GPL is reasonable to consider in context, but the justification/framing is a bit odd
This is also what I’m wondering. What’s the point of using a copyleft license if large enough companies effectively get to have have a “make the license go away” machine?
My current thought is that noncommercial licensing should be sufficient, because it is easy to imagine that the noncommercial-use property lifts from the data to any model weights that are trained upon it. We are unlikely to see any large corporations training such a model, of course, since it wouldn’t be usable by them at all and the current mode of donating weights has been through unauthorized neighborly exfiltration rather than explicit grants to the community.
I don’t think the current generation of LLMs make copyleft useless in any meaningful way. A free software project is useful as an agglomeration of the software itself in its entirety, its test cases and bug reports and documentation and other ancillary documentation, and a community of maintainers. Having the source code of that project as input to an LLM doesn’t allow anyone else to replicate the coherent structure of the project in a new, proprietary codebase without a substantial amount of work; just as looking at the source code yourself doesn’t allow you to do this without a substantial amount of work.
replicate the coherent structure of the project in a new, proprietary codebase without a substantial amount of work
The terms of the GPL are stricter than this. It covers all derived works, even if you only use a single function. Lots of lightly modified or unmodified GPLed functions and snippets are being laundered through LLMs like copilot without any due diligence and lots of plausible deniability.
Yeah until this is addressed, the terms of the GPL are null. Writing free software basically becomes synonymous with doing free labor. Doesn’t matter what your experience is, that is how your work will be used.
There are some good descriptions of the problems, but I don’t get the conclusion. I don’t see any argument made why AGPL would help in the current situation. It’s just reads like a arbitrary claim.
Also a few parts are a bit confusion: I’m not sure if meant that way, but it reads like the author sees Free Software and Open Source Software synonymous. When talking about political roles and implications they are very different. Also the post sounds like there are only two economical options: Monopoly or small one man companies only for local customers.
Also it misses a bit that writing software and making it public is for many people just a hobby and not a political statement. They want to have fun and solve there problem. Not safe the world or read a long document how I can use some software (or which rights I give to others). I’m not a lawyer and I don’t want to hire one for my hobby. Also comply with AGPL is quite hard for private users or small business. While big monopoly have lawyers and the infrastructure to comply with the license and might not even help the project. So for my private hobby the (A)GPL is more a contra argument for contributing to your project or using it as a dependency.
Great article @ploum, are you able to elaborate more as to why you are against funding maintainers? I think there are some really amazing programs that continue to respect the social contract of open source but still support maintainers to keep doing the critical work they do https://osspledge.com/
Laurence Lessig, founding member of Creative Commons, wrote in Code 2.0 (1999) about four elements that regulate behavior online: Laws, norms, markets, and technology
Code/architecture – the physical or technical constraints on activities (e.g. locks on doors or firewalls on the Internet)
Market – economic forces
Law – explicit mandates that can be enforced by the government
Norms – social conventions that one often feels compelled to follow
It also doesn’t help that OSI and FSF operate as though they are each other’s biggest enemies instead of all the other threats out there.
I feel like the definitions of “Free” and “Open” are too binary and lack nuance. I wish for something more, an open “score”, for example. Sure the Hipocratic license isn’t permissive but the only limitation it imposes is predicated on committing human atrocities as defined in legal code by the Geneva convention. So maybe it’s “closer” to MIT then say the “business source license” which is actively restricting commercialization.
Or to put it another way: If we want software devs to choose licenses that are closer to their actual goals (like CC-BY-NC) then we need to find ways as a community to distinguish these projects as better than pure closed source, proprietary software. Because right now FSF and OSI classify both the same.
Sure the Hipocratic license isn’t permissive but the only limitation it imposes is predicated on committing human atrocities as defined in legal code by the Geneva convention.
v1 was what I described and OSI said “nope” so according to the “open definition” the current version which is “much more restrictive” (as you put it) is categorized the same (both “do not meet the open definition”).
The binary nature of the OSD says that proprietary Oracle source code is categorized the same as all of the above. (They also throw the GPL into that group too). Which demonstrates the problem.
Perhaps a different analogy: a nutrition label. Calories are “bad” unless you’re an athlete and you want “energy” for your game. Protein is “good” unless your body has a hard time processing it. Labels help you know what’s in what you consume without the need to draw lines in the sand.
Both FSF and OSI (seemingly) care more about “winning” than helping everyone make well informed choices that align with their software’s nutritional goals. If Microsoft said tomorrrow that they would release GitHub as an open core model that would be a step away from proprietary and towards open. And I would like a label that reflects that instead of simply “not open” and “not free.”
The GPL has obviously been approved by the OSI, so I’m afraid I don’t understand this part.
I like that food analogy! While nutrition labels like you describe are very useful tools, “binary” certifications (like fair-trade certifications, or organic food ones) are also necessary because they provide an easy way to refer to sets of criteria important to (some) people.
So in their role as certification organizations, the FSF and the OSI do help to make informed choices. Still, I definitely agree that there is room for a lot more, both new labels helping to navigate all sorts of licenses and new certifications.
Still, I definitely agree that there is room for a lot more, both new labels helping to navigate all sorts of licenses and new certifications.
Thanks for saying so. I got a bit defensive with the first part, I’m glad I kept reading.
I also agree, certifications and labeling go hand in hand.
Also thanks for feedback on the label analogy. It’s the first time I’ve tried it. I occasionally poke at this topic in threads from time to time, I like this framing. I’m still working on the specifics. Like: what are the (ideal) categories and what’s the rating system? I’m curious if you have thoughts.
I’m sorry for putting you on the defensive, that wasn’t intended and I’ll try to do better.
Like: what are the (ideal) categories and what’s the rating system? I’m curious if you have thoughts.
In my opinion, recent licenses try to solve problems in mostly two domains and you could try to follow that:
economical: the SSPL, BuSL and Peer Production License trade traditional software freedom for better reciprocity and/or gain
ethical: the Hippocratic License but I believe there are others. Even Douglas Crockford’s “The Software shall be used for Good, not Evil”, I guess.
