Re: Do Debian's users care about the AGPL?
On Wed, 3 Sep 2008 14:40:39 -0700 "Steve Lamb" <[EMAIL PROTECTED]> wrote: > On Wed, Sep 03, 2008 at 05:03:27PM -0400, Daniel Dickinson wrote: > > Which is the thing. GPL guarantees freedom the users of the > > software. The AGPL says that the user is the one writing the > > documents with the software is the user not the one running the > > code. I agree with the AGPL on that. > > Those users have not lost their freedom. That's the distiction > people have lost. Lets take a simple example, Google's web-based > spreadsheet. Who is using the software, you or Google? Answer: > Google. They provide you *access* to that software but you're not > the user. Just as if you came into my house, sat down at my computer > and then thought just because you are poking at software I've written > and allowing you to access gives you any rights to the source. If I > distributed that software to you then, yes, you would have rights to > it. I think this is where public/private distinction comes into play. Someone coming into your house to use your laptop is using your software in a private context, not a public one, and thus is more like 'within a company'. Such a distinction makes sense, just as it does in real life public/private distinction. I think you might disagree about what's public and what's private though. The difference with the Google scenario is that Google is providing machines to run the code on so that you can use the software (as I see it the service is running the code, not the software itself). > > I don't follow. If you mean ASP turned to Open Source because they > > get free (as in beer) software that don't have to share, then I'd > > argue that is an example of a popular loophole, no a robust example > > of the benefits of libre software. > > No, they turned to it because they got free (as in beer) tools > for which they could create works which they could *choose* to keep > in house if needed. But if they are not modifying code and distributing it to users (in the sense of user I mean) they are still not required to distribute the modified works, it's only when they are distributing the works that it matters. I guess for me 'software freedom' means freedom for the end-user, where as you interpret user as one who's machine the code runs on. > > Jeopardizing ensuring rights of user to control their own software > > is restricting freedom? I don't think so. Of course we disagree > > on who the user is, so I mean a different thing by that then you. > > Exactly so. The implications are far more profound than you > think when we take your definition of "user". > > > I disagree with you interpretation of the license in this regard, > > and I probably disagree with your definition of freedom as well. > > The definition of freedom as shown in the GPL and AGPL are what > > counts here, and opinion of which definition of user is accurate. > > Really? So the fact that you're provided access to a custom > application means you're a user and thus must have rights to the > source code? You do realize how much software you're provided access > to but aren't the user? Let me think off the top of my head of > software which customers of mine have had access to which fall under > your overly broad interpretation of user in the quest for the holy > grail of restricting other people's uses to your narrow definition. My narrow definition. I do believe you're the one who is specify that user means the one running the code. Period. > Room reseveration software. ATM software. Slot machine software > (Btw, you do realize most slots nowadays are computers, right?). > Patron management software (better known as point systems). > Point-of-sale terminals and, by extension, their servers. In-room > entertainment software. Did I miss any portion of a casino that the > customer doesn't touch? Except of course I think these are cases where the user should, if released under a license that defines user as I do, be granted access to the code. The whole point of software freedom is that the user has the ability to improve and modify the software they use. > > It boils down to this. The casino (and hotel) is using that > software to provide a service to the customer. The customer is not > the user of the software even though they do "use" it. Same thing > for ASP. That is why the S is *S*ERVICE. If you close this > "loophole" for ASPs then you are, by fiat, also demanding that any > time you use an ATM machine you are using the software thus have a > right to the source code of said software. If you don't see how that > could cause some serious problems for the adoption of OS tools to be > used to build those custom applications then you really don't > understand what's going on nor the motivactions of why people chose > the solutions they do outside of your narrow mindset. I'm not suggesting OS tools cause release of code unless they're part of a derivative wor
Re: Do Debian's users care about the AGPL?
On Thu, Sep 04, 2008 at 01:15:31PM -0400, Eric Gerlach wrote: ... > I don't view non-free as some kind of refuse bin for the licences that > don't make the cut. I view it as a place where I can choose packages > from other licenses if I please. well put and echoes my sentiments exactly. non-free allows me to make a decision about whether to use non-free software or not. I am not forced one way or the other. > > Brain-dumping here: maybe Debian needs a "might-be-free" archive? Or > maybe just "gnu-free" for GNU licenses that aren't DFSG-free? That > might also help with some of the non-free doc packages (if there are any > around anymore). within the context of debian and DFSG, it seems that free/contrib/non-free are well defined. While there might be a connotation that something is truly not free by being in debian's non-free repos, that is simply not the case. it just means it doesn't comply with DFSG in some way. At least that's how I understand it. A signature.asc Description: Digital signature
Re: Do Debian's users care about the AGPL?
Jordi Gutiérrez Hermoso wrote: Sometimes I get the feeling that Debian's users and Debian's developers live in separate worlds. There's currently a long thread in d-legal over the AGPL. One DD has expressed reservations towards the AGPL to the point where she has decided not to package a certain program covered by the AGPL. Do Debian's users care about this sort of legal geekery or is everything fine as long as AGPLed programs go into non-free? My irrelevant vote on this topic: I think that there's nothing in the AGPL that makes it non-free, but I don't care what the final Debian decision is as long as AGPL software can be put into non-free and I have the freedom to make my own decision about it. My humble advice to the project: Just vote on it and decide. Do the same thing you did with the FDL. If you determine that AGPL is DFSG-free, great! Problem solved. If you determine that it's non-free, great! As long as it's in non-free I can make my own decision about whether or not to install it. I don't view non-free as some kind of refuse bin for the licences that don't make the cut. I view it as a place where I can choose packages from other licenses if I please. Brain-dumping here: maybe Debian needs a "might-be-free" archive? Or maybe just "gnu-free" for GNU licenses that aren't DFSG-free? That might also help with some of the non-free doc packages (if there are any around anymore). Cheers, -- Eric Gerlach, Network Administrator Federation of Students University of Waterloo p: (519) 888-4567 x36329 e: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Wed, Sep 03, 2008 at 10:26:16PM -0600, Chris Burkhardt wrote: > I just realized that the "remotely through a computer network" doesn't pertain > to any situation where the user is sitting in front of the machine (like slot > machines and ATMs). So that renders many of our examples moot. Hopefully that > makes you feel a little better about the scope of the AGPL. You would be wrong in many cases. Most of the systems I gave as examples are server/client running over a network. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 1FC01004 | main connection to the switchboard of souls. ---+- signature.asc Description: Digital signature
Re: Do Debian's users care about the AGPL?
