Is the AGPL-3.0 (or-later) license an effective cloud copyleft license? Does it do the trick of keeping community open source free and the competition away from commercial open source? I tried getting an answer to this question from the OSI’s license-discuss mailing list. Sadly, the answer appears to be: Probably not.
Why do I care? Because without an effective cloud copyleft strategy, there may be no venture-capital backed open source and hence no benefit to society any more. So bear with me.
When it comes to copyleft licenses, you need to determine two things: What is covered by the license, and when does the copyleft effect trigger? For the AGPL, the trigger is clear: If a user is using covered code, they have a right to receive the corresponding source code. But what is covered code? Covered code is not only changed source code lines, but covered code is also client code. That’s because the interface symbols of the AGPL-licensed code (which are copyrighted) travel into the client code, making it covered code.
I am not a lawyer, this is not legal advice, and everyone I asked pulled their feet. Still, in a nutshell: In a cloud context it is not clear whether the copyleft effect travels across boundaries like command line interfaces or container images. Can you program a dual-licensed shim that effectively just renames function calls? German lawyers tell me that such circumvention techniques won’t fly in court, but the hyperscalers seem to think otherwise and suggest they can avoid the copyleft effect and use AGPL-licensed code in their services without regret.
Using the AGPL license for core code used to be a key strategy of single-vendor open source firms. The expectation was that competitors would not use the AGPL-licensed code and leave the vendor alone. Alas, this does not match the AGPL interpretation given above. As a consequence, vendors are relicensing to source-available licenses, which are licenses that basically disallow competition, thereby making the license not an open source license.
It is not only established startups. It is fresh-out-the-door startups as well who choose source-available licenses rather than open source licenses. New startups, which in the past would have chosen a single-vendor open source strategy, are dissing open source alltogether, because there is no effective license for them to enact a working open source business strategy with.
With no effective cloud copyleft license, venture capital funding is increasingly being spent on source-available code rather than open source code. This is such a loss to society. We need an effective cloud copyleft license now to ensure venture capital keeps being spent on open-source software development.
Leave a Reply