[License-discuss] Discussion: AGPL and Open Source Definition conflict

Richard Fontana rfontana at redhat.com
Wed Aug 14 15:01:12 UTC 2019

On Wed, Aug 14, 2019 at 10:25 AM Howard Chu <hyc at openldap.org> wrote:
> Richard Fontana wrote:
> > On Wed, Aug 14, 2019 at 9:27 AM Howard Chu <hyc at openldap.org> wrote:
> >>
> >> Clause #10 of the definition https://opensource.org/docs/osd
> >>
> >> 10. License Must Be Technology-Neutral
> >>
> >> No provision of the license may be predicated on any individual technology or style of interface.
> >>
> >> I note that the Affero GPL https://www.gnu.org/licenses/agpl-3.0.en.html clause #13
> >>
> >> 13. Remote Network Interaction; Use with the GNU General Public License.
> >>
> >> Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it
> >> remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing
> >> access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.
> >>
> >> violates the OSD clause #10. This issue arose specifically in the case of OpenLDAP when
> >> Oracle relicensed BerkeleyDB 6.x using AGPL. There is no available mechanism in the LDAP
> >> Protocol to allow us to comply with clause #13 of the AGPL. I believe the same is true of
> >> many common internet protocols such as SMTP, FTP, POP, IMAP, etc., which thus now precludes
> >> servers for these protocols from using BerkeleyDB. It appears to me that AGPL is plainly
> >> incompatible with the OSD and should not be an OSI approved license.
> >>
> >> This is no longer a pressing issue for us since we have subsequently abandoned BerkeleyDB
> >> in favor of LMDB. But I thought I should point it out since it may affect other projects.
> >
> > Can you explain further why you believe this to be so, especially for
> > those who may lack the relevant technical knowledge, or familiarity
> > with OpenLDAP, to assess what you're arguing?
> It appears to me that this clause was designed for web-based applications, or maybe mobile
> apps, where an obvious splash page/startup screen is presented at the beginning of any
> interaction. This AGPL license clause would require you to notify users of the offer to
> receive the source code at this first point of interaction.
> In LDAP, there is no definite "first" interaction - while there is an LDAP request to
> authenticate a user, and this is typically the first request a client issues, it is not
> required. I.e., authentication is an optional step. Leaving that aside, assuming that we
> could identify a first point of interaction, there is no part of the protocol that allows
> us to send arbitrary unsolicited text to an LDAP client, so there is no way to embody a
> message that offers the user a copy of the source code.

I think what you're saying is that, assuming your interpretation of
AGPL (including but not limited to section 13) is correct, a would-be
LDAP implementation with an AGPL-licensed dependency would be forced
to choose between compliance with the standard and compliance with


More information about the License-discuss mailing list