On Thu, Sep 04, 2008 at 10:35:16AM -0500, Christofer C. Bell wrote: > On Thu, Sep 4, 2008 at 9:42 AM, Gregory Seidman > <[EMAIL PROTECTED]> wrote: > > Consider an AGPL'd app that has some open file format download. Evil Inc. > > takes said app, tears out the bit that sends the open format to the user > > and has it write to (server side) disk instead, then provides a link to a > > separate, closed source web app that reads the AGPL'd app's open format > > from disk and converts it to a proprietary format for download. Evil Inc. > > releases its changes to the AGPL'd app without exposing anything about > > their proprietary format. You, as a user, lose, and the AGPL was no help at > > all. > > If the modified AGPL application by Evil, Inc., is doing a conversion > to a proprietary format as in your example, then the export functions > for the format are part of the application and thus included in the > source changes Evil, Inc. releases. This necessarily exposes the > proprietary format to reimplementation. You are incorrect. Reread the scenario I described. The AGPL'd web app writes an open format to disk. There is an independent and closed codebase that reads that open format, converts it to a proprietary format, and sends it to the user. The AGPL'd code, which Evil Inc. will distribute, includes the pre-existing open format export functionality (though no longer exposed to the user) and the code to call that export and issue a 302 redirect to the closed web app to actually serve the download. The AGPL'd code does not include anything to read or write the proprietary format, even though the site appears to the user to download it seamlessly, and the codebase which does is closed and unavailable without violating the AGPL. > Chris --Greg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Thu, Sep 4, 2008 at 9:42 AM, Gregory Seidman <[EMAIL PROTECTED]> wrote: > > Consider an AGPL'd app that has some open file format download. Evil Inc. > takes said app, tears out the bit that sends the open format to the user > and has it write to (server side) disk instead, then provides a link to a > separate, closed source web app that reads the AGPL'd app's open format > from disk and converts it to a proprietary format for download. Evil Inc. > releases its changes to the AGPL'd app without exposing anything about > their proprietary format. You, as a user, lose, and the AGPL was no help at > all. If the modified AGPL application by Evil, Inc., is doing a conversion to a proprietary format as in your example, then the export functions for the format are part of the application and thus included in the source changes Evil, Inc. releases. This necessarily exposes the proprietary format to reimplementation. -- Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Thu, Sep 4, 2008 at 7:51 AM, Gregory Seidman <[EMAIL PROTECTED]> wrote: > On Thu, Sep 04, 2008 at 12:58:01PM +0300, Andrei Popescu wrote: > [...] >> * webapps >> - Author writes a spreadsheet program >> - some company customizes the program and ads support for an own >> proprietary file format, but they will most likely: >> o put it up on own servers to generate revenue rather then >> o sell it to other service providers >> >> By using GPL in this scenario, people accessing the service will find >> themselves locked-in due to the proprietary file format, while with the >> AGPL everybody has a chance to implement support for it. > > I call bullshit. People are locked into the service because their data > exists on the server's filesystem rather than their own, regardless of what > format it is in. Having the source code for the service does not change > that in any way. The AGPL does not address lock-in at all. You're locked into the proprietary format regardless of your ability to retrieve your documents from the server because the GPL doesn't give you access the source of the application to thus build the software locally and use your documents. The AGPL is indirectly addressing lock-in here. -- Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Thu, Sep 04, 2008 at 04:54:54PM +0300, Andrei Popescu wrote: > On Thu,04.Sep.08, 08:51:13, Gregory Seidman wrote: > > On Thu, Sep 04, 2008 at 12:58:01PM +0300, Andrei Popescu wrote: > > [...] > > > * webapps > > > - Author writes a spreadsheet program > > > - some company customizes the program and ads support for an own > > > proprietary file format, but they will most likely: > > > o put it up on own servers to generate revenue rather then > > > o sell it to other service providers > > > > > > By using GPL in this scenario, people accessing the service will find > > > themselves locked-in due to the proprietary file format, while with the > > > AGPL everybody has a chance to implement support for it. > > > > I call bullshit. People are locked into the service because their data > > exists on the server's filesystem rather than their own, regardless of what > > format it is in. Having the source code for the service does not change > > that in any way. The AGPL does not address lock-in at all. > > If people store their data with the provider (or use a provider who > doesn't provide options) it is their choice and it really doesn't matter > if the application is GPL, AGPL or closed source, but I'm not sure how > many people would use such a service. Correct. > > If we take Google's office apps as an example, you'll notice that you are > > not locked into using either the spreadsheet or the word processor. That > > isn't because you have source code freedoms (you don't) but because you can > > download your files in standard and free formats (OpenOffice). > > (I think you meant ODF) Yes, sorry, ODF. > But if the only option would be some binary and proprietary format > *specific* to Google Apps you would be forced to use their service just > to open the file on your own computer and we are back at where we are now > with MS Office[*]. This is the case I was talking about and the GPL > doesn't cover this, AGPL does. [...] This is a strawman. The AGPL doesn't make it difficult to accomplish the same thing, it just requires a little more hoop jumping. Consider an AGPL'd app that has some open file format download. Evil Inc. takes said app, tears out the bit that sends the open format to the user and has it write to (server side) disk instead, then provides a link to a separate, closed source web app that reads the AGPL'd app's open format from disk and converts it to a proprietary format for download. Evil Inc. releases its changes to the AGPL'd app without exposing anything about their proprietary format. You, as a user, lose, and the AGPL was no help at all. > Regards, > Andrei --Greg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Thu,04.Sep.08, 