Ask yourself: why is documentation of internal-facing decisions like what software licenses to use being published in a public place? The answer is straightforward: to influence the public. This is propaganda.
The site describes what open source projects Google shares, explains their approach, and what contributors should expect. It’s marketing, but marketing by giving away a few hundred useful codebases seems pretty unobjectionable to me. Publicly explaining a policy publicly that applies to all the projects in one place so they can link to it rather than rehash a legal point every time it comes up seems like a normal use of documentation. Calling it propaganda is uncharitable and unjustified.
(Also, odd title: the article only addresses a single anti-AGPL argument.)
The reason they spread these misconceptions is straightforward: they want to discourage people from using the AGPL, because they cannot productize such software effectively.
This doesn’t stand up to even a modicum of scrutiny. First of all, it assumes you know the intent of Google here. I don’t think Google’s intentions are that great to be honest, but as a rule of thumb, if you form an argument on knowing the intentions of other humans, it’s probably a bad argument unless you can provide credible evidence of their intent. Secondly, I see no such credible evidence in this article, and the lack of attention paid to how Google handles other licenses in this article is borderline disingenuous. All I see is a casual observation that Google’s policy benefits them systemically, which I would absolutely agree with! But that shouldn’t be a surprise to anyone.
Why? Because it omits critical context. The AGPL is not the only license that Google bans. They also ban the WTFPL, which is about as permissive as it gets. They ban it because they have conservative legal opinions that conclude it has too much risk to rely on. I think those legal opinions are pretty silly personally, although I am somewhat biased because I’ve released code under the WTFPL only to have one Googler after another email me asking me to change the license because it’s banned at Google.
My point is that there are other reasonable business explanations for banning licenses. Like that a team of lawyers paid to give their best expert advice on how a judge would rule for a particular license might actually, you know, be really risk averse. Licenses aren’t some black and white matter where things that are true and things that are not are cleanly separated in all cases. There’s oodles of grey area largely because a lot of it actually hasn’t been tested in court. Who would have thought the courts would rule the way they did in Google v. Oracle?
What’s the cost of being wrong and having Google required to publish all of their source code? Can anyone here, even a Googler, even begin to estimate that cost? If you haven’t thought about that, then you probably haven’t thought deeply enough to criticize the intentions on this particular piece of “propaganda.” Because that’s probably what Google’s lawyers are weighing this against. (And probably an assortment of other such things, like the implications of allowing AGPL but giving each such use enough scrutiny as to be sure that it doesn’t wind up costing them dearly.)
But by all means, continue punishing companies for making their policies like this public. Because that’s a great idea. (No, it’s not. Despite how annoying I find Google’s policies, I really appreciate having them documented like they are.)
Disclaimer: I don’t like copyleft, but primarily for philosophical reasons.
I don’t think Google’s intentions are that great to be honest, but as a rule of thumb, if you form an argument on knowing the intentions of other humans, it’s probably a bad argument unless you can provide credible evidence of their intent.
As someone who previously worked on the open source team at Google and sat in the office and am friends with these humans, I can say very strongly that those lawyers do not have some sort of hidden agenda. It is also certainly false to assume they are not competent at their job. My read is that they are, as you might expect, very good at their job (noting I am also not a lawyer).
A common mistake I see many commenters (and news stories etc etc) and I think you head to unintentionally, is to talk about Google as if it is a single anthropomorphic entity with its own thoughts and feelings. This piece does the same. There is not “a Google” that is making amoral decisions for its global benefit . There is an office of humans that try their best and have good intentions.
The team makes decisions in this order:
Protect the open source ecosystem.
Protect the company.
“Protect the ecosystem” is hard to believe if you buy into the “amoral entity” argument but is provably true: the easiest way to protect the company is to ban open source contribution (aside from forced copyleft terms) at all, but Google does this a lot under the Apache 2 (permissive) license. The banned licenses, as you note, are those that either do not have enough specificity (like WTFPL) or ones with what the legal team believe are onerous terms. They are good laywers, and so you have to assume they have a pretty strong case for their interpretation. Even if you think they are wrong (as all law is essentially malleable), hashing things out in court to decide what the terms of the license truly mean is a really bad use of time and money.
There is not “a Google” that is making amoral decisions for its global benefit . There is an office of humans that try their best and have good intentions.
Yes, there is. The two are not mutually exclusive. A corporation like Google is structured in such a way that the sum of all its humans, all trying their best, serves the interests of the company. It’s not anthropomorphic, but it does have an agenda, and it’s not necessarily that of any of its constituent humans. Whether morality features prominently on that agenda is a legitimate matter for debate.
I think you’re trying to open a semantic crack in which responsibility can be lost: misdeeds are attributed to Google, but since Google isn’t one person it can’t be guilty of anything. But if companies really aren’t more than the sum of their parts, at least one person at Google must be responsible for each of its transgressions, which I think casts doubt on the claim that they have good intentions.
The team makes decisions in this order:
Protect the open source ecosystem.
Protect the company.
Maybe that’s true of the open source team. It’d be hard to believe that of Google in general—partly because it’s a coompany and you’d expect it to protect itself first, but more concretely because there’s history. Google has been hegemonizing Android for years. They’re also trying to do the same to the Web, via Chrome. The open source ecosystem gets to use whatever Google puts out, or suffer. I don’t see how that’s healthy.
“Protect the ecosystem” is hard to believe if you buy into the “amoral entity” argument but is provably true: the easiest way to protect the company is to ban open source contribution (aside from forced copyleft terms) at all, but Google does this a lot
(I note that you don’t have a problem anthropomorphizing Google when it’s doing things you think are good.)
