The terms of the AGPL are pretty easy to comply with

&gt; Obligatory: I’m not a lawyer; this is for informational purposes only.<p>and<p>&gt; Google states that if, for example, Google Maps used PostGIS as its data store, and PostGIS used the AGPL, Google would be required to release the Google Maps code. This is not true. They would be required to release their PostGIS patches in this situation. AGPL does not extend the GPL in that it makes the Internet count as a form of linking which creates a derivative work, as Google implies, but rather that it makes anyone who uses the the software via the Internet entitled to its source code.<p>This is the problem: I&#x27;ve fought with IP lawyers we&#x27;ve had on retainer who always boil it down to: &quot;It doesn&#x27;t matter. We&#x27;re not going to court to find out.&quot;<p>Is it FUD? Yes. But I am also not a lawyer, and I can only do so much to fight upwards as an IC. I&#x27;ve seen this exact mindset at every company I&#x27;ve ever worked for or with.<p>The real fear is that once you have an AGPL dependency, it&#x27;s _possible_ that it makes it way into something you really don&#x27;t want to release publicly, and now you have a huge mess of a problem. The easy solution: don&#x27;t use software with that license.<p>(FWIW I hate this, and fully believe competent developers can not shoot themselves in the foot so extravagantly, but alas.)

Disclaimer - As a CTO of a company I have to take a stance on these issues. As a matter of fact, as you raise money, part of the due diligence is to audit the libraries that you use to make sure that you don&#x27;t use libraries that can jeopardize the future of the company.<p><i>Using an AGPL library for a Saas company will be flagged as a risk by lawyers during the due diligence process.</i><p>At Truework, we love open source and try to contribute when we can, but the reality is that if a library is AGPL, I&#x27;ll ask my team to not use it. It&#x27;s just not worth it to risk so much for a single library. Yes, it&#x27;s unlikely that you will have to go to court because you use that one library, but if you do... well that&#x27;s bad news for you.<p>If you build a business, it&#x27;s about making sure that there there is a reasonable ROI for risks that you take. APGL tilts the balance towards &quot;we shouldn&#x27;t use this, it&#x27;s too risky&quot;. Make your own decisions, but keep that in mind.

Hello, While I&#x27;m employed to develop an agpl software, and I fond of this license, it&#x27;s clear that with the wrong actors it can be a threat to some businesses.<p>I&#x27;ll tell you a little story that happened around 10 years ago:<p>I got a call from a representative of Oracle, he asked me if we where using MySQL, and if I could described him how, because he wanted to help us make Better use of this tool.<p>We where pretty happy about MySQL at the time, and I went into deep details about how we used it. At the end, he told me point blank that the PHP&#x27;s MySQL driver was licenced under the GPL and that we had to licence our whole codebase under the GPL since it was contaminating our code as a whole. (Even if we had encapsulated all the accesses to the driver around a single class)<p>The alternative was to pay the right to use it under a non GPL contaminating way.<p>Oracle then called and threatened us many times.<p>The argument that made them stop was when we told us that we where hosting the applications. This argument would not have been sufficient with the agpl.<p>There claim was unfonded but I can assure you that I didn&#x27;t sleep well for a while!

&gt; Obligatory: I’m not a lawyer; this is for informational purposes only<p>That&#x27;s the main point, though. You aren&#x27;t, in fact, a lawyer. And this is not, in fact legal advice. You are presumably expert in a non-legal field, and you are giving expert opinion on something you are not an expert on.<p>The GPL is tested. The LGPL less so, but lawyers seem to be more comfortable with it.<p>There&#x27;s the extra complexity that Google compiles its binaries statically.<p>You&#x27;re calling Google liars. There&#x27;s an alternative interpretation of events where a whole legal department, with great lawyers, and backed by great engineers to clarify the technical aspects for the lawyers, come to a different conclusion than yours.<p>And you just dismiss that as lies. I don&#x27;t think that&#x27;s fair at all. You wouldn&#x27;t want a lawyer to come and say &quot;bah, you should just make that inherently NP problem complete fast for all inputs. How hard could it be? If you say it&#x27;s hard then you&#x27;re lying.&quot;.<p>&gt; this is for informational purposes only<p>This is pretty arrogant. &quot;I&#x27;m not a lawyer, but here are the real legal facts to ACTUALLY educate you&quot;.<p>You should say it&#x27;s &quot;for speculation purposes only&quot;, or &quot;for entertainment purposes only&quot;.<p>&gt; Don’t be afraid to use the AGPL, and don’t be afraid to use software which uses the AGPL.<p>This is ignoring one big problem though. Agree or not, call them liars or not, but Google <i>and it&#x27;s employees</i> will NOT touch your software. Not only will you not get Google as users (though if you dual-license yes in fact Google DOES buy software, if they can buy it as non-AGPL), you will not get Google employees as <i>contributors</i>.

