Blogs

RedMonk

Skip to content

AGPL: Open Source Licensing in a Networked Age

When the reforged GNU General Public License, Version 3 (GPLv3) was finalized and released to an expectant public on June 29, 2007, the most important decision may have been one postponed. With the third iteration of the most popular open source license, the Free Software Foundation tackled weighty questions relating to software patents, license compatibility and hardware restrictions. But the question on the minds of many in the public comment period was whether they would tackle the considerably more problematic issue of the so-called “ASP loophole.”

They did not.

Simply stated, this refers to the fact that Software-as-a-Service or Web 2.0 applications fail to trigger the most important reciprocal protections afforded by the GPL because they are not, according the GPL’s definition of the term, “distributed.” What this means in practice is that companies such as Amazon, eBay, Google and so on – Application Service Providers, as they might have been called in years past – are free to consume GPL assets and make modifications to them without the obligation of sharing them under the same terms. Traditional software distributors, on the other hand, have no such luck. If Canonical, Novell, Oracle, or Red Hat want to make modifications to their respective Linux distributions, they are required per the terms of the license to share those changes with their competitors. Amazon or Google, meanwhile, are not.

And therein lies the problem, to some. Tim O’Reilly, for one, has argued that this limitation arguably makes open source licenses obsolete (I didn’t agree). Fabrizio Capobianco has called the loophole “the cancer of open source.” Matt Asay, meanwhile, was “honestly upset” when he discovered that v3 punted on the question of distribution. And most recently, Jeremy Allison – the noted SAMBA developer and Google employee – described the loophole as the GPL’s “fatal flaw.”

Are they right? They may well be, they are smart people all. Personally, however, the evidence does little to convince me that we have a problem.

Part of my issue is that I focus on the fact that the GPL – as popular and important as it is today – is just one license among many. So although Tim and the rest of the objectors are unquestionably correct when they assert that the GPL’s reciprocal provision is powerless against the changing nature of distribution, it is equally true that there are a great number of projects that do not have any reciprocal provision attached to them. Permissively licensed assets (which impose few if any restrictions on developers as far as usage), in fact, make up the other half of the high visibility LAMP stack – the Apache licensed Apache webserver and the permissively licensed Perl/PHP/Python languages to balance the reciprocally licensed Linux kernel and MySQL database. A variety of complementary but important infrastructure projects, such as the BSD-licensed memcached, also decline the distributed protections that the GPL affords.

Yes, network delivered applications skirt the protections of the GPL by redefining the nature of distribution. And yes, the license’s role and protections are materially different in a networked age than prior. But “the GPL is the new BSD license and that Google is the new Microsoft,” as the former executive director of the FSF Bradley Kuhn said? That’s going a bit far, in my view. As I’ve said before when arguing that open source licenses were not made obsolete by the loophole:

First, and most importantly, all software is not Web 2.0. It would be difficult to make the argument, in fact, even that most software is Web 2.0…The fact is that the world’s top two or three largest software vendors are not fueled generally speaking by Web 2.0 applications or software as a service. Nor are the hundreds of millions of desktops or billions of mobile devices powered – at an OS level – by SaaS. Until those things change, open source licensing – to me – will be far from obsolete.

I’m as big a believer in Web 2.0 and SaaS as you’re likely to find in the analyst ranks, but last I checked both needed operating systems and browsers to function. And last I checked both OSs and browsers are subject to traditional distribution, and therefore licensing restrictions.

But let’s assume that Kahn’s correct for a moment, and that the GPL is the new BSD. What could or should be done about it?

Nothing, in my view. We have a variant of the GPL in the Affero GPL which effectively closes the ASP loophole, and it’s available for those projects that wish to adopt it. Barring the Funambol or Laconica, however, few projects have. Ohloh, as one example, has 102,645 projects at present using the GPL and 1,189 on the GPLv3 against 110 for the AGPL and 49 for the AGPLv3.

When it comes to license styles and trends, I tend towards laissez-faire, to be sure (e.g. my apathetic response to the license proliferation crisis). In this, the ASP loophole question is no exception. If the market – open source projects, in this case – believes that Software-as-a-Service or the cloud represent a clear and present danger, they have the option to choose a license that will offer the same protections that the GPL does for traditionally distributed today. At present, however, I see little evidence that they are choosing it, and even less that they should.

