|
|
Log in / Subscribe / Register

Comprehensive Response to Bambu's AGPLv3 Violations (Software Freedom Conservancy)

[Posted May 25, 2026 by jake]

The Software Freedom Conservancy (SFC) published a news item on May 18 about its response to violations of the AGPLv3 by Bambu Lab in its 3D printers. The company has not provided the source code to its modifications to a 3D "slicer" program that was released under the AGPLv3 and it has also threatened Paweł Jarczak who created a fork of a different slicer (Orca Slicer) released under AGPLv3 in order to interoperate with his Bambu printer. Based on that, the SFC has created the baltobu project aimed at reverse-engineering and reimplementing the Bambu code while also hosting the Orca Slicer fork.
Bambu has behaved badly for years and made multiple, provably false public statements regarding the AGPLv3 and its requirements. The recent aggressive behavior toward Paweł Jarczak was a last straw for us: we have decided to launch a multi-pronged effort that will assist consumers and users in the short-term, and also work toward a long-term strategy to improve the software right to repair for all 3D printer consumers.

to post comments

Shift in public's attitude

Posted May 25, 2026 17:09 UTC (Mon) by sneela (subscriber, #180826) [Link]

In my opinion, Bambu labs has faced one of the most drastic changes in attitude from the public in a long time. I don't know many other companies off the top of my head which went from loved to hated so fast -- maybe Sun/Oracle, although the hate there is towards Oracle? Recently also Plex with their lifetime membership hike to $750. I know of many who swear by Plex (I use jellyfin), but this change in membership fees has disgusted them. Quite interesting to see.

Fundriser there

Posted May 25, 2026 18:35 UTC (Mon) by arekm (guest, #4846) [Link]

There is also a fundraiser (link in that news article) to hopefully solve this once and for all on a legal level.

Surprising

Posted May 25, 2026 18:54 UTC (Mon) by SLi (subscriber, #53131) [Link] (11 responses)

In some ways, I do find this surprising. Yes, it's clear there are violations. The complete corresponding source code needs to be AGPLv3 and its source code needs to be provided.

However, the argument that the permission to use their online infrastructure with anything in any way derived from those sources does not follow from the license doesn't sound entirely wrong either, and also not something that, to me, obviously follows from the software license, or even entirely obviously *could* follow from it (although the more courts treat copyright licenses as contracts, the more possible this probably becomes).

Surprising

Posted May 25, 2026 19:01 UTC (Mon) by SLi (subscriber, #53131) [Link] (8 responses)

The SFC article frames this as "imposing additional restrictions". But it seems to me it is one thing to impose restrictions on the use and distribution of the code and another to impose restrictions on connecting to your servers and using them. The latter right has nothing to do with copyright, presumably would not exist in software someone independently developed. To me it sounds in principle as separate as, say, the right to manufacture firearms and the right to go to a specific shooting range to use them. Or the right to build your own modified version of a popular browser and the right to market it as Firefox.

Surprising

Posted May 25, 2026 22:03 UTC (Mon) by randomguy3 (subscriber, #71063) [Link]

Sure, they'd likely be within their rights to terminate his account on their cloud service. That, according to Paweł, is not what happened. It seems they sent vague legal threats instead, suggesting that they were within their rights to sue him for distributing the code.

Surprising

Posted May 26, 2026 19:31 UTC (Tue) by iabervon (subscriber, #722) [Link] (6 responses)

I think the oddity is that Bambu is using code licensed to them under the AGPL to run their service, and not following the terms that grant them the right to use the code to provide a service. I'm not entirely sure how the AGPL avoids letting licensees only allow people to be users who have agreed not to exercise the rights that the AGPL says they have to be given, but this may be where the surprising claim comes from.

Surprising

Posted May 27, 2026 1:52 UTC (Wed) by Wol (subscriber, #4433) [Link] (5 responses)

> I'm not entirely sure how the AGPL avoids letting licensees only allow people to be users who have agreed not to exercise the rights that the AGPL says they have to be given, but this may be where the surprising claim comes from.