Awesome article! I was in an organization which had an AGPL ban. After a couple of months with lawyers, it&#x27;s now a major AGPL supporter. AGPL lets you build ecosystems around your software, where everyone contributes, and no one can parasitically compete with you. It&#x27;s absolutely the right tool for a lot of uses.<p>I&#x27;m no longer with the organization, but it had:<p>* Hundreds of open-source contributors<p>* Millions of users, mostly paying<p>* Zero direct competitors using the software. With equal ground for technology, it&#x27;d be almost impossible to overcome first-mover and branding advantage unless the organization really messed up<p>* Hundreds of major open source users doing interesting things with the software and using it in non-competing contexts. That translated into product enhancements.<p>With GPL or BSD, it almost certainly would have played out as lots of competitors doing an extend-and-proprietize, and instead of a successful open company, it would have been a dead organization.<p>So many misconceptions abound.<p>The flip side, though, isn&#x27;t that everyone should use the AGPL. You should have the right license for the right context.

I have significant responsibility for setting open-source policy at my company. We require specific review on a facts-and-circumstances basis of any AGPL usage.<p>Why? Because for most open-source licenses, it&#x27;s clear how to avoid any license controversy entirely by simply never conveying the licensed work. If I don&#x27;t ship you (&quot;convey to you&quot;) any binaries, I have no obligations to you under GPL (or MIT or Apache, obviously). For the most part, we don&#x27;t ship anyone outside the company binaries, so compliance (both in fact and in provability of that fact) is relatively easy. Not so with AGPL.<p>If there was critically useful code only licensed under AGPL, we&#x27;d consider it, of course. But it would get a lot more review than a typical Apache&#x2F;MIT&#x2F;GPL license situation. I have no philosophical objection to AGPL; I just find it a much less practical license than most of the other, much more commonly used, licenses.

I haven&#x27;t commented on HN in a while, but this article actually pretty much complains about me, since I wrote the text in question and enabled the policy to be released.<p>So i&#x27;m just going to say:<p>1. The author claims the Google states something, then doesn&#x27;t actually quote anything google stated, but instead writes their own interpretation of the words and a made up example. That&#x27;s not a good start.<p>2. Having set up their own example, the author then proceeds to say it&#x27;s wrong because of an appeal to authority, asserting no reasonable disagreement is possible - when not only is it possible, but large numbers of IP lawyers disagree on what the AGPL requires. It&#x27;s true that someone wrote it, and there are FAQ&#x27;s, but depending when and where, their opinion on what it means is not as relevant as one might think.<p>In truth, lots of people disagree over interpretation of the AGPL - many more than disagree about GPL interpretation or LGPL interpretation (which are fairly settled at this point). Searches over any legal licensing list in existence will you this.<p>When I wrote the interpretation you see here, it was the best available info at the time, guided not just by own views, but by listening to a lot of smart lawyers, counterparts at other companies, etc.<p>Even if you ignore all the lawyers and whatever as useless, the author has the huge problem that <i>There are people who make AGPL software that take the view listed in the google policy</i><p>So it&#x27;s not just Google or lawyers, it&#x27;s <i>software authors</i>. Not just a few, either.<p>While companies are generally happy to ignore one or two people whose interpretation is outside the norm (and just not use their software), that&#x27;s much harder when there is such widespread difference in view of the AGPL.<p>3. For no particular reason at all, the author then decides to assert a tremendous amount of bad faith in interpretation of the AGPL and reasons for publishing such policies.<p>We published our policies because over the years I (and others) were repeatedly asked by counterparts at other companies, various communities, and others to understand what our policies look like, for a variety of reasons (to understand for themselves, to use as a template, etc)<p>Period. That&#x27;s the whole reason. It even says this: <a href="https:&#x2F;&#x2F;opensource.google&#x2F;docs&#x2F;" rel="nofollow">https:&#x2F;&#x2F;opensource.google&#x2F;docs&#x2F;</a><p>The author here has decided that&#x27;s clearly all lies or deliberate misinformation, without even bothering to even ask anybody.