I’ve yet to see the proof. Publishing open source software doesn’t necessarily speak to any commitment to the wellbeing of the open-source ecosystem, nor does it typically carry any great risk. Let’s take a couple of minutes to think of as many reasons as we can why a company might publish open-source software out of self-interest:
The existence of good tooling for markets you dominate (web, mobile) directly benefits you
Developers like publishing things, so letting them publish things is a cheap way to keep them happy if it doesn’t hurt you too badly
It’s great PR
If you have a way to use your open-source thing in a way that nobody else does, the free work other people do on it gives you an advantage
You might say: so what? Obviously they have businessy motivation to care about open source, but what does it matter if the result is they care about open source? But, as we’ve seen, the moment it benefits them to work flat-out on destroying an open ecosystem, they do that instead.
But, as we’ve seen, the moment it benefits them to work flat-out on destroying an open ecosystem, they do that instead.
This could be said of nearly any corporation as well.
Move from OS sales to cloud services, buy an open-source friendly company, release a good editor that works on the competition, and even inter-op with rhe competition.
The example may have the best intentions in mind, insofar a corporation can, but could also be a long-con for traction and eventually blast out something that makes the users jump ship to the corporation’s platform.
Best part of it all is, it could be hedging in case that “something” comes along. There is some win either way and an even bigger win if you can throw the ideals under the bus.
For sure. It’d be naïve to think Microsoft had become nice. They’ve become smarter, and they’ve become a smaller player comparatively, and in their situation it’s pragmatic to be a good citizen. Google was the same with Android before they won their monopoly.
I don’t assume either. I think it’s a natural way to communicate about organisations. But your opening gambit was about how talking about Google in those terms betrayed some error of thought, so I’d hoped that pointing this out might give you pause to reconsider that position. I didn’t mean to cast doubt on your sincerity. Apologies.
Right, I mostly agree with what you’re saying! I do think a lot of people make the mistake of referring to any large company as a single entity, and it makes generalizing way too easy. With the WTFPL thing, I experienced that first hand: a bunch of individuals at Google reached out to me because none of them knew what the other was doing. And that’s a totally reasonable thing because no large company is one single mind.
Now, I don’t want to come off like I think Google is some great thing. The WTFPL thing really left a sour taste in my mouth because it also helped me realize just how powerful Google’s policies are from a systemic point of view. They have all these great open source projects and those in turn use other open source projects and so forth. My libraries got caught up in that, as you might imagine in this day and age where projects regularly have hundreds or thousands of dependencies, and Google had very powerful leverage when it came to me relicensing my project. Because it worked itself back up the chain. “{insert google project here} needs to stop using {foo} because {foo} depends on {burntsushi’s code that uses WTFPL}.” Now foo wants to stop using my code too.
I’m not saying any of this is particularly wrong, to be honest. I am an individualist at heart so I generally regard this sort of thing as okay from an ethical or legal perspective. But still, emotionally, it was jarring.
Do I think the lawyers in Google’s open source policy office think about that sort of effect it has on individuals? I don’t really. I don’t think many do. It’s probably a third order effect of any particular decision, and so is very hard to reason about. But from my perspective, the line of policy making on Google connects very directly to its impact on me, as an individual.
In the grand scheme of things, I think this is not really that big of a deal. I’m not all hot and bothered by it. But I do think it’s a nice counter-balance to put out there at least.
It appears that seasoned lawyers have deemed the license you use “not specific enough”.
Isn’t the whole point of a license to fully lay out your intentions in legal terms? If it doesn’t succeed at that, wouldn’t it be better to find another license that does a better job at successfully mapping your intentions to law?
To be clear, I don’t use the WTFPL any more, even though I think it makes my intent perfectly clear. So in a sense, yes, you’re right and I changed my behavior because of it. I stopped using it in large part because of Google’s influence, although the WTFPL didn’t have a great reputation before Google’s policy became more widely known either. But most people didn’t care until Google’s policy influenced them to care. Because in order for my particular problem to exist, some amount of people made the decision to use my project in the first place.
I brought up the WTFPL thing for two reasons:
To demonstrate an example of a license being banned that isn’t copyleft, to show that Google has other reasons for banning licenses than what is stated in the OP.
To demonstrate the impact of Google’s policies on me as an individual.
I didn’t bring it up with the intent to discuss the particulars of the license though. I’m not a lawyer. I just play one on TV.
But I think even Google’s influence is just one example of the commercial world interacting with the “libre” world; in this light, Google is just entering earlier and/or investing more heavily than its peers. And it could be argued that’s a good thing, as it puts libre creators more in touch with the real needs of industry. It’s the creator’s choice whether to acknowledge and adapt to that influence, or to bend to it entirely. As I see it, Google can’t make you do anything.
I do hope that Google carves out exceptions for things like Affero though, since I share Drew’s confusion at Google’s claim of incompatibility. I’m in the same boat, after all; I’m also a user of a niche license (License Zero), the legal wording of which I nevertheless have great confidence in.
I believe that at some point, companies like Google will have to bend to the will of creatorsto have control over how their work is licensed. I happen to use License Zero because it seems to provide more control on a case-by-case basis, which I think is key to effecting that shift.
I do hope that Google carves out exceptions for things like Affero though, since I share Drew’s confusion at Google’s claim of incompatibility.
Large parts of Google work in a monorepo in which anything goes if it furthers the mission. The Google licensing site brings up that example of a hypothetical AGPL PostGIS used by Google Maps. In normal environments that wouldn’t be an issue: your code interfaces to PostGIS through interprocess APIs (which still isn’t linking even with the AGPL) and users interact with your code, but not with PostGIS. In the monorepo concept code can quickly be drawn into the same process if it helps any. Or refactored to be used elsewhere. That “elsewhere” then ends up under AGPL rules which could be a problem from a corporate standpoint.
It’s a trade-off between that flexibility in dealing with code and having the ability to use AGPL code, and the organizational decision was apparently to favor the flexibility. It can be possible to have both, but that essentially requires having people (probably lawyers) poring over many, many changes to determine if any cross pollination between license regimes took place. Some companies work that way, but Google certainly does not.
