We had long discussions on this topic, over the (now archived) #legal channel. I believe you were probably following our conversation at that time. Here are some of the most relevant, recent transcripts, for everyone’s benefit:
I was hoping for a license that:
- Guarantees that we get changes back as long as someone is distributing the software or hosting it as a “service”, unless for private/internal use. I.e. someone launches a competing website using our software, I want to see and be able to use their modifications to the code.
- Is not so viral so as to require that every other piece of their software is released under the same license.
So far I want your input. Is that sensible on my part?
I was previously suggesting the GPLv2, but it does not fully cover 1).
After looking for an existing alternative (that is, not involving changing or adapting any existing license, to make it either more permissive or more restrictive), up until now what I have found is the AGPL (GNU Affero GPL), but it does not satisfy 2) in full.
Thus, at this point I’m considering something like this:
Licensing the web application itself, which will be an “ASP.NET Core Web Application”, as AGPL;
Licensing the core parts that will service the web application also as AGPL;
Licensing the WEB API parts, as well as any other non-core “library”, with a more permissive license (could be the MIT, or Apache).
Anyway, just want to share one link.
MongoDB is licensed under the AGPL, and interestingly, its licensing page says the following:
“To make the above practical, we promise that your client application which uses the database is a separate work. To facilitate this, the mongodb.org supported drivers (the part you link with your application) are released under Apache license, which is copyleft free.”
AGPL says others cannot improve MongoDB privately, then offer services based on their “enhanced versions,” without at least making those improvements available to MongoDB, Inc. (among others).
The AGPL is a response to criticism in the open source community that many cloud operators, Internet service providers, and some HPC and financal industry shops devote enormous resources to tuning, tweaking, and improving their open source deployments, yet because they never “distribute” products based on the code, are effectively immune to copyleft.
Distribution is the triggering event for when you have to share your improvements under GPL, yet many large, technically- and economically-important organizations are exempt from that. “Not fair!” thought the open source community. “You’re taking advantage of our work, yet making limited or marginal contributions back to the community!”
– Jonathan Eunice
Just to be clear, the parts that I would like to have a stronger copy-left over would be those I circled in red (free-hand of course)
p.s. This is just an architectural DRAFT .
Note: An updated version of the diagram (still not final) is available here!
One important thing to keep in mind: It might be generally better to get started using a more restrictive license, that can be replaced with a more permissive one later (with the reasonable assumption that the contributors would consent), than to start off with a permissive license and decide to change it later to a less permissive one.
The reason is that, if we change to a more restrictive license, all of the code that was made available up to that point will remain available under the previous permissive license. (technically, they will be subject to dual licensing, until modified).
@ArtOfCode, most (but not all) of our preliminary discussions regarding the license for our software happened here on this channel. I would appreciate if you’d be willing to read over the most recent bits of the discussion, starting from here: https://discordapp.com/channels/634104110131445811/634477326553579580/637167654469369893, and offer your commentary about it.
Considering the architecture draft proposal, from my part I woud like that at least the Business Logic layer and the Web Application layer are released under a license that offers a strong guarantee that we, and the rest of the community, can get the source code even in case of hosting-but-not-distributing (with the exception of personal or internal use).
That would be achieved by choosing the AGPL license (afaik) or some sort of similar, custom license (don’t know if there exists a similar alternative already).With some sort of provision for the developers to be able to change the license later to a more permissive one.
coming back to licenses… some thoughts
I’m personally always partial to MIT, because I like being permissive, but that’s often at odds with good business
I’ve used AGPL for similar kinds of projects before, though - when we wrote an emergency dispatch system for Irma, we licensed that as AGPL because we wanted to be sure we’d get changes back.
Now, IANAL, but my understanding is that we could use AGPL for the whole application and be fine - no need to use a split license as @Marc.2377 suggested above.
Correct me if I’m wrong, @Marc.2377 - it seems like you were thinking we license the API as something permissive so that folks using the API don’t have to AGPL-license their own software? My understanding is that we can avoid that even if we do use AGPL - it can be argued that API users are not creating a derivative work of the software because they’re using the data it contains not the software itself - and further, we can shore up that position by explicitly stating (probably in the API docs or in the README) that we do not consider such use to create a derivative work.
That statement would effectively serve to say “you can use the API and we won’t sue you if you don’t use the AGPL”.
@ArtOfCode. The reason I suggested a more permissive license for the API parts is that I was facing strong opposition from other members in the discussion, in that people in the community would refrain from using the software at all (and contributing to it) if the license was too restrictive.
So my approach would be to strong-copyleft-license the parts that I care most about getting changes back, but not all of the components.
I mean, I’m totally fine with someone making improvements to the public API and not sharing them if they prefer.
(for some reason)