I don’t necessarily think AGPL is the best license, but I am very glad it’s AGPL catching on and not SSPL and friends. I’ve spoken my piece in recent threads already, but I just think this is more friendly to the FOSS community even if it’s not perfect.
Minio's development culture has a very self-interested feel to it, like it's <i>their</i> thing moreso than the community's thing. Combine that with the corporate pandering it's designed for, and this was a long time coming. Back in February I remarked on IRC "I feel like minio is always one bad day away from changing to some bullshit proprietary license." I'm glad that it's the AGPL and not one of the nonfree fad licenses going around.<p>For those wondering if they can relicense other people's changes without a CLA, the answer is yes. Apache 2.0 is compatible with the AGPL, so it can be relicensed with it (though the original contributions remain available as Apache 2.0). This does not work backwards, however - this is a one-way change. All of MinIO's code is today and forevermore available under the terms of the AGPL.<p>They've done a pretty shitty job of it, though. No one should have a license change sprung on them like this. Further indicates that Minio does not value their community's input.
there is the AGPL [1] and the GNU AGPL [2]<p>now the AGPL is designed to block "Application Service Provider" hole. (closed source shops from using modified GPL source code without publishing their changes, as it is only hosted on a single network destination)<p>Can someone please explain the differences between AGPL and GNU AGPL in this respect? Things are now very fragmented in the land of licenses; is there a resource that compares what they all imply?<p>[1] <a href="https://en.wikipedia.org/wiki/Affero_General_Public_License" rel="nofollow">https://en.wikipedia.org/wiki/Affero_General_Public_License</a><p>[2] <a href="https://en.wikipedia.org/wiki/GNU_Affero_General_Public_License" rel="nofollow">https://en.wikipedia.org/wiki/GNU_Affero_General_Public_Lice...</a><p>[3] <a href="https://stackoverflow.com/questions/2127246/difference-between-affero-gpl-and-gplv3" rel="nofollow">https://stackoverflow.com/questions/2127246/difference-betwe...</a>
Let's say I use Minio in a SaaS app and allow my end users to upload directly to it. With this AGPL license change, is this now considered to be a form of distribution, that would then require me to open source the rest of my SaaS app?
IANAL, but this may be illegal. I noticed that they have a large number of contributors yet seem to have no contributor agreement with ownership assignment. This generally means that any license change would need the agreement of every past contributor (as it should). There are good reasons (for the primary author(s)) to enforce copyright assignment for contributions.<p>Besides legal issues, I consider changes like this to be very slimy since you are kind of pulling the rug out from under people. I would expect a huge discussion to take place before doing something like this to try and let people move off of the platform if AGPL does not work for them for whatever reason.
An interesting side point is that the founder of Minio was also the founder of Gluster, which was also briefly AGPL (just before the Red Hat acquisition IIRC). I think it makes even more sense for Minio, as an install is more likely to be made directly accessible to users. AFAIK nobody ever did that with Gluster - I used to be a maintainer BTW, and thus know a <i>bunch</i> of people who followed AB to Minio - because it would have been insane.
Is there a CLA or similar? Maybe I missed it, but I couldn't find anything in the CONTRIBUTING.md document. Or did they literally get every past contributor to agree?
Remember, AGPL does not stop you from self-hosting or running a business on the software! It only requires you to share changes <i>if you modify the software</i>, which is a very reasonable requirement.<p>I'm planning on launching a managed S3-alike service later this year and Minio is going to be what I use, it remains to be seen if they'll go to SSPL/BSL or anything else when enough people do this (maybe most wouldn't because of AGPL FUD so that's my uncommon advantage?).<p>On a wider note though, is this going to be the projects/companies now?<p>- Start permissively F/OSS project<p>- Entice the community to contribute/produce content/market<p>- (optional) Sell the project/cash out some how/get acquihired<p>- Change the license of the project<p>- Make all the new stuff source-available but not F/OSS to encourage people to get commercial licenses<p>- ???<p>- Insert ads/subtle advertisements/banners into the OSS product so people are discouraged from hosting it (this is speculation, I assume this is what comes next)<p>I sure do wish projects would be SSPL/BSL from the beginning, I want the freedom to be able to build a business on my freely obtained immensely valuable software, including hosting it, without worrying about rent seeking activity later.<p>PS: yes, I'm aware of how incredibly selfish that last bit sounds, but I want to be honest about it -- this is what everyone is doing and why F/OSS software won. There's a world where we can build sustainable F/OSS software that runs on something other than donations, and IMO it looks like what Let's Encrypt's managed to do, where organizations that gain immense value from something do revenue-share style deals, but that's a discussion for another time.<p>[EDIT] I just want to soften this -- I am <i>NOT</i> against companies making money from software. IMO AGPL is a great license because it actually maintains that freedom and requires contribution back (or monetary support). I just find that I am increasingly on edge whenever I see projects advertised as "open source" (but not free) and wonder if I'm just walking into a very nice, free-for-me mouse trap.<p>BSL is a very nice license as well, it's straight forward, and IMO a great way to build an open source software company -- no one gets mad at Sentry for their license terms, because it's straight forward and obvious, and still giving a way value for free, just on a time delay.<p>[EDIT2] I could have sworn there was a license that was like BSL but required anyone making over 1MM/year using the software to make some sort of contribution back, licenses like that might be cool too.
I'm not sure something like that is legal:<p><pre><code> - https://github.com/minio/minio/blob/master/pkg/argon2/argon2.go#L38
- https://github.com/golang/crypto/blob/master/argon2/argon2.go
> forked from https://golang.org/x/crypto/argon2
> modified to be used with MinIO under GNU Affero General
> Public License 3.0 license that can be found in
> the LICENSE file.
</code></pre>
relicense the file based on a small change and also having two licenses on the same file?
I'm not so sure, if the go authors are happy about that.<p>they should probably consult a lawyer...
Why are most software engineers so terrible at basic comprehension? Licenses are just a set of instructions, how do we consistently fail to follow them?<p>You <i>can't</i> relicense something that is Apache 2.0 as AGPL. You need explicit approval of every single contributor (whose code still exists in the project).<p>You can <i>also</i> attach the AGPL, but it is <i>not</i> a superset of Apache 2.0, which for example contains constraints that require you to <i>clearly</i> indicate each and every time a file is modified.<p>Incidentally, the Apache 2.0 is a terrible license for modern open source, and it probably shouldn't be used.<p><i>EDIT</i>: To people responding, my advice is to <i>read the licenses</i>. Don't read a dot point summary, <i>read the licenses</i>. Seriously, <i>read the licenses!</i><p>Sorry, this drives me a little mad.<p>Of course you can include Apache 2.0 code in an AGPL project. The point is contributors contributed their code under the terms of the Apache 2.0 license. To use that code, you must meet the terms of that license. You can slap additional requirements on, you can't remove requirements.<p>In fact, one requirement is the very fact you can't remove the license text itself!