Would it be nice if Google, as an example, was required to distribute its changes to GPL assets? Fabrizio, for one, thinks so, saying:

One company benefiting from [the ASP loophole] is Google, abusing open source software for their benefit (aren’t you interested in seeing the modification to the Linux file system they did to run their gazillion of servers? I am ;-) In fact, they pushed for the ASP loophole to be ratified in GPL v3 and they submitted it to OSI for approval. They love the loophole. They made a business around it (and what a business!!). They got GPL v3 OSI approved…

And maybe he’s right; it’s impossible to say what, precisely, Google holds back for competitive advantage purposes. But looking at their involvement in various GPL assets would indicate that they do contribute on some level. The GPL licensed MySQL? Well, here are your patches. How about Linux? Google’s contributions here are more meager, though from 2.6.11 to 2.6.24 they did contribute 965 changes back to the kernel, behind the likes of IBM, Novell and Red Hat but ahead of HP (source: The Linux Foundation).

It’s tempting, then, to ask what problem is being solved by the Affero GPL. But that would be facetious, and would serve to trivialize what could be a real problem for some projects. Projects that are considerably less visible than Linux or MySQL, for example, might require the protection that the AGPL affords. For them, closing the loophole might seem like a life or death matter. The difficulty will be in determining which the license will guarantee: even as AGPL licensed protects are protected from those that would use them without contributing, it also represents an insurmountable barrier to entry for some potential players.

I’m glad then that the Affero GPL is an option, but I’m with Mark Radcliffe: I wouldn’t look for it to compete with the GPL any time soon.

Categories: licensing, Open Source.

  • Pingback: tecosystems » AGPL: Open Source Licensing in a Networked Age | Open Hacking

  • http://daveshields.wordpress.com daveshields

    Right, as usual, Steve. The GPL is just a license. RMS and Eben Moglen signed off on GPLv3, so let’s leave well enough alone.

  • http://www.redmonk.com/jgovernor james governor

    fantastic piece stephen. excellent exposition of some key issues. I must admit I cant’ follow your train of thought in your quote on “web 2.0″ companies and the transition into “but let’s assume.” The definition of terms in ASP, *aaS, Web 2.0 and what that says for client side perhaps need clarification. If you write a follow up I’d love to see some thoughts on how Apple fits into the related bigger picture of consume/contribute/license(s)

  • http://www.patrickfinch.net Patrick Finch

    The ASP loophole demonstrates the consistency of the Free Software movement’s position: Richard Stallman and Eben Moglen don’t (as I understand it) care what Google does with Google’s machines. While they may have a preference for SaaS players to share code changes, it does not affect their (RMS’s/Moglen’s) freedom if they do not.

    The open source movement, on the other hand, does care if a few players are able to build a lucrative business without contributing in the proportion you would expect a traditional software vendor to.

    So, I would hold that people that care about the latter problem should not necessarily look to the Free Software philosophy for guidance.

    Secondly, I think that your argument might be circular, just after “let’s assume”. Lack of AGPL adoption is not a problem because of the lack of AGPL adoption? The GPL remains the most widely known, understood and respected license at least in part because this debate hasn’t played out yet. I am sure many projects will choose the GPL out of familiarity and that the “market” for licenses may be in a process of correction. It is opinion-formers like yourself who are the most likely to accelerate such a change, I suspect.

  • Pingback: From Tolstoy to Tinker Bell. Down from Berkeley to Carmel. « Tuna Park

  • http://www.dlapiper.com Mark Radcliffe

    I am glad we are in agreement! I love Fabrizio (in fact I do work for him), but he is dead
    wrong about how the decision was made on not including a network use clause in GPLv3.
    I ran the User Committee and we told FSF that if GPLv3 included a network user provision
    it would be “Dead on Arrival”: no one would adopt it because corporate users would reject
    it due to the radical change in obligations. Google was happy with that decision, but
    it was not a Google led initiative. AGPL remains a license subject to significant scrutiny
    before a corporation will use software which is licensed under it (I know because I work with
    many corporations). You can argue the policy, but the reality is that GPLv3 would not have had
    the success it currently enjoys with a network user provision. As you noted, GPLv3 and AGPLv3
    are both choices and choice is good.

