111 comments

[ 4.8 ms ] story [ 187 ms ] thread
Interested in a legal take based on case law. Looks like this is a reasoning from first principles from the underlying law, but it doesn't consider what courts have said on the matter
This is why I don't like GPL-like licenses; Only a court ruling will give you a degree of certainty.

Now sure, you could argue that's the case for all OSS. But the GPL family of licenses leave a lot of legal wiggle room. Unlike for example file based licenses such as the MPL or CDDL.

The LGPL is also an interesting one. People tend to think it's less strict then the GPL. However it has a clause which says you need to provide the means for someone to change the LGPL library and reintegrate those changes in your work. How does that even work for a statically linked binary?

In practice, you can’t statically link. Some LGPL libraries explicitly include a static linking exception.
You can. At least with C and C++. It is just tedious. You can provide the object files of the closed program or reduce it down to single object file.
Is not that the case for basically anything? At the end, if there is a conflict, you have to go to court, and then the better lawyer will win.
You also ship a .o file that includes everything _except_ the LGPL-ed library. The user can re-link against a newer .a to get a new linked executable. I'm not sure I've ever actually seen it done though… And that's just C—what does it mean for something like Go or Rust where it's not really easy to get partially linked program? No idea :-).
> The LGPL is also an interesting one. People tend to think it's less strict then the GPL. However it has a clause which says you need to provide the means for someone to change the LGPL library and reintegrate those changes in your work.

Isn't that true only for LGPLv3? This requirement also happen on GPLv3.

> How does that even work for a statically linked binary?

I learned it this way: LGPL is basically GPL unless you dynamically link.

Sure, there are workarounds to make it compatible with static linking, as others have mentioned, but unless you’re willing to jump through those hoops, LGPL restricts you to only dynamic linking.

(comment deleted)
At least in some places in Europe, at the time that you have some dispute like this you will need to prepare and disclose provisions for your shareholders and place that in your balance sheet as a potential liability.

I've worked in a company that entered in a dispute with Microsoft regarding licensing of SQL Server, and since the legal dispute was more than USD 2 million our CFO was obligated to place that as a balance sheet loss under legal provisions. Eventually we won the case and the "money" went back to the cash flow.

(comment deleted)
I think that is the point. This license hasn't been battle tested in a court room that much. And until it is, we can't really know what is and isn't enforceable. People supposing it should be interpreted this way or that way, mostly aren't lawyers. So, that means there's a good chance they are wrong. But more importantly, how important is it for you to be right/wrong about your own interpretation?

Of course a bit academic for most developers. But for most companies that don't like uncertainty around the topic of who actually owns their core intellectual property, this is a good reason to blanket ban the use of anything AGPL licensed.

Personally, I avoid the anything AGPL licensed for a different reason. I write software for a living and with the goal to profit from that directly or indirectly. People using AGPL seem to be signalling that they don't appreciate other people using their software for profit. So, I respect that and ignore their work. Plenty of more liberally licensed software out there where the developers seem to actively encourage people to use their software. I like feeling welcome as a user. And I don't feel welcome using AGPL software. So, I don't.

> This license hasn't been battle tested in a court room that much.

This is kind of considered a feature, isn't it? Every time a disagreement is taken to court, it's a failure of all sides. Courts are expensive and a time waste, so we create contracts that avoid all of that to try to get parties to work together without the courts. AGPL has been enforceable, in general, because of all the case law around general copyright law.

Depends if you want a license you can rely on on both sides with zero ambiguity on what is and isn't enforcable, having a few court cases confirm this is nice.

The lack of court cases has a perfectly reasonable explanation: no serious company with a legal department would bother to touch anything licensed this way. The companies most likely to be able to represent themselves in a court are also the most likely to have a policy of just blanket banning anything with this license.

As a means of alienating end users, the AGPL is an enormous success. As a means of actually enforcing what it says, it's largely unproven.

> People using AGPL seem to be signalling that they don't appreciate other people using their software for profit.

No. We use xGPL to protect our (developers) and users "right to repair". xGPL developers don't care if you are selling and making a profit from the software they created (and you maybe enhanced). What they want is that you do so by also ensuring that every user of your software also has access to the source code so that any developmental knowledge is not lost or the software doesn't become abandonware when it is no longer profitable to sell it.

Maybe?

Most often, though, I see AGPL licenses paired with a commercial license, as well as a CLA that assigns the copyright of any contribution to the licensing company allowing them to relicense the software with a commercial license.

In this case, I don't see it protecting users' rights, but rather as a means to monetize the software.

Yes, dual licensing is a one way to commercialise xGPL software. Note though that it still protects the developers' rights:

1. You have to seek explicit permission from the developer of the xGPL OSS code to use it under a different license. 2. The xGPL version of the software perpetually remains xGPL, even if a closed-source version is being sold.

Compare that with other more permissive OSS licenses, like MIT or BSD. If I create an OSS software and license it under either MIT or BSD, you can close-source and distribute or sell it anytime without even needing to get my permission.

Note though that the whole business model of close-sourced software stems from the capitalist belief that the maximum value of a commercial software can only be derived when its source code is not shared. And this is true - when things can't be repaired, planned obsolescence is built-into it. The harder something is to reverse-engineer, the harder you make it for your competition to match the features of your product. In our industry (software) this is ensured by closed-source softwares.

This invites the question whether it is permissive license that have prevented truly open source business (with no closed-source software products) from emerging and flourishing? If there was no permissive licenses, where in OSS codes with such licenses can be easily turned to closed-source products, maybe the closed-source business model wouldn't have retained their attraction.