Actually this brings to mind a very important caveat in that food analogy: while nutrition labels and food certification marks are all about the product and/or the producer, these licenses are all about the user!
GPL does not meet the definition of the OSD
It’s not that important to this thread and again, I’m sorry since it wasn’t “obvious”, but I do believe that you are mistaken about this. My understanding is that the OSI do not approve licenses if they do not conform to the OSD and they have approved the GPL (versions 1 to 3) and its variants.
The defensive bit was my reaction, not the message. You’re good.
The OSD states
The license must not place restrictions on other software that is distributed along with the licensed software. For example, the license must not insist that all other programs distributed on the same medium must be open source software.
Which is the exact thing that copyleft software does. Unless there’s a nuance that I’m missing. Though I agree they did approve it and they have stated all approved licenses meet the OSD definition. It’s still not a permissive license and I would add that it’s “approval” here seems to be causing confusion.
I believe the nuance is between “software that is distributed along” and “derived work”.
When your software uses a GPL library, it must be licensed under the same terms not because it is distributed along with that library, but because it constitutes a derivative work.
I suggest that you spend a little time thinking about “why the industry would not contribute to GPL licensed software?”. I mean really thinking about it.
Or maybe just read the whole article before commenting.
I have participated in thriving commons around horrible terrible no-good very-bad “open source” permissive-licensed software.
And I read your entire article and didn’t find any compelling argument in it. To be honest, it comes across as a bunch of unrelated complaints that you hoped would all fit together into a single omni-complaint against “corporations”, but you’ve failed to make the case for why or how they should all fit together or why getting rid of them would lead to a magically better world. There was a time when they didn’t yet exist, and we have history books to tell us what it was like, and people were not happy with it!
The argument seems fairly obvious–if corporations want to run an AGPL dependency in their proprietary software, they can either release their own software as AGPL, or buy a license for the dependency. This seems very fair and equitable–and sustainable to boot. This is why you see many smaller SaaSs nowadays that are AGPL, eg https://reacher.email/
The primary use case of the AGPL, in the current era, is to allow the original author of a piece of software to maintain a monopoly on commercial exploitation of that software, but creating an explicitly unfair playing field.
Suppose I write a piece of software that I release under AGPL and which grows popular. All I have to do is get contributors to sign a CLA (pretty standard) or even a full copyright assignment (FSF is notorious for its long-running requirement to do this), and I can build a VC-backed SaaS startup which mixes the software with proprietary extensions/features that I keep private. But nobody else can do that because the AGPL forbids them from having internal-only modifications – they must release their changes and lose any competitive advantage they might get.
But nobody else can do that because the AGPL forbids them from having internal-only modifications – they must release their changes and lose any competitive advantage they might get.
Wait, this doesn’t compute. If the original company publishes the project under AGPL, and requires CLA so that they can switch to closed source eventually, doesn’t forking and improving the software under AGPL without CLA create a rift between the two versions?
If the original company decides to reincorporate changes from the fork, it infects it’s own code base with code they cannot close source anymore. And the whole work thus cannot be closed source because of AGPL virality. Thus the second company can freely pull from the upstream, add their own features and thus hold an advantage?
Also, contributing, even under CLA, does still give you the ability to keep the whole work you improved before it was close sourced and possibly work from there. Or find a new vendor to maintain you a fork if you are large enough consumer or a consortium of consumers, consumer cooperative…
Wait, this doesn’t compute. If the original company publishes the project under AGPL, and requires CLA so that they can switch to closed source eventually, doesn’t forking and improving the software under AGPL without CLA create a rift between the two versions?
IANAL but my read is that it’s not about making it closed-source eventually, it’s about you having the ability to do whatever you like with it because you’re the copyright holder and so the license terms don’t actually apply to you. (Effectively, you can relicense it as whatever to yourself.) So they can maintain a closed fork, or otherwise use/deploy/link the software in ways the AGPL doesn’t permit, because as copyright holder of the entire work they can (implicitly?) relicense it to themselves at will. If they didn’t hold the copyright for all of it (or have CLAs allowing them to relicense all of it), they couldn’t do that.
I might be wildly off on all of this, someone please correct me if so.
I can’t many such uses besides running it as a SaaS without sharing the code (close sourcing it). And once they incorporate changes from forks, they can no longer do that. So it’s either embrace the AGPL or go close source immediately, or risk somebody undercutting you. So I don’t quite see how AGPL would aid one in building a monopoly.
I can build a VC-backed SaaS startup which mixes the software with proprietary extensions/features that I keep private.
No you can’t. Not with AGPL. Not even if you fully own the copyright by using CLAs. That’s the point of AGPL, the licensee has the right to ask the licensor (the copyright holder) for the source code and get it even if the licensee only accesses the software over a network interface. There is no distinction between copyright holder and any other entity.
The distinction of the copyright holder is that they can decide who gets what licensing terms, so of course their startup is not using the software under AGPL.
OK understood. But, how is this worse than what weak copyleft licenses like MIT allow? Their users can take any software and use it in proprietary products without paying anyone anything. At least with AGPL, the primary developer of the software can earn a fair revenue for their efforts.
At least with AGPL, the primary developer of the software can earn a fair revenue for their efforts.
Which of the Software Freedoms guarantees “You will get paid fair revenue for the Software”?
Nobody ever promised you a successful business model. But people who keep adopting the AGPL (and as already noted, you’re wrong about the AGPL not working for this – the whole point, as noted above, is that the original author is not bound by the AGPL while all potential competitors are) are doing it specifically to try to prop up a business model. Neither I nor you should care about whether their VC-backed SaaS startup succeeds. Especially you should not care, if “the commons” is what you care about, because using AGPL in this fashion is explicitly anti-“commons”.
When I first heard of the practice of selling exceptions, I asked myself whether the practice is ethical. If someone buys an exception to embed a program in a larger proprietary program, he’s doing something wrong (namely, making proprietary software). Does it follow that the developer that sold the exception is doing something wrong too?
If that implication were valid, it would also apply to releasing the same program under a noncopyleft free software license, such as the X11 license. That also permits such embedding. So either we have to conclude that it’s wrong to release anything under the X11 license—a conclusion I find unacceptably extreme—or reject the implication. Using a noncopyleft license is weak, and usually an inferior choice, but it’s not wrong.
