[License-discuss] Discussion: AGPL and Open Source Definition conflict

Kevin P. Fleming kevin+osi at km6g.us
Thu Aug 15 10:42:23 UTC 2019

In my previous job we had a similar discussion related to software
which provides connectivity to clients using SIP (Session Initiation
Protocol). Even though it would be possible to provide an indication
of the AGPL license and URL to obtain the source code during SIP
session negotiation, no SIP client would ever make this information
available to the user of the client. Bruce's point about the
information being visible in the network traffic was considered in our
discussions, but then we realized that any implementation which used
SIPS (SIP over TLS, analogous to HTTPS) would mean that the
information would *not* be visible in the network traffic; it would
only be visible inside the client software after decryption.

In the end we decided that the AGPL would not provide any additional
protection over the GPL in such a scenario. In order for the AGPL's
protections to be effective at ensuring software freedom, the software
distributed under the license must present a user interface directly
to its users in a form that is meant (and expected) to be seen by
those users.

On Wed, Aug 14, 2019 at 5:52 PM Roger Fujii <rmf at lookhere.com> wrote:
> On 8/14/2019 1:41 PM, Howard Chu wrote:
> > Richard Fontana wrote:
> >> The precise question here seems to be whether the server operator can
> >> be said to be "prominently offer[ing]" the opportunity to receive the
> >> source code in this sort of case (the hypothetical where existing LDAP
> >> clients cannot recognize the extension). To the extent that's an OSD
> >> 10 issue, I guess it would be because in the context of particular
> >> technology standards, it may be impossible to "prominently offer" in
> >> any meaningful sense. But that goes back to the issue of whether
> >> "technology" in OSD 10 includes any specifically defined technology
> >> standard.
> > Expanding on this - I know of no technology standard that allows a low level
> > client library to prominently display anything to an end user, particularly
> > if that library is buried under multiple layers of other libraries. E.g.,
> > while LDAP software is commonly used for end-user authentication, it is seldom
> > used directly - it is most often used under PAM/NSS or SASL or any of a variety
> > of other intermediate security/authentication APIs. None of which provide any
> > particular mechanism to route low-level informational messages to the end user.
> [snip]
> One can look in /etc/services and get a quick non-exhaustive list.
> Even with some web services (websocket for one),
> it's not clear how one would do such a thing in a safe way.   But more
> to the point, how is this issue any
> different than the BSD w/advertising clause (which is not accepted by
> the OSI)?   Getting serious deja-vu here.
> Roger Fujii
> _______________________________________________
> License-discuss mailing list
> License-discuss at lists.opensource.org
> http://lists.opensource.org/mailman/listinfo/license-discuss_lists.opensource.org

More information about the License-discuss mailing list