Just like every other OSS license. Sorry but this is not a reason for preferring AGPL over other licensed

And of course the real reason that some developers prefer AGPL is because of the restrictions it imposes on how the software is used. Those restrictions relate to bundling with other software, which is a thing many commercial users would want to be doing. And which is a reason why the likes of MS, Oracle, Google, Amazon, etc. are unlikely to employ anybody that actively contributes to such projects.

You could argue that because of the lack of commercial contributors, a lot of AGPLv3 projects are doomed to be abandonware.

Just like every other OSS license.

No, not like "every other OSS license". OSS licenses, like MIT or BSD for example, allow others to modify and "close-source" it. The license doesn't oblige them to produce or distribute the source code. xGPL however makes it mandatory for any developer to share the source code if they distribute any xGPL software that they have modified. This is why corporates don't like the xGPL - it's not because it can't be commercialized, but because of their belief that the maximum value of a commercial software can only be derived when its source code is not shared. And this is true - when things can't be repaired, planned obsolescence is built-into it. In our industry (software) this is ensured by not distributing the source of the softwares.

I thought mere modification of a copyrighted work would be a right granted by copyright—or at least the act of deploying it (by virtue of making copies of that application)? So to make such copies you would be need a license to do it and if you choose not to agree with the license, regular copyright permissions apply. IANAL etc of course :).

E.g. https://www.copyright.gov/help/faq/faq-digital.html suggest you can only make "archival" copies of applications.

If you don't modify the application, AGPL is not very interesting; the public usually already has access to the source code.

>modification of a copyrighted work would be a right granted by copyright

no, it's a right granted by the license, if you have one. The copyright grants rights to the author, not anybody else.

Really? Do I need a license to cross out words, and write in some of my own, in books that I've bought?
yes! you're getting directly at what I'm trying to explain.

you need a license to have a copy in the first place, and you need a copy to cross out words, so yes, you need a license to cross out words. You don't need a special extra license, but you need a licensed copy or you are in violation of the copyright.

So this is the "trick" in copyright law that the GPL uses. It's granting you the have-your-one-copy-license if you agree to the terms. After that point, violations on your part do not void the "terms of the license", they void your license to have a copy in the first place.

the only person who does not need a license to have a copy is the original author, so if you buy a copy of a book you wrote, you (alone) don't own a licensed copy, but you do own the copyright on the copyrighted copy that you bought.

> you need a license to have a copy in the first place

I'm pretty sure you need a license to make a copy.

When you buy a book from a bookshop, you don't need a license to own it. A license was needed to make it, but the publisher got that from the author when the author agreed for the publisher to publish the book.

After that the first-sale doctrine kicks in. You can resell books you own, or scribble in them, or set them on fire, or rent them out, and there's nothing the copyright holder can do. They authorised for that copy to be made, what happens next is up to the owner of that copy... with the exception of the right to make another copy from that copy. That's still reserved for the copyright holder. Hence, copy-right.

> so yes, you need a license to cross out words.

Sorry, but that's absurd.

at this point the discussion is devolving to a semantics debate, and it may not even be the case that the word license has such specific definition, hence why courts are required to adjudicate and the outcome of such cases cannot be predicted. However, I'm pretty sure my interpretation is more accurate.

Here, quoting from the GPL itself: "You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force."

This is referring to a copy that you have already made, and they are pointing out that you have a license to that copy, and your license to that copy could go out of force.

>8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License

again we see, it's not that the license's job was done after the copy was made, but that the license on an ongoing basis is what allows you to maintain your rights to the copy.

The first sale doctrine isn't a separate doctrine than copyright and license law, it is a subset, and applies to you transferring your licensed copy to a new person. Were it not for that, you license would not transfer.

>Sorry, but that's absurd.

no, it's not absurd that if A requires B, and B requires C, that implies that A requires C, it's a fundamental principle of mathematics/logic, modus ponens or something.

Random post on the internet by what seems a a nonlawyer. Be careful.

"The AGPL, like the GPL, is a copyright licence, not a contract" actual authoriative legal source needed. For what it's worth, this is plain wrong under French law (and I'm a lawyer and there is actual case law in France to support the view that GPL is a contract).

It looks like their main point is this one

> But this means that it is impossible for the GPL to restrict any action which you would have been legally authorized to do even if the software had not been licenced under any licence.

how would this statement be affected by French Law?

This is an actual interested question and not HN know-it-all being aggressive and trying to claim you're wrong (figured I should say it)

The analysis is wrong even if we accept the flawed premise presented (whether in US or French law).

Section 13 of the AGPL which is the one the author says is ineffective starts:

"Notwithstanding any other provision of this License, if you modify the Program, your modified version must ..."

The obligation starts from "modification" of the software, and modification of software is an act protected under copyright law. Hence you need an authorisation for it (without prejudice to fair use and copyright exceptions of course).

not a lawyer, but if there is no requirement without modification, lets say I developed X, someone made a version Y, they gave it to you. ( as you are the only user, they are only required to share modifications with you ), then you run this without modifications as a network service. how is it ensured users of you have access to the source?
Here's how it goes:

You develop X and distribute it to B.

B modifies X (becomes X.1) and because B has been well advised by lawyers, B knows that modification of software is an act restricted under copyright law, and so B went to go read the LICENSE file and found Section 13 of AGPL. As a result because he/she is diligent, B ensures that the source code of X.1 can be accessed by putting a link to a server in X.1's user interface.

See Section 13 of AGPL:

B's "modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge ..."

B distributes X.1 to C

C runs X.1 which is a version that already offers all users a way to get the source code.