In other words, selling exceptions permits limited embedding of the code in proprietary software, but the X11 license goes even further, permitting unlimited use of the code (and modified versions of it) in proprietary software. If this doesn’t make the X11 license unacceptable, it doesn’t make selling exceptions unacceptable.
I consider selling exceptions an acceptable thing for a company to do, and I will suggest it where appropriate as a way to get programs freed.
I don’t understand the focus on selling exceptions here. None of the companies I’m talking about are in the business of selling exceptions to the GPL or AGPL – they’re in the business of building their own, non-Free, proprietary SaaS stacks which they can do because they hold the copyright, and releasing select parts of it under AGPL or similar licenses which make it difficult/impossible for any other business to compete with them. Often they started out with those bits under a more permissive license, to build interest and a community, and relicensed to AGPL or “source available” later on when they decided they didn’t want competition.
If you can find Stallman saying that is a great and good thing that he’s OK with, it’d be news to me, because the net effect is not to create more Free software, it’s to create more non-Free software and to use copyright for the exact purpose – enforcing a de jure commercial monopoly – that Stallman famously rebelled against!
If you can find Stallman saying that is a great and good thing that he’s OK with
I emailed him and he responded. This is what he said:
It is my understanding
that as the copyright holders they have the right
to do it without any problems. They leverage the
AGPLv3 to make it harder for their competitors
to use the code to compete against them.
I see what you mean. The original developer can engage
in a practice that blocks coopertation.
By contrast, using some other license, such as the ordinary GPL,
would permitt ANY user of the program to engage in that practice.
In a perverse sense that could seem more fair, but I think it
is also more harmful.
I see what you mean. I don’t think he’s written anything on that particular manifestation of the “leverage the AGPLv3 into a business model” idea. One would have to directly ask the man to be sure but I assume he’s OK with it.
The fact is using the AGPLv3 in any way whatsoever adds free software to the world. That is inherently a better outcome than it remaining proprietary or open source. It maximizes our freedom as users and as free software developers. At the same time, it maximizes our leverage as the copyright owners. The corporations cannot tolerate the AGPLv3, so the solution is provided in the form of business. They must pay for it. Whether the payment is for permission to link the software or for a software as a service platform seems like a small detail to me. Perhaps it is not, I haven’t formed an opinion yet.
I wonder if it would be okay to email him and ask.
Where does it say that a Free Software software vendor can’t earn a fair revenue for their software?
I understand your point about the copyright holder being able to dual license with AGPL and a proprietary license giving them an advantage, but if I care about the software commons, then I will actually refuse to use the proprietary licensed SaaS version and use the AGPL version instead. I can even pay another vendor to support this AGPL version and add functionality that I need. That’s the benefit that I get from the copyleft license.
Of course for those who don’t really care about user freedoms, they can just use the proprietary licensed version. But they won’t be able to use the new functionalities developed by other entities who hold those respective copyrights and refuse to assign them over. So yes, the original copyright holder does have some advantages, but they definitely don’t hold all the cards. The playing field is more level than you are making it sound here.
Where does it say that a Free Software software vendor can’t earn a fair revenue for their software?
Well, the original post here is a huge screed against “corporations” and in favor of “commons”, and while Stallman himself isn’t, a lot of the folks who promote Stallmanism and copyleft are very strongly anti-capitalist. Also, the whole usual criticism of “Open Source” versus “Free Software” is that “Open Source” is some sort of sanitized business-friendly money-making initiative, as compared to the pure and lofty idealism of Free Software.
Plus, once again, nothing ever promised you that Free Software would get you a profitable business model. Free Software promises exactly and only the Four Freedoms.
Anyone who insists that Free Software is anti-capitalist and anti-commercial, is deeply misunderstanding it. Free Software creates a level playing field in the market for software vendors. There is nearly perfect freedom of movement from one vendor to another. It creates nearly the economist’s ideal perfectly competitive market. This is capitalism in its purest form.
If there was no support contract prior hand, let them burn.
When they say don’t legitimize the problem by paying OSS developers, they are talking about paying them with donations like Patreon. They are not talking about carrying on commerce by selling OSS services.
One thing to keep in mind—the MIT/BSD license is developer friendly (hey! Free code! Use with your proprietary software!) and potentially user hostile (user might not be able to see the source code, nor fix bugs themselves [1]), while the GPL is user friendly (they can see the source code [2], fix bugs, release their modifications, etc), and possibly developer hostile (users could release their code to the wild!). Note the language between MIT/BSD (permissive) and GPL (viral).
[1] Yes, I know, most users won’t care about seeing the source code, much less trying to fix it. But “users” also include “programmers”.
[2] Only if the user requests to see the code, and only within a three-year window from receiving the program.
For decades, Stallman and the FSF and those in Free Software circles insisted that preservation of user freedom was the most important thing imaginable, and could never ever be compromised to even the tiniest possible degree, and that there could never ever be any cause moral enough to justify such a compromise anyway.
Just try suggesting that perhaps even the tiniest exception to the GPL might have large benefits, and you’d get flamed to a crisp with page after page after page of high moralizing lectures explaining how disgustingly evil the mere thought of that is.
The idea that the GPL does not allow you to pass along less freedom than you yourself received, ever, for any reason, under any circumstance, and that this can never be compromised, by anyone, ever, for any reason, was the adamantine unbreakable eternal guarantee.
And then they went and broke it with the AGPL. The AGPL explicitly passes along less freedom than the plain GPL, and thus should have been not only demonized as the work of freedom-hating enemies but also ruled obviously incompatible with the GPL. But the FSF literally inserted, by fiat, a compromising exception to the GPL’s guarantee of freedom to accommodate the AGPL.
As the saying goes, in that moment they (Stallman, FSF, etc.) revealed exactly who and what they were. The rest is just haggling over the price.
You’ve already been told why you’re completely wrong, but to reiterate:
The original author holds the copyright to the software and does not need a license in order to modify or distribute it. It’s only other people who need a license to give them permission to do that, and those other people can only do so under the terms of the AGPL. The original author can do whatever they want and is not bound by the AGPL.