  • http://www.riehle.org Dirk Riehle

    I’m still a friend of the AGPL and explicitly closing the ASP loophole. If someone wants a permissive license to handle SaaS situations, choosing GPL is just not smart, since a permissive license is not the same as GPL’s notion of “not a distribution”. So I think it will just take more time and education.

  • http://prng.blogspot.com/ Greg Stein

    I continue to shake my head with disbelief at people that produce Open Source (or Free) code, and then get *angry* at companies that *use* their code if that company does not "give back". Why are you publishing the code in the first place?

    The whole notion of counting the number of contributions to the Linux kernel is dead wrong. Open Source code is written to be *used*.

    And everybody’s favorite punching bag on this is Google, yet those same people aren’t stopping to look at the massive contributions of Android and Chrome. Or the hundreds of smaller projects Google has published and hosted on Google Code.

    Writing Open Source code should not oblige your users to do anything. If you want that, then go back to a proprietary licensing model.

    (I wrote about "Giving Back" a while ago: http://prng.blogspot.com/2009/02/giving-back.html)

  • http://www.thwink.org/sustain/articles/ E. Becerra

    @Greg:

    I concede some of your points, but hope I can get some across as well.

    I agree that when producing free code, one fervently desires its most extreme adoption possible. Alas, opportunity costs rule any material reality. The ‘materials’ in question being the effort of fellow programmers and the mindshare of the user base. (This is more generally true of any intellectual pursuit.)

    IP regimes thus compete in a Red Queen’s race which is particularly intense in the software ‘industry’. The most permissive licences, which intended to maximise user mindshare, were largely superseded by hereditarily free ones (such as the GPL family) because they were so open to defection. Now, a lack of users tends to a lack of coders, so both extremes (in the users vs. coders ratio) lead to the same death. Success should be found somewhere around Gotama’s highly vaunted middle ground.

    Is this middle ground nearest the GPL family, or BSDward of it (as your comment would imply). Statistics seem to place it much closer to the GPL than the Affero family, but this could be misleading, as the Afferos might be younger or less publicised.

    Of course, the licence space is not linear. All the free licences seek to cooperate amongst themselves by sharing code, by presenting a united front against proprietary ones, while ultimetely competing against each other. There might be other unexplored options, but momentarily disregarding the unknown, I suspect that the sweet spot might lie somewhere between the best free licence and the best proprietary one. This magical licence of my intuition would combine the proven advantage of enforced reciprocity with the obvious benefits conferred by a steady flow of profits.

    This ‘perfect’ licence I speak of would be best only in an evolutionary sense. My bleeding heart would obviate the advantage of profits, or at least their inherence in any degree of proprietariness, or indeed deny the legitimacy of ‘proprietas’ in general. Selective pressures, of course, could not care less for our sensibilities, and I suspect that certain large and small software firms owe their continued success to something other than mere inertia. Witness the remarkable success of the closed iphone silo.

    Please do write your further thoughts on this matter.

  • Pingback: tecosystems » Does the GPL Matter? In a Word, Yes

  • Pingback: tecosystems » Does Copyright Matter? Or, is the End of Dual-Licensing Near?

  • Pingback: tecosystems » tecosystems 2009: What You Read, How You Read It, and Where You Read it From

  • http://www.getalawyer.com.au Legal Advice

    The OPM is a fantastic contribution and I understand their frustrations when something they intended to be ‘free’ ends up being monetised and used for commercial purposes.

  • Pingback: GPL in the cloud: The market doesn’t care | 云生活

  • Pingback: SidiLeaks CloudBurst CloudComputing: Sid Harth « News, Views and Reviews: Sid Harth

  • Pingback: Why do *you* want open software? | OnCollabNet

  • Pingback: Open Source Web Applications => Kyle Shank

  • Pingback: Cloud computing « Acordo Coletivo (Empregados Petroleiros)

  • Pingback: Cloud computing « Acordo Coletivo (Petroleiros,Professores e Bancários)

  • Pingback: concept – Cloud Computing | coolnet94.com

  • Pingback: cloud computing technology | infoplanetarium.com

  • Pingback: Cloud Computing

  • Pingback: Kim (Megaupload) Dotcom is Alive and Kicking USSASS « elcidharth