08:51:13, Gregory Seidman wrote: > On Thu, Sep 04, 2008 at 12:58:01PM +0300, Andrei Popescu wrote: > [...] > > * webapps > > - Author writes a spreadsheet program > > - some company customizes the program and ads support for an own > > proprietary file format, but they will most likely: > > o put it up on own servers to generate revenue rather then > > o sell it to other service providers > > > > By using GPL in this scenario, people accessing the service will find > > themselves locked-in due to the proprietary file format, while with the > > AGPL everybody has a chance to implement support for it. > > I call bullshit. People are locked into the service because their data > exists on the server's filesystem rather than their own, regardless of what > format it is in. Having the source code for the service does not change > that in any way. The AGPL does not address lock-in at all. If people store their data with the provider (or use a provider who doesn't provide options) it is their choice and it really doesn't matter if the application is GPL, AGPL or closed source, but I'm not sure how many people would use such a service. > If we take Google's office apps as an example, you'll notice that you are > not locked into using either the spreadsheet or the word processor. That > isn't because you have source code freedoms (you don't) but because you can > download your files in standard and free formats (OpenOffice). (I think you meant ODF) But if the only option would be some binary and proprietary format *specific* to Google Apps you would be forced to use their service just to open the file on your own computer and we are back at where we are now with MS Office[*]. This is the case I was talking about and the GPL doesn't cover this, AGPL does. > > Also, reading the archives of debian-legal it seems to me the biggest > > concern is whether the requirement of providing the source doesn't put a > > too high *financial* burden (ex. hosting, bandwidth, etc. costs) on > > providers of AGPL webapps. > > Is that even relevant to the DFSG? If the costs of hosting an AGPL webapp are significant it means not everyone will be able to use it, hence not free. [*] Yes, OpenOffice.org and friends can open MS formats, but the support is still not 100% Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: Do Debian's users care about the AGPL?
On Thu, Sep 04, 2008 at 12:58:01PM +0300, Andrei Popescu wrote: [...] > * webapps > - Author writes a spreadsheet program > - some company customizes the program and ads support for an own > proprietary file format, but they will most likely: > o put it up on own servers to generate revenue rather then > o sell it to other service providers > > By using GPL in this scenario, people accessing the service will find > themselves locked-in due to the proprietary file format, while with the > AGPL everybody has a chance to implement support for it. I call bullshit. People are locked into the service because their data exists on the server's filesystem rather than their own, regardless of what format it is in. Having the source code for the service does not change that in any way. The AGPL does not address lock-in at all. If we take Google's office apps as an example, you'll notice that you are not locked into using either the spreadsheet or the word processor. That isn't because you have source code freedoms (you don't) but because you can download your files in standard and free formats (OpenOffice). You can also download presentations as PowerPoint files, and one could argue that that is free since OOo will read it. In my opinion the AGPL leans a little too much toward "I wrote it so you have to do what I say" rather than "share and share alike." I don't believe it will be any more effective in achieving the goals of Free software than the plain old GPL. > Also, reading the archives of debian-legal it seems to me the biggest > concern is whether the requirement of providing the source doesn't put a > too high *financial* burden (ex. hosting, bandwidth, etc. costs) on > providers of AGPL webapps. Is that even relevant to the DFSG? > Regards, > Andrei --Greg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Tue,02.Sep.08, 17:52:57, Jordi Gutiérrez Hermoso wrote: [...] > Do Debian's users care about this sort of legal geekery or is > everything fine as long as AGPLed programs go into non-free? Freeness is not the main reason I stay with Debian, but it is important (currently I have around 20 non-free+multimedia packages installed, including nvidia driver and firmware for my wireless card). Also as an contribution to the discussion of GPL vs. AGPL, in my oppinion we have two different use cases: * classic programs - Author writes a spreadsheet program - some company customizes the program and ads support for a proprietary file format o uses it internally o sell it for revenue The GPL works fine here because whenever the company tries to generate some revenue of their changes they will have to publish the sources (making the file format non proprietary). For webapps the situation is a bit different: * webapps - Author writes a spreadsheet program - some company customizes the program and ads support for an own proprietary file format, but they will most likely: o put it up on own servers to generate revenue rather then o sell it to other service providers By using GPL in this scenario, people accessing the service will find themselves locked-in due to the proprietary file format, while with the AGPL everybody has a chance to implement support for it. Also, reading the archives of debian-legal it seems to me the biggest concern is whether the requirement of providing the source doesn't put a too high *financial* burden (ex. hosting, bandwidth, etc. costs) on providers of AGPL webapps. Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: Do Debian's users care about the AGPL?
On Thu,04.Sep.08, 00:21:11, Mumia W.. wrote: [...] > It's the wrong kind of freedom. It's your freedom to place a constraint on > downstream developers that greatly restricts their ability to make > money from their enhancements of your software. If I would be to choose among different service providers I'd rather choose based on the quality of their service (aka speed, reliability), which is mostly achieved by the hardware infrastructure rather than improvements to the code (a good example here is Google Chrome: they had to write the JavaScript interpreter from scratch to achieve significant speed improvements). Regards, Andrei -- If you can't explain it simply, you don't understand it well enough. (Albert Einstein) signature.asc Description: Digital signature
Re: Do Debian's users care about the AGPL?