This is the genuine and increasingly-popular strategy of quite a few “open source” SaaS startups – they use the AGPL to bind potential competitors and try to improve their own market position.
The original author holds the copyright to the software and does not need a license in order to modify or distribute it. It’s only other people who need a license to give them permission to do that, and those other people can only do so under the terms of the AGPL. The original author can do whatever they want and is not bound by the AGPL.
This is true for any license. Not sure why you’re singling out the AGPL.
The claim being advanced was that somehow the author of a piece of AGPL’d software would be on equal terms with everyone else due to also being bound by the AGPL. I was pointing out that is not the case.
And the broader point i’m making is that people have used AGPL and “source available” type licenses as anti-competitive/pro-monopoly tactics – they are not using these licenses to advance the cause of software freedom, they’re using them to try to protect their VC-backed SaaS startups.
I suggest that you spend a little time thinking about “why the industry would not contribute to GPL licensed software?”. I mean really thinking about it.
I have, and talked to various lawyers about it. It boils down to two things: flexibility and risk.
Risk is the big one. The terms of the MIT license are easy to comply with. I’ve worked with some companies that are maintaining internal forks of GPL’d software and not contributing anything upstream because they’re worried that they might not be in compliance with the license (they think that are) and contributing would highlight them as downstream consumers.
Flexibility is the other big one. Today, their use of an open-source component may be somewhere away from competitive advantage and so they’re happy to upstream everything (very happy, it reduces their maintenance costs). Tomorrow, that may not be the case and they may want to keep some part private.
I’ve talked to quite a few companies that would rather do a proprietary in-house clean-room reimplementation of something than take a GPL’d dependency for these reasons. The best outcome here is to persuade them to do a permissively licensed reimplementation.
The only time that a company will take a GPL’d / AGPL’d component and not just reimplement it is if the component is sufficiently large that it would be infeasible for them to do so. This is never the case with young projects.
This article contains a stereotypical engineer’s understanding of psychology. If you create a set of rules, that defines the system and the system will operate along the lines established by those rules. This is not the case with humans, and this is the reason that the GPL and friends have never achieved their stated goals.
If you tell humans ‘here is a set of rules that you must follow’, they will push the boundaries of those rules. They will come up with ways of complying with the letter of those rules but not the spirit. They will come up with ways of violating the letter that you can’t do anything about.
If you want to change behaviour, you need to give people incentives such that their interests are aligned with your goals. Most people don’t murder their neighbours because they’re afraid of prison, they don’t murder their neighbours because they don’t want to live in a society that normalises murder.
As soon as you try to enforce behaviour with a license, you’ve set yourself up in an adversarial relationship. If you establish cultural norms and show people that they’re in a better world if they behave in a certain way, you’ll have much better luck making them behave in that way.
One of the biggest problems for F/OSS is that, fundamentally, most users don’t care. Consider OpenOffice vs MS Office. You can extend MS Office in VBA, so you have the ability to improve it as an end user if you have a little bit of experience programming. You can even create simple extensions (macros) by just recording a sequence of actions and running it repeatedly. Assume that the equivalent functionality in OpenOffice is as good. With OpenOffice, you also get an enormous pile of C++. How does that help you? If you find a bug, you can fix it (hah!) or you can hire someone else to fix it (for how many thousand dollars?). Practically, the fact that you have the legal right to access the code and make changes is of very little benefit. I wouldn’t know where to start looking to fix bugs in most of the F/OSS software that I run, why do you think most users should care?
This last point is why I wish F/OSS projects would focus more on end-user programming. If people learn that there are concrete benefits from being able to modify programs, then they will start to demand that ability. The more that they try to do, the faster they’ll hit the wall of ‘sorry, no user-serviceable parts inside’ in proprietary software. That’s how you drive demand for Free Software.
Things like federated protocols also help here, because the benefit isn’t from you being able to do something, it’s from a large set of other people being able to do things for you. You don’t need to be able to touch the Mastodon codebase to benefit from the fact that there are Mastodon instances run by people who care about a load of different audiences and, if you want your own, there are multiple companies that will host an instance for you in exchange for money.
This reply contains a stereotypical philosopher’s understanding of systems. Humans really do operate within rule-oriented systems, even if those rules are imperceptible in daily life. Moreover, reward hacking is not unique to humans and we have varied examples of computers doing it during optimization; Wikipedia’s examples all come from machine learning, but it also occurs when compilers exploit undefined behavior or compressors exploit unintended patterns.
The adversarial relationships come from the underlying tension between corporations and their laborers, not licensing. A license merely makes the relationship explicit by placing restrictions on the corporation’s ability to exploit laborers. An employment contract is adversarial, too.
GPL may not be perfect, but it’s better than ignoring the economic realities of software creators and wishing everything was magically great.
Only if the activity itself is so good that people flock to the service. I don’t think Mastodon is yet where it needs to be, penetration wise, to drive this sort of sentiment.
I’d say more importantly that people need to be taught the benefits. Many people I’ve spoken to outside of tech love open source when I’ve described the benefits. Just like sustainability and democracy, it’s just a bit more abstract why it matters, especially for non-tech people. But I am convinced that people really do care about it if you tell them why they should.
I think “TL;DR: use the AGPL” doesn’t help. The AGPL doesn’t make sense for a lot of tools that operate over the network but don’t use HTTP, and the license text is massively confusing. I like the EUPL. It’s a shame there’s no examples of it being enforced outside of the EU (yet), but the license text is clear. The FSF has a bogus opinion on the EUPL that it’s GPL-incompatible because of it’s opinion on combined works, but the primary author of the EUPL disputes their assement here.
TL;DR use the EUPL v1.2.
Author here: thanks for the pointer, I didn’t know that FSF was disputing compatibility of EUPL with GPL. I like EUPL too.
But people like you were not the real target of this post. It is mostly people using MIT and it worked : several readers told me they reconsidered using MIT for copyleft licenses.
I think the general message of “prefer copyleft licenses” can be something that definitely resonates.
