[License-discuss] What's wrong with the AGPL?

[Richard Fontana]

On Thu, Jun 13, 2024 at 6:30 PM Dirk Riehle <dirk at riehle.org> wrote:
>
> If I believe various representatives (on Twitter and
> elsewhere) of companies like AWS, they believe they can use AGPL
> licensed code and the copyleft effect is wholly contained/doesn't affect
> their tech stack at all. Those who pushed source-available seem to
> agree; the SSPL was an attempt to a better copyleft license in the eyes
> of their creators, irrespective of this list's conclusion that it was a
> discriminatory license.

Yes, as I recall, that is how representatives of MongoDB publicly
characterized the SSPL. In this respect at least SSPL is somewhat
different from the other source-available, discriminatory licenses it
is commonly associated with.

> Why is that? I look at the definition of "modified code" in the AGPL
> license texts and to me it seems to do the trick (copyleft effect). I
> find the explanation of conveyance to users less clear i.e. how the
> traditional distribution is defined.

Of course there is a "copyleft effect" under the AGPL, the question is
how extensive it is. Maybe 12 or so years ago there was, briefly, a
fair amount of interest in AGPL as a topic of discussion among
commercial-world open source lawyer types compared to today, perhaps
in part because of the contemporaneous industry obsession with "cloud"
with which AGPL was, somewhat incorrectly, associated. At the time,
some lawyers advanced the view that the scope of the AGPL section 13
copyleft was potentially unexpectedly broad, sort of anticipating what
was later made quite explicit in SSPL section 13. This view was
generally anchored in a particular reading of the definition of
"modify" under *GPLv3 and the usage of "modify" in AGPLv3 section 13.

This alarmist theory of AGPL interpretation never really caught on
after this brief period, possibly in part because no one wanted to
contend what I think was implied, that either (1) the scope of
copyleft under AGPLv3 section 13 was broader than the scope of
conveying copyleft under *GPLv3, or (2) the scope of copyleft under
*GPLv3 was generally broader than under GPLv2 (in contrast to what I
think the FSF itself had said), or (3) the scope of copyleft under
GPLv2 itself was broader than the commercial world (and community,
including the FSF itself) had assumed by that time. I wonder if you
are rediscovering the argument that was being made then.

It helped that AGPL was pretty marginalized from the start, at least
in comparison to its sibling license GPLv3. In the time frame I'm
thinking of, I am not sure there was much commercially interesting
(and technically interesting) AGPL software other than MongoDB. Some
companies sophisticated enough to care about open source license
compliance made a point of banning AGPL (Google is commonly brought up
as an example, mainly because the Google OSPO commendably published a
lot of their internal guidance on open source licensing). I don't
think these companies should be seen as having seriously bought into
the alarmist interpretation; I think this reaction to AGPL is better
explained in other ways. But other companies determined that AGPL
wasn't particularly more difficult to comply with than GPLv2, since,
after all, the "copyleft effects" were supposed to be more or less
identical, just with unequal triggering events. The most you could
really say is that operational aspects of source code compliance for
AGPLv3 section 13 situations were, in theory, a little more
challenging. In truth, the small number of genuine community projects
adopting AGPLv3 never seemed to really adopt a rigorous view of AGPLv3
source code compliance themselves.

Some years later, MongoDB apparently realized that no one was really
afraid of the AGPL -- actually predictable given the earlier
trajectory of GPLv2, but for the relatively limited adoption of AGPL
by communities and corporate projects. So, as I remember it, MongoDB
published a statement of interpretation of AGPLv3 that suggested that,
indeed, the "copyleft effect" extended somehow to the entire stack
being used by providers of services around MongoDB. This is *not* the
statement that Matt Wilson linked to, which originated much earlier; I
haven't attempted to find a copy. This statement was condemned by many
in the community at the time. MongoDB basically backed down and, a few
months later, published the SSPL and shortly thereafter submitted it
for OSI license approval. So the SSPL was basically an attempt to
write a license that implemented the nonstandard interpretation of
AGPLv3 that had been unsuccessfully put forward shortly before.

> Is there any recognized published statement that explains whether the
> AGPL achieves a network copyleft effect as intended or not? And if the
> conclusion is that it doesn't what's the alternative if you want this
> effect?

I guess the question is, intended by whom? I myself don't believe the
FSF Intended for AGPL to be interpreted as though it were the
later-created SSPL. AGPL ought to achieve a network copyleft effect,
but it's not the copyleft effect implemented in SSPL section 13, which
violates OSD 9 and the important "mere aggregation" principle in the
*GPL licenses (which OSD/DFSG 9 is clearly based on). Indeed, I think
AGPLv3 section 13 has to be read in conjunction with, and is strictly
limited by, the "aggregate" clause in *GPLv3 section 5.

Richard