I believe the issue with WTFPL is different: because it’s so vague my guess is that the open source legal folks at Google would rather see that license disappear completely to protect open source development at large from the potential fallout of it breaking down eventually, while they probably don’t mind that the AGPL exists. At least that’s the vibe I get from reading the Google licensing site.
(Disclosure: I work at Google but neither on open source licensing nor with the monorepo. I also don’t speak for the company.)
Maybe I didn’t express it clearly enough, but as I was writing my comments, I was painfully aware of the possibility that I would imply that Google was making me do something, and tried hard to use words that didn’t imply that. I used words like “influence” instead.
And it could be argued that’s a good thing, as it puts libre creators more in touch with the real needs of industry. It’s the creator’s choice whether to acknowledge and adapt to that influence, or to bend to it entirely.
Sure… That’s kind of what I was getting at when I wrote this:
I’m not saying any of this is particularly wrong, to be honest. I am an individualist at heart so I generally regard this sort of thing as okay from an ethical or legal perspective. But still, emotionally, it was jarring.
Anyway, I basically fall into the camp of “dislike all IP.” I’d rather see it abolished completely, for both practical and ideological reasons. Then things like copyleft can’t exist. But, abolishing IP would change a lot, and it’s hard to say how Google (or any company) would behave in such a world.
Anyway, I basically fall into the camp of “dislike all IP.” I’d rather see it abolished completely, for both practical and ideological reasons.
Maybe we should turn Google into a worker coop 😉 Then its employees could change IP policy like you say, the same way they successfully protested the deals w/ China & the US military.
There is not “a Google” that is making amoral decisions for its global benefit . There is an office of humans that try their best and have good intentions.
Mike Hoye wrote a short article called “The Shape of the Machine” a couple of months ago that examines the incentives of multiple teams in a large company. Each team is doing something that seems good for the world, but when you look at the company as a whole its actions end up being destructive. The company he’s talking about also happens to be Google, although the lesson could apply to any large organization.
I definitely agree with you that Google has lots of capable, conscientious people who are doing what they think is right. (And to be honest, I haven’t thought about the licensing issue enough to be able to identify whether the same thing is at play here.) I just think it’s good to keep in mind that this by itself is not sufficient for the same to be said for the organization as a whole.
This is exactly what I came here to say. Basing an argument on your own interpretation of a license is a great way to get into legal trouble. Not only is there the risk that a judge in a court of law may disagree with your interpretation but there is also the risk that you will invite litigation from others that have a different interpretation and disregarding the risk of losing that litigation that litigation has a cost.
So by using AGPL you incur not only the risk of having the wrong interpretation once it is tested in court but also the risk of an increase in costly litigation over time. This risk is further magnified by your size and how much larger it makes the target on your back.
Basing an argument on your own interpretation of a license is a great way to get into legal trouble
The article starts with “I’m not a lawyer; this is for informational purposes only”, and then proceeds to make strong un-nuanced claims about the license and even proceeds to claim that Google’s lawyers are incompetent buffoons and/or lying about their interpretation. Saying you’re not an expert and then pretending you are in the very next sentence is pretty hilarious. It’s abundantly clear this article is to support the author’s politics, rather than examine legal details.
I’m not a lawyer; this is for informational purposes only
I believe that Americans write that type of disclaimer because it is illegal over there to practice law without a license, and articles about software licenses can easily wander into dangerous territory. So based on that, I think it’s unfair to hold that up as a point against the article.
Disclaimer: I’m not a lawyer; this is for informational purposes only.
I started to call that tactic ‘joe-roganizing’. He does the same: “I don’t know anything about this.”, Then, in the next sentence: ‘[very strong opinion] - everyone who disagrees is surely stupid….’
I worked at a startup where we had a massive compliance burden (yay FDA!) and so had even fewer resources than usual. One of my jobs as engineering lead there was to go and audit the tools and source that we were using and set guidelines around what licenses were acceptable because we could not afford the lawyer time if there were any issues.
If the AGPL had been tested in court, I think companies would be a bit more chill about it, but I reckon that nobody wants to bankroll a legal exploration that could turn out very much not in their favor.
One of the annoying things too about licensing, especially with networked systems and cloud stuff, is that the old reliable licenses everybody basically understands (mostly) like BSD and MIT and GPL and LGPL were made in a (better) world where users ran the software on machines they owned instead of interacting with services elsewhere. We still haven’t really identified an ontology for how to treat licensing for composed services on a network, versus how to handle services that provide aggregate statistics for internal use but not for end users, versus dumbly storing user data, versus transforming user data for user consumption.
What’s the cost of being wrong and having Google required to publish all of their source code?
That’s not how the AGPL works.
The AGPL does not force you to distribute anything.
If they’re “wrong”, they are in breach of contract. That’s it. They can then remedy that breach either by ceasing use of that software or by distributing their changes, or even by coming to some alternative agreement with the copyright holders of the AGPL’d software in question.
This seems like a nit-pick. The point of my question was to provoke thought in the reader about the costs of violating the license. What are those costs? Can you say with certainty that they will be small? I’m pretty sure you’d need to be a lawyer to fully understand the extent here, which was my way of saying, “give deference where it’s due.”
I personally think your comment is trying to minimize what the potential costs could be, but this isn’t theoretical. Oracle v. Google is a real world copyright case that has been going on for years and has almost certainly been extremely costly. I don’t see any reason why an AGPL violation couldn’t end up in the same situation.
I guess that’s fair, but it seems like splitting hairs to me. Even you said “distributing their changes” as a possible remedy, and there’s a fine line between that and “publish all of their source code.” It really depends on how the law and license is interpreted, and nobody knows how it will be. So lawyers guess and they guess conservatively.