Can you elaborate? There’s nothing in the AGPL about HTTP or any intentional preference towards HTTP there.
I was remembering this thread, notably @kyrias’ comment - how can you prominently offer the user access to the source code over a non-HTTP protocol like SIP? Is putting it in a header that might be stripped prominent? I wouldn’t want to fight with lawyers over it for sure.
Wherever the original author put it is prominent as far as the author is concerned, so follow what they did.
As far as the author is concerned may not be sufficient, so I wouldn’t feel comfortable trying to comply with that just yet.
I think this discussion and the linked one are mixing two completely separate points:
First is whether third-parties who aren’t direct recipients of a work have the right to source code access. I think it’s clear that this was intended in the intent of the license, and the Vizio case is testing the legal merits.
The second point raised seems to be whether it’s legitimate under AGPL to make the offer of source “outside” the native protocol of the work when it doesn’t have an obvious facility to do so “internally.” It seems obvious to me personally that shoehorning via such a protocol extension would explicitly violate the “through some standard or customary means of facilitating copying of software” clause, and clearly not a requirement that was intended… but others seem to interpret that otherwise, and I don’t know of any cases that have tested that.
[Comment removed by moderator pushcx: Pruning slapfight. ]
[Comment removed by moderator pushcx: Pruning slapfight.]
[Comment removed by moderator pushcx: Pruning slapfight.]
[Comment removed by moderator pushcx: Pruning slapfight.]
[Comment removed by moderator pushcx: Pruning slapfight.]
[Comment removed by moderator pushcx: Pruning slapfight.]
[Comment removed by moderator pushcx: Pruning slapfight.]
[Comment removed by moderator pushcx: Pruning slapfight.]
If you care about reciprocity, you should pick a GPL license. The best case for this is in Hitjens’s book Social Architecture. Here is the chapter: https://hintjens.gitbooks.io/social-architecture/content/chapter3.html#the-importance-of-contracts
I question this framing … There seems to be an implicit assumption that there are 2 distinct groups of people:
What I think is being missed is that huge monopolistic corporations create a lot of open source software, probably most of it.
I’m pretty sure the large majority of Linux is created by / paid for by huge monopolistic corporations these days, and that’s been true since the 1990’s.
https://www.linuxfoundation.org/about/members
Monopoly profits also fund all of Chrome and Firefox development, which are big pieces of FOSS, especially when you consider their usage by the general public. (Not to mention components like Skia, the graphics library used in Chrome) [1]
Also, all Go development, and Rust development. Even when Rust transferred out of Mozilla, it was Meta and Amazon who hired core Rust contributors.
They are not making Rust in their “mom’s basement” (to use a cliche for someone that doesn’t have a full time job)
Anyone have a link to any actual numbers?
[1] It looks to me like Ladybird will also be built on some components paid for and open sourced by Google, and to the extent that produces an “independent” browser, that’s a good thing. Google also bought and released proprietary video codecs with patents attached, IIRC.
https://ladybird.org/#about
https://en.wikipedia.org/wiki/Skia_Graphics_Engine
I do. Huuuuuge caveat necessary!
The 2023 Tidelift report point that 60% of maintainers that responded are not paid. It also probably naturally skew toward paid maintainers due to Tidelift own goals and actions. So the “real” number is probably larger.
Note that we know, for a fact, that the vast majority of opensource is from the libraries in programming language ecosystems. These are largely not funded like Linux.
The Linux Kernel, if anything, is an exception in the landscape.
At this point, every evidence we have point towards the vaaaaaaaaaast majority of open source SLOC being maintained by unpaid hobbyists.
For Rust: weeeeeeelll it is not like Mozilla paid well. And while some of the core contributors are paid to work on it full time, that is far from the majority of them. I know quite a few, they are not paid for it.
OK but the relevant point here is that, the number of Big Corporation developers working on OSS/Free Software projects is a drop in the bucket compared to the number of BigCorp devs/customer service people putting pressure on OSS/Free Software projects. How many BigCorp devs develop log4j? OpenSSL? xz? curl? pcre? These projects are just the tip of the iceberg. They’re the names that immediately come to mind. With a little bit of digging, we can name many more OSS projects whose maintainers have suffered from undue pressure due to large corporations.
OK I found some numbers from 2012:
https://www.wired.com/2012/04/microsoft-and-linux/
From 2016:
https://www.linuxfoundation.org/blog/blog/the-top-10-developers-and-companies-contributing-to-the-linux-kernel-in-2015-2016
So yeah I think the framing of this post is very misleading. Really we need 2 different names for distinct phenomena / motivations:
I think that these numbers are misleading. I would say that at least Red Hat acted as a consultancy, and the case can be made for others. Red Hat’s contributions are generally received on behalf of Red Hat’s engineers and also Red Hat’s customers, who are usually anonymous, but they were understood to not be motivated by Red Hat’s internal desires.
Take open GPU drivers as an example. Intel’s drivers are produced by Intel, and they are obfuscated-source with no documentation. nVidia’s drivers are produced by Red Hat and the community, and they are reverse-engineered. (nVidia also published an obfuscated-source driver with no docs.) ATI/AMD’s drivers are produced by AMD and the community, and they are open-source, written from open datasheets, including reverse-engineering whenever patents get in the way. I’ve argued that Intel and nVidia aren’t actually contributing open source to the community, but rather that the community tolerates them and reverse-engineers whatever they aren’t willing to explain. I’ve also argued that e.g. Microsoft is a burden on the community despite not contributing code, because they exercised patent control over S3TC so that they could make a dollar per GPU sold.
It’s okay to go with your interpretation, but then you’ll always be at the mercy of the next Weather Channel event. (We only have good ATI/AMD drivers because The Weather Channel paid for the
r200driver, giving us a roadmap for future ASICs.)Even if it were true that most open source code is funded by companies— and I’m not sure it is— the open source code maintained thanklessly by some random person in Nebraska is still very important. Isn’t it?
Yes, it’s definitely important! I think the black and white framing doesn’t help though … in reality open source is a mix of people and organizations using similar licenses, for very different reasons
I think the article’s general point of using AGPL or GPL is reasonable to consider in context, but the justification/framing is a bit odd
I think this could be more complete by addressing LLMs and to what extent they threaten to make copyleft useless.
