It's more complicated than that. Part of the problem is that it's difficult to predict how a variety of complex situations will turn out in court. With strongly opinionated licenses like AGPLv3, it's difficult to know if you're using the software "safely" in full compliance with the license without putting yourself at risk in unintended ways. Many of the complex situations that could come up in a protracted legal battle have not been tested in a court, so there is no precedent allowing one to determine for sure how technical issues will be viewed in terms of the license.
Due to the risks and complexity around these issues, and the high cost of "getting it wrong" either in one's analysis or in making a mistake, many firms choose to stay away from projects licensed with AGPLv3 even if they are actually intending to use the software in a way completely compliant with the license. Using it even the right way, safely, is viewed as too much of a risk.
The legal teams for many large companies recommend a company policy that prohibits using GPL and AGPL software outright - that's just using (running on company servers), not modifying, and not redistributing anything but the original version. Attaching a license like GPL or AGPL is a good way to kill enterprise use of a program even by companies that are conscientious about open source. See how Google views the AGPL, for example: http://www.theregister.co.uk/2011/03/31/google_on_open_sourc...
Perhaps it shouldn't be this way, and perhaps these legal teams are being overly cautious and someone should be push back, but that's how it is today at many companies. Attaching an AGPLv3 license means that I can't use it, while I can and do use Apache-licensed projects, and contribute improvements or fixes arising out of corporate usage.
Choosing a license is difficult. There is no question that choosing a more permissive license lowers the bar for participation.
However consider what they are building here: a mail client that purports to securely send and store email. Imagine you are working for a company that uses Mailpile. You think that your email is secure and encrypted because you are using Mailpile. Instead, you management has hacked in a back door to spy on your communications.
As you mentioned, perhaps someone should push back. I'm not involved in Mailpile, but it seems that this is exactly what they are doing. They are drawing a line in the sand and saying, "You must show your users any changes you have made to the system because otherwise how are they to trust it?"
It's clearly a tradeoff and also clearly not an easy decision. Do you give up a little bit of your goal of protecting users at the benefit of having wider exposure? Or do you refuse to compromise and suffer from potentially having less adoption? It doesn't seem that they took the decision lightly.
You think that your email is secure and encrypted because you are using Mailpile. Instead, you management has hacked in a back door to spy on your communications.
I don't think a license can solve this problem. I doubt someone who's willing to spy on people is afraid of breaking an open source license.
In that article, the Google employee explicitly said that they do not want to publish a lot of service based software to the outside world. Their business model is based on proprietary service based software, and AGPL is about free and open source in service based software.
GPL on the other hand is about free and open source in product based software, and this do not conflict with Google's service based business model. This allow them to use GPL licensed copyrighted work which they have not authored, and distribute that to gain an competitive advantage in markets that supports their service based revenue source.
If a company do not have an identical business model, copying google will only cost the company. Either they will be overly cautious and the competition will produce cheaper and better way to produce revenue, or they will be overly receptive to legal actions. To make the car analogy, trying to drive exactly like someone else is going to make you crash into something. You need to make a analysis where your car is, and make decision based on the road and the traffic in relation to you.
Examples where AGPL makes little impact on a company revenues and commonly uses a webmail product: Internal use in a company, an ISP, or a dns/hosting provider.
I can definitely see how AGPL would give legal departments a collective heart attack. It's quite onerous, if triggered, and who wants to risk their job for a stupid piece of software?
Yep, many organizations banned it already and few guys are learning it the hard way that they should have. Google requires special approvals to even use AGPL in their network. It is kind of funny that these guys who want AGPL showed down your throat happily use non-AGPL code.
If you modify the source, the AGPLv3 requires you to "prominently offer all users interacting with it remotely through a computer network" the ability to download the modified source. As far as I can tell, that includes anyone who can so much as view the login screen - there's no minimum level of interaction required - which means that even people who are only running Mailpile for their own personal use are affected. It definitely doesn't just affect SaaS providers even though they were the main target of the clause.
Simply running the software does not require me to accept the license. This is explicitly stated in section 9 of the licence. So it doesn't matter what it says in section 13, I don't have to comply with it. If you don't modify the software and don't "convey" it (for which usage is specifically not "conveyance" as per section 0), then there is no exposure to risk at all.
What does trigger that (which you somehow elided from your quote) is modifying the source. I must accept the license in order to modify the code as stated in section 9.
Having accepted the license I have a responsibility to offer the changes to all "users" interacting with it remotely. Very unfortunately, they don't provide a definition of "user". This may be intentional, though. There are legal definitions of the word "user" and it may not be possible/desirable to try to override the term in the license.
IANAL but in my experience, people who gain unauthorized access to software are not defined as a "user". I can't enter into a contract with an entity of whom I am unaware. There is a crucial difference between inviting people (even random people) to use the software and having a system that just happens to be accessible. There is a huge amount of case law on the topic, so if you are really curious I'm sure any lawyer can give you good advice.
Yep, these licenses are banned in Amazon for example. I am also refusing to use AGPL projects because I think free supposed to be free in the BSDL sense and not some weird awkward way that AGPL is trying to force on people.
Trying to follow your logic... Freedom is important to you... so you measure a software license's merits by whether or not it is blessed by Amazon "We-delete-Orwells-1984-from-your-kindle" Inc. Amazon probably just hates RMS because he always calls them out in every speech he makes.
And the licenses are 2 totally different animals anyhow... BSD license incidentally grants some freedom... but FSF's licenses are designed to protect it.
Not really. I just know that Amazon's lawyer team has more expertise in law than I do. They also run a relatively large business while I am working for a small company. If their legal team decided that protecting their IP is best done by not opening up the company to a lawsuit (have you seen what happened to VMware btw?) than I think it is a pretty safe policy to follow for us the smaller corporation with smaller legal team.
I measure freedom in the license context by how much I have to do using a certain licensed software.
MIT, BSDL, Apache, EPL -> nothing
AGPL -> I need to open up every single thing that touches the service that uses AGPL
Which one is more free? In my interpretation the former. Please convince me that AGPL is more free than the other licenses. On the top of all that jazz, I really dislike the GPL/Gnu agenda of defining freedom to me. Let me show you what is the definition of freedom:
"the power or right to act, speak, or think as one wants without hindrance or restraint."
Opening open source code that I have no intention to open up sounds pretty restraining to me and also it qualifies as hindrance...
Screw millenia of political thought. Someone on Hacker News has defined what freedom is. That problem is now officially solved. Everyone can go home now. All those tiresome debates on libertarianism and positive vs. negative freedoms, dead. You've solved it. Congratulations. The debate is officially over.
I also don't necessarily agree with them, but: As already pointed out in other places in this thread, (A)
GPL isn't about your (the developer offering a service) freedom, but focuses on the users. If you don't subscribe to their definition of freedom, of course it doesn't appear more free to you, and really the only way to convince you otherwise would be to convince you that their definition of freedom is the more important one.
And even then one can argue if the AGPL serves this best, because it also doesn't really help users if no-one offers services based on the software because they don't trust the legal situation.
By your definition, my inability to fly like birds qualifies as a lack of freedom.
I think you may be confusing your freedoms with your concrete possibilities (i.e what you can do).
Also, you need to distinguish the freedom of your users (X) from the freedom of the redistributors (Y).
The (A)GPL licenses are about taking away some of Y to increase X.
And a good way to completely scare away a good subset of potential users.