On Wed, Jul 10, 2013 at 08:18:12AM -0400, Scott Kitterman wrote: > Sorry, I can't quite let this pass. I just went and looked at the AGPL v3 > again and one implication of the license is that you can't locally fix a > security issue without immediate disclosure. This doesn't fit my personal > ethics at all and at least IMO makes it pretty unsuitable as a license for > any > network facing service.
You can! There is just one caveat: you must make sure to never, ever, distribute that piece of software, because once you do, you permanently lose your right to use it without obnoxious and potentially crippling restrictions. That's section 9 of AGPL v3. So we have non-redistributable software in the main archive. The alternative you are allowed to ("accepting the license") can't be considered free, as it outright violates FSF's freedom 0 (The freedom to run the program, for any purpose) and DFSG 6 (No discrimination against fields of endeavor). AGPLed code can't be used for pretty much anything that's neither a web service nor restricted solely to a single computer. As already mentioned in so many places, interesting banned uses include reusing any part of the code in: * a POP3/IMAP server * an IRC bot that doesn't spam every user with legal messages * a SMS/etc service * a kiosk * a wifi-connected lift control (don't laugh, I've seen one at Google) Per section 13, any derived software that "supports remote interaction through a computer network" must present a prominent offer to every user, no matter if that's feasible or possible. And this applies even if you lift just several lines of code, even ancillary. For example, two of my personal projects include autoconfage that detects the way of spawning ptys, copied from GNU screen, without using any part of screen proper. Even such a minor code reuse is effectively banned by the AGPL -- both of those projects include networking, and only one can reasonably present an URL to its users. The official FTPmaster response came in #495721, and it doesn't even mention this issue, only three minor points (cost of running a webserver with sources, private use, contaminating reverse dependencies). Thus, could someone please explain, are there any arguments that forbidding reuse with any protocols that don't support sending bulk ancillary text would be free? What I can see are debian-legal threads considering AGPL to be non-free, and, in other places like the FTPmasters response, avoiding this issue. That it's uncomfortable doesn't make it any less valid. The archive carries a non-free section just for cases like this. -- ᛊᚨᚾᛁᛏᚣ᛫ᛁᛊ᛫ᚠᛟᚱ᛫ᚦᛖ᛫ᚹᛖᚨᚲ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130710135003.ga5...@angband.pl