The falsehoods of anti-AGPL propaganda July 27, 2020 on Drew DeVault's blog

Google is well-known for forbidding the use of software using the GNU Affero General Public License, commonly known as “AGPL”. Google is also well-known for being the subject of cargo-culting by fad startups. Unfortunately, this means that they are susceptible to what is ultimately anti-AGPL propaganda from Google, with little to no basis in fact.

Obligatory: I’m not a lawyer; this is for informational purposes only.

In truth, the terms of the AGPL are pretty easy to comply with. The basic obligations of the AGPL which set it apart from other licenses are as follows:

If you’re using AGPL-licensed software like a database engine or my own AGPL-licensed works, and you haven’t made any changes to the source code, all you have to do is provide a link to the upstream source code somewhere, and if users ask for it, direct them there. If you have modified the software, you simply have to publish your modifications. The easiest way to do this is to send it as a patch upstream, but you could use something as simple as providing a tarball to your users.

The nuances are detailed and cover many edge cases to prevent abuse. But in general, just publish your modifications under the same AGPL terms and you’ll be good to go. The license is usually present in the source code as a COPYING or LICENSE file, so if you just tar up your modified source code and drop a link on your website, that’s good enough. If you want to go the extra mile and express your gratitude to the original software developers, consider submitting your changes for upstream inclusion. Generally, the feedback you’ll receive will help to make your changes better for your use-case, too; and submitting your work upstream will prevent your copy from diverging from upstream.

That’s pretty easy, right? I’m positive that your business has to deal with much more onerous contracts than the AGPL. Then why does Google make a fuss about it?

The Google page about the AGPL details inaccurate (but common1) misconceptions about the obligations of the AGPL that don’t follow from the text. Google states that if, for example, Google Maps used PostGIS as its data store, and PostGIS used the AGPL, Google would be required to release the Google Maps code. This is not true. They would be required to release their PostGIS patches in this situation. AGPL does not extend the GPL in that it makes the Internet count as a form of linking which creates a derivative work, as Google implies, but rather that it makes anyone who uses the software via the Internet entitled to its source code. It does not update the “what counts as a ‘derivative work’” algorithm, so to speak — it updates the “what counts as ‘distributing’ the software” algorithm.

The reason they spread these misconceptions is straightforward: they want to discourage people from using the AGPL, because they cannot productize such software effectively. Google wants to be able to incorporate FOSS software into their products and sell it to users without the obligation to release their derivative works. Google is an Internet company, and they offer Internet services. The original GPL doesn’t threaten their scheme because their software is accessed over the Internet, not distributed to end-users directly.

By discouraging the use of AGPL in the broader community, Google hopes to create a larger set of free- and open-source software that they can take for their own needs without any obligations to upstream. Ask yourself: why is documentation of internal-facing decisions like what software licenses to use being published in a public place? The answer is straightforward: to influence the public. This is propaganda.

There’s a bizarre idea that software companies which eschew the AGPL in favor of something like MIT are doing so specifically because they want companies “like Google2” to pay for their software, and they know that they have no chance if they use AGPL. In truth, Google was never going to buy your software. If you don’t use the AGPL, they’re just going to take your software and give nothing back. If you do use the AGPL, they’re just going to develop a solution in-house. There’s no outcome where Google pays you.

Don’t be afraid to use the AGPL, and don’t be afraid to use software which uses the AGPL. The obligations are not especially onerous or difficult, despite what Google would have you believe. The license isn’t that long — read it and see for yourself.

  1. Likely common because of this page. ↩︎

  2. By the way, there are no more than 10 companies world-wide which are “like Google” by any measure. ↩︎

Have a comment on one of my posts? Start a discussion in my public inbox by sending an email to ~sircmpwn/ [mailing list etiquette]

Articles from blogs I read Generated by openring

Share your feedback about developing with Go

Help shape the future of Go by sharing your thoughts via the Go Developer Survey

via The Go Blog January 18, 2023

Status update, January 2023

Hi all! This month’s status update will be lighter than usual: I’ve been on leave for a while at the end of December. To make up for this, I have some big news: we’ve released Sway 1.8! This brings a whole lot of improvements from wlroots 0.16, as well as som…

via emersion January 16, 2023

SourceHut will (not) blacklist the Go module mirror

Update 2023-01-31: Russ Cox of the Go team reached out to us to address this problem. After some discussion, an acceptable plan was worked out. The Go team is working on deploying an update to the “go” tool to add a -reuse flag, which should substantially re…

via Blogs on Sourcehut January 9, 2023