You're absolutely correct and if I'm not wrong this is a common loophole used by companies to get around the AGPL (when they really want to)

That is, contract the development to a third party. Let's say A wants proprietary modifications to an AGPL product (X). A contracts B, a solutions provider to make the changes. B is legally required to provide the changes to their X.1 product to anyone that uses it. However, only A is their direct user. Now since A did not modify X to X.1 they are not required to provide a direct download link in the application to the sources for X.1

I'm unsure if GPL style protections still apply and I as a user can request the sources from A by making an explicit request. (I guess not, since they never shared the application with me, only access to it via the network)

i don't think that works. it should not matter who makes the modifications. you are running a modified version of X hence you must provide the source.

but the distribution requirement in the AGPL should trigger just as well as in the GPL. the only difference is that access through the network is added as a trigger.

so i don't actually believe that the AGPL distribution requirement only triggers on modifications. it should trigger on unmodified versions too, just like the GPL. whoever provides the program, is required to provide the source.

this certainly was the intent, and if the AGPL does not implement that intent then that would be a major flaw, which i can't believe they would allow to slip through when designing the license

Yes and no, I think. If you have a valid exemption under copyright (e.g. fair use) then you don't need a licence for the use or making of the derivative work. Obviously such a defence (e.g. fair use) would likely be very difficult in the context of commercial use of the copyrighted work.
Modification of software for your own use is fair use. This was established in Nintendo v. Galoob.

Take for example the DeHackEd Doom patch editor for old-school DOS Doom, which patched the Doom.exe binary to change player speed, enemy behavior, text messages, etc. in ways that WADs alone couldn't. You are free under copyright law to use DeHackEd to patch your own binary, and to distribute your patches so others may use DeHackEd to apply them, but not to distribute patched Doom binaries.

The same holds true for any game mod, really, and even those Windows installer editors which produce stripped down versions of Windows (like 98lite or the more recent Mini11).

Seriously? The author did not read the license and declares it ineffective?

I mean come on. The entire point of the AGPL is to make the GPL apply even in the absence of distributing anything.

(comment deleted)
Not a lawyer, but as part of my degree, I had to study the relevant parts of the law for an engineer. The one thing I learned, and the teacher (lawer) was very clear about: “all is a contract”. Event two people agreeing something with a handshake, if witnesses are present, can be enforced like a written contract. So I’m extremely uncertain of the assertions made there. Also the AGPL was written with lawyers involved in the process…
It's both, right? It's a contract that grants a license.
Let’s say I use some code from stack overflow and it turns out to be GPL. Can the owner of the code sue to compel specific performance of the GPL? Probably not, since I can’t be bound be a contract I never even saw, I can be sued for copyright infringement however.
No, that's just copyright infringement. You use the license as a contract in order to use the code without infringing on copyright.

If you don't adhere to the conditions in the license, the license is revoked, and you're back to copyright infringement, with all the consequences.

I'd assume you follow Stackoverflow's license here (creative commons). You do follow the necessary attribution requirement that Stackoverflow demands of you when you copy snippets from the site, don't you?

If you're made aware that the code you copied in good faith was not allowed to be granted to you under those terms, you'd probably just lose your right to use the code and nothing more. The person redistributing code under a wrong license is the main culprit, but since they were never allowed to hand out a license, you're screwed because of them. If you choose not to distribute the source code, you must remove it from your product as soon as possible.

Of course, this does assume that the code you copied passes the originality threshold. A simple multiplication or a very basic algorithm can be considered too simple to copyright, and GPL would be powerless.

It's so possible the use of the copyrighted code can be considered fair use. In the USA, Oracle sued Google over some GPLv2 API definition, but Google was ruled not to have to abide by the terms of the GPL license in that case, because of fair use reasons.

Under US law, a license is different than a contract. The GPL and friends are very explicitly NOT contracts (in contrast to EULAs, which try to be).

Which is super-helpful only if you never intend to leave the US.

Most software has users in 200+ jurisdictions, and you can get sued in almost any of them. A court in the Maldives or New Zealand might have a very hard time enforcing a judgment if your legal presence is only in the US, but outstanding judgments can mean:

1) A cap on growth (you can never establish a presence in those jurisdiction until / unless you've resolved you ballooning liabilities)

2) A cap on acquisitions (you can never be sold to or buy an organization with a legal presence there, again, without work)

3) In a worst-case, if the liability is bad, being personally thrown in prison the instant you step off of a plane in a jurisdiction where you have outstanding liabilities.

... and other badness.

It, therefore, often make sense to avoid walking along the edge cases of the law.

> The GPL and friends are very explicitly NOT contracts

The FSF and friends have very explicitly commented that the GPL is not a contract. (In my experience, they are also rather sloppy lawyers in the sense that they tend to put ideology over positive law.) There's nothing explicitly saying so in the GPL text, and the section saying that if you don't accept the "license" you will be in violation of copyright law can actually be read both ways (IMHO).

If you search around, quite a few jurisdictions have apparently ruled that the GPL can be treated as contract. Even the US, maybe: https://qz.com/981029/a-federal-court-has-ruled-that-an-open... (note: take conclusion with a grain of salt). From a common law perspective though, there's really no reason to not consider the GPL a contractual license..

That said, I honestly don't know what's worse -- breach of contract or breach of copyright law. The latter can sometimes carry criminal consequences (and yes, you can be extradited if you are unlucky), while a court ordering performance of contractual obligations can be bad if it's really inconvenient for the business.

> The FSF and friends have very explicitly commented that the GPL is not a contract.

One of the interesting pieces of law is that in a situation like this one, the intent of the drafter is strongly taken into account. The FSF says it's not a contract, publicly and vocally. That will be used in any court, and a court is very unlikely to overturn that.

> (In my experience, they are also rather sloppy lawyers in the sense that they tend to put ideology over positive law.)

I can't speak for FSF lawyers in general, but Eben Moglen, who drafted this language, is a super-careful lawyer.