Thanks for saying this. I don’t work at Google, but I know many people who work at it and other large companies and have talked with them about license policy, and the article just reeks of ignorance as to how corporate lawyers work; even for relatively small companies.
There’s no ideology here, there’s just lawyers doing what they were hired to do: use an abundance of caution to give the company as ironclad a position as possible.
Hell, forget WTFPL, I’ve been waved off considering triple licensing of (approved) licenses by Googlers as “the lawyers would never go for this”. The lawyers are going to go for well understood, battle tested licenses where the failure cases aren’t catastrophic.
Besides that it seems like the article misunderstands what constitutes a “derivative work”, if the article’s definition of “derivative work” (i.e., the code must be modified, not simply “used as a dependency”) was the one used by the *GPL licenses, then there would be no need for LGPL to exist.
but as a rule of thumb, if you form an argument on knowing the intentions of other humans, it’s probably a bad argument
This is not true.
Firstly, the rule for another person and the rule for CORPORATIONS are completely different. Corporations do not operate like people do. When corporations are small, they sort of do, but as they grow larger then they become more corporations like.
Secondly, it is impossible to know the intentions of other humans. So by this argument, no argument is ever good.
We might give people the benefit of the doubt, because people are mostly good. They are ruled by an ethical system, built into their brain, to socialise and cooperate. Corporations do not have this internal system. Their motivational system is entirely profit based, and therefore you cannot treat them like people.
If you have been alive long enough and paid attention to what corporations do, and especially google, the idea that they consider AGPL hostile, and wish to limit its influence and expansion, is highly plausible. How will they limit its influence? They could ban it completely, and then publish a document detailing why they think it’s bad. That’s highly plausible.
Is risk-averse lawyering a factor? Most likely yes. But risk-averse lawyer adds to the hostility argument. Having received the advice from lawyers to not use AGPL, leadership would easily conclude that a limit to AGPL spread would give them the best chance of getting free software and have their way.
Additionally, your steelman argument does not explain why google publishes that they do not like AGPL. They could keep it entirely internal. Why do you think they would do that? Free legal advice to competing startups?
Firstly, the rule for another person and the rule for CORPORATIONS are completely different. Corporations do not operate like people do. When corporations are small, they sort of do, but as they grow larger then they become more corporations like.
That makes sense in a certain light, sure. But I don’t see what it has to do with my point.
Secondly, it is impossible to know the intentions of other humans. So by this argument, no argument is ever good.
I don’t really agree. It might be true in the strictest philosophical sense, but that needn’t be our standard here. Intent is clearly something that we as a society have judged to be knowable to an extent, at least beyond some reasonable doubt. Just look at the criteria for being convicted of murder. It requires demonstrating something about the intent of someone else.
Why do you think they would do that?
When was the last time you saw any company publish legal advice generated by internal review?
If you have been alive long enough and paid attention to what corporations do, and especially google, the idea that they consider AGPL hostile, and wish to limit its influence and expansion, is highly plausible. How will they limit its influence? They could ban it completely, and then publish a document detailing why they think it’s bad. That’s highly plausible.
I think you’ve really missed my point. If the OP were an article discussing the plausibility of one of any number of reasons why Google published an anti-AGPL policy, then I would almost certainly retract my comment. But that’s not what it was. It’s a one sided turd without any consideration of alternative perspectives or explanations at all.
The whole point of AGPL is, like GPL3, to stop some companies “getting something for nothing” under some circumstances. That some companies would therefore discourage its use is the expected outcome, not a nefarious conspiracy.
I’ve taken a stance of not running any AGPL software, period, and especially not any software that might be usable via the network (triggering the clauses that make the AGPL unique vs the GPL). My reasoning is simple: I’m lazy. I may patch a piece of software to fit my needs, but by doing so, I may patch in secrets or details about my infrastructure that I don’t want public. I’m not keeping the patch proprietary to turn it a business model or anything that goes against the spirit of the GPL; I just don’t find some patches particularly valuable or appropriate for public consumption. The GPL doesn’t cross this line, because it is easy to not redistribute my modifications in binary form (why would I with these patches?), but it can be potentially disastrous to flirt with these modifications in AGPL software.
If I wasn’t so lazy, I may patch the software “correctly”, introducing configuration options which don’t hardcode pieces of my own infrastructure, but I find this unreasonably burdensome for a so-called free software license, and it slows down proof-of-concept patches that I might otherwise want to deploy to canary instances to check for faults that integration and unit tests may not cover.
I don’t have an opinion on your overall argument. Just: ‘unreasonably burdensome for a so-called free software license’. This does not make sense to me, nobody ever said free software licenses are there to reduce burdens. That most of the permissive licenses actually do that is more a side-effect than anything else, and misses the point, IMHO.
I prefer to think about incentives wrt to contributing upstream.
Yes, AGPL makes the project unusable in some contexts (such as when running a proprietary SaaS business), but such users would probably ignore upstream to gain a market advantage.
By eliminating the option to gain an edge by keeping the code closed, what remains is a maintenance burden that can be shared by doing the work upstream.
You usually only need to do that with applications. Libraries and frameworks are usually general enough so that they can’t really be used as a differentiator and thus are contributed to more freely.
The part I, personally, never understood well enough about AGPL to consider using the code under it is the scope of the system. GPL clearly intends to say that an overall system that loads a library as a part of the system is derivative work. But I worked on a system that included configs complicated enough to count as code.
The problem is: the config reveals what permissions go together in practice. Of course there are cases where second-level technical support has technical permissions for some (logged) actions quite a bit less restrained than the hard to formalise policy restrictions, and of course publishing the difference is not something one would want to do.
I have not yet seen any code/config situation discussion that would begin to convince me that some feasible solution for this problem is in line with the license wording and intent…
In truth, Google was never going to buy your software. If you don’t use the AGPL, they’re just going to take your software and give nothing back. If you do use the AGPL, they’re just going to develop a solution in-house. There’s no outcome where Google pays you.
