top | item 26877950

(no title)

188201 | 4 years ago

I think that's misunderstanding of AGPL. For internal use, AGPL does not require to share the proprietary part.

If a company develop an proprietary UI and use Loki as backend, this is not serving Loki directly to customer, so that does not require company to release their code.

It is similar to GPL. Dynamic linking to a GPL software does not require the developer releasing their code.

Only provider serving Loki instance directly to customer required to share the code.

Only Amazon is upset that they cannot just host a popular open source project directly on their cloud. Maybe they could pay a license fee for dual licensing arrangement, which is a better way to support open source startup.

discuss

btown|4 years ago

I think this is a misunderstanding of how vague the AGPL actually is.

The key clause is "your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version."

Would putting AGPL software behind a reverse proxy change the fact that you're a user interacting with it remotely? What about a reverse proxy that changes/adds some headers? What about a really smart reverse proxy that reformats some of the output or repackages it or mixes it with things from other data sources? Is that materially different from the API that powers the "proprietary UI" you're describing?

And say you're pretty confident that you're on the right side of things. Can you point to any case law where courts have established precedent about what "interacting with it remotely" means in this context? No? Then to be on the safe side, you'll probably need to maintain a source code repository for your Corresponding Source, remember to update it every time you update a minor version of the service internally, and maintain an info screen in your product with "prominent" links to that source code repository, which likely means it needs sign off from a product team if not a legal team as well. All things that add expense and barriers to entry.

I think the AGPL is great for services like Grafana's UI itself, where there's likely to be a "human gap" between the software and anyone outside your organization. But things like Loki that are designed to power other proprietary systems that may well be touched by end users through a computer network, where Loki's output may have influence or side effects on the output the user sees? I don't think it's nearly as clear what liability that entails.

(Obligatory: Not a lawyer, the above is not legal advice.)

PeterisP|4 years ago

Most companies who use Grafana or Loki as part of some deployment would use an unmodified version, so the only AGPL specific clause, which you cite, would not apply and is irrelevant.

rlpb|4 years ago

This kind of hand-wringing is what the naysayers were doing with GPL software in the 90s. That the GPL would never fly in business because lawyers would get hung up in "what if" interpretations that were never the intent or spirit of the GPL in the first place.

It turned out alright.

Thaxll|4 years ago

And 99.99% of users don't modify the code so it's irrelevant.

Rapzid|4 years ago

I don't understand the point you're trying to make with the reverse proxy as it doesn't seem related to anything the parent wrote.

rhaps0dy|4 years ago

> Dynamic linking to a GPL software does not require the developer releasing their code.

That's not true, you do have to release the code. There is no difference between statically or dynamically linking to a GPL library. Source: https://www.gnu.org/licenses/gpl-faq.html#GPLStaticVsDynamic

You may be thinking of the LGPL.

gpanders|4 years ago

Not everyone agrees on this point [1]. One relevant quote: "This is ultimately a question not of the GPL per se, but of how copyright law defines derivative works."

Whether or not dynamic linking constitutes a "derived" work is still an open question, legally speaking. Obviously the FSF has their own thoughts on this, but it's unclear how an actual court would rule.

(IANAL, this is not legal advice, etc. etc.)

[1]: https://en.wikipedia.org/wiki/GNU_General_Public_License#Lin...

tamalsaha001|4 years ago

That does not seem to be the case. From [1]

The difference between the AGPL and traditional GPL is simple: The AGPL seeks to close a "loophole" that allows a company or organization to modify GPL'ed software and use it to provide a service — but without actually distributing changes. So a company can take a package like, say, WordPress and modify the software significantly to sell a service — but hold back changes because it's not technically "distributing" or "propagating" the software. The AGPL goes a bit further and says that if the program is "intended to interact with users through a computer network" and if the version that you received gives users "the opportunity to request transmission to that user of the Program's complete source code," you have to maintain that functionality and distribute the modified version.

[1] https://www.networkworld.com/article/2229265/is-the-affero-g...

rasz|4 years ago

Wasnt this solved with GPLv3 anti tivoization rules?

atat7024|4 years ago

> I think that's misunderstanding of AGPL.

That's GPs point.

klintcho|4 years ago

This might be the case. However there is an additional risk and process component:

- you might not want to risk because you don't have lawyers etc in your company.

- even if you have lawyers etc in your company, if there are 2 alternatives one which is just an MIT license, you'll probably go for that one because you don't want to have a 1.5 month review of the use of this AGPL licensed alternative.

In general things like this https://github.com/xdspacelab/openvslam/wiki/Termination-of-... (repo with 3k stars), an effort terminated because of some traces of GPL code MIGHT be somewhere in there comes to light. Even though Grafana etc are mostly tools, for my startup I would probably not risk any of this (for my own sake and also for any kind of due diligence in case it ever gets acquired)

aulin|4 years ago

did not follow the events of openvslam, wouldn't they be required to still release the source code of the previously public version as GPL? also once the doubt is there, why not rerelease as GPL?

catlifeonmars|4 years ago

In my experience a lot of legal departments will block off entire classes of licenses just to be on the safe side.

jpalomaki|4 years ago

How does this actually work towards your employees or 3rd party personnel (for example consultants) getting access to the tools - would you have to make the source code available for them and allow them to distribute the code?

josephcsible|4 years ago

A company giving its own employees access to software for work use only doesn't count as distribution, but giving it to contractors can: http://www.gnu.org/licenses/gpl-faq.en.html#InternalDistribu...

ezoe|4 years ago

But think about it. Anyone that use AGPLv3 software can demand the AGPLv3 license, including employees and contractors. Once they got it, they can freely publish it to the public because it's AGPLv3. Forcing NDA to not leak it to the public doesn't work here because it violate AGPLv3 license thus copyright infringement.