> Under US law, a license is different than a contract. The GPL and friends are very explicitly NOT contracts (in contrast to EULAs, which try to be).

Why are EULAs contracts and the GPL is not?

He's wrong.

Under U.S. law, a license is a contract. In fact, an EULA is an "end user license agreement."

The difference between a license like the AGPL and a normal contract is in how the contract is formed. Normally a contract requires explicit acceptance to be valid, but for licenses implicit acceptance is allowed, such as by using the licensed material after having been showed the license governing the use of that material.

A few reasons:

1) A contract requires a meeting-of-the-minds around an agreement. For an EULA, you click [I agree].

2) A contract requires consideration. With an EULA, there is generally clear consideration exchanged.

3) It's called an "agreement" whereas the LGPL/GPL/AGPL is very careful never to do that or to ever say "agree"

4) the drafters stated it's not an agreement

... and so on. In other words, every effort is made into making EULAs act as contracts, and the opposite for FSF licenses.

More background: https://www.gnu.org/philosophy/enforcing-gpl.html

Excerpt for where to start reading: "This right to exclude implies an equally large power to license—that is, to grant permission to do what would otherwise be forbidden. Licenses are not contracts: the work's user is obliged to remain within the bounds of the license not because she voluntarily promised, but because she doesn't have any right to act at all except as the license permits."

Once you’ve lawfully obtained code you don’t need a license to run it in the USA. The Copyright Act explicitly gives you the right to make additional copies necessary (like loading into memory) to execute it so no license is required to run it.

Much like most lease agreements that are full of illegal or inoperative clauses, EULAs are largely a bluff backed not by the law but the other party’s ignorance and the threat of a ruinous lawsuit. The process is the punishment.

Of course once you want to redistribute or create derivative works you need additional permission.

What constitutes as a contract can depend on the legal system at play. Even in western legal systems, the English, French, and German based approaches to law can have different implications when it comes to philosophical questions like "are licenses contracts". As far as I know, GPLv2 is considered a contract under these legal systems, but I'm not lawyer.

AGPL and most GPL derivates were certainly made with the help of lawyers, but those lawyers overwhelmingly studied American law, since that's where these licenses came from. They can be used in other countries of course, but they are full of American legalese. Direct translations do exist but they don't alter the words to accomplish the same effect under different systems of law. For example, the vitality of GPLv2 does not apply in Germany: https://cms-lawnow.com/en/ealerts/2022/01/developments-in-op... and GPLv3's punishment clause protecting violators for their first incompliance, without further punishment, was denied: https://blog.versioneye.com/2015/09/21/judgment-to-gpl-viola...

The exact same legal text can have an entirely different meaning when interpreted by a foreign judge in another country. What is a watertight contract in one place, is a breach of a party's freedoms in another. There's a reason the exact text written in treaties is argued over for years, because it's challenging to express what you want to say in a way that's legal for every party's jurisdiction.

Is it possible to have the contract be explicitly split into two wordings, one for each legal system?
That probably depends on the legal systems in question.
There are more than two legal systems in the world.
I think the GP was assuming there's only two parties to a contract, thus only two jurisdictions need to be considered.
And yet, free and open source software licenses are meant for licensors and licensees from around the world, so far more than just two jurisdictions for any of the common licenses, and rarely for only one or two jurisdictions even for more custom licenses except in the case where the license is different per jurisdiction or where almost all (licensor, licensee) pairs are in one or two jurisdictions.
Probably not. It's so much easier to choose one jurisdiction and do everything there. For multinationals they'll set up a legal entity in each jurisdiction and rewrite their agreements to be compliant in each place.

International law sucks and it's 100x more expensive than enforcing a domestic agreement.

I agree with your general point (and I upvoted), but I think the author of both of your links misunderstands how even American courts would apply the GPL.

As to the first link:

When a person redistributes a GPLed program or a derivative work of one and refuses to share the source code with their recipients, there is a reason even most American GPL lawsuits are brought by or with delegated authority from a copyright holder of the original work. A regular recipient with no copyright claim might not have as strong of a claim to standing, especially if the defendant claims not to have consented to the GPL in the first place.

Without consent to the GPL, or even if the GPL is breached after valid consent, it’s entirely possible that the consequences imposed by an American court will be damages for copyright infringement and an injunction against further distribution of the infringing work without further copyright holder permission. It is not automatic that source code sharing, which would be an example of what’s called specific performance, will be ordered. It’s only one tool in a court’s toolbox of remedies, and a relatively disfavored one (especially in cases like this where unrelated corporate trade secrets might be exposed by such an order or where conflicting third-party licenses might actually forbid compliance).

The reason some level of source code sharing often results from these lawsuits is not because of a clear legal right to demand that a court order it, but because defendants usually prefer to comply than pay damages and suffer an injunction against further infringement, and plaintiffs in GPL lawsuits usually prefer to forgive past infringements in connection with obtaining compliance.

As to the second link:

The approach of American courts to this circumstance would likely vary by state. The GPLv3 doesn’t actually say that the penalties for the first violation are waived if the violation is cured within 30 days, and the wording for what it does say in this provision isn’t ambiguous, so some American courts would limit their analysis to the “four corners” of the contract/license and not infer a waiver of the penalties for the first violation any more than did that German court.

Other American courts would accept evidence of what the licensor or the license author intended, and therefore possibly waive those penalties in case of a timely cure.

(When I say “some American courts” or “other American courts”, it’s really a matter of which state’s law applies more than which court. But which court is actually making the ruling may literally matter when the relevant point of the relevant state’s law has not been clearly settled by that state’s highest court, when that highest state court is considering reversing its own prior ruling, when it’s unclear which state’s law should apply, or when the court makes mistakes in inexpertly applying the law of a state whose law it doesn’t often apply.)