This is as valid of an argument for WTFPL as it is for AGPL!! No outcome where corporations pay you → might as well not put any restrictions at all.
This is my licensing philosophy: for most personal projects — especially libraries — my code is a throw-away gift to the world, I don’t even need anyone to credit me, so Unlicense it is.
Copyleft only really makes sense for big, serious, directly “commercializable” applications, like LibreOffice or Postgres. (and yet, Postgres is permissively licensed, heh) These projects actually have the resources to hire lawyers to enforce copyleft, or at least the clout to get help with this from non-profit foundations. For personal or little-community projects, is anyone ever going to sue for GPL violations?!
It’s interesting, because starting from the same point
my code is a throw-away gift to the world
I arrived at a totally different conclusion: I’d rather gift it to deserving individuals, than to tax-dodging entities not bound to any kind of morality or ethical behavior.
So I distribute my stuff at least under the MPL, and if that makes big-corp X not use my work, I’m more than fine with it.
(I have reverted from MPL to a weaker license once in the past due to pressure from Rust people. In hindsight – I will never do this again.)
When reading about these topics, think of elasticsearch: it is facing direct competition from Amazon in their elasticsearch-as-a-servicr offering. And since their software is not agpl-licensed they cannot benefit from the improvements that Amazon is introducing in their internal version of elasticsearch (and neither can we all).
The site describes what open source projects Google shares, explains their approach, and what contributors should expect. It’s marketing, but marketing by giving away a few hundred useful codebases seems pretty unobjectionable to me. Publicly explaining a policy publicly that applies to all the projects in one place so they can link to it rather than rehash a legal point every time it comes up seems like a normal use of documentation. Calling it propaganda is uncharitable and unjustified.
(Also, odd title: the article only addresses a single anti-AGPL argument.)
The distinction between marketing and propaganda is pretty subjective.
This doesn’t stand up to even a modicum of scrutiny. First of all, it assumes you know the intent of Google here. I don’t think Google’s intentions are that great to be honest, but as a rule of thumb, if you form an argument on knowing the intentions of other humans, it’s probably a bad argument unless you can provide credible evidence of their intent. Secondly, I see no such credible evidence in this article, and the lack of attention paid to how Google handles other licenses in this article is borderline disingenuous. All I see is a casual observation that Google’s policy benefits them systemically, which I would absolutely agree with! But that shouldn’t be a surprise to anyone.
Why? Because it omits critical context. The AGPL is not the only license that Google bans. They also ban the WTFPL, which is about as permissive as it gets. They ban it because they have conservative legal opinions that conclude it has too much risk to rely on. I think those legal opinions are pretty silly personally, although I am somewhat biased because I’ve released code under the WTFPL only to have one Googler after another email me asking me to change the license because it’s banned at Google.
My point is that there are other reasonable business explanations for banning licenses. Like that a team of lawyers paid to give their best expert advice on how a judge would rule for a particular license might actually, you know, be really risk averse. Licenses aren’t some black and white matter where things that are true and things that are not are cleanly separated in all cases. There’s oodles of grey area largely because a lot of it actually hasn’t been tested in court. Who would have thought the courts would rule the way they did in Google v. Oracle?
What’s the cost of being wrong and having Google required to publish all of their source code? Can anyone here, even a Googler, even begin to estimate that cost? If you haven’t thought about that, then you probably haven’t thought deeply enough to criticize the intentions on this particular piece of “propaganda.” Because that’s probably what Google’s lawyers are weighing this against. (And probably an assortment of other such things, like the implications of allowing AGPL but giving each such use enough scrutiny as to be sure that it doesn’t wind up costing them dearly.)
But by all means, continue punishing companies for making their policies like this public. Because that’s a great idea. (No, it’s not. Despite how annoying I find Google’s policies, I really appreciate having them documented like they are.)
Disclaimer: I don’t like copyleft, but primarily for philosophical reasons.
As someone who previously worked on the open source team at Google and sat in the office and am friends with these humans, I can say very strongly that those lawyers do not have some sort of hidden agenda. It is also certainly false to assume they are not competent at their job. My read is that they are, as you might expect, very good at their job (noting I am also not a lawyer).
A common mistake I see many commenters (and news stories etc etc) and I think you head to unintentionally, is to talk about Google as if it is a single anthropomorphic entity with its own thoughts and feelings. This piece does the same. There is not “a Google” that is making amoral decisions for its global benefit . There is an office of humans that try their best and have good intentions.
The team makes decisions in this order:
“Protect the ecosystem” is hard to believe if you buy into the “amoral entity” argument but is provably true: the easiest way to protect the company is to ban open source contribution (aside from forced copyleft terms) at all, but Google does this a lot under the Apache 2 (permissive) license. The banned licenses, as you note, are those that either do not have enough specificity (like WTFPL) or ones with what the legal team believe are onerous terms. They are good laywers, and so you have to assume they have a pretty strong case for their interpretation. Even if you think they are wrong (as all law is essentially malleable), hashing things out in court to decide what the terms of the license truly mean is a really bad use of time and money.
Yes, there is. The two are not mutually exclusive. A corporation like Google is structured in such a way that the sum of all its humans, all trying their best, serves the interests of the company. It’s not anthropomorphic, but it does have an agenda, and it’s not necessarily that of any of its constituent humans. Whether morality features prominently on that agenda is a legitimate matter for debate.
I think you’re trying to open a semantic crack in which responsibility can be lost: misdeeds are attributed to Google, but since Google isn’t one person it can’t be guilty of anything. But if companies really aren’t more than the sum of their parts, at least one person at Google must be responsible for each of its transgressions, which I think casts doubt on the claim that they have good intentions.
