Created
September 28, 2015 17:33
-
-
Save wwahammy/3f1ca9bd4ba8d2028526 to your computer and use it in GitHub Desktop.
AGPL worry
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| So let's consider a small business that runs a website that happens to run on GPL'd software. They don't know anything about the GPL but they paid a local web shop to set it up on their shared web host. They don't have to know that the GPL requires them to provide source code if they convey a copy because they don't convey | |
| Let's say the same business runs a wwebsite that runs on AGPL software. They don't know anything about the AGPL but they paid a local web shop to set it up on their shared web host. What happens when someone requests a copy of the source? The answer will likely be "what's source code?" | |
| The local business doesn't want to pay someone to get them the source. And we can't even tell them "give us the contents of directory holding the web site" because that might contain private configuration information which isn't covered by the AGPL. | |
| This is why I don't normally recommend AGPL software to anyone unless they already understand licensing and source code. |
@datagrok: I have a higher expectation of what device manufacturer can do. If you're distributing software, I think you're qualified to distribute the source. The question is whether a web site operator in all causes is qualified to distribute the source and I'm not sure in the same manner.
Don't get me wrong, I love the AGPL and think it's the best license. But I'm hesitant to recommend it for every one.
I may eventually develop a blog post about this topic. May I quote you?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Isn't this situation similar to the device manufacturers who (ostensibly) unwittingly violate the GPL for e.g. busybox? It's a burden for them to be hit with a request for source code. We expect that the people who they pay to build their software (be they employees, contractors, or local shops) should ensure that the software is compliant before release, and that this is not a burden, but a reasonable cost of building on GPL'd code.
Is the hypothetical business in your example modifying the source code that the web shop set up for them? If not, AGPLv3§13 is not invoked, they are under no obligation to host source code themselves. Instead, the web shop performing modifications to AGPL'd code has that obligation. I would assume they don't experience (as much of) a burden, since they are familiar with software development.
I guess the situation is different if the modifications were created entirely for-hire, but in that situation I'd expect a competent and ethical developer to set up a public repository containing their modified source.
There are mechanisms like keeping configuration in the environment that we might encourage authors of AGPL software to embrace, for this reason. Still, that's no guarantee against mistakes that reveal confidential information. I see your point.
Regardless of my comments above, I see your point and understand why you don't recommend the AGPL. I'll continue to ponder it. Thanks for taking the time to write this up!