A lot of people assume that more of the GPL has been authoritatively interpreted in court than is actually true. Most GPL compliance disputes never make it to court, and some that do end in settlements. Only very few end in final rulings, and most of those are lower courts or mid-level courts which in no way (beyond potential persuasive value) bind the rulings of other judges within the state or country.

Disclaimer for this entire comment:

I am not a lawyer in any country and am not giving any specific advice here about how any specific court would rule in any specific case. I have however attended the beginning of US law school including the introductory contracts law course, and have also collaborated in the past with lawyers specialized in the area of free and open source software as part of my Debian developer activities and my director and officer roles in the free software nonprofit Software in the Public Interest (SPI), as well with similarly specialized lawyers when I was in an open source-focused technical role at Google.

To avoid confusion, I hold no cur...

> "are licenses contracts"

IANAL. But, obviously, a license is a license, and a contract is a contract.

If I produce a copyrighted work, you can't copy it without my permission, which is what a license is. If I grant you a license, I can require that you do something for me in return (e.g. pay me), and I can restrict what you can do with your copies. That's a contract, and if you violate it's terms, you might lose the license.

What did I miss?

In the german context, everything that is agreed upon with two or more parties is a contract (afaik, I'm not a lawyer). Buying something => (implicit) contract. agreeing to cookies => contract. T&C on a website => contract. Borrowing something from a friend => (very implicit and vague) contract.

accepting a license (maybe implicitly by downloading content) => contract.

Lawyers and courts then decide if certain clauses are ok and valid or not, if and when someone sues. I'm not sure what differences you see between contracts and licenses. In Both cases, both parties have obligations and responsibilities to follow, in return for a gain (or sometimes no gain).

> I'm not sure what differences you see between contracts and licenses

In some countries, the difference is the kind of court or tribunal that is involved in the dispute.

> I'm not sure what differences you see between contracts and licenses.

The licence is the permission to do something that without the licence you would not be permitted to do.

The contract is the agreement between the licensor and licensee as to the specific terms that surround the granting of that licence.

Consider a company licensing music - company A and B might both have an identical licence to use a particular song for any purpose, but the contracts they agreed for payments could be very different based on expected usage.

Breaking the terms of the licence is using the thing in a way that the licence doesn't expressly permit, e.g. if you have a licence to use any song from a company's entire catalogue for a TV show, but you then use it for a different show or in a film. Another example: I've worked on a computer game where we had a licence to use a particular song in-game, but not in promotional material.

Breaking the terms of the contract is failing to uphold your obligations, e.g. failing to pay an agreed annual fee or the correct amount of royalties.

You missed the part where a license is a type of contract...

A copyright license is a contract, wherein the copyright owner agrees to allow a third party the use of their copyrighted material in exchange for [X]. X might be money, or it might be an agreement to limit how the copyrighted material is used. There isn't another document or anything that says "License to Use [Copyrighted Material]",

This means that losing the "license" is the same as saying you no longer have an agreement allowing you to use the copyrighted material.

In American law, a contract must have three parts: an offer, acceptance, and consideration. Consideration is something of value given in exchange for the offer in the contract.

Because there is nothing paid for a piece of open source software downloaded off the interwebs, there is no consideration. Therefore, open source licenses by themselves constitute what is known as a bare license and may be revoked at any time, for any reason, by the licensor.

Using this logic, how might it play out for Red Hat Enterprise Linux? They are now requiring payment in exchange for access to the source code.
Red Hat may start requiring CLAs for any source they accept as contribution to any software they maintain. To do otherwise would put them at risk of contributors rescinding their licenses and preventing Red Hat from distributing the software they make money on.

CLAs may become standard for all serious open source projects for similar reasons.

There's a reason why CLAs, including signed permission from your employer, have been standard for GNU Project contributions since forever ago, even if it weren't tied to this particular issue. It gives the FSF free and clear rights to the code to enforce copyleft without the potential for legal snags regarding ownership and permission to distribute later on down the line.

You still need to show that rescinding the license you granted for your open source code is even a thing. It would basically look to collapse a good portion of the software industry into an endless flurry of lawsuit from any number of contributors and their heirs looking to monetize blackmailing projects by threatening to take back contributions. Why wouldn't the US court system nope out of all that by any means available?
Yeah, I was also led to understand that if you've distributed version 1.00 of your code with a license, there's no rescinding that, you can only stop distributing the license for versions 1.01 onwards. People wouldn't be allowed to use your new versions, but they can stay on version 1.00 forever.

Maybe that's just the GPL due to how it's formulated.

Common law countries (including the USA) don't limit consideration to cash. It can (and indeed has) been argued that there is consideration for licensor in GPL cases, see e.g. https://www.technollama.co.uk/us-court-declares-gpl-is-a-con... .
Yes, it has been argued, but has it been ruled so in a court of law?

The answer is no -- just the opposite. In Jacobsen v. Katzer it was ruled that the Artistic License is not a contract, and the licensor could seek damages for copyright infringement, not just breach of contract. In Artifex v. Hancom it was ruled that because the defendants did not agree to the contract terms for a proprietary license, the terms defaulted to the GPL which they were found in violation of as a license, not a contract.

And if a license is not a contract then it is a bare license and can be rescinded at any time for any reason.

I thought the problem with that argument was one part promissory estoppel and one part non-monetary consideration. EG you realized something under the GPL with expectation that said work would serve to for instance help you get a job later by demonstrating your work and users by submitting bug reports, code, endorsements helped you achieve the expected goals by making your work more visible and credible.