Maybe that’s true of the open source team. It’d be hard to believe that of Google in general—partly because it’s a coompany and you’d expect it to protect itself first, but more concretely because there’s history. Google has been hegemonizing Android for years. They’re also trying to do the same to the Web, via Chrome. The open source ecosystem gets to use whatever Google puts out, or suffer. I don’t see how that’s healthy.
(I note that you don’t have a problem anthropomorphizing Google when it’s doing things you think are good.)
I’ve yet to see the proof. Publishing open source software doesn’t necessarily speak to any commitment to the wellbeing of the open-source ecosystem, nor does it typically carry any great risk. Let’s take a couple of minutes to think of as many reasons as we can why a company might publish open-source software out of self-interest:
You might say: so what? Obviously they have businessy motivation to care about open source, but what does it matter if the result is they care about open source? But, as we’ve seen, the moment it benefits them to work flat-out on destroying an open ecosystem, they do that instead.
This could be said of nearly any corporation as well.
Move from OS sales to cloud services, buy an open-source friendly company, release a good editor that works on the competition, and even inter-op with rhe competition.
The example may have the best intentions in mind, insofar a corporation can, but could also be a long-con for traction and eventually blast out something that makes the users jump ship to the corporation’s platform.
Best part of it all is, it could be hedging in case that “something” comes along. There is some win either way and an even bigger win if you can throw the ideals under the bus.
For sure. It’d be naïve to think Microsoft had become nice. They’ve become smarter, and they’ve become a smaller player comparatively, and in their situation it’s pragmatic to be a good citizen. Google was the same with Android before they won their monopoly.
It’s easy to do, mistakes were made, I’m human. Don’t assume malice or misdirection.
I don’t assume either. I think it’s a natural way to communicate about organisations. But your opening gambit was about how talking about Google in those terms betrayed some error of thought, so I’d hoped that pointing this out might give you pause to reconsider that position. I didn’t mean to cast doubt on your sincerity. Apologies.
All good 👍
Right, I mostly agree with what you’re saying! I do think a lot of people make the mistake of referring to any large company as a single entity, and it makes generalizing way too easy. With the WTFPL thing, I experienced that first hand: a bunch of individuals at Google reached out to me because none of them knew what the other was doing. And that’s a totally reasonable thing because no large company is one single mind.
Now, I don’t want to come off like I think Google is some great thing. The WTFPL thing really left a sour taste in my mouth because it also helped me realize just how powerful Google’s policies are from a systemic point of view. They have all these great open source projects and those in turn use other open source projects and so forth. My libraries got caught up in that, as you might imagine in this day and age where projects regularly have hundreds or thousands of dependencies, and Google had very powerful leverage when it came to me relicensing my project. Because it worked itself back up the chain. “{insert google project here} needs to stop using {foo} because {foo} depends on {burntsushi’s code that uses WTFPL}.” Now
foowants to stop using my code too.I’m not saying any of this is particularly wrong, to be honest. I am an individualist at heart so I generally regard this sort of thing as okay from an ethical or legal perspective. But still, emotionally, it was jarring.
Do I think the lawyers in Google’s open source policy office think about that sort of effect it has on individuals? I don’t really. I don’t think many do. It’s probably a third order effect of any particular decision, and so is very hard to reason about. But from my perspective, the line of policy making on Google connects very directly to its impact on me, as an individual.
In the grand scheme of things, I think this is not really that big of a deal. I’m not all hot and bothered by it. But I do think it’s a nice counter-balance to put out there at least.
To play devil’s advocate:
It appears that seasoned lawyers have deemed the license you use “not specific enough”.
Isn’t the whole point of a license to fully lay out your intentions in legal terms? If it doesn’t succeed at that, wouldn’t it be better to find another license that does a better job at successfully mapping your intentions to law?
To be clear, I don’t use the WTFPL any more, even though I think it makes my intent perfectly clear. So in a sense, yes, you’re right and I changed my behavior because of it. I stopped using it in large part because of Google’s influence, although the WTFPL didn’t have a great reputation before Google’s policy became more widely known either. But most people didn’t care until Google’s policy influenced them to care. Because in order for my particular problem to exist, some amount of people made the decision to use my project in the first place.
I brought up the WTFPL thing for two reasons:
I didn’t bring it up with the intent to discuss the particulars of the license though. I’m not a lawyer. I just play one on TV.
But I think even Google’s influence is just one example of the commercial world interacting with the “libre” world; in this light, Google is just entering earlier and/or investing more heavily than its peers. And it could be argued that’s a good thing, as it puts libre creators more in touch with the real needs of industry. It’s the creator’s choice whether to acknowledge and adapt to that influence, or to bend to it entirely. As I see it, Google can’t make you do anything.
I do hope that Google carves out exceptions for things like Affero though, since I share Drew’s confusion at Google’s claim of incompatibility. I’m in the same boat, after all; I’m also a user of a niche license (License Zero), the legal wording of which I nevertheless have great confidence in.
I believe that at some point, companies like Google will have to bend to the will of creators to have control over how their work is licensed. I happen to use License Zero because it seems to provide more control on a case-by-case basis, which I think is key to effecting that shift.
Large parts of Google work in a monorepo in which anything goes if it furthers the mission. The Google licensing site brings up that example of a hypothetical AGPL PostGIS used by Google Maps. In normal environments that wouldn’t be an issue: your code interfaces to PostGIS through interprocess APIs (which still isn’t linking even with the AGPL) and users interact with your code, but not with PostGIS. In the monorepo concept code can quickly be drawn into the same process if it helps any. Or refactored to be used elsewhere. That “elsewhere” then ends up under AGPL rules which could be a problem from a corporate standpoint.
It’s a trade-off between that flexibility in dealing with code and having the ability to use AGPL code, and the organizational decision was apparently to favor the flexibility. It can be possible to have both, but that essentially requires having people (probably lawyers) poring over many, many changes to determine if any cross pollination between license regimes took place. Some companies work that way, but Google certainly does not.
