On Fri, 28 Nov 2008 12:42:09 +0100 Joerg Jaspert wrote:
Hi,
recently we, your mostly friendly Ftpmaster and -team, have been asked
about an opinion about the AGPL in Debian.
The short summary is: We think that works licensed under the AGPL can
go into main. (Provided they don't have any other problems).
First off, thank you for explaining the rationale of your decision.
I wish Ftpmasters did so more often...
However, I disagree with your conclusion, and I would like to respond
to your points as a (disappointed) Debian user.
Just to be clear: IANAL, TINLA, IANADD, TINASOTODP (...it's a *response*
to a statement of the official Debian position).
Reason:
[...]
Citing the three main concerns from Bug #495721:
1) It can might add a cost to the usage of the software that restricts
its usage.
[this is also raised in #506042]
We do not think that this is a severe enough problem to restrict the
freeness of a work licensed using the AGPL.
- Offering a publically accessible network service already comes with a
cost that might be hard to calculate. Think about DDOS attacks for
example.
I am not convinced that the fact that a use cost might exist anyway
justifies adding other costly requirements.
I don't remember seeing use restrictions accepted as suitable for
main, before.
- For practical matters the distribution costs via the internet are
close to zero for free software.
A cost which is negligible for some people, might be significant for
other, less lucky, people...
While bandwidth does cost money, and
having a (say) 20MB app downloaded a million times would create a
large cost, the license text reads from a network server at no
charge. This means it is not required to be your own server, so you
can use any of the free services, like Alioth, Savannah, SourceForge,
Launchpad or Google Code. While those are only there for Free
Software - that is the case for AGPL applications.
As already pointed out by other people, there's no guarantee that
running a modified AGPLv3'ed application, while the third-party hosting
service is off-line, will not be considered a breach of the license
conditions.
Hence, I think there's no guarantee that using a third-party hosting
service like Alioth is an acceptable way to comply with Section 13
requirements.
This leaves us with two options: setting up our own source distribution
server (which may be a significant cost) or put source on the same
server/device which runs the AGPLv3'ed application (which may be
unfeasible due to resource constraints, think about a small embedded
system which talks a limited network protocol).
[...]
2) It might forbid private usage of software that uses any kind of
network.
We do not see that it would forbid the private usage of the software. If
you use the software privately, the users of that software are a pretty
limited group. And as soon as they can reach your system to use the
software that means they are able to either download the source from your
private server or get a link to a download location on a machine
accessible to them.
Why might it forbid the private usage of software? Section 13 only
requires to offer the source to the users of your service. As such you
only need to give it to the limited user set your private usage has.
The term user is not clearly defined. If I get an access denied
error page through a browser, am I a user of the web application?
This ambiguity is really problematic, since it implies that there's no
clear way to tell who I am compelled to make source available to.
[...]
In conclusion we will continue to access AGPL works into main subject to
the rest of the checks that we also normally perform.
Sadly, another bunch of non-free software will be accepted in main. :-(
As a Debian user, I am disappointed by the decreasing strictness with
which the SC and the DFSG are applied.
--
On some search engines, searching for my nickname AND
nano-documents may lead you to my website...
. Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
pgpYf5QjYXuCM.pgp
Description: PGP signature