I'm not aware of any case in which for instance someone has successfully defended their right to rescind a license to the GPL license code they granted in history. A pragmatic court given 2 plausible interpretations with some merit isn't obligated to endorse an interpretation with an obviously negative effect they're people not CPUs interpreting code.

A timeline where we need a GPLv4 to cover the case of assholes taking back their shit contrary to decades of expectations and leaving mission critical v2 projects like Linux constantly at risk of a 10,000 time bombs from heirs taking back daddy's code is clearly the dumbest of all possible worlds and we are under no obligation to live there if their is a reasonable out.

My money is on this theory remaining a fairy tale until someone actually spends enough money to test it and its dissolved forever by actual case law.

Artifex Software, Inc. v. Hancom, Inc. which was ultimately settled out of court seems to have found the exact opposite of what you said if I read this correctly.

https://www.synopsys.com/blogs/software-security/breach-gpl-...

Jacobsen v. Katzer is a complicated affair but regardless of your interpretations it certainly doesn't concern the revocation of a bare license. Most of the action seems to concern whether the party could get damages.

In Artifex v. Hancom it was ruled that because the defendants did not agree to the contract terms for a proprietary license, the terms defaulted to the GPL which they were found in violation of as a license, not a contract.

This is not what the motion for summary judgment in Artifax v Hancom ruled...

The issue was not whether the GPL was a contract, but rather what the proper measure for damages should be. The Defendant argued $0 because there was no royalty owed for the GPL license, but the court ruled that the correct measure for damages of this breach of contract should probably have been the royalty that would have been paid if Defendant had entered into the commercial licensing contract which would have applied if they had entered into the proper license for their intended use of the copyrighted material. However, as this was a motion for summary judgment and not a ruling on the merits, it has no precedential value.

And with respect to Jacobsen v. Katzer, the issue was that the Plaintiff was seeking to enforce copyright infringement provisions in lieu of pursuing the infringement as a breach of contract. The Federal Appeals court ruled that a breach of an open source contract constituted both a breach of contract and also a infringement of copyright. The point of the case was to allow a second cause of action because copyright infringement claims are easier and usually more monetarily valuable to pursue than a breach of contract claim.

I'm also an engineer that had to study basic law and what you described matches what I learnt. A contract requires a statement of intent[1], where the bar for this is pretty low, e.g. a handshake. So, many things are considered a contract that a layman wouldn't think of. Of course not literally everything is a contract and the question regarding the GPL here is if this minimum threshold can be considered crossed.

[1] I think this is pretty universal across legal systems, but I could be wrong.

I'm pretty sure all contracts require an exchange, even if a token one. That's why there's a concept of a token payment. A contract without an exchange (a 1-sided contract) is a covenant.

A FOSS license is granting a right of use under a particular set of restrictions, and it is doing it through the means of voluntarily giving up the government-granted right to enforce copyright that the author is entitled to. But the customer is giving nothing. It can't be a contract. The violation of it only represents a loss for one side.

A license in exchange for payment is a different story.

It can still be considered like an exchange when there is written: "If you use this software, then you agree to comply to the license". Im not sure though to be honest. I might depend on the law system or the mood of the judge.
To me, that's like saying, "You can have a glass of water, but you can't have my car" is a contract.

"Give me a dollar and you can have this glass of water" is a contract.

edit: and to be a tiny bit less glib, a license is where I give up rights I already have, under particular conditions that I dictate. If you choose not to abide by those conditions, the only thing that happens is that I regain the ability to use the rights that I already have. I don't gain any super-copyright powers, or a more powerful copyright.

I know a farmer in a small village and they sell milk and cheese etc. There is no cashier, you take what you want and let the money there. It would still be breaking a contract if you dont...
because you trade something for something else.

defining what the trade is when i download a GPL application is a bit trickier.

In the UK a transfer of ownership does need some token payment at least but a contract isn't that nor requires one (IA most definitely NAL).
Not a lawyer, but the reasoning seems flawed to me.

Under AGPL, you are given right to use a piece of software, but only if you provide source code to anybody connecting to your server. If you fail to comply, your right to use software is terminated. How whether you distribute parts of that software to end users or not is relevant here?

> you are given right to use a piece of software, but only if you provide source code to anybody connecting to your server

This is a convoluted way to put it! You use the word "use", not to mean the actual users of the program, but a third party that distributes/installs it.

It is clearer to see the AGPL as giving rights to the users, not imposing obligations on the distributors. Thus, if you use an AGPL program, you are given the right to see, change and redistribute its source code (regardless of whether the program is running on your own computer or on a third-party server).

Copyleft is not meant to restrict, but to grant freedoms to the end users of the software.

> Copyleft is not meant to restrict, but to grant freedoms to the end users of the software.

That's the goal, but materially it is restrictive licensing, meant to impose obligations on the distributors, in order to grant freedoms to the end users of the software. I think that pretending copyleft isn't restrictive is misleading, and it ultimately weakens it.

It's as important to respect the GPLs as it is to respect any other restrictive, "proprietary" license. One has no more right to violate the GPL than they have to violate Microsoft licensing.

That is the fundamental difference between a pure copyright license and a contract (eg EULA). A license can only grant you permission to do things you weren't able to do otherwise, while a contract can prohibit you from doing things you otherwise would be allowed to do in exchange for granting other permissions.

Nothing in copyright law restricts the use of a product. If you legally purchase a book or movie, your are free to watch it whenever you want however often you want. Copyright only restricts copying, creating derivative works, redistributing (and public performance for certain types of work), not use. So to restrict use of software, you need a contract.

An explicit goal of the FSF in writing all their licenses is that they do not restrict your existing rights, they only grant new (sometimes narrow) permissions. The courts seem less interested in this distinction, could potentially interpret it as a contract, but even if treated as a contract, it was still written to not restrict your existing rights.