I believe the issue with WTFPL is different: because it’s so vague my guess is that the open source legal folks at Google would rather see that license disappear completely to protect open source development at large from the potential fallout of it breaking down eventually, while they probably don’t mind that the AGPL exists. At least that’s the vibe I get from reading the Google licensing site.
(Disclosure: I work at Google but neither on open source licensing nor with the monorepo. I also don’t speak for the company.)
Maybe I didn’t express it clearly enough, but as I was writing my comments, I was painfully aware of the possibility that I would imply that Google was making me do something, and tried hard to use words that didn’t imply that. I used words like “influence” instead.
Sure… That’s kind of what I was getting at when I wrote this:
Anyway, I basically fall into the camp of “dislike all IP.” I’d rather see it abolished completely, for both practical and ideological reasons. Then things like copyleft can’t exist. But, abolishing IP would change a lot, and it’s hard to say how Google (or any company) would behave in such a world.
Maybe we should turn Google into a worker coop 😉 Then its employees could change IP policy like you say, the same way they successfully protested the deals w/ China & the US military.
Mike Hoye wrote a short article called “The Shape of the Machine” a couple of months ago that examines the incentives of multiple teams in a large company. Each team is doing something that seems good for the world, but when you look at the company as a whole its actions end up being destructive. The company he’s talking about also happens to be Google, although the lesson could apply to any large organization.
I definitely agree with you that Google has lots of capable, conscientious people who are doing what they think is right. (And to be honest, I haven’t thought about the licensing issue enough to be able to identify whether the same thing is at play here.) I just think it’s good to keep in mind that this by itself is not sufficient for the same to be said for the organization as a whole.
This is exactly what I came here to say. Basing an argument on your own interpretation of a license is a great way to get into legal trouble. Not only is there the risk that a judge in a court of law may disagree with your interpretation but there is also the risk that you will invite litigation from others that have a different interpretation and disregarding the risk of losing that litigation that litigation has a cost.
So by using AGPL you incur not only the risk of having the wrong interpretation once it is tested in court but also the risk of an increase in costly litigation over time. This risk is further magnified by your size and how much larger it makes the target on your back.
The article starts with “I’m not a lawyer; this is for informational purposes only”, and then proceeds to make strong un-nuanced claims about the license and even proceeds to claim that Google’s lawyers are incompetent buffoons and/or lying about their interpretation. Saying you’re not an expert and then pretending you are in the very next sentence is pretty hilarious. It’s abundantly clear this article is to support the author’s politics, rather than examine legal details.
I believe that Americans write that type of disclaimer because it is illegal over there to practice law without a license, and articles about software licenses can easily wander into dangerous territory. So based on that, I think it’s unfair to hold that up as a point against the article.
Disclaimer: I’m not a lawyer; this is for informational purposes only.
I started to call that tactic ‘joe-roganizing’. He does the same: “I don’t know anything about this.”, Then, in the next sentence: ‘[very strong opinion] - everyone who disagrees is surely stupid….’
I worked at a startup where we had a massive compliance burden (yay FDA!) and so had even fewer resources than usual. One of my jobs as engineering lead there was to go and audit the tools and source that we were using and set guidelines around what licenses were acceptable because we could not afford the lawyer time if there were any issues.
If the AGPL had been tested in court, I think companies would be a bit more chill about it, but I reckon that nobody wants to bankroll a legal exploration that could turn out very much not in their favor.
One of the annoying things too about licensing, especially with networked systems and cloud stuff, is that the old reliable licenses everybody basically understands (mostly) like BSD and MIT and GPL and LGPL were made in a (better) world where users ran the software on machines they owned instead of interacting with services elsewhere. We still haven’t really identified an ontology for how to treat licensing for composed services on a network, versus how to handle services that provide aggregate statistics for internal use but not for end users, versus dumbly storing user data, versus transforming user data for user consumption.
That’s not how the AGPL works.
The AGPL does not force you to distribute anything.
If they’re “wrong”, they are in breach of contract. That’s it. They can then remedy that breach either by ceasing use of that software or by distributing their changes, or even by coming to some alternative agreement with the copyright holders of the AGPL’d software in question.
This seems like a nit-pick. The point of my question was to provoke thought in the reader about the costs of violating the license. What are those costs? Can you say with certainty that they will be small? I’m pretty sure you’d need to be a lawyer to fully understand the extent here, which was my way of saying, “give deference where it’s due.”
I personally think your comment is trying to minimize what the potential costs could be, but this isn’t theoretical. Oracle v. Google is a real world copyright case that has been going on for years and has almost certainly been extremely costly. I don’t see any reason why an AGPL violation couldn’t end up in the same situation.
It’s an actual misconception that many people have, and I don’t think it’s good to perpetuate it.
I guess that’s fair, but it seems like splitting hairs to me. Even you said “distributing their changes” as a possible remedy, and there’s a fine line between that and “publish all of their source code.” It really depends on how the law and license is interpreted, and nobody knows how it will be. So lawyers guess and they guess conservatively.
The easiest way not to perpetuate it is to not use the AGPL.
Thanks for saying this. I don’t work at Google, but I know many people who work at it and other large companies and have talked with them about license policy, and the article just reeks of ignorance as to how corporate lawyers work; even for relatively small companies.
There’s no ideology here, there’s just lawyers doing what they were hired to do: use an abundance of caution to give the company as ironclad a position as possible.
Hell, forget WTFPL, I’ve been waved off considering triple licensing of (approved) licenses by Googlers as “the lawyers would never go for this”. The lawyers are going to go for well understood, battle tested licenses where the failure cases aren’t catastrophic.
Besides that it seems like the article misunderstands what constitutes a “derivative work”, if the article’s definition of “derivative work” (i.e., the code must be modified, not simply “used as a dependency”) was the one used by the *GPL licenses, then there would be no need for LGPL to exist.
This is not true.
Firstly, the rule for another person and the rule for CORPORATIONS are completely different. Corporations do not operate like people do. When corporations are small, they sort of do, but as they grow larger then they become more corporations like.
Secondly, it is impossible to know the intentions of other humans. So by this argument, no argument is ever good.
We might give people the benefit of the doubt, because people are mostly good. They are ruled by an ethical system, built into their brain, to socialise and cooperate. Corporations do not have this internal system. Their motivational system is entirely profit based, and therefore you cannot treat them like people.
If you have been alive long enough and paid attention to what corporations do, and especially google, the idea that they consider AGPL hostile, and wish to limit its influence and expansion, is highly plausible. How will they limit its influence? They could ban it completely, and then publish a document detailing why they think it’s bad. That’s highly plausible.
Is risk-averse lawyering a factor? Most likely yes. But risk-averse lawyer adds to the hostility argument. Having received the advice from lawyers to not use AGPL, leadership would easily conclude that a limit to AGPL spread would give them the best chance of getting free software and have their way.
Additionally, your steelman argument does not explain why google publishes that they do not like AGPL. They could keep it entirely internal. Why do you think they would do that? Free legal advice to competing startups?
That makes sense in a certain light, sure. But I don’t see what it has to do with my point.
I don’t really agree. It might be true in the strictest philosophical sense, but that needn’t be our standard here. Intent is clearly something that we as a society have judged to be knowable to an extent, at least beyond some reasonable doubt. Just look at the criteria for being convicted of murder. It requires demonstrating something about the intent of someone else.
When was the last time you saw any company publish legal advice generated by internal review?
I think you’ve really missed my point. If the OP were an article discussing the plausibility of one of any number of reasons why Google published an anti-AGPL policy, then I would almost certainly retract my comment. But that’s not what it was. It’s a one sided turd without any consideration of alternative perspectives or explanations at all.
Daniel Berlin, the author of Google’s AGPL policy, has responded to this rant on Hacker News.
The whole point of AGPL is, like GPL3, to stop some companies “getting something for nothing” under some circumstances. That some companies would therefore discourage its use is the expected outcome, not a nefarious conspiracy.
I’ve taken a stance of not running any AGPL software, period, and especially not any software that might be usable via the network (triggering the clauses that make the AGPL unique vs the GPL). My reasoning is simple: I’m lazy. I may patch a piece of software to fit my needs, but by doing so, I may patch in secrets or details about my infrastructure that I don’t want public. I’m not keeping the patch proprietary to turn it a business model or anything that goes against the spirit of the GPL; I just don’t find some patches particularly valuable or appropriate for public consumption. The GPL doesn’t cross this line, because it is easy to not redistribute my modifications in binary form (why would I with these patches?), but it can be potentially disastrous to flirt with these modifications in AGPL software.
If I wasn’t so lazy, I may patch the software “correctly”, introducing configuration options which don’t hardcode pieces of my own infrastructure, but I find this unreasonably burdensome for a so-called free software license, and it slows down proof-of-concept patches that I might otherwise want to deploy to canary instances to check for faults that integration and unit tests may not cover.
I don’t have an opinion on your overall argument. Just: ‘unreasonably burdensome for a so-called free software license’. This does not make sense to me, nobody ever said free software licenses are there to reduce burdens. That most of the permissive licenses actually do that is more a side-effect than anything else, and misses the point, IMHO.
I prefer to think about incentives wrt to contributing upstream.
Yes, AGPL makes the project unusable in some contexts (such as when running a proprietary SaaS business), but such users would probably ignore upstream to gain a market advantage.
By eliminating the option to gain an edge by keeping the code closed, what remains is a maintenance burden that can be shared by doing the work upstream.
You usually only need to do that with applications. Libraries and frameworks are usually general enough so that they can’t really be used as a differentiator and thus are contributed to more freely.
The part I, personally, never understood well enough about AGPL to consider using the code under it is the scope of the system. GPL clearly intends to say that an overall system that loads a library as a part of the system is derivative work. But I worked on a system that included configs complicated enough to count as code.
The problem is: the config reveals what permissions go together in practice. Of course there are cases where second-level technical support has technical permissions for some (logged) actions quite a bit less restrained than the hard to formalise policy restrictions, and of course publishing the difference is not something one would want to do.
I have not yet seen any code/config situation discussion that would begin to convince me that some feasible solution for this problem is in line with the license wording and intent…
This is as valid of an argument for WTFPL as it is for AGPL!! No outcome where corporations pay you → might as well not put any restrictions at all.
This is my licensing philosophy: for most personal projects — especially libraries — my code is a throw-away gift to the world, I don’t even need anyone to credit me, so Unlicense it is.
Copyleft only really makes sense for big, serious, directly “commercializable” applications, like LibreOffice or Postgres. (and yet, Postgres is permissively licensed, heh) These projects actually have the resources to hire lawyers to enforce copyleft, or at least the clout to get help with this from non-profit foundations. For personal or little-community projects, is anyone ever going to sue for GPL violations?!
It’s interesting, because starting from the same point
I arrived at a totally different conclusion: I’d rather gift it to deserving individuals, than to tax-dodging entities not bound to any kind of morality or ethical behavior.
So I distribute my stuff at least under the MPL, and if that makes big-corp X not use my work, I’m more than fine with it.
(I have reverted from MPL to a weaker license once in the past due to pressure from Rust people. In hindsight – I will never do this again.)
If you do care about who gets to use it, it’s already not throw-away anymore.
When reading about these topics, think of elasticsearch: it is facing direct competition from Amazon in their elasticsearch-as-a-servicr offering. And since their software is not agpl-licensed they cannot benefit from the improvements that Amazon is introducing in their internal version of elasticsearch (and neither can we all).