Elastic promises "open"—delivers proprietary
Elastic promises "open"—delivers proprietary
Posted Jan 28, 2021 1:38 UTC (Thu) by kemitchell (subscriber, #124442)In reply to: Elastic promises "open"—delivers proprietary by mjg59
Parent article: Elastic promises "open"—delivers proprietary
Howdy, Matthew. Hope you're doing alright.
The thing you must provide and license under *GPLv3 is "Corresponding Source". Here's the relevant part of the definition:
The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work’s System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. ...
The requirements to convey and license "Corresponding Source" are in section 6 and section 13 of AGPLv3.
*GPLv3 "invokes" the copyright concept of "derivative work" elsewhere, in the definition of "modify":
To “modify” a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a “modified version” of the earlier work or a work “based on” the earlier work.
With legal X-ray glasses on: The phrase "requiring copyright permission" will catch "preparing derivative works" of the software under United States Code title 17, section 106, the list of exclusive rights of copyright holders in the Copyright Act. The phrase "based on" appears in that section, as well as the Copyright Act definition of "derivative work".
For what it's worth, I think we agree on implementation. SSPL, especially section 13 of SSPLv1, could be a lot better written. The v2 improvements, which Mongo proposed before fleeing the OSI scene, were an improvement, though still not great. Personally, I think forking AGPLv3 probably doomed them to confusion from the start. I suspect the lawyer who did the forking knew that, but could not convince their client. Having seen the difference between OSI process as perceived and OSI practice as practiced come crashing right down on their heads, it was just another bit of feedback they were done hearing, maybe even came to suspect as Trojan Horse.
I'm not sure whether we agree that the intended functionality of SSPL would make an open license. I certainly do. Partly out of frustration with the decision to start from AGPL, and then out of further frustration with the "review" process, which achieved no improvement to the v1 and couldn't be expected to, I drafted and shopped around a license we eventually called "Round Robin". More in an effort to depersonalize the proposal and the issues than anything else.
I don't know how to allocate responsibility for the total unproductive waste that was the OSI thread on SSPL. I see with just two eyes. Mongo definitely contributed, but they were hardly the only one. More naive than evil, methinks. In any event, I'm disappointed to see arguments that judge Mongo (or Elastic) rather than the terms. MIT and BSD certainly weren't drafted with "software freedom" in mind. It was at best one line of input to MPLv2 and EPL. But in the end, licenses are just tools. Especially when others not the drafter start using them.
Posted Jan 28, 2021 1:59 UTC (Thu)
by mjg59 (subscriber, #23239)
[Link] (3 responses)
I think that depends on what the intended functionality of SSPL actually is.
Posted Jan 28, 2021 2:20 UTC (Thu)
by kemitchell (subscriber, #124442)
[Link] (2 responses)
The tragedy here is the communication breakdown. The sides have squared off and don't talk in earnest. When they happen to catch a word, they assume hostility or duplicity. Increasingly, they're right.
I for one lay that first at OSI's feet. They tolerated, even welcomed, ad hominem attacks on the company, rather than holding discussion to the license. Whatever reason someone had to oppose either company or license---not good for their business, not drafted through their process, not motivated by their politics---they were free to wreck the assumption of good faith, backchannel as well as publicly.
It's not actually fair to say the license review process failed. It was never allowed to start earnest. Filibustered or shouted down, not really debated. But some can chalk it up as a "win", because their interest lies in the outcome, and not the process.
Posted Jan 28, 2021 2:59 UTC (Thu)
by mjg59 (subscriber, #23239)
[Link] (1 responses)
"Many open source developers are struggling with a similar reality, and some of our competitors have moved to proprietary licensing models. The alternative, to be blunt, is for us to be that last standing unpaid open source database developer for cloud providers, who sell access to our software for significant fees, but may not adequately contribute back to our community."
Even in version 2, section 13 would appear to require Amazon to hand over a significant amount of code that wouldn't have benefited the MongoDB community - the greatest beneficiaries would be other large cloud providers. Again, the easy way to go from the rationale to the license terms is to assume that most vendors will find the terms overly onerous and will pay for an alternative license.
So, what /is/ the intended functionality of the SSPL? Is it intended to increase the amount of free software in the world, or is it intended to support the business model of the authors?
