A plea for an open source cloud copyleft license

Is the AGPL-3.0 (or-later) license an effective cloud copyleft license? Does it do the trick of keeping community open source free and the competition away from commercial open source? I tried getting an answer to this question from the OSI’s license-discuss mailing list. Sadly, the answer appears to be: Probably not.

Why do I care? Because without an effective cloud copyleft strategy, there may be no venture-capital backed open source and hence no benefit to society any more. So bear with me.

When it comes to copyleft licenses, you need to determine two things: What is covered by the license, and when does the copyleft effect trigger? For the AGPL, the trigger is clear: If a user is using covered code, they have a right to receive the corresponding source code. But what is covered code? Covered code is not only changed source code lines, but covered code is also client code. That’s because the interface symbols of the AGPL-licensed code (which are copyrighted) travel into the client code, making it covered code.

I am not a lawyer, this is not legal advice, and everyone I asked pulled their feet. Still, in a nutshell: In a cloud context it is not clear whether the copyleft effect travels across boundaries like command line interfaces or container images. Can you program a dual-licensed shim that effectively just renames function calls? German lawyers tell me that such circumvention techniques won’t fly in court, but the hyperscalers seem to think otherwise and suggest they can avoid the copyleft effect and use AGPL-licensed code in their services without regret.

Using the AGPL license for core code used to be a key strategy of single-vendor open source firms. The expectation was that competitors would not use the AGPL-licensed code and leave the vendor alone. Alas, this does not match the AGPL interpretation given above. As a consequence, vendors are relicensing to source-available licenses, which are licenses that basically disallow competition, thereby making the license not an open source license.

It is not only established startups. It is fresh-out-the-door startups as well who choose source-available licenses rather than open source licenses. New startups, which in the past would have chosen a single-vendor open source strategy, are dissing open source alltogether, because there is no effective license for them to enact a working open source business strategy with.

With no effective cloud copyleft license, venture capital funding is increasingly being spent on source-available code rather than open source code. This is such a loss to society. We need an effective cloud copyleft license now to ensure venture capital keeps being spent on open-source software development.

Posted on

2024-07-11

1. Software Industry, 1.2 Open Source (Industry)

Newsletter subscription

Comments

Chad Whitacre

2024-07-11

Hey, Dirk. 👋 Delayed Open Source publication (DOSP) aka eventual Open Source seems to me to be a great compromise to resolve the tension you identify here. Through licenses such as FSL[1], a non-compete that converts to Apache or MIT after two years, venture capitalists get a head start to incentivize investment, while the community is assured of a forkable product once it’s valuable enough to be worth forking.

OSI published a whitepaper on DOSP at the beginning of the year[2]. Now some of us are launching a new term, Fair Source[3] (more focused than source-available, and less of a mouthful than “single-vendor commercial open source” 😉 to popularize eventual Open Source.

What downsides do you see with this approach?

—

[1] https://fsl.software/

[2] https://opensource.org/dosp

[3] https://fair.io/

Reply
1. Dirk Riehle
  
  2024-07-11
  
  It makes sense, but it is also complicated to explain. The beauty of plain open source is no buts and ifs and people don’t get sent on tangents and speculating about motives.
  
  Reply