Thanks for the detailed response! I see the point, although the pure license / contract is still a weird distinction IMO.

> The courts seem less interested in this distinction, could potentially interpret it as a contract

But why isn't AGPL explicitly structured as a contract then? They could then grant you the same rights (including ones not covered by copyright law), but on the condition that you follow the copyleft part of the agreement.

The great point that the OP misses here is that in most of the time AGPL is not used to be enforceable, but is a mechanism to make sure that an user that is keeping the code closed is non-compliant.

Any due diligence for a M&A or tech legal screening that finds a closed piece of code with AGPL will raise a red flag. In some of the cases that I saw the assessment was that the code base was non-compliant and this applied a huge discount.

a license is a contract.

from legalzoom:

When you own a copyrighted work, such as a book, article, play, or song, you have the right to decide if and how anyone else can use it. Giving permission to do so is called granting a license, which is a written contract giving the user authorization to use the work, usually in exchange for payment.

A copyright license agreement outlines the entire licensing contract made between the copyright owner and the licensee.

also in some other comments here I think the wording is a little sloppy. The GPL license (like all licenses) grants you the right to have the copy of the work you have only if you accept the license terms. So if you don't accept the terms of the GPL, then you must delete the copy you have, before any of the other stuff about compilation, modifications, sharing, etc. even kicks in. If you ever violate the terms of the license, that erases your rights to everything that came before and you are operating without a license.

> This portion of the site (its articles) is for informational purposes only. The content is not legal advice. The statements and opinions are the expression of the author, not LegalZoom, and have not been evaluated by LegalZoom for accuracy, completeness, or changes in law.

Since there's no citations to statutes or case law which state that copyright licences are contracts, this source, which you didn't link either, is not reliable.

Legalzoom is wrong (or to be more precise, probably intentionally oversimplifying to the point of being irrelevant here). A more nuanced take:

https://lwn.net/Articles/747563/

This is a discussion between three lawyers specializing in the field, from three jurisdictions (US and UK, both of which are common law, as well as parts of the EU which are under statutory law).

> In the US, at least for the frequently-used free software licenses, acceptance is by conduct. The license is irrevocable once even partial performance has occurred. Third-party rights depend on the wording. Orders for specific performance are rarely granted but are theoretically possible. You won't get legal costs awarded, and exclusion of liability is likely to be valid.

> In the UK, where many free-software licenses are probably just bare licenses, no acceptance is required for a defense against an infringement claim. The license is revocable by the licensor until the licensee has relied on it. No third-party rights exist. Orders for specific performance are not available. The award of legal costs is discretionary but may happen, and liability exclusion is generally enforceable.

> In the EU acceptance can be by any means, including conduct. The license is probably irrevocable. Third-party rights do exist, and specific performance is available. Nothing was said about legal costs, and liability exclusion is possible but is subject to the the requirements of proportionality and consumer protection.

I don't think it's unreasonable to boil this down to a "yes". Particularly given (1) LegalZoom is presumably American, where, in isolation, the answer is likely "yes"; (2) if licenses are considered contracts in any region in which you do business, you should probably consider them contracts, just to be safe.

Where are you quoting from, because it's not that lwn article. Not least because that article is careful to specify "England and Wales" not the UK.
Did you actually confirm what you wrote before writing it? Because every word of what I quoted is in that article.
Yes, I did. None of it is. And your version doesn't make sense for the reason I just described. What exactly are you quoting?
Ha! Your first one was pretty good. You entertain me.
I don't know how you got "yes" from a quote that didn't contain the word "contract."
The article is ambiguous, and both interpretations are legally incorrect.

1) The AGPL is designed to binding when making a joint work -- e.g. two pieces of code where the logic is intimately coupled. If I make a front-end and a back-end of an application, the AGPL holds. That's a derivative work.

2) The AGPL is not designed to hold when merely using something over established protocols. If I write a generic web server under the AGPL, clients under any license can (and should be able to) connect. That's not a derivative work. That's two independent works.

The test here is not -- as I've seen corporate legal departs indicated -- a question of how things are linked (e.g. web protocols, dynamic, or static binding), but how closely the logic is coupled. If the two pieces are integral to each other, it's a modified work. If I can swap one out (e.g. a SQL server working over established protocols), it's mere aggregation.

Now, if I'm running a tool under the AGPL, the process of installing it triggered the AGPL at some point:

- If you can access it over any protocol, either I (or someone else) is probably required to give you the source code to any modifications.

- If you can't access it, I can have secret modifications. That's by design.

Where things get complex is what it means for you to have access. Consider:

1) I run a modified AGPL algorithm on my computer to make a picture of a frog for my own use (clearly okay)

2) ... and I distribute the picture

3) ... at your request, by a contract we signed in person

4) ... at your request, manually, based on a web form you filled out

5) ... same as above, but automatically, in daily batches

6) ... instantly (you make an AJAX call to http://myserver/make_image/prompt=frog).

#6 is clearly infringing if I don't provide access to my modifications. Where does interacting with the work over a network begin? That's untested waters.

It's not all that common, but I really like it when AGPL software allows users to download its own sources over the network. In the same way that I never need to worry about GPL requirements to distribute source if I never give anyone a binary without including the source used to build it, I would never need to worry about AGPL source requirements if anyone using AGPL software I have deployed can retrieve the source.

As an extra bonus, anyone trying to circumvent the AGPL by disabling this feature has obviously modified the software.

> As an extra bonus, anyone trying to circumvent the AGPL by disabling this feature has obviously modified the software.

Not necessarily, since you could disable it via a proxy or so?