&gt; Google states that if, for example, Google Maps used PostGIS as its data store, and PostGIS used the AGPL, Google would be required to release the Google Maps code. This is not true. They would be required to release their PostGIS patches in this situation. AGPL does not extend the GPL in that it makes the Internet count as a form of linking which creates a derivative work, as Google implies, but rather that it makes anyone who uses the the software via the Internet entitled to its source code.<p>Is there an existing national court case which supports this assertion? Otherwise it&#x27;s a valid concern given that lawsuits and judges may have different interpretations than engineers. Just look at the Oracle vs. Google debacle over Java.

So. From the POW of a total lay person as far as it comes to law.<p>Someone writes a blog post with an &#x27;IANAL&#x27; disclaimer on top saying that what Google&#x27;s army of lawyers have gathered from reading a legal document is false, and I should favor his interpretation instead. I don&#x27;t know, I&#x27;m not exactly convinced.

Big corporations avoiding AGPL like the plague makes it a much better &quot;don&#x27;t be evil&quot; license than any other attempts at making one of those. If anything, I&#x27;d love to see some dual license scheme where a different license is available only to small developers or non-profits, rather rather than corporations with bags of cash. I wonder how that can be enforced - perhaps some sort of a CLA that only gives limited rights to relicense instead of just handing over the copyright entirely.<p>And yeah, this goes entirely counter to making profit, but hey, I think we&#x27;re privileged enough to afford to try ideas like this.

Truth or falsehoods aside, the reason one of the places I have worked (large 10&#x27;s of k&#x27;s of employees, big legal staff) refused to let us use AGPL is that it had never been decided in court, and they didn&#x27;t want to be the ones to foot that bill.<p>&quot;No&quot; is pretty cheap, and they were pretty good at it.

&gt; Any derivative works of AGPL-licensed software must also use the AGPL.<p>TBH, I&#x27;m interpreting this statement just like Google is:<p>&gt; Google states that if, for example, Google Maps used PostGIS as its data store, and PostGIS used the AGPL, Google would be required to release the Google Maps code.<p>What&#x27;s the definition of &#x27;derivative work&#x27; here?

&gt; Google states that if, for example, Google Maps used PostGIS as its data store, and PostGIS used the AGPL, Google would be required to release the Google Maps code. This is not true. They would be required to release their PostGIS patches in this situation. AGPL does not extend the GPL in that it makes the Internet count as a form of linking which creates a derivative work, as Google implies, but rather that it makes anyone who uses the the software via the Internet entitled to its source code.<p>I don&#x27;t really follow this.<p>The fact that the linking exception and the LGPL exist at all is enough to infer that the FSF&#x2F;license authors consider linking against or otherwise using a piece of software as a component of a larger system is enough to make that larger system a derivative work of the smaller component, thus &quot;tainting&quot; (I use this work non-disparagingly) it with the copyleft provisions of the license.<p>If Google Maps (that is the suite of software running on Google&#x27;s servers) uses PostGIS as its data store then it seems that without a judicial ruling on whether there&#x27;s a legal difference between interfacing with a software component by linking against it and interfacing with a software component by using some other software interface, it&#x27;s not possible to be so certain that there isn&#x27;t an issue here.

&quot;The Google page about the AGPL details inaccurate (but common1) misconceptions about the obligations of the AGPL that don’t follow from the text.&quot;<p>&quot;The reason they spread these misconceptions is straightforward: they want to discourage people from using the AGPL, because they cannot productize such software effectively.&quot;<p>&quot;Ask yourself: why is documentation of internal-facing decisions like what software licenses to use being published in a public place?&quot;<p>To be perfectly clear, your claim is:<p>- Google internally knows they can comply with the AGPL without trouble<p>- Has consciously chosen to write policies prohibiting it based on misleading reasons<p>- Google adheres to that policy<p>- Most importantly: they are doing this because they believe that the influence this would have in discouraging use of the AGPL is valuable enough to substantially benefit Google<p>Have I understood correctly?