On 09/03/2008 08:42 PM, Chris Burkhardt wrote: Steve Lamb wrote: Your idea of "user" is strange to me. Why? They're the ones using the software to provide the service. The person is using the service not the software. If they were using the software they would be running it on their hardware. It is not that hard of a distinction to make. Your definition of "user" seemed backwards to me, because you use the word to describe the service providers rather than the users of the service. But after reading your email, I understand the distinctions you make between the user of the actual software (the service provider) and the user of the remote service. You seem to have a three-entity model of the situation (1) the upstream developer of the software who licenses it to the (2) service provider (who you call the "user" of the software), who allows access to the program remotely to (3) the service users. You are in favor of the upstream developer licensing the software to the service provider by the terms of the GPL, so that the service provider can make improvements to the code, and if they decide to re-destribute that code to another service provider they will include their modifications per the terms of the GPL. But you don't think the service provider should be required to make those changes available to the users of the service. Is that correct? Steve will answer for himself as he always does excellently, but that's what I think. I can understand that. But I would argue that using (interacting with) such a service causes a binary to execute on the remote server, very much like invoking a local binary. The AGPL ensures that modifications to such binaries are contributed back to the community anyway. If I were going to code something like an on-line spreadsheet program, and I don't want a company like Google taking it as a base for their own proprietary program to run their service, Why do you care? then the GPL doesn't help me at all (even though that is the intended goal of the GPL). I need something like the AGPL. Which is why I think the AGPL should be an option and should be considered Free. [...] It's the wrong kind of freedom. It's your freedom to place a constraint on downstream developers that greatly restricts their ability to make money from their enhancements of your software. While I fully agree that you have the right to write software and release it for free and to ensure that the source code be free forever, I don't agree that you can place "that" kind of constraint on your downstream developers. The AGPL should not be considered "free" because it attempts to eliminate a very important kind of freedom: vendor SaaS freedom. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On 09/03/2008 12:34 AM, Chris Burkhardt wrote: Mumia W. wrote: I care. The AGPL is dangerous to Opensource. It is too aggressive and too restrictive. As Opensource becomes more dominant, software-as-a-service (SAAS) will become the primary way for people to make money through software. The AGPL threatens to cut off Opensource from its primary means of acquiring income and maintaining relevance. How does requiring source code be available do anything to hurt the open source movement? Companies and people that protect and promulgate OSS withdraw. I'm pretty sure software-as-a-service doesn't mean "proprietary enhancements to open source software that we don't want to contribute back to the community for competitive/business reasons". In some situations, that's exactly what it is. I am in favor of Opensource because it allows me to be free and to make money, but if Opensource prohibited me from making money, I'd be against it. If you can only make money when you aren't required to make any changes to the source available, how can you claim to be participating in Opensource? By itself, that isn't participating in Opensource, but companies who have proprietary interests in OSS invariably do much more than that. While the most profitable improvements in the software will be kept private, the companies will provide security and many less-profitable patches for free. They also very often provide technical support and bandwidth. The whole goal of the GPL was to prevent companies from taking other people's code, enhancing it, then profiting without sharing those enhancements. The loop hole There is no "loophole"; it's called "vendor SaaS freedom." in that are things like web services where the binary isn't actually distributed. The AGPL closes that loop hole by requiring that source code changes be made available to users of such services. - Chris That was not the goal of the GPL, or the FSF would have removed vendor SaaS freedom from GPLv3. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
>>> Yes, that's the spirit of Free software that the GPL and AGPL tries to >>> enforce. >> AGPL, yes, which is where it oversteps the bounds. The GPL no. If the >> GPL did it there would be no need for the AGPL. And sorry, but when I >> program >> a custom application on my machine for my use and you, in visiting my home >> sit >> down and use that application on my computer does not mean you're a user of >> it. My machine, my application, my code, not distributed, period. The >> moment >> that distinction is lost is the moment my code will probably migrate to a >> "less free" license because it is running roughshod over my freedoms as a >> developer. > > Understandable. Fortunately, the AGPL uses the wording "remotely through a > computer network (if your version supports such interaction)," which implies > that you have intentionally made access to your custom application possible > over > the network. It doesn't require you to do anything in the case of me entering > your home and using your program on your development machine. I just realized that the "remotely through a computer network" doesn't pertain to any situation where the user is sitting in front of the machine (like slot machines and ATMs). So that renders many of our examples moot. Hopefully that makes you feel a little better about the scope of the AGPL. - Chris Burkhardt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Wed, Sep 03, 2008 at 04:52:57PM -0700, Steve Lamb wrote: > On Wed, Sep 03, 2008 at 05:23:06PM -0600, Chris Burkhardt wrote: > > Yes, that's the spirit of Free software that the GPL and AGPL tries to > > enforce. > > AGPL, yes, which is where it oversteps the bounds. The GPL no. If the > GPL did it there would be no need for the AGPL. And sorry, but when I program > a custom application on my machine for my use and you, in visiting my home sit > down and use that application on my computer does not mean you're a user of > it. My machine, my application, my code, not distributed, period. The moment > that distinction is lost is the moment my code will probably migrate to a > "less free" license because it is running roughshod over my freedoms as a > developer. but you see, that's exactly the point -- nobody's forcing you to reveal your software or license it to others in any particular way when it actually is your code. license-tainting is about when you incorporate someone else's code -- someone who wanted to let you use it, but wanted to impose some restrictions. if you don't like the restrictions, then don't use their code. in that way, AGPL is just like GPL or any other license with restrictions. > Correct. The person sitting down in front of the slot machine isn't a > user of the software. They are a user of the service. The user of the > software is the casino. The vendor in this case is the manufacturer of the > slot machine. If you're advocating that the casino should have the source to > the machine then I'd agree with you (even if most gaming boards probably would > not since such software has to be certified as tamper proof). it doesn't matter what you think the definition of a user should be -- what matters is what the person who wrote the code believes. if they only want you to use their code on the condition that you show every user of any service built on it the full source code then that's the condition of the license and, barring a dramatic change in copyright law, those are the only conditions under which you can use it. Anyway, i am not a lawyer, just a software enthusiast, --Rob -- /-\ | "If we couldn't laugh we would all go insane" | | --Jimmy Buffett, | |"Changes in Latitudes, Changes in Attitudes" | \-/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