This is also what I’m wondering. What’s the point of using a copyleft license if large enough companies effectively get to have have a “make the license go away” machine?
My current thought is that noncommercial licensing should be sufficient, because it is easy to imagine that the noncommercial-use property lifts from the data to any model weights that are trained upon it. We are unlikely to see any large corporations training such a model, of course, since it wouldn’t be usable by them at all and the current mode of donating weights has been through unauthorized neighborly exfiltration rather than explicit grants to the community.
They’ve already trained on tons and tons of CC-BY-NC text content, though.
So far there’s no evidence of any threat, but it will be interesting to see if such a situation develops.
I don’t think the current generation of LLMs make copyleft useless in any meaningful way. A free software project is useful as an agglomeration of the software itself in its entirety, its test cases and bug reports and documentation and other ancillary documentation, and a community of maintainers. Having the source code of that project as input to an LLM doesn’t allow anyone else to replicate the coherent structure of the project in a new, proprietary codebase without a substantial amount of work; just as looking at the source code yourself doesn’t allow you to do this without a substantial amount of work.
The terms of the GPL are stricter than this. It covers all derived works, even if you only use a single function. Lots of lightly modified or unmodified GPLed functions and snippets are being laundered through LLMs like copilot without any due diligence and lots of plausible deniability.
Yeah until this is addressed, the terms of the GPL are null. Writing free software basically becomes synonymous with doing free labor. Doesn’t matter what your experience is, that is how your work will be used.
So… Just axe every Linux based OS and head back to windows-style computing?
There are some good descriptions of the problems, but I don’t get the conclusion. I don’t see any argument made why AGPL would help in the current situation. It’s just reads like a arbitrary claim.
Also a few parts are a bit confusion: I’m not sure if meant that way, but it reads like the author sees Free Software and Open Source Software synonymous. When talking about political roles and implications they are very different. Also the post sounds like there are only two economical options: Monopoly or small one man companies only for local customers.
Also it misses a bit that writing software and making it public is for many people just a hobby and not a political statement. They want to have fun and solve there problem. Not safe the world or read a long document how I can use some software (or which rights I give to others). I’m not a lawyer and I don’t want to hire one for my hobby. Also comply with AGPL is quite hard for private users or small business. While big monopoly have lawyers and the infrastructure to comply with the license and might not even help the project. So for my private hobby the (A)GPL is more a contra argument for contributing to your project or using it as a dependency.
Great article @ploum, are you able to elaborate more as to why you are against funding maintainers? I think there are some really amazing programs that continue to respect the social contract of open source but still support maintainers to keep doing the critical work they do https://osspledge.com/
Laurence Lessig, founding member of Creative Commons, wrote in Code 2.0 (1999) about four elements that regulate behavior online: Laws, norms, markets, and technology
Code/architecture – the physical or technical constraints on activities (e.g. locks on doors or firewalls on the Internet)
Market – economic forces
Law – explicit mandates that can be enforced by the government
Norms – social conventions that one often feels compelled to follow
It also doesn’t help that OSI and FSF operate as though they are each other’s biggest enemies instead of all the other threats out there.
I feel like the definitions of “Free” and “Open” are too binary and lack nuance. I wish for something more, an open “score”, for example. Sure the Hipocratic license isn’t permissive but the only limitation it imposes is predicated on committing human atrocities as defined in legal code by the Geneva convention. So maybe it’s “closer” to MIT then say the “business source license” which is actively restricting commercialization.
Or to put it another way: If we want software devs to choose licenses that are closer to their actual goals (like CC-BY-NC) then we need to find ways as a community to distinguish these projects as better than pure closed source, proprietary software. Because right now FSF and OSI classify both the same.
It’s not a good example because the latest version of that license is much more restrictive than that!
v1 was what I described and OSI said “nope” so according to the “open definition” the current version which is “much more restrictive” (as you put it) is categorized the same (both “do not meet the open definition”).
The binary nature of the OSD says that proprietary Oracle source code is categorized the same as all of the above. (They also throw the GPL into that group too). Which demonstrates the problem.
Perhaps a different analogy: a nutrition label. Calories are “bad” unless you’re an athlete and you want “energy” for your game. Protein is “good” unless your body has a hard time processing it. Labels help you know what’s in what you consume without the need to draw lines in the sand.
Both FSF and OSI (seemingly) care more about “winning” than helping everyone make well informed choices that align with their software’s nutritional goals. If Microsoft said tomorrrow that they would release GitHub as an open core model that would be a step away from proprietary and towards open. And I would like a label that reflects that instead of simply “not open” and “not free.”
The GPL has obviously been approved by the OSI, so I’m afraid I don’t understand this part.
I like that food analogy! While nutrition labels like you describe are very useful tools, “binary” certifications (like fair-trade certifications, or organic food ones) are also necessary because they provide an easy way to refer to sets of criteria important to (some) people.
So in their role as certification organizations, the FSF and the OSI do help to make informed choices. Still, I definitely agree that there is room for a lot more, both new labels helping to navigate all sorts of licenses and new certifications.
GPL does not meet the definition of the OSD is what I’m talking about https://opensource.org/osd.
Thanks for saying so. I got a bit defensive with the first part, I’m glad I kept reading.
I also agree, certifications and labeling go hand in hand.
Also thanks for feedback on the label analogy. It’s the first time I’ve tried it. I occasionally poke at this topic in threads from time to time, I like this framing. I’m still working on the specifics. Like: what are the (ideal) categories and what’s the rating system? I’m curious if you have thoughts.
I’m sorry for putting you on the defensive, that wasn’t intended and I’ll try to do better.
In my opinion, recent licenses try to solve problems in mostly two domains and you could try to follow that:
economical: the SSPL, BuSL and Peer Production License trade traditional software freedom for better reciprocity and/or gain
ethical: the Hippocratic License but I believe there are others. Even Douglas Crockford’s “The Software shall be used for Good, not Evil”, I guess.
Actually this brings to mind a very important caveat in that food analogy: while nutrition labels and food certification marks are all about the product and/or the producer, these licenses are all about the user!