Companies like MongoDB release a &#x27;free&#x27; version using AGPL and a commercial version under no such provision, and use this in marketing material to convince commercial users to buy licensing so they can incorporate their DB into web based products.<p>If this distinction is without merit for those simply using MongoDB as an unmodified DB, this seems like it wouldn&#x27;t actually work so well as a sales tool.

&gt; Google states that if, for example, Google Maps used PostGIS as its data store, and PostGIS used the AGPL, Google would be required to release the Google Maps code.<p>I can’t see that statement, or anything like it, in the linked article. Am I missing something?

After much consideration we finally released our core software (<a href="https:&#x2F;&#x2F;github.com&#x2F;kiprotect&#x2F;kiprotect" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;kiprotect&#x2F;kiprotect</a> - a privacy &amp; security engineering toolkit) under the AGPL. In the past we&#x27;ve released other software under more permissive licenses like the BSD-3 or MIT licenses, but we&#x27;ve decidedly picked the AGPL for our toolkit, for the following reasons:<p>- We want to encourage people and organizations to use the software as a data processing &amp; protection tool, just like they use other Linux&#x2F;Unix tools.<p>- Using the software does not require integrating it into a software project as a library (though you can do that).<p>- We want to ensure that any extensions and modifications of the software (e.g. new anonymization or pseudonymization methods that people would implement) will make it back into the main software as open-source, so that everyone can benefit from them.<p>- We want to keep potential competitors from being able to just resell our software as a SaaS offering or integrate it into a commercial, closed-source product.<p>For me, the AGPL fits this bill quite nicely, and that it deters organizations to use the software for free in their closed-source projects is actually a bonus. We offer dual-licensing by the way, so organizations can just buy a commercial license if they want to integrate our tool into their closed-source software. That at least should allow us to refuse such a license to a potential competitor and the funding we (hopefully) will generate via the commercial licenses will help us fund the development for everyone. Win win.

I think that the AGPL is a fine language in cases where the code being released is a complete system, that you want many people&#x2F;organizations to use and improve it, but you don&#x27;t want anyone cloning it as their own standalone product.<p>I understand why Google would not want to use it, and also other large companies.<p>For individuals and smaller companies I think the AGPL can make good sense, especially for complete web applications.

The author makes the following claims:<p>&gt; In truth, the terms of the AGPL are pretty easy to comply with. The basic obligations of the AGPL which set it apart from other licenses are as follows:<p>&gt; - Any derivative works of AGPL-licensed software must also use the AGPL.<p>&gt; - Any users of such software are entitled to the source code under the terms of the AGPL, including users accessing it over the network such as with their web browser or via an API or internet protocol.<p>That first claim is debatable at best. Nowhere in the entire document will you find the term &quot;derivative work.&quot; Instead, the AGPL forces on the reader a bunch of other terms that may or may not add up to &quot;derivative works.&quot;<p>Other licenses have no problem coming out and using the term. Doing so connects <i>those</i> licenses to a well-understood body of intellectual property law. Not so with AGPL. See the discussion in the book by Rosen (an actual lawyer) for more [1].<p>So right out of the gate, the AGPL is not easy to comply with.<p>[1] <a href="https:&#x2F;&#x2F;www.rosenlaw.com&#x2F;oslbook.htm" rel="nofollow">https:&#x2F;&#x2F;www.rosenlaw.com&#x2F;oslbook.htm</a>

Yeah. People often resort to some fear-mongering when it comes to AGPL. When we released our software under AGPL, one developer of a somewhat competing app didn&#x27;t find anything better but to claim that &#x27;AGPL license makes it a useless toy&#x27;. Well, we don&#x27;t agree.

Sorry, this isn&#x27;t really the case. The AGPL can be used in a predatory fashion. Projects that are AGPL&#x27;d are often dual licensed, with a commercial license for commercial applications and AGPL for experiments. I once negotiated for a couple of weeks to pay for an open source package that was dual licensed under the AGPL. I wanted to make small modifications to the source. The commercial terms were available on request, and I requested and got sort of tangential answers until finally the company&#x27;s lawyer told me that I&#x27;d be liable for 15% of all revenue connected to the library in any way. If I had used the library first and asked for the terms later, I could have been in a very serious situation.