Steve Lamb wrote: >> Your idea of "user" is strange to me. > > Why? They're the ones using the software to provide the service. The > person is using the service not the software. If they were using the software > they would be running it on their hardware. It is not that hard of a > distinction to make. Your definition of "user" seemed backwards to me, because you use the word to describe the service providers rather than the users of the service. But after reading your email, I understand the distinctions you make between the user of the actual software (the service provider) and the user of the remote service. You seem to have a three-entity model of the situation (1) the upstream developer of the software who licenses it to the (2) service provider (who you call the "user" of the software), who allows access to the program remotely to (3) the service users. You are in favor of the upstream developer licensing the software to the service provider by the terms of the GPL, so that the service provider can make improvements to the code, and if they decide to re-destribute that code to another service provider they will include their modifications per the terms of the GPL. But you don't think the service provider should be required to make those changes available to the users of the service. Is that correct? I can understand that. But I would argue that using (interacting with) such a service causes a binary to execute on the remote server, very much like invoking a local binary. The AGPL ensures that modifications to such binaries are contributed back to the community anyway. If I were going to code something like an on-line spreadsheet program, and I don't want a company like Google taking it as a base for their own proprietary program to run their service, then the GPL doesn't help me at all (even though that is the intended goal of the GPL). I need something like the AGPL. Which is why I think the AGPL should be an option and should be considered Free. >>> Really? So the fact that you're provided access to a custom >>> application means you're a user and thus must have rights to the >>> source code? > >> Yes, that's the spirit of Free software that the GPL and AGPL tries to >> enforce. > > AGPL, yes, which is where it oversteps the bounds. The GPL no. If the > GPL did it there would be no need for the AGPL. And sorry, but when I program > a custom application on my machine for my use and you, in visiting my home sit > down and use that application on my computer does not mean you're a user of > it. My machine, my application, my code, not distributed, period. The moment > that distinction is lost is the moment my code will probably migrate to a > "less free" license because it is running roughshod over my freedoms as a > developer. Understandable. Fortunately, the AGPL uses the wording "remotely through a computer network (if your version supports such interaction)," which implies that you have intentionally made access to your custom application possible over the network. It doesn't require you to do anything in the case of me entering your home and using your program on your development machine. >> I don't think anyone is suggesting that casinos should use AGPL licensed >> software on their slot machines (it would probably make gaming the >> random number generators and so forth too easy). > > Yet some are running on GPL systems now. If those systems migrate to an > AGPL system what happens then. I would suggest the operators of slot machines not migrate their systems in that direction. I'm not arguing that the AGPL makes sense for every software package out there. Some systems just don't lend themselves to openness. > You're right, no one is explicitly advocating > it which is why I said that they are unaware of the ramifications of what they > are pushing. I know that some slot systems run on Linux. Some ATM systems > are utilizing Xen to migrade from OS/2 based applications to Java based > applications. I am aware of at least one in-room entertainment system (Aka, > the software that controls the Tv/PPV Movies in hotels) which is built on top > of Java. Linux, Java and Xen are all FOSS. Every single on of these is > "conveyed" to the end user and thus, under the AGPL, entitles the end user to > the source. Are they under the AGPL now? Of course not. But adcovate the > license and have those systems migrade to it and what happens? What happens when systems migrate to AGPL software? I think vendors and service providers which maintain AGPL software will be under more restrictions to contribute their improvements to the public, and the users (aka: potential service providers) of those services will benefit from those improvements. What do you think will happen? But again, I don't advocate that every program that can be run remotely be licensed by the AGPL. Leave it to the original developer's discretions based on the applications of the program. But reco
Re: Do Debian's users care about the AGPL?
On Wed, Sep 03, 2008 at 05:23:06PM -0600, Chris Burkhardt wrote: > Hi Steve. This is the first of your emails in this thread that I've seen > make it to the list. Probably me not hitting list-reply in mutt and Danial, correctly, trying to bring it back to the list (though it really is a tough judgement call when to do so) > Steve Lamb wrote: > > [...] > > Lets take a simple example, Google's web-based spreadsheet. Who is > > using the software, you or Google? Answer: Google. > Your idea of "user" is strange to me. Why? They're the ones using the software to provide the service. The person is using the service not the software. If they were using the software they would be running it on their hardware. It is not that hard of a distinction to make. > > Really? So the fact that you're provided access to a custom > > application means you're a user and thus must have rights to the > > source code? > Yes, that's the spirit of Free software that the GPL and AGPL tries to > enforce. AGPL, yes, which is where it oversteps the bounds. The GPL no. If the GPL did it there would be no need for the AGPL. And sorry, but when I program a custom application on my machine for my use and you, in visiting my home sit down and use that application on my computer does not mean you're a user of it. My machine, my application, my code, not distributed, period. The moment that distinction is lost is the moment my code will probably migrate to a "less free" license because it is running roughshod over my freedoms as a developer. > I don't think anyone is suggesting that casinos should use AGPL licensed > software on their slot machines (it would probably make gaming the > random number generators and so forth too easy). Yet some are running on GPL systems now. If those systems migrate to an AGPL system what happens then. You're right, no one is explicitly advocating it which is why I said that they are unaware of the ramifications of what they are pushing. I know that some slot systems run on Linux. Some ATM systems are utilizing Xen to migrade from OS/2 based applications to Java based applications. I am aware of at least one in-room entertainment system (Aka, the software that controls the Tv/PPV Movies in hotels) which is built on top of Java. Linux, Java and Xen are all FOSS. Every single on of these is "conveyed" to the end user and thus, under the AGPL, entitles the end user to the source. Are they under the AGPL now? Of course not. But adcovate the license and have those systems migrade to it and what happens? > There is nothing non-Free or > against the DFSG about that. Yes, there is. It oversteps the bounds of the developers and the true users of the software to extend protections to the users of the service. > Remember, the GNU GPL and AGPL are aimed at protecting the freedom of > *users*, not of vendors. Correct. The person sitting down in front of the slot machine isn't a user of the software. They are a user of the service. The user of the software is the casino. The vendor in this case is the manufacturer of the slot machine. If you're advocating that the casino should have the source to the machine then I'd agree with you (even if most gaming boards probably would not since such software has to be certified as tamper proof). > Again, that's a non-intuitive definition of "user". In context of the > AGPL, the user