[License-review] AGPL timeline & why cautious processes with real-world testing are better (was Re: For approval: The Cryptographic Autonomy License (Beta 4))

McCoy Smith mccoy at lexpan.law
Fri Jan 3 18:15:43 UTC 2020


>>-----Original Message-----
>>From: License-review <license-review-bounces at lists.opensource.org> On
Behalf Of Bradley M. Kuhn
>>Sent: Thursday, January 2, 2020 9:00 PM
>>To: License submissions for OSI review
<license-review at lists.opensource.org>
>>Subject: [License-review] AGPL timeline & why cautious processes with
real-world testing are better (was Re: For approval: The Cryptographic
Autonomy License (Beta 4))

>>McCoy Smith wrote today:
>>>    As far as I can tell, AGPLv1 never got on the OSI list ... AGPLv3 was
>>>    submitted in January 2008 AGPLv3 was finalized in November 2007 (so
it
>>>    was submitted to OSI two months after its drafting was completed).
It
>>>    was approved in March 2008 ... So AGPLv3 went from finalization to
OSI
>>>    approval in a mere 4 months.

>>Starting the clock on Affero GPL at the third-party 2008-03 list
submission doesn't reflect OSI's diligence in past decisions.  OSI
leadership was aware of AGPLv1. (I know, because I talked extensively with
>>OSI directors during the years AGPLv1 was the only AGPL.)  No one even
considered submitting it officially because -- as a careful and thoughtful
license drafting authority
>>-- FSF experimented in real world scenarios with a (possibly silly) new
copyleft idea first for years before declaring it official.  Heck, I admit I
was on the wrong side of history on this one: I advocated for >>the FSF to
release a GPLv2.2 in 2003 with the Affero clause in it.  The FSF didn't like
the idea, precisely because the clause was too novel, and needed time to see
if developers felt the clause brought them >>and their users' software
freedom.

FWIW, I wasn't trying to imply that AGPL got some sort of special,
expedited, treatment through the process.  Simon had asked about the
approval process for AGPL, I just pulled up the timeline.

I think one can use  AGPLv3's approval (in a short timeline, and with little
comment) as a bit of a confirmation of what some are saying ought to be part
of the process. Inter alia:

AGPLv1 comes out in 2002, and includes the "copyleft novelty" of Section
2(d), applying the copyleft to network interactions.  It then is used for
several years without submission to OSI, and gains some adoption.
Meanwhile, the OSL, which has a similar novelty, is later submitted to the
OSI and approved.
AGPLv3 comes out in 2007.  It applies the copyleft to network interactions
(now in Section 13) as had the predecessor versions, but includes features
from GPLv3 -- a license also quickly approved for the OSI list, but which
underwent a lengthy and public drafting and revision process.
So AGPLv3 had a combination of a relatively long history of use (for the
copyleft on network interactions), some precedent (approval of a similar
concept in OSL), and an lengthy and public drafting process (for the other
parts of the license that came from GPLv3). 

If one (or multiple) of those requirements are part of the requirements
process for submitting a license for OSI approval, I still think that ought
to be made clear at the outset to potential submitters -- and there ought to
be some direction to potential submitters on what they can call their
license (other than "open source") if they need to rely on long history of
use before submitting.




More information about the License-review mailing list