It’s not that important to this thread and again, I’m sorry since it wasn’t “obvious”, but I do believe that you are mistaken about this. My understanding is that the OSI do not approve licenses if they do not conform to the OSD and they have approved the GPL (versions 1 to 3) and its variants.
The defensive bit was my reaction, not the message. You’re good.
The OSD states
Which is the exact thing that copyleft software does. Unless there’s a nuance that I’m missing. Though I agree they did approve it and they have stated all approved licenses meet the OSD definition. It’s still not a permissive license and I would add that it’s “approval” here seems to be causing confusion.
I’ve gotta go ask some lawyer/license friends.
I believe the nuance is between “software that is distributed along” and “derived work”.
When your software uses a GPL library, it must be licensed under the same terms not because it is distributed along with that library, but because it constitutes a derivative work.
This sucks. BSD/MIT is the way to go. Easy contributions from industry.
I suggest that you spend a little time thinking about “why the industry would not contribute to GPL licensed software?”. I mean really thinking about it.
Or maybe just read the whole article before commenting.
I have participated in thriving commons around horrible terrible no-good very-bad “open source” permissive-licensed software.
And I read your entire article and didn’t find any compelling argument in it. To be honest, it comes across as a bunch of unrelated complaints that you hoped would all fit together into a single omni-complaint against “corporations”, but you’ve failed to make the case for why or how they should all fit together or why getting rid of them would lead to a magically better world. There was a time when they didn’t yet exist, and we have history books to tell us what it was like, and people were not happy with it!
The argument seems fairly obvious–if corporations want to run an AGPL dependency in their proprietary software, they can either release their own software as AGPL, or buy a license for the dependency. This seems very fair and equitable–and sustainable to boot. This is why you see many smaller SaaSs nowadays that are AGPL, eg https://reacher.email/
The primary use case of the AGPL, in the current era, is to allow the original author of a piece of software to maintain a monopoly on commercial exploitation of that software, but creating an explicitly unfair playing field.
Suppose I write a piece of software that I release under AGPL and which grows popular. All I have to do is get contributors to sign a CLA (pretty standard) or even a full copyright assignment (FSF is notorious for its long-running requirement to do this), and I can build a VC-backed SaaS startup which mixes the software with proprietary extensions/features that I keep private. But nobody else can do that because the AGPL forbids them from having internal-only modifications – they must release their changes and lose any competitive advantage they might get.
Wait, this doesn’t compute. If the original company publishes the project under AGPL, and requires CLA so that they can switch to closed source eventually, doesn’t forking and improving the software under AGPL without CLA create a rift between the two versions?
If the original company decides to reincorporate changes from the fork, it infects it’s own code base with code they cannot close source anymore. And the whole work thus cannot be closed source because of AGPL virality. Thus the second company can freely pull from the upstream, add their own features and thus hold an advantage?
Also, contributing, even under CLA, does still give you the ability to keep the whole work you improved before it was close sourced and possibly work from there. Or find a new vendor to maintain you a fork if you are large enough consumer or a consortium of consumers, consumer cooperative…
IANAL but my read is that it’s not about making it closed-source eventually, it’s about you having the ability to do whatever you like with it because you’re the copyright holder and so the license terms don’t actually apply to you. (Effectively, you can relicense it as whatever to yourself.) So they can maintain a closed fork, or otherwise use/deploy/link the software in ways the AGPL doesn’t permit, because as copyright holder of the entire work they can (implicitly?) relicense it to themselves at will. If they didn’t hold the copyright for all of it (or have CLAs allowing them to relicense all of it), they couldn’t do that.
I might be wildly off on all of this, someone please correct me if so.
I can’t many such uses besides running it as a SaaS without sharing the code (close sourcing it). And once they incorporate changes from forks, they can no longer do that. So it’s either embrace the AGPL or go close source immediately, or risk somebody undercutting you. So I don’t quite see how AGPL would aid one in building a monopoly.
No you can’t. Not with AGPL. Not even if you fully own the copyright by using CLAs. That’s the point of AGPL, the licensee has the right to ask the licensor (the copyright holder) for the source code and get it even if the licensee only accesses the software over a network interface. There is no distinction between copyright holder and any other entity.
The distinction of the copyright holder is that they can decide who gets what licensing terms, so of course their startup is not using the software under AGPL.
OK understood. But, how is this worse than what weak copyleft licenses like MIT allow? Their users can take any software and use it in proprietary products without paying anyone anything. At least with AGPL, the primary developer of the software can earn a fair revenue for their efforts.
It’s not worse! Richard Stallman endorses it and has suggested it to companies.
https://www.gnu.org/philosophy/selling-exceptions.html
Which of the Software Freedoms guarantees “You will get paid fair revenue for the Software”?
Nobody ever promised you a successful business model. But people who keep adopting the AGPL (and as already noted, you’re wrong about the AGPL not working for this – the whole point, as noted above, is that the original author is not bound by the AGPL while all potential competitors are) are doing it specifically to try to prop up a business model. Neither I nor you should care about whether their VC-backed SaaS startup succeeds. Especially you should not care, if “the commons” is what you care about, because using AGPL in this fashion is explicitly anti-“commons”.
Richard Stallman disagrees with you.
https://www.gnu.org/philosophy/selling-exceptions.html
I don’t understand the focus on selling exceptions here. None of the companies I’m talking about are in the business of selling exceptions to the GPL or AGPL – they’re in the business of building their own, non-Free, proprietary SaaS stacks which they can do because they hold the copyright, and releasing select parts of it under AGPL or similar licenses which make it difficult/impossible for any other business to compete with them. Often they started out with those bits under a more permissive license, to build interest and a community, and relicensed to AGPL or “source available” later on when they decided they didn’t want competition.
If you can find Stallman saying that is a great and good thing that he’s OK with, it’d be news to me, because the net effect is not to create more Free software, it’s to create more non-Free software and to use copyright for the exact purpose – enforcing a de jure commercial monopoly – that Stallman famously rebelled against!
I emailed him and he responded. This is what he said:
Thank you for reaching out to him and sharing!