is the person interacting with the software over a network, > not the entity responsible for running the software. Here's an excerpt > from Section 13 of the AGPL: No, it is rather intuative when you ignore the "convey" and focus on who is actually running the software on the hardware they own. In the Google example who owns the hardware? Google. Who is running the software? Google. Who then is the user? Google. Simple. > "Notwithstanding any other provision of this License, if you modify the > Program, your modified version must prominently offer all users > interacting with it remotely through a computer network (if your version > supports such interaction) an opportunity to receive the Corresponding > Source of your version by providing access to the Corresponding Source > from a network server at no charge, through some standard or customary > means of facilitating copying of software." Yup, this moves it down the chain which is why it over steps the bounds. Given that almost everything these days has custom software which is not *distributed* to run on the end user's hardware that is a huge leap in scope; not plugging a hole. > I understand why some people wouldn't want to participate in the Free > software movement (less profit to be found here). But I disagree that it > would be bad for society if the source to things like ATMs were open and > verifiable. I happen to agree with you. I do not share your notion that any joe walking up off the street with an ATM card can demand the software off the ATM machine
Re: Do Debian's users care about the AGPL?
Hi Steve. This is the first of your emails in this thread that I've seen make it to the list. Have you and Daniel been conversing off list, or is something wrong on my end? (I've seen several of Daniel's replies to you, but none of your emails.) Steve Lamb wrote: > [...] > Lets take a simple example, Google's web-based spreadsheet. Who is > using the software, you or Google? Answer: Google. Your idea of "user" is strange to me. > [...] > Really? So the fact that you're provided access to a custom > application means you're a user and thus must have rights to the > source code? Yes, that's the spirit of Free software that the GPL and AGPL tries to enforce. > You do realize how much software you're provided access to but aren't > the user? Let me think off the top of my head of software which > customers of mine have had access to which fall under your overly > broad interpretation of user in the quest for the holy grail of > restricting other people's uses to your narrow definition. > > Room reseveration software. ATM software. Slot machine software > (Btw, you do realize most slots nowadays are computers, right?). > Patron management software (better known as point systems). > Point-of-sale terminals and, by extension, their servers. In-room > entertainment software. Did I miss any portion of a casino that > the customer doesn't touch? I don't think anyone is suggesting that casinos should use AGPL licensed software on their slot machines (it would probably make gaming the random number generators and so forth too easy). But if a casino for some reason DID use a modified form of AGPL licensed software on a slot machine, then yes, the source should be available to any users of that machine under the terms of the AGPL. There is nothing non-Free or against the DFSG about that. Remember, the GNU GPL and AGPL are aimed at protecting the freedom of *users*, not of vendors. > It boils down to this. The casino (and hotel) is using that > software to provide a service to the customer. The customer is > not the user of the software even though they do "use" it. Again, that's a non-intuitive definition of "user". In context of the AGPL, the user is the person interacting with the software over a network, not the entity responsible for running the software. Here's an excerpt from Section 13 of the AGPL: "Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software." > If you close this "loophole" for ASPs then you are, by fiat, also > demanding that any time you use an ATM machine you are using the > software thus have a right to the source code of said software. If > you don't see how that could cause some serious problems for the > adoption of OS tools to be used to build those custom applications > then you really don't understand what's going on nor the motivactions > of why people chose the solutions they do outside of your narrow > mindset. I understand why some people wouldn't want to participate in the Free software movement (less profit to be found here). But I disagree that it would be bad for society if the source to things like ATMs were open and verifiable. - Chris Burkhardt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Wed, Sep 03, 2008 at 05:03:27PM -0400, Daniel Dickinson wrote: > Which is the thing. GPL guarantees freedom the users of the software. > The AGPL says that the user is the one writing the documents with the > software is the user not the one running the code. I agree with the > AGPL on that. Those users have not lost their freedom. That's the distiction people have lost. Lets take a simple example, Google's web-based spreadsheet. Who is using the software, you or Google? Answer: Google. They provide you *access* to that software but you're not the user. Just as if you came into my house, sat down at my computer and then thought just because you are poking at software I've written and allowing you to access gives you any rights to the source. If I distributed that software to you then, yes, you would have rights to it. > I don't follow. If you mean ASP turned to Open Source because they get free > (as in beer) software that don't have to share, then I'd argue that is an > example of a popular loophole, no a robust example of the benefits of libre > software. No, they turned to it because they got free (as in beer) tools for which they could create works which they could *choose* to keep in house if needed. > Jeopardizing ensuring rights of user to control their own software is > restricting freedom? I don't think so. Of course we disagree on who the > user is, so I mean a different thing by that then you. Exactly so. The implications are far more profound than you think when we take your definition of "user". > I disagree with you interpretation of the license in this regard, and I > probably disagree with your definition of freedom as well. The definition > of freedom as shown in the GPL and AGPL are what counts here, and opinion of > which definition of user is accurate. Really? So the fact that you're provided access to a custom application means you're a user and thus must have rights to the source code? You do realize how much software you're provided access to but aren't the user? Let me think off the top of my head of software which customers of mine have had access to which fall under your overly broad interpretation of user in the quest for the holy grail of restricting other people's uses to your narrow definition. Room reseveration software. ATM software. Slot machine software (Btw, you do realize most slots nowadays are computers, right?). Patron management software (better known as point systems). Point-of-sale terminals and, by extension, their servers. In-room entertainment software. Did I miss any portion of a casino that the customer doesn't touch? It boils down to this. The casino (and hotel) is using that software to provide a service to the customer. The customer is not the user of the software even though they do "use" it. Same thing for ASP. That is why the S is *S*ERVICE. If you close this "loophole" for ASPs then you are, by fiat, also demanding that any time you use an ATM machine you are using the software thus have a right to the source code of said software. If you don't see how that could cause some serious problems for the adoption of OS tools to be used to build those custom applications then you really don't understand what's going on nor the motivactions of why people chose the solutions they do outside of your narrow mindset. > [snip off-topic political commentary, some of which is right and some which > isn't] Tsk, it's all correct. -- Steve C. Lamb | I'm your priest, I'm your shrink, I'm your PGP Key: 1FC01004 | main connection to the switchboard of souls. ---+- signature.asc Description: Digital signature
Re: Do Debian's users care about the AGPL?