Why is that a surprising claim? If, as a condition of using the code, you have give up rights that the licence says the provider must give you, then that's basically an end run round the licence terms. It's impossible to interpret that any other way. Which is why the SFC calls it "additional restrictions" that the licence explicitly forbids.

The AGPL says the service provider MUST provide the source to users on request. The service provider says that prospective users MUST give up that right in order to use the service. The service provider now can ignore the licence! Simple as, and a perfect end run ... hopefully not!

Cheers,
Wol

Surprising

Posted May 27, 2026 2:46 UTC (Wed) by pizza (subscriber, #46) [Link]

> The service provider says that prospective users MUST give up that right in order to use the service.

FWIW, that's well within the service provider's rights. (See also: RHEL)

But that's not what Bambu has done here; instead of simply locking down their services (like RH does) they sent legal nastygrams to folks that modified the software that they themselves published... while also directly violating the upstream license terms of that same software.

Surprising

Posted May 27, 2026 10:45 UTC (Wed) by SLi (subscriber, #53131) [Link] (3 responses)

I'm not entirely sure I follow what the additional restriction claimed here is, but I think we should separate again using the code and using the service. This is my unsophisticated gut feeling of how I'd understand it:

Due to the open source nature, you are free to use the code with a service hosted by you or anyone else that you have a separate right to use. That is what the open source and copyleft licenses grant you. This means you have been given the full ability and right to use the licensed code, although you obviously still may not use it in ways that for completely separate reasons violate someone else's rights.

So generally I imagine the right to the code is not a right to all the related services.

Surprising

Posted May 27, 2026 11:15 UTC (Wed) by farnz (subscriber, #17727) [Link] (2 responses)

The additional restriction Bambu Labs appear to be trying to impose is that you cannot publish modified code that, in Bambu's sole opinion, makes it harder for them to control the use of their services, if that code is in any way derived from their AGPLv3 code releases.

They're doing this because it's impossible to distinguish an authorized client from an unauthorized one based solely on observing client behaviour - the overlap between "modified client, using our services in a way we dislike" and "unmodified client, using our services in a way we're content with" is huge, and if they blocked users for misuse of the cloud service in a way that caused them issues, they'd block a large number of customers using the Bambu Labs build of their official application.

So, they're attempting to say that it's not permissible to take the Bambu Labs AGPLv3 source code, and modify it in a way that doesn't also ensure that the client authorization code is modified, nor is it permissible to take the AGPLv3 client authorization code and integrate it with another project - you must not create derivative works of the AGPLv3 code where Bambu Labs deems it an unacceptable modification.

Surprising

Posted May 28, 2026 1:53 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (1 responses)

You can't do that. The GPLv3 and AGPLv3 both expressly waive anti-circumvention rights in section 3 of each license.

Surprising

Posted May 28, 2026 11:25 UTC (Thu) by farnz (subscriber, #17727) [Link]

You can, if you assert that the GPLv3 and AGPLv3 don't apply to the code that was copied. Your legal theories for how this works will almost certainly be struck down by any court in any country you try this in, but they're still enough to frighten your victim into either giving you what you want, or getting expensive lawyers involved.

And that's going to remain an issue with licensing terms that try to protect you - a bad actor can come up with a variety of legal theories for why what they're doing is OK, but what you're doing is not, and make you pay the costs of being the target of legal action - even if they eventually end up having to reimburse you.

Surprising

Posted May 25, 2026 19:44 UTC (Mon) by Vorpal (guest, #136011) [Link] (1 responses)

It is worth noting here that what the developer did was use the same user agent string as is in Bambu's published source code. As I understand it, it had been changed in the downstream OrcaSlicer fork, they simply reverted it to the upstream value. And Bambu decided to threaten with DMCA. I'm not a lawyer, but nowhere does that make any sense to me.

Surprising

Posted May 26, 2026 16:26 UTC (Tue) by smurf (subscriber, #17840) [Link]

It does make a lot of sense if you regard Bambu as a company that would like to treat its customers as product.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds