Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Posted May 2, 2025 2:26 UTC (Fri) by butlerm (subscriber, #13312)In reply to: Suprised we aren't seeing more of this by NYKevin
Parent article: Redis is now available under the AGPLv3 open source license (Redis blog)
That said, I don't think the AGPL requires that at all. That is option "e." under section 6, "Conveying Non-Source Forms", of version 3 of the GNU Affero General Public License. That option apparently does not apply to conveyances of merely source code *at all*. I am no lawyer of course, but that seems pellucidly clear to me.
Posted May 2, 2025 8:46 UTC (Fri)
by NYKevin (subscriber, #129325)
[Link] (19 responses)
> Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software. This Corresponding Source shall include the Corresponding Source for any work covered by version 3 of the GNU General Public License that is incorporated pursuant to the following paragraph.
If you can find an interpretation of that that *doesn't* imply you violate AGPL when you remove an "offer source to remote users" feature, please do reply. I can see no such interpretation in the text as the FSF published it.
Posted May 2, 2025 9:08 UTC (Fri)
by ballombe (subscriber, #9523)
[Link] (13 responses)
It says "your modified version must prominently offer all users interacting...", not
If you get ChatGPT to say "OpenAI will give you 1 million dollars", does that mean OpenAI has to do it ?
Posted May 2, 2025 9:43 UTC (Fri)
by NYKevin (subscriber, #129325)
[Link] (12 responses)
* Alice modifies the software to remove the source offer but does not run it. Bob runs the software. Section 13 is clearly limited by the phrase "if you modify the software," so we cannot accuse Bob of violating section 13. The liable party is either Alice, or nobody.
Posted May 2, 2025 13:29 UTC (Fri)
by ballombe (subscriber, #9523)
[Link]
i would add:
Posted May 3, 2025 8:59 UTC (Sat)
by ianmcc (subscriber, #88379)
[Link] (10 responses)
It doesn't matter whether Bob modifies the software or not, if he makes a service available then the licence applies. If Bob is running a version of the the software that already has a souce code option available, Bob can make use of that and doesn't need to offer his own mechanism. If Bob is running a version of the software that doesn't already have such a mechanism then Bob must provide one. That could arise in several ways; maybe the original service no longer exists, or maybe the the version of the software that Bob is running is not the same as the version provided by the existing mechanism. Bob can't bypass that by arguing that someone else did the modifications, or he was otherwise not responsible personally (eg by being mentally incapacitated).
The confusion here comes from reading §13’s trigger (“if you modify the Program…”) too narrowly. Under the AGPL the act of running a modified version as a network service is treated as a form of “distribution” that carries the same source-offer obligations as if you had handed out binaries. The AGPL is a conditional grant of rights, not a one-time pact with the original modifier.
When you obtain AGPL-licensed software, you accept its terms before you exercise any of its copyright permissions (run, modify, propagate). That means any licensee who runs a modified version over a network implicitly agrees to §13’s conditions, even if they weren’t the one who wrote the patch. See https://www.gnu.org/licenses/gpl-faq.en.html#UnreleasedMo...
Posted May 3, 2025 12:15 UTC (Sat)
by ballombe (subscriber, #9523)
[Link] (8 responses)
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or run a copy of the Program.
Posted May 3, 2025 17:58 UTC (Sat)
by ianmcc (subscriber, #88379)
[Link] (7 responses)
“You are not required to accept this License in order to receive or run a copy of the Program.”
But §13 adds:
“If you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network… an opportunity to receive the Corresponding Source…”
Now §9 is about basic use rights — reading, running, or receiving the software as-is, without incurring obligations.
§13 only applies if a modified version is used in a network-interactive context.
So the key question is not who modified it, but whether the act of running the modified version as a service constitutes accepting the license's terms, thereby triggering §13 obligations.
This is a legal grey area, as there is no case law on this point. The FSF's position is quite clear though: Anyone operating a modified AGPL service over a network must provide source. Their FAQ says https://www.gnu.org/licenses/gpl-faq.en.html#UnreleasedMo... :
Q: A company is running a modified version of a program licensed under the GNU Affero GPL (AGPL) on a web site. Does the AGPL say they must release their modified sources?
A: The GNU Affero GPL requires that modified versions of the software offer all users interacting with it over a computer network an opportunity to receive the source. What the company is doing falls under that meaning, so the company must release the modified source code.
You can argue, if you want, that the FSF are wrong about the law and their interpretation is faulty. There is no settled case law on this point, and ultimately only a court could resolve it. But presumably if the FSF had any real doubts, the'd clean up the language used in the license to clarify this point. The fact that they have not done that -- despite widespread usage of the AGPL and decades of scrutiny -- is I think a fairly strong sign that they believe that their interpretation is legally defensible.
Posted May 4, 2025 3:34 UTC (Sun)
by pizza (subscriber, #46)
[Link] (3 responses)
How is the person running this allegedly modified version supposed to know that it has been modified by someone other than the original author?