On Wed, 03 Sep 2008 00:30:10 -0700 Steve Lamb <[EMAIL PROTECTED]> wrote: > Daniel Dickinson wrote: > > On Tue, 02 Sep 2008 22:14:48 -0700 > > Steve Lamb <[EMAIL PROTECTED]> wrote: > > >> Daniel Dickinson wrote: > >>> Why should it be non-free? It's not, it should be in main! > >> Probably because it goes way too far? I'm sorry, but the GPL > >> is clear. If you distribute the code. No code is distributed > >> here. The code runs *there*. People call this a loophole. I > >> call those people > > > It's a loophole. As a I developer I'll be choosing the GPL because > > it means that if someone takes my code and modifies their changes > > flow back to the original project (whether still developed my > > myself or not, hopefully by a community in any event), so that > > others can benefit from it. Not making the changes flow back is > > known as 'free riding'. > > > If a company can take my work, make proprietary enhancement > > (including, say, a new proprietary file format), and profit from it > > I wouldn't be happy. That's not why I contribute to open source. > > I'm not just giving my stuff away, I'm giving it away on the > > condition you give back if you make changes to my stuff. > > Then you've missed the point of the GPL. I hate to break it to > you but it is perfectly legal under the GPL for a company to take > your code, make modifications to it, and turn a profit on that. The > only caveat is that *if* they distribute it they have to also > distribute the source. If they don't distribute it, if they keep it > in house, they are under no obligation to distribute that source to > other people because those other people are not using it. I'm aware of that. The GPL isn't perfect, it's just the closest thing to doing what I want. In practical reality once you make sure that users of the software have the right to changes, most users who want to make changes find it in their best interest to collaborate with the community than develops the software. > > Short form. Code runs on their machines and only their machines, > no need to redistribute the code. Which is the thing. GPL guarantees freedom the users of the software. The AGPL says that the user is the one writing the documents with the software is the user not the one running the code. I agree with the AGPL on that. > ASP is applications running on their machine. Some people call > this a "loophole". I call it the very reason many companies have > turned to Open Source for many of their needs in the first place. I don't follow. If you mean ASP turned to Open Source because they get free (as in beer) software that don't have to share, then I'd argue that is an example of a popular loophole, no a robust example of the benefits of libre software. > Jeopardizing that is restricting freedom. It does it in the very Jeopardizing ensuring rights of user to control their own software is restricting freedom? I don't think so. Of course we disagree on who the user is, so I mean a different thing by that then you. > same way that many collectivists have done over the years. "We're > all one big happy family and we share. If you don't share we'll MAKE > you share whether you want to OR NOT!" The problem is the words in > caps. Freedom isn't just about the happy-go-lucky moments but also > the moments when someone goes against your grain. I disagree with you interpretation of the license in this regard, and I probably disagree with your definition of freedom as well. The definition of freedom as shown in the GPL and AGPL are what counts here, and opinion of which definition of user is accurate. [snip off-topic political commentary, some of which is right and some which isn't] -- And that's my crabbing done for the day. Got it out of the way early, now I have the rest of the afternoon to sniff fragrant tea-roses or strangle cute bunnies or something. -- Michael Devore GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org The C Shore: http://www.wightman.ca/~cshore signature.asc Description: PGP signature
Re: Do Debian's users care about the AGPL?
