this post was submitted on 21 Mar 2024
304 points (93.4% liked)
Programming
17416 readers
104 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Irrespective of debates on what the definition of "open source software is" or who gets to define it, it is very clear that the SSPL is not a FOSS -- free and open source license -- and that's a shame. Sure, open source still means we can look at the source code, but we do not have the full freedoms to use the code for any purpose. You might retort "but I'm not a aaS provider" so my rights aren't affected.
But that's the thing: the erosion of free software rights is never the end, but then beginning of the end. Much like free speech, such rights must be jealously guarded. Need I mention what happens when there's no one left to speak up?
That some users of Redis never contributed back to the project is beside the point: truly free software is free as in libre: if you want thanks for your work, release it as freemium or some other license. But a FOSS license like BSD-3 has always been thankless and the OSI is correct in calling out the SSPL for not meeting the OSI's Open Software Definition's anti-discrimination clause, nor the FSF's zeroth freedom, amongst four.
Free means free. AGPL is free. But SSPL carves out an exception, making it not free. No amount of sweet talking changes this reality.
SSPL doesn't carve out an exception, it just has clauses that are difficult for SaaS providers to meet.
By the same argument, wouldn't GPL and other copyleft licenses be considered non-free as well since you are not free to do whatever you want with the source? For example, incorporating it into a proprietary project, refusing to provide the source to users upon request, or not disclosing attribution, etc. The latter would even go against the terms of permissive licenses.
Clearly defining what free, and by extension FOSS, means is very relevant.
There are two concepts at play here: open-source and free software. An early example of open-source is AT&T Research UNIX, which was made source-available (for a few) to universities for research purposes, who could recompile the code and use the binaries for that purpose. Here, the use of the software is restricted by the license terms.
On the free software side, as a reimplementation if the Unix software utilities -- ie all the programs like tar, ps, sh -- GNU coreutils is GPL licensed, meaning any use of the compiled binaries is allowed, but there are restrictions on the distribution, of both source and binaries. As it turns out, GPL is both free and open-source (FOSS); there are fewer major examples of free but non-open source, but WinRAR and nVidia drivers on Linux would count.
Specifically, GPL and other copyleft licenses require that if you distribute the binary, you must make the source available under the same terms. If you've made no changes, then this is as simple as linking to the public source code repo. If you did add or remove code, you must release those alongside the binaries. If you simply use the binaries internally, you don't need to release anything at all, and can still use them for any internal purpose.
From the background above, free software has always been understood to mean the freedom to use software, not necessarily distribute it. GPL complies with that definition for using the software, but also enforced a self-perpetuating distribution requirement. Unlike plain ol free software, under GPL, you must redistribute source if you distribute the software for use (aka binaries), and you must make that source also GPL.
Under this explanation, the AGPL wouldnt qualify as an open source license, since you must distribute the source if you provide a modified version as a network service.
I'm not quite sure I follow. The AGPL mirrors the GPL, with an extra proviso that accessing the software via the network constitutes "use" if the binary, not "distribution" of the binary. Under GPL, the mere use of a binary does not require the availability of source.
Example: a student uses a GNU/Linux computer at their university computer lab. She runs the unmodified "tar" command from GNU Coreutils, which is GPL licensed. She is not entitled to a copy of the source from the university, because execution is a "use" of the binary on an already-provisioned machine, not a "distribution" of the binary.
Example: a student is given a software assignment from her professor, along with a .7z file containing old versions of "tar" that contain bugs, all GPL licensed. This is a distribution -- as in, a copy -- of the binary, so she is entitled to a copy or link to the source from her professor.
The first example helps explain what the AGPL adds, in the context of network use. Consider what happens if the university actually modified the "tar" command installed on their machines. They still would not have to distribute the modified source to the students, because students only execute ("use") the binaries. But with AGPL, use of modified software obliges source distribution.
Phrased another way, AGPL has every guarantee that GPL does, but adds another obligation for modified use via a network. Unmodified use does not require source distribution, under both GPL and AGPL.
This is the most pretentious thing I have read in a long while. Imagine comparing the holocaust to a copy left software license that mega corps find less profitable.
That may be but it is the best course of action to have it free for people to use and if you get to a certain size you have to pay for that shit. That is just fair.
Like pirating music and games when you are poor and then buy those things at a later date when you got the means for it.
Giving a company like Amazon who forbids their employees to piss crucial infrastructure for free ist just a slap in the face of decency.
I think there has to be a change in philosophy. It is free as long as you can't afford it. But as soon as you can afford it you have to pay. And if your company uses it to operate and generate money then the project has a right to an percentage of that money.
Everything else is just not feasible in the long run. As we see time and time again.
One of the drawbacks of software licensing with community projects -- although there are some (controversial) ways to sidestep this -- is that the license needs to be selected at the onset of the project, and you'd have to have everyone agree to that license or change the license.
If all the initial parties agree to use a FOSS license, they and all subsequent contributors under that license cannot complain that someone is actually employing that software per the terms of the license. A project might choose FOSS because they want to make sure the codebase only dies when it disappears from the last developer's disk.
If instead, the initial parties decided on some sort of profit-sharing license -- I don't know one of the top of my head -- then they and future contributors cannot complain if no business wants to use the software, either because FOSS competitors exist or because they don't like the profit split ratio in the license. If that ratio is fixed in the license, the project could die from lack of interest, since changing the license terms means everyone who contributed has to agree, so a single hardliner will doom the already-written code to obscurity.
The sidestep method -- which is what appears to have been used by Redis to do this relicensing to the SSPL -- is that all contributors must sign a separate agreement giving Redis Inc a stake in your contribution's copyright. This contributor agreement means any change to the Redis codebase -- since its inception? Idk -- has been dual-licensed: AGPL to everyone, and a special grant to Redis Inc who can then relicense your work to everyone under a new license.
Does the latter mean Redis Inc could one day switch to a fully-closed source license? Absolutely! That's why this mechanism is controversial, since it gives the legal entity of the project all the copyright powers, to level-up to FOSS or level-down to proprietary. Sure, you can still use the old code under the old license, but that's cold comfort and is exactly why hard forks of Redis are becoming popular right now.
In short, software projects have to lay out their priorities at the onset. If they want enduring code, that's their choice. If they want people to pitch in a fair share, that's fine too. But that choice entails tradeoffs, which they should have known from the start. Some mechanisms allow the flexibility to change priorities in the future, but it's a centralized, double-edge sword.