Posted Jan 28, 2021 3:58 UTC (Thu)
by kemitchell (subscriber, #124442)
[Link]
I don't doubt the honesty of your reading at all. I do worry about standards. We may be more familiar with seeing "Corresponding Source" in GPLv3 or "derivative work" in a bunch of licenses. But when someone comes to me for legal advice about what, exactly, they have to release, I've rarely got a 100% answer. Usually we can find some approach that works, mixing good faith, a willingness to communicate, and a little conservatism (in favor of release). But line drawing can be hard even under licenses that took pains to make it easier, like MPLv2. Implementation-wise, our best tools look a lot more like SSPL, which used industry terms for what has to be shared, rather than more copyright law esoterica. I also see—not speaking of your comments here—a willingness to hide behind the "impracticality" of compliance. In my mind, the fact there isn't a world-famous, pure-open-source cloud provider yet isn't SSPL's problem. It's a movement problem, and something we ought to be agitating for. Neither is it relevant that a particular cloud vendor won't share such-and-such code. That's taking the proprietary part of their business model as granted, instead of a call for advocacy. To my mind, the whole concern is whether a developer or company fully willing to share their work as required can feel confident in compliance. The readings that involve SSPL'ing all the firmware blobs for your rack server strike me as motivated stretches to failure. I was glad to see that quote from Mongo's submission statement again. It's important. SSPL wasn't Commons Clause. It was an attempt to get some of the effect of Commons Clause by using the if-then of copyleft, and conceding the maybe-someone-will of copyleft, rather than the hard "no" so common in proprietary licensing. I'm guessing that sounds like a big admission. I do suspect the primary motivation for SSPL was just what they said: defense against Amazon. But if the people involved didn't gain meaning in work from broader movement principles, I don't think they would have tried to address their goal under open source limitations. It's so much easier to draft and administer a flat restriction, as in Commons Clause. And Mongo had a ton more leverage than the startups who announced Commons Clause to do it. In short, I don't think the motivation question is either-or. It should be both-and. The hope for free software in business was that advancing "freedom" could also be good for business. And in fact we've repeatedly seen commercial firms carrying the torch of the latest, strongest copyleft license. MySQL and Sleepycat in the early days. MongoDB for AGPL, which was actually written for Affero, another company. There have been some activists licenses that really only activists used, and some upstart company licenses that really only the companies themselves used. But the heydays, as I see them, were all periods when activists and upstart companies backed each other up. The coalition on the permissive side—anti-IP activists and companies who like free stuff—hasn't wavered. Plenty of permissive licenses have been drafted by corporate lawyers with no thought to end-user service or software-freedom ideology. A small nit on dual licensing: Mongo continues to tell folks that SSPL doesn't require sharing applications that use Mongo for a database. Just offerings that provide Mongo as a service. They did the same for AGPL before that. It's analogous to the user-space exception to GPLv2 from the kernel. I don't know the terms of deals they've done with cloud providers. But looking at their application-developer offerings, it's all hosting and open core. I don't think they'd call themselves a dual licensing company. I've really appreciated your messages. Thanks.
Posted Jan 28, 2021 16:25 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (2 responses)
Picking on you because you admit to being a lawyer :-)
See my other post, but you wrote "provide AND LICENSE". Delete the words "and license" because YOU DO NOT HAVE THE RIGHT TO DO SO!!!
ABSOLUTELY NO Open or Free licence I am aware of gives you the right to re-licence somebody else's code.
Cheers,
Posted Jan 28, 2021 16:59 UTC (Thu)
by kemitchell (subscriber, #124442)
[Link] (1 responses)
Posted Jan 28, 2021 20:24 UTC (Thu)
by Wol (subscriber, #4433)
[Link]
If part of the "Entire Work" is derivative of GPL, then, as a *single derivative item*, it can be licenced under the GPL.
But if the "Corresponding Source" contains large chunks of my MIT-licenced work, you can NOT licence the corresponding source as GPL because I didn't give you permission to relicence my work. What you CAN do is distribute the entire corresponding source AS IF it was GPL.
Note that the terms "Entire Work" and "Corresponding Source" imply that the two are completely separate items (linked by the fact that if you pass the "corresponding source" through a compiler/linker, you get the "entire work" as said separate item).
Cheers,
Elastic promises "open"—delivers proprietary
Elastic promises "open"—delivers proprietary
Elastic promises "open"—delivers proprietary
Elastic promises "open"—delivers proprietary
Elastic promises "open"—delivers proprietary
Wol
Elastic promises "open"—delivers proprietary
<blockquote><p>You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it.</p></blockquote>
Elastic promises "open"—delivers proprietary
Wol