On Tue, 02 Sep 2008 22:14:48 -0700 Steve Lamb <[EMAIL PROTECTED]> wrote: > Daniel Dickinson wrote: > > Why should it be non-free? It's not, it should be in main! > > Probably because it goes way too far? I'm sorry, but the GPL is > clear. If you distribute the code. No code is distributed here. The > code runs *there*. People call this a loophole. I call those people It's a loophole. As a I developer I'll be choosing the GPL because it means that if someone takes my code and modifies their changes flow back to the original project (whether still developed my myself or not, hopefully by a community in any event), so that others can benefit from it. Not making the changes flow back is known as 'free riding'. If a company can take my work, make proprietary enhancement (including, say, a new proprietary file format), and profit from it I wouldn't be happy. That's not why I contribute to open source. I'm not just giving my stuff away, I'm giving it away on the condition you give back if you make changes to my stuff. Let's say Google was developed mostly open source but had proprietary enhancements and that's what made the money. As the open source developer I wouldn't be happy because the reason I developed open source was so that it would be a community project, not one which was taken private. Google would be able to do that because the search engine is a web service. There's more to Google than just software of course, and they didn't just grab open source code, but I think you can see my point. It's a loophole that a service such as Google wouldn't be required to share their changes just because the don't 'distribute' programs in the traditional sense even though they are clearly distributing the effort. In Google's case they're distributing they're own work, but one can easily image being the developer of a web-based app or service that becomes popular, but for which the primary company making money isn't contributing back the project that made their success possible because the loophole they're not considered a distributed because they're not installing software on another person's computer > envious of other people's talents. If anyone thinks that > applications are going to run there and display here let's remember > that's where computing started (mainframes) and it has steadily > migrated more here than there ever since. It is to the point now > where I regularly run 1 OS on the metal and another in a VM on a > regular basis. Yes, the web has moved some of processing over there > but I seriously doubt millions of people are going to do most of > their processing on other people's servers over which they have > little to no control. I hope you're right. I certainly wouldn't be happy about being forced to use web apps for my own stuff because I want control over my stuff. > But hey, I'm not clairvoyant, I could be wrong. Google might > just be the new evil empire with all the gung-ho applications running > on a kabillion servers to meet the demand. Of course given their > poor attempt at a Firefox clone they just released and the poor > performance of their on-line office & email compared to local > applications I think we're safe for another decade from ASP hell. I > mean I first heard that we were going to all be using applications on > web pages for everything in the late 90s. Heh. Well I know I'm skeptical too, but it does seem to be where everyone wants to go (why, I don't know). Regards, Daniel -- And that's my crabbing done for the day. Got it out of the way early, now I have the rest of the afternoon to sniff fragrant tea-roses or strangle cute bunnies or something. -- Michael Devore GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org The C Shore: http://www.wightman.ca/~cshore signature.asc Description: PGP signature
Re: Do Debian's users care about the AGPL?
> I care. The AGPL is dangerous to Opensource. It is too aggressive and > too restrictive. As Opensource becomes more dominant, > software-as-a-service (SAAS) will become the primary way for people to > make money through software. The AGPL threatens to cut off Opensource > from its primary means of acquiring income and maintaining relevance. How does requiring source code be available do anything to hurt the open source movement? I'm pretty sure software-as-a-service doesn't mean "proprietary enhancements to open source software that we don't want to contribute back to the community for competitive/business reasons". > I am in favor of Opensource because it allows me to be free and to make > money, but if Opensource prohibited me from making money, I'd be against > it. If you can only make money when you aren't required to make any changes to the source available, how can you claim to be participating in Opensource? The whole goal of the GPL was to prevent companies from taking other people's code, enhancing it, then profiting without sharing those enhancements. The loop hole in that are things like web services where the binary isn't actually distributed. The AGPL closes that loop hole by requiring that source code changes be made available to users of such services. - Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
Jordi Gutiérrez Hermoso wrote: > Sometimes I get the feeling that Debian's users and Debian's > developers live in separate worlds. > > There's currently a long thread in d-legal over the AGPL. One DD has > expressed reservations towards the AGPL to the point where she has > decided not to package a certain program covered by the AGPL. Here's the web archive of the thread for anyone interested: http://lists.debian.org/debian-legal/2008/08/msg00045.html > Do Debian's users care about this sort of legal geekery or is > everything fine as long as AGPLed programs go into non-free? I think caring about legal geekery is one reason many Debian users are Debian users. As a user (potential developer) I appreciate the AGPL's extra restrictions guaranteeing that I will benefit from improvements made to the program even if I only use it remotely. Of course, that comes at a cost for the maintainers of a service based on an AGPL'd program, but hopefully that was something they examined and accounted for in setting up the service. I see nothing in the AGPL which is in any way against the DFSG, so I'd like to see AGPL licensed programs in main. It's certainly trying its best to keep the spirit of Free software alive even for binaries which are executed by end-users but not distributed. I like the idea. - Chris Burkhardt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On 09/02/2008 05:52 PM, Jordi Gutiérrez Hermoso wrote: Sometimes I get the feeling that Debian's users and Debian's developers live in separate worlds. There's currently a long thread in d-legal over the AGPL. One DD has expressed reservations towards the AGPL to the point where she has decided not to package a certain program covered by the AGPL. Good idea. Do Debian's users care about this sort of legal geekery or is everything fine as long as AGPLed programs go into non-free? Curious, - Jordi G. H. I care. The AGPL is dangerous to Opensource. It is too aggressive and too restrictive. As Opensource becomes more dominant, software-as-a-service (SAAS) will become the primary way for people to make money through software. The AGPL threatens to cut off Opensource from its primary means of acquiring income and maintaining relevance. The AGPL might also split the OSS community into opposing camps with results which are likely to be more painful and harmful in the long-term than the Gnome/KDE war. I am in favor of Opensource because it allows me to be free and to make money, but if Opensource prohibited me from making money, I'd be against it. Of course, I am of no importance to you, but consider that Google, IBM, Redhat, Sun, Yahoo, and thousands of other companies are in the same situation. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Do Debian's users care about the AGPL?
On Tue, 2 Sep 2008 17:52:57 -0500 "Jordi Gutiérrez Hermoso" <[EMAIL PROTECTED]> wrote: > Sometimes I get the feeling that Debian's users and Debian's > developers live in separate worlds. > > There's currently a long thread in d-legal over the AGPL. One DD has > expressed reservations towards the AGPL to the point where she has > decided not to package a certain program covered by the AGPL. > > Do Debian's users care about this sort of legal geekery or is > everything fine as long as AGPLed programs go into non-free? > > Curious, > - Jordi G. H. > > Why should it be non-free? It's not, it should be in main! -- And that's my crabbing done for the day. Got it out of the way early, now I have the rest of the afternoon to sniff fragrant tea-roses or strangle cute bunnies or something. -- Michael Devore GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org The C Shore: http://www.wightman.ca/~cshore signature.asc Description: PGP signature