It reminds me of the story I heard around a campfire once, about a programmer who decided to fix a bug in a single AGPL module, and they were forced to make their entire code open source. Even today, long after the bankruptcy, they say you can still hear the screams in the shuttered, decaying boardroom. And the bug somehow got unfixed. It’s out there now, waiting ... for its next victim.

Yeah, making some of my recent projects AGPL truly scares away contributions from Googlers (as their internal, low friction patching process doesn&#x27;t apply to AGPL software, and they have to go through explicit approval). Fun.

&gt; Ask yourself: why is documentation of internal-facing decisions like what software licenses to use being published in a public place? The answer is straightforward: to influence the public. This is propaganda.<p>Or maybe it&#x27;s just something that many people have asked about? And why wouldn&#x27;t they publish it?

Agree that some of the examples cited are misrepresentations of what the AGPL requires, but I think, for many companies, just the requirement to publish changes (if any) would be a showstopper. Which is unfortunate, but I think is the reality of the situation.

I think the author is misreading Google&#x27;s policy (<a href="https:&#x2F;&#x2F;opensource.google&#x2F;docs&#x2F;using&#x2F;agpl-policy&#x2F;" rel="nofollow">https:&#x2F;&#x2F;opensource.google&#x2F;docs&#x2F;using&#x2F;agpl-policy&#x2F;</a>). They&#x27;re not saying that communications over the internet constitute a linkage, they&#x27;re saying that:<p>* Because of free and open development practices within Google, it&#x27;s impractical for developers to be constantly aware of what libraries get linked into their binaries. (This is exacerbated because of their monorepo, but even in a multi-repo setup it&#x27;s very easy to end up with random libraries in your dependency chain.)<p>* If an AGPL library did end up linked, because all Google&#x27;s services are accessible through a remote network, the virality provisions kick in and they might have a legal duty to distribute the entire binary.<p>* Therefore, they have to ban AGPL libraries so that no core service developer accidentally depends on one.

Back when I was a postdoc I talked to my advisor about GPL and BSD. The advisor (who was a supremely intelligent person) said the simplest, clearest possible thing I could imagine: &quot;I wouldn&#x27;t license software under GPL because I read the GPL license and couldn&#x27;t understand what it was saying. I read the BSD license and it was totally clear. I want to license something using a license that makes technical sense to me.&quot;<p>The fact that we see pages and pages of hackers arguing over what the implications of a license family (GPL and AGPL) are based on the legal text suggests that many people don&#x27;t understand the GPL.

&gt; Any users of such software are entitled to the source code under the terms of the AGPL, including users accessing it over the network such as with their web browser or via an API or internet protocol<p>That doesn&#x27;t seem to be quite right. It makes it sound like the source code entitlement applies to all users. The &quot;including users accessing it over the network&quot; is redundant then because they are a subset of all users.<p>What&#x27;s actually in the text of the license is:<p>&gt; Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.<p>The user source entitlement only applies to users remotely interacting with the software through a computer network.

For fans of AGPL I suggest checking out EUPL. Half the length of AGPL. Changing&#x2F;removing portions of the license is allowed.<p>More info: you may have seen this on Hacker News recently: <a href="https:&#x2F;&#x2F;www.arp242.net&#x2F;license.html" rel="nofollow">https:&#x2F;&#x2F;www.arp242.net&#x2F;license.html</a>.

My problem with GPL is that the term &quot;derived&quot; is defined to vague or not in the way I like it, which in turn opens up all kind of legal uncertainty.<p>(I don&#x27;t know if this also applies for AGPL.)<p>I would love to hear that AGPL legal reliably works like he describes (or there is a different license which does).

Rather heavily editorialized title? Original says: &quot;The falsehoods of anti-AGPL propaganda&quot;

I use software with GPL and AGPL, and may even contribute, but when I write my own software, I make it to be the public domain instead, because I don&#x27;t like copyright, and because public domain will make it we don&#x27;t have to worry about the license conditions, in case it may be confusing.<p>I have a program which links with AGPL software. My program is itself public domain, and is released only as source code, but I would think if anyone distributes it, or makes it available to access over the network, that they would have to do so in a way which is not contrary to AGPL. If you know how it is work, then hopefully you can comment too, to say what parts I did wrong, I suppose.