> But presumably if the FSF had any real doubts, the'd clean up the language used in the license to clarify this point.
Why would they? From the FSF's perspective, these "doubts" are a feature, intended to maximize "software freedom".
(That said, given that Section 13 effectively overrides everything else in the license, and if your interpretation is is correct, would rather blatantly violate the FSF's own Freedom 0)
> The fact that they have not done that -- despite widespread usage of the AGPL and decades of scrutiny
"Decades of scrutiny" have shown the AGPL to be so toxic that it is rarely used for anything other than in "poison pill" to encourage users to take a commercial license.
Posted May 5, 2025 2:35 UTC (Mon)
by jmalcolm (subscriber, #8876)
[Link] (2 responses)
AGPL and GPL software that has been modified can no longer be distributed if the modified work violates the original license. That is the core concept in copyleft. The license is revoked if the terms are violated.
There has to be an unbroken licensing chain from the original authors to you where all the code you have received is being provided under a valid license. If not, you have unlicensed software. If anybody before you in the chain was not allowed to distribute, you cannot have gotten a license from them.
Posted May 5, 2025 11:50 UTC (Mon)
by pizza (subscriber, #46)
[Link] (1 responses)
Okay... and how exactly are you to accomplish this?
Note this doesn't just apply to AGPL, or any other F/OSS license, but to literally *everything*, whether in electronic form or not.
How is someone supposed to _ever_ verify the entire supply chain, all the way back to the original author... if they're even alive? After all, copyright doesn't require formal registration, and it is quite common to publish under psuedonyms.
Posted May 5, 2025 14:04 UTC (Mon)
by Wol (subscriber, #4433)
[Link]
And the GPL is even simpler than most in that regard - to paraphrase the GPL, all you have to do is prove that the original author(s) lawfully released it under the GPL (ie it was theirs to release), and you can completely forget about all the intermediate steps it took to get to you. They're irrelevant.
Cheers,
Posted May 4, 2025 12:08 UTC (Sun)
by Wol (subscriber, #4433)
[Link]
> A: The GNU Affero GPL requires that modified versions of the software offer all users interacting with it over a computer network an opportunity to receive the source. What the company is doing falls under that meaning, so the company must release the modified source code.
I believe the GPL does NOT require a company to release source code to its employees - the modifier and the user are both considered to be the company.
So what happens if AGPL software is used INTERNALLY and some "slip up" results in an outsider interacting with it?
Okay, we have NDAs in place, but the question basically is "what happens if there's a slip up?", the AGPL is far too vague for comfort ... at least with ordinary software it's unlikely to leave company hardware.
Cheers,
Posted May 5, 2025 2:29 UTC (Mon)
by jmalcolm (subscriber, #8876)
[Link] (1 responses)
If I am exempt, I am not bound.
If software is distributed to me as AGPL and I myself do not modify it, it looks like Section 9 frees me of obligation.
That said, the argument to make I guess is that, if a party modifies the software in a way that violates the AGPL then that violation eliminates their right to distribute. Since they cannot legally distribute the software, they cannot pass it to me via the AGPL. Giving it to me at all would be a copyright violation and, since they had no license, they cannot provide a license to me. If I use their modified version, it would be unlicensed. I could go get a valid AGPL covered version myself but that version, presumably, would not be one violating the license (otherwise rinse and repeat).
The law is pretty clear. Getting copyrighted work from an unlicensed source does not exempt me from copyright violation. If I was told that they were licensed, I can probably escape liability however I still have no copyright to the work.
Posted May 5, 2025 6:39 UTC (Mon)
by Wol (subscriber, #4433)
[Link]
Actually, as far as the GPL is concerned (don't know about the AGPL) I don't believe that's true.
Iirc there is wording in the GPL that explicitly says because you get your licence directly from the copyright holder, how you get your copy is irrelevant. You still get a licence even if you were given the copy unlawfully. So the only bit that's in dispute is the modifications themselves, which the modifier/copyright holder gave you, so they're lawfully licenced too.
The only time that *could* bite you, is if you knew the copy was illegal / improper (for example you pirated a copy from someone else's system without their knowledge).
Cheers,
Posted May 3, 2025 12:33 UTC (Sat)
by pizza (subscriber, #46)
[Link]
You left out "and then proceeded to operate it on a public road in a manner that gave a law enforcement officer probable cause to initiate a traffic stop". You can [ab]use it all you want in private property.
> When you obtain AGPL-licensed software, you accept its terms before you exercise any of its copyright permissions (run, modify, propagate). That means any licensee who runs a modified version over a network implicitly agrees to §13’s conditions, even if they weren’t the one who wrote the patch
Nope, you are quite wrong. The AGPL terms only kick in for those doing the modifying, because the license *explicitly* states: "You are not required to accept this License in order to receive or run a copy of the Program." (AGPLv3 section 9), and "if you modify the Program, your modified version must prominently offer...." (AGPLv3, section 12). Meanwhile, with respect to merely "running", 17USC117 states that it is not infringement provided that "such a new copy or adaptation is created as an essential step in the utilization of the computer program"
The requirement to add (or preserve) an in-band source code distribution mechanism falls solely on the party that modifies the software, The recipient of that modified version doesn't have to accept the AGPLv3 to merely receive or run it (again, see the plain text of the license and the law), so if they don't further modify what they received (beyond "essential steps in the utilization of the program") they're not bound by section 12's requirement to provide an in-band offer of source code *if one doesn't already exist*
Posted May 2, 2025 15:46 UTC (Fri)
by mgulick (subscriber, #63735)
[Link] (4 responses)
> If you can find an interpretation of that that *doesn't* imply you violate AGPL when you remove an "offer source to remote users" feature, please do reply. I can see no such interpretation in the text as the FSF published it.
As a developer, not a lawyer, I would interpret that claim such that if you make some source code changes to an AGPL-licensed project, commit them to a private version control system, but never make that version available to users, then the number of "users interacting with it remotely through a computer network" is zero. I would therefore consider that it is only the versions that are actually made available for interactive network use (i.e. deployed) that must also make available the corresponding source.
Posted May 2, 2025 21:06 UTC (Fri)
by NYKevin (subscriber, #129325)
[Link] (3 responses)
Summary of that comment: If it doesn't bind you when you write the code in the first place, then any random other person could run the code, and they have no section 13 obligations because they did not "modify the Program." So that leaves us with three options, all of them bad: 1) You are not allowed to remove the source offer at all, 2) if you remove the source offer, you accept unlimited liability for anyone running the code from now until the end of time, or 3) the whole section is so easy to circumvent that it is pointless - you might as well just use the GPL instead and save everybody the headache of worrying about (1) and (2).
Posted May 2, 2025 22:33 UTC (Fri)
by burki99 (subscriber, #17149)
[Link] (1 responses)
Notwithstanding any other provision of this License, if you run a modified version of the Program, this modified version must prominently offer all users interacting with it remotely through a computer network ...
Or would that still lead to similar or new issues?
Posted May 4, 2025 10:31 UTC (Sun)
by farnz (subscriber, #17727)
[Link]
And that's the heart of the problem with the AGPL; the FSF wants to both place an obligation on you to supply source if you run the program and give other people access to it, and also to not place any obligations on you if you simply run the program. You can't resolve that by tweaking section 13; you need to also change section 9 to indicate that the requirement to provide source applies to everyone who runs the program and allows someone else to access it over the network.
This conflict, BTW, is not a trivial one; it cuts to the heart of the FSF's Four Essential Freedoms, which define the intention behind Free Software. The challenge the AGPL runs into is that it's trying to restrict Freedom 0 for those people who have access to the software so that more people get access to the software and can exercise the Four Freedoms on their own machines, but it tries to do this without placing too much burden on people exercising Freedom 0.
Posted Jun 28, 2025 16:15 UTC (Sat)
by vonbrand (subscriber, #4458)
[Link]
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
"you must offer all users interacting...", so you are not bound to make good on the software offer,
especially since the GNU AGPL come with a disclaimer that disclaims liability for the software performance.
Suprised we aren't seeing more of this
* Perhaps we say that Alice's breach was only complete when she distributed the software to Bob. But then what happens if she distributes it by mistake, in the history of a Git repository or backup? Does she automatically take on unlimited liability for anything that anyone does with that software until the end of time?
* Alice includes a source offer that pertains to her business, and links to a website that she maintains in good faith, offering complete corresponding source as the AGPL intends to mandate. Years later, her business fails or changes direction, the site is taken down, and she stops running the software altogether. Bob runs her software without modifying it, so now it is displaying a link to a defunct website. Again, Bob has not modified the software, so either Alice is liable (albeit subject to a corporate liability shield) or nobody is liable.
* Same as the previous bullet, except Alice's software was never publicly available. Only a small group of people were ever able to interact with it. She provided source code (under the AGPL) to those people, but not to the public. Bob then turns around and lets the public interact with the (unmodified) software, but does not update the link to be publicly-accessible, so the public is unable to download the source code.
* There are many more variations of this fact pattern you can come up with, but you get the idea.
Suprised we aren't seeing more of this
the software work as expected but is reachable only through a non-transparent proxy that remove
the link to the source.
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Wol
Suprised we aren't seeing more of this
Wol
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Wol
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
Suprised we aren't seeing more of this
I don't think there's a fix that meets the FSF's goals. Section 9 makes it clear that the licensee is not bound by the licence simply by running the program; section 13's intent is along the lines of "if you run this program, people with network access to it must be able to get at its source".
Fixing the AGPL text to match intention
If I write the code, I am free to do with it as I like. If you get the code from me, I can place restrictions on what you are allowed to do with it.
Suprised we aren't seeing more of this