I see what you mean. I don’t think he’s written anything on that particular manifestation of the “leverage the AGPLv3 into a business model” idea. One would have to directly ask the man to be sure but I assume he’s OK with it.
The fact is using the AGPLv3 in any way whatsoever adds free software to the world. That is inherently a better outcome than it remaining proprietary or open source. It maximizes our freedom as users and as free software developers. At the same time, it maximizes our leverage as the copyright owners. The corporations cannot tolerate the AGPLv3, so the solution is provided in the form of business. They must pay for it. Whether the payment is for permission to link the software or for a software as a service platform seems like a small detail to me. Perhaps it is not, I haven’t formed an opinion yet.
I wonder if it would be okay to email him and ask.
Where does it say that a Free Software software vendor can’t earn a fair revenue for their software?
I understand your point about the copyright holder being able to dual license with AGPL and a proprietary license giving them an advantage, but if I care about the software commons, then I will actually refuse to use the proprietary licensed SaaS version and use the AGPL version instead. I can even pay another vendor to support this AGPL version and add functionality that I need. That’s the benefit that I get from the copyleft license.
Of course for those who don’t really care about user freedoms, they can just use the proprietary licensed version. But they won’t be able to use the new functionalities developed by other entities who hold those respective copyrights and refuse to assign them over. So yes, the original copyright holder does have some advantages, but they definitely don’t hold all the cards. The playing field is more level than you are making it sound here.
Well, the original post here is a huge screed against “corporations” and in favor of “commons”, and while Stallman himself isn’t, a lot of the folks who promote Stallmanism and copyleft are very strongly anti-capitalist. Also, the whole usual criticism of “Open Source” versus “Free Software” is that “Open Source” is some sort of sanitized business-friendly money-making initiative, as compared to the pure and lofty idealism of Free Software.
Plus, once again, nothing ever promised you that Free Software would get you a profitable business model. Free Software promises exactly and only the Four Freedoms.
Anyone who insists that Free Software is anti-capitalist and anti-commercial, is deeply misunderstanding it. Free Software creates a level playing field in the market for software vendors. There is nearly perfect freedom of movement from one vendor to another. It creates nearly the economist’s ideal perfectly competitive market. This is capitalism in its purest form.
Go make that argument to the author of the OP article.
The OP makes this exact argument:
When they say don’t legitimize the problem by paying OSS developers, they are talking about paying them with donations like Patreon. They are not talking about carrying on commerce by selling OSS services.
One thing to keep in mind—the MIT/BSD license is developer friendly (hey! Free code! Use with your proprietary software!) and potentially user hostile (user might not be able to see the source code, nor fix bugs themselves [1]), while the GPL is user friendly (they can see the source code [2], fix bugs, release their modifications, etc), and possibly developer hostile (users could release their code to the wild!). Note the language between MIT/BSD (permissive) and GPL (viral).
[1] Yes, I know, most users won’t care about seeing the source code, much less trying to fix it. But “users” also include “programmers”.
[2] Only if the user requests to see the code, and only within a three-year window from receiving the program.
For decades, Stallman and the FSF and those in Free Software circles insisted that preservation of user freedom was the most important thing imaginable, and could never ever be compromised to even the tiniest possible degree, and that there could never ever be any cause moral enough to justify such a compromise anyway.
Just try suggesting that perhaps even the tiniest exception to the GPL might have large benefits, and you’d get flamed to a crisp with page after page after page of high moralizing lectures explaining how disgustingly evil the mere thought of that is.
The idea that the GPL does not allow you to pass along less freedom than you yourself received, ever, for any reason, under any circumstance, and that this can never be compromised, by anyone, ever, for any reason, was the adamantine unbreakable eternal guarantee.
And then they went and broke it with the AGPL. The AGPL explicitly passes along less freedom than the plain GPL, and thus should have been not only demonized as the work of freedom-hating enemies but also ruled obviously incompatible with the GPL. But the FSF literally inserted, by fiat, a compromising exception to the GPL’s guarantee of freedom to accommodate the AGPL.
As the saying goes, in that moment they (Stallman, FSF, etc.) revealed exactly who and what they were. The rest is just haggling over the price.
Your entire understanding and premise are incorrect, see my comment https://lobste.rs/s/jqucbu/on_open_source_sustainability_commons#c_7cdcey
You’ve already been told why you’re completely wrong, but to reiterate:
The original author holds the copyright to the software and does not need a license in order to modify or distribute it. It’s only other people who need a license to give them permission to do that, and those other people can only do so under the terms of the AGPL. The original author can do whatever they want and is not bound by the AGPL.
This is the genuine and increasingly-popular strategy of quite a few “open source” SaaS startups – they use the AGPL to bind potential competitors and try to improve their own market position.
This is true for any license. Not sure why you’re singling out the AGPL.
The claim being advanced was that somehow the author of a piece of AGPL’d software would be on equal terms with everyone else due to also being bound by the AGPL. I was pointing out that is not the case.
And the broader point i’m making is that people have used AGPL and “source available” type licenses as anti-competitive/pro-monopoly tactics – they are not using these licenses to advance the cause of software freedom, they’re using them to try to protect their VC-backed SaaS startups.
I have, and talked to various lawyers about it. It boils down to two things: flexibility and risk.
Risk is the big one. The terms of the MIT license are easy to comply with. I’ve worked with some companies that are maintaining internal forks of GPL’d software and not contributing anything upstream because they’re worried that they might not be in compliance with the license (they think that are) and contributing would highlight them as downstream consumers.
Flexibility is the other big one. Today, their use of an open-source component may be somewhere away from competitive advantage and so they’re happy to upstream everything (very happy, it reduces their maintenance costs). Tomorrow, that may not be the case and they may want to keep some part private.
I’ve talked to quite a few companies that would rather do a proprietary in-house clean-room reimplementation of something than take a GPL’d dependency for these reasons. The best outcome here is to persuade them to do a permissively licensed reimplementation.
The only time that a company will take a GPL’d / AGPL’d component and not just reimplement it is if the component is sufficiently large that it would be infeasible for them to do so. This is never the case with young projects.