> One does not require permission from the copyright holder merely to use software one already possesses, so long as one does not distribute it.

This seems right but also wrong.

I mean it would mean that I have the right to own and use illegal movie copies, as long as I don't further distribute them. Which AFIK isn't the case.

Do you think that someone should receive a harsher punishment the more times they've watched/read/heard a copy illegally of a work? Or receive less of a punishment if they make a copy (or a hundred copies) illegally but never watch it?

Whether or not it makes sense to you, under current copyright law, it is the act of making copies which is restricted and regulated.

If you make a copy illegally, that's what you'll be punished for.

If you receive a copy of a work, do you know if the copy was made by someone authorised to do so? If you reasonably believe that the copy was made legitimately, you will very likely not be held accountable for owning and using that copy. No matter the legality of its provenance. It is the person who made the copy who will be (or should be) accountable.

The GPL family of licenses were written under legal counselling of actual lawyers. They are, however, first and foremost an US product, written to be enforced under US laws. It is no surprise that other countries have different legal systems under which the terms of a software license can be difficult to apply.

(Edit: This comment puts it very well: https://news.ycombinator.com/item?id=37291970)

For a license similar to AGPL but written with the whole European Union legal frameworks in mind, I'd suggest having a look at The European Union Public Licence (EUPL):

* https://en.wikipedia.org/wiki/European_Union_Public_Licence

* https://joinup.ec.europa.eu/collection/eupl/eupl-guidelines-...

I am european, so I was considering using the EUPL for a new open source project that I'm planning. I'd love to get some comments from HN readers, regarding that choice.

The GPLv3 and associated v3 licenses were all carefully written to be applicable internationally. Using a Europe-specific license is as bad as using a U.S.-specific GPLv2.
last time i checked several courts in EU tried and enforced the GPLv3 but I might be wrong
It is a constant policy, from all "FSF-followers-free-software-activists" to try to discourage, on all public discussion forums, the use of the EUPL that is a copyleft license "other than GPL/AGPL". However, the referenced EUPL guidelines explain in full detail why using it is not "bad" or "wrong". The EUPL licence is 3 times shorter than the GPLv3, clearer, multilingual, interoperable and compatible with the GPLs/AGPL. The FSF "strong copyleft theory" that linking propagates the GPL license was not (and will never be) validated by EU courts.
The interesting part about AGPL is that I have seen many cases where people didn't choose it because they believe they can enforce it.

Often the thinking was more on the line of maybe it's legally not fully sound, but it's sound enough to not make us lose sales, i.e.:

- a dishonest company could just secretly use it and we wouldn't know, so we don't care that much about that aspect

- a humongous company could be in a position where they think they can lawyer themself out of their AGPL usage in the US, but such a company has a lot of other ways too and isn't our target audience anytime soon, so if worse comes to worse we just offer them a cheap enough (no support included) license so that they prefer that over a court case

- most companies which do prefer going to court over buying a license probably also wouldn't use our software if buying a license would be the only way, so not really lost sells

believe it or not, if your AGPL software is like a Database or some non-user facing or something that works over an api, a closed source software developer can use your AGPL licensed software in building his/her closed source software as long as the developer does not make any modifications to the AGPL software and informs the user about agpl software in the license file.

AGPL software DOES NOT prevent use of the software in a proprietary software unless the software itself is changed and even then, the modifications is to be open sourced.

There isn't the "virality" of AGPL like people claim. That is with SSPL

Well some companies believe something different like itext, they even mention something like

> When using iText Core/Community under AGPL, you must prominently mention iText and include the iText copyright and AGPL license in output file metadata, and also retain the producer line in every PDF that is created or manipulated using iText.

On https://itextpdf.com/how-buy/AGPLv3-license

However „ 7. Additional Terms“

States that I can just ignore any additional terms. It’s really a clusterfuck. I’m not even sure if it would be legal to create a http server that provides functionality of itext. On the other hand mongodb was agpl for a long time and nobody cared.

>It’s a legal violation to use iText Core/Community and our open source add-ons in a non-AGPL environment.

this is not standard AGPL licensing terms. they are just making stuff up

The author is grossly mistaken here.

The idea that the AGPL is unenforceable is dangerous advice that could backfire on someone.

Let me offer a different viewpoint.

The AGPL is a non-free license which uses the same legal principles as shrink-wrap EULA licenses. If the AGPL is not enforceable, then the majority of (other) EULAs are also not enforceable. Quick, someone tell Microsoft, Adobe, Apple, ... do they and their legal departments and lawyers know?

The restrictions/requirements inherent in the AGPL are use restrictions. If you run the program such that people connect to it, you are not redistributing it and so copyright does not apply. That use of the software is governed by requirements.

No software with use restrictions can reasonably be called free.

The legal doctrine at play is exactly like that in shrink-wrapped EULAs (note the "U" there): you are allowed to have a copy of the program (which lands under copyright) if you conform to certain behaviors. In the case of a typical EULA: that you won't reverse engineer the program, or copy it, or crack the license to give yourself unlimited use, etc. In the case of the AGPL, that you won't use it in a way that people can access it, without giving them the code with all your mods.

If you don't comply with the rules, then the offer lapses: the program is not licensed to you. You are not properly engaged in the contract, and so the copyright holder does not give you permissions to have and use a copy of that program, or to use it in that way.

That's how I think it works. Software licenses which restrict use do not use only copyright. They are contracts which make the granting of the copy conditional on contracted behavior. Arbitrary conditions can be linked to the copyrighted work.

If some court does find the AGPL or any other EULA unenforceable, it will almost certainly be due to some much more subtle argument than "oh, it's a copyright license that's only concerned with redistribution distribution, so whatever it says about use can just be ignored".