I can&#x27;t comment on the &quot;true&quot; motivation for releasing these documents, but I noticed the same site includes <a href="https:&#x2F;&#x2F;opensource.google&#x2F;docs&#x2F;thirdparty&#x2F;oneversion&#x2F;" rel="nofollow">https:&#x2F;&#x2F;opensource.google&#x2F;docs&#x2F;thirdparty&#x2F;oneversion&#x2F;</a> which is a very Google-internal-only kind of problem, complete with broken links to Google-internal-only tools and processes (rosie and lsc). That page at least is definitely just a dump of the internal documentation.

&gt; Network use is distribution<p>I use the Open Software License for this same reason, I dont think companies should be able to get the benefit of open source libraries with the cost of publishing any modifications, regardless if its a webapp or desktop app. I am curious the difference though:<p><a href="https:&#x2F;&#x2F;choosealicense.com&#x2F;appendix" rel="nofollow">https:&#x2F;&#x2F;choosealicense.com&#x2F;appendix</a><p>seems to only be different with regard to trademarks?

Even as an individual user, I try to avoid using software licensed under GPL or its derivatives.<p>I&#x27;m against copyright laws, and any second that I have to spend thinking about how to comply with them is a second wasted to me.<p>BSD and MIT make me waste the minimum practically possible amount of time.<p>I like knowing that I have the freedom to not care about infringing on anyone&#x27;s copyright as long as I only develop software using permissive licenses.

I love the AGPL, and I love that it is more and more used by larger and larger projects. For example, the widely used Overleaf. This is a good world.

The new title is misleading. It is a charitable interpretation of a half-screed&#x2F;half conspiracy theory.<p>&gt; The reason they spread these misconceptions is straightforward: they want to discourage people from using the AGPL, because they cannot productize such software effectively.<p>Statements like this can be encompassed by its original title, as the author intended.

&gt; Any derivative works of AGPL-licensed software must also use the AGPL.<p>That&#x27;s why people don&#x27;t use AGPL, and why I personally don&#x27;t release any code under (A)GPL. If you want to make free software, make <i>free software</i> and release your code under Apache or MIT. And if you really care about attribution, use CC BY 3.0. Legally, you don&#x27;t want to deal with the burden of constantly checking if you&#x27;re complying with some license that a dependency of a dependency of a dependency is using.<p>&gt; By discouraging the use of AGPL in the broader community, Google hopes to create a larger set of free- and open-source software that they can take for their own needs without any obligations to upstream...<p>This is true, and I don&#x27;t see much wrong with it. I don&#x27;t like the idea of other code <i>mandating</i> how I should release my code. What if I just don&#x27;t feel like <i>up-streaming</i>? Free is meant to be <i>free</i>, and (A)GPL <i>does</i> incur a cost -- at the bare minimum an ideological one.<p>A lot of reactionary down-voting going on; I&#x27;m quite open to debate. Why are <i>you</i> so passionate about AGPL?

Great explanation, and I hope people get the message. I&#x27;ve tried to explain this to people and companies before, but Drew does it better.<p>Thanks!

I see a lot of reflections from a business point of view.<p>I guess if your sole purpose is to conjure money out of thinware then yes, AGPL is going to be poison to your wallet. Capitalism and AGPL simply does not mix well.<p>But we tend to forget, that the end of the day we&#x27;re all users and have to consume what we&#x27;ve cooked.<p>As a user I tend to lean towards AGPL alternatives, It&#x27;s comfty and let&#x27;s me relax my legal muscle after the hard workout of summarizing this thread.

Why should I listen to the cigarette salesman talking about the harmlessness of smoking?

I release my software under AGPL whenever possible—even if it couldn&#x27;t conceivably be used to provide services over a network—because it means that Googlers aren&#x27;t allowed to use it on their work machines. If Google ever changes their policy on AGPL, then I&#x27;ll either switch to the JSON license or a custom one that will arbitrarily exclude companies and people that I don&#x27;t like.