What is the point of this distraction? The Trump team can just keep them tangled up for years in a protracted law suit, and if they lose, they can just publish the source code.
Giving up on expecting copyleft licenses to be enforceable seems reasonable.
Open source wins by overwhelming closed-source advocates with quality code that moves too fast for them to keep up by maintaining their own private codebases or private forks, giving practical incentives to participate in the broader ecosystem.
So open source wins by writing code whose internal APIs change so rapidly that corporate forks maintained by full-time employees can't keep up, while somehow not confusing the heck out of the part-time open-source contributors. That... doesn't sound possible.
I think this may be carelessly worded in the article. It was publicly accessible, but I don't think it was intended to be publicly available to anyone who wasn't developing it. Am I misremembering the reporting on this?
It isn't an issue of whether the developers made an error or not, but whether this constitutes a "release". Both in terms of the license, and the general legality of the situation. I think they would have a hard time showing this was.
Section 5, which they are accused of violating, specifically mentions a release of the software in item (b). Item (c) does provide some ambiguity, but given that the access was unauthorized, regardless of how bad the OpSec was in the part of the developers, I can't imagine a judge enforcing a discovery subpoena. They may have had a case that it wasn't malicious access if they didn't use Trump's name as a handle and post "Pig Poop Balls" meme.
Software licenses apply to releases, and it is not clear this a release. This is the legal question I am asking about, i.e. Does the developers making this publicly accessible for testing constitute a release?
No, software licenses apply to distribution of of software.
The developers made this publicly accessible to users interacting with it remotely through a computer network, in violation of the license. What the developers consider a "release" and their incompetence is irrelevant
A release and a distribution of a product have almost the same legal definition, but in both cases, the definition includes the product being available "for the consumer." If the license is poorly written to include anything else, then it is likely non-binding. But I think it is clear that his was not a public release for the intended audience, and I think it is entirely relevant what state the site was in when the alleged violations occurred.
I'm not asking about whether or not they violated AGPL on a narrow interpretation of the license from a single clause, but whether that caveat in the license is enforceable in this situation. I'm thinking they will have a hard time showing that this constituted a release or distribution under US law.
I was just wanting someone with more legal experience than me to weigh in.
The AGPL license explicitly covers this edge case, it describes the release of software as "a publicly available network server". Whether or not you consider this a 'release' is irrelevant, the requirement for distributing source code still applies. See for yourself:
"If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid."
I aware what the license says, but it doesn't really matter how it's worded or how we would like to interpret it, under US law, this is likely non-binding clause without a release/distribution. The fact that the license mentions release in section 5b makes it clear that either the license wasn't carefully crafted or that this particular edge case isn't what was meant in that clause. If that is what they meant, this seems to violate one of the central tenants of the FSF.
The use of the qualifier 'patent' in the license definitely doesn't clear anything up if Truth Social wasn't released for commercial consumption.
If this was released for consumers, as some above have suggested, then that's a different case, but I haven't seen any evidence of this, not that I spent much time looking.
The access was not unauthorized. In addition to that, a lot of people thought the service was actually launched - there was no authorization step anywhere in the interface, nor mention that it was a "pre-release" or testing deployment.
> Does the developers making this publicly accessible for testing constitute a release?
This has nothing to do with what was done with the software by which users - they all have the same right to the source. All users have the same rights.
> Does the developers making this publicly accessible for testing constitute a release?
Yes. The software was available to users, therefore, those users have the right to see the modified code of the application they used, as granted by the AGPL3 license to which the website operators agreed.
1. I didn't realize that anyone thought thought the service was launched. I've only seen reporting that it was discovered and defaced. This would make a difference.
2. and 3. The license can say whatever it wants and we can interpret it however we want, but at least for US law, it makes a difference whether or not this constituted a release/distribution to be a binding agreement. Non-binding contracts are not enforceable. If you have reporting that it was used by consumers, then this is different, but this doesn't seem to be the case.
36 comments
[ 3.2 ms ] story [ 59.8 ms ] threadOpen source wins by overwhelming closed-source advocates with quality code that moves too fast for them to keep up by maintaining their own private codebases or private forks, giving practical incentives to participate in the broader ecosystem.
No, it seems horrible. We need more free software, not less.
Does it really matter that this project doesn’t offer to send you a paper copy of the source code you can download for free anyway?
We can speculate as to whether the developers made a mistake or not, but it was publicly accessible, putting it in violation of the licensing terms.
It's not a matter of whether or not the developers meant to release it.
Software licenses apply to releases, and it is not clear this a release. This is the legal question I am asking about, i.e. Does the developers making this publicly accessible for testing constitute a release?
The developers made this publicly accessible to users interacting with it remotely through a computer network, in violation of the license. What the developers consider a "release" and their incompetence is irrelevant
I'm not asking about whether or not they violated AGPL on a narrow interpretation of the license from a single clause, but whether that caveat in the license is enforceable in this situation. I'm thinking they will have a hard time showing that this constituted a release or distribution under US law.
I was just wanting someone with more legal experience than me to weigh in.
"If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid."
https://www.gnu.org/licenses/agpl-3.0.en.html
The use of the qualifier 'patent' in the license definitely doesn't clear anything up if Truth Social wasn't released for commercial consumption.
If this was released for consumers, as some above have suggested, then that's a different case, but I haven't seen any evidence of this, not that I spent much time looking.
The access was not unauthorized. In addition to that, a lot of people thought the service was actually launched - there was no authorization step anywhere in the interface, nor mention that it was a "pre-release" or testing deployment.
> Does the developers making this publicly accessible for testing constitute a release?
This has nothing to do with what was done with the software by which users - they all have the same right to the source. All users have the same rights.
> Does the developers making this publicly accessible for testing constitute a release?
Yes. The software was available to users, therefore, those users have the right to see the modified code of the application they used, as granted by the AGPL3 license to which the website operators agreed.
2. and 3. The license can say whatever it wants and we can interpret it however we want, but at least for US law, it makes a difference whether or not this constituted a release/distribution to be a binding agreement. Non-binding contracts are not enforceable. If you have reporting that it was used by consumers, then this is different, but this doesn't seem to be the case.