It seems like AGPLv3 won by a slim margin, and as a donator I was unaware of the voting and would have voted Apache. Since the desire was to make the selection democratic they should have sent an email with a title along the lines of 'vote request / help us choose the mailpile license'.
I'm sorry you missed our announcements - we did send an e-mail to everyone who donated $23 USD or more, inviting them to our community voting platform. We tweeted and blogged, it was mentioned on Facebook... we used all the channels we have and overall I've been very happy with community response.
There will be other votes in the future, so please follow us on Twitter or subscribe to our blog's RSS if you're interested. And thank you for your support! :-)
Regarding the election; as I mentioned in the post, I have been following the ratios since elections started. The ratios have been pretty stable the whole time; for every Apache vote there were roughly 1.05 AGPLv3 votes... I think it's unlikely that better outreach would have changed things. A broader and more lively debate might have, but given our limited resources we weren't able to stoke that particular fire any more than we did.
In every election ever made that has ended with a slim margin, people will reflect backwards and wished that they had been better informed or made more aware about the vote. Its kind of human behavior to wish that you could go back in time in order to do a small change and have a large impact, but so long there is statistically significant amount of voters, for everyone person that would go back and vote apache there would be an 1.06 of AGPLv3 voters that would also have not been as aware about the voting and would have voted AGPLv3.
That said, 16.5% voting participation is a bit on the low end. My guess is that it mostly reflect those who reads the Mailpile blog, are active in the development, or are active in places like HN/conferences where news about the vote has been announced several times.
Recently in my projects I've gone to AGPL with a linking exception for unmodified versions. For me I think it's the right balance between freedom for users and freedom for developers (while they may be making proprietary software based on libre software, they're encouraged by the license terms to help sustain the the main project).
It's basically the GNU Classpath wording, but I had to modify it slightly to achieve my goals [1]. Part of the wording about the objective (the first sentence) was shamelessly borrowed from the Mattermost project [2]. GNU Classpath is more permissive in that its exception applies to modified versions too [3].
Keep in mind the custom wording will make it harder for some companies to use your code, since accepting additional licenses can require lawyer approval. This adds value to choosing one of the common licenses over crafting a similar fork.
LGPL predates the classpath exception by quite a while, and doesn't serve the same purpose at all.
The classpath exception is intended to cause the target software to not have a license change just because it used a certain runtime library (classpath).
The LGPL has different aims entirely (around allowing library components for software).
Essentially, the classpath exception was written for programming language runtime libraries (and is thus the basis of what later became the gcc runtime library exception).
The LGPL was written for random library software, and started out much earlier than the classpath exception (by a decade or two).
I've been following this project for a while now and I'm impressed with the transparency around the decision making process. I'm looking forward to seeing what comes next.
This is the first time I've read about it, but I too was impressed by the leadership. I also must say that I'm pleased with the outcome of this election.
So in the end he didn't actually explain, why he chose AGPLv3. "Because I think it is the right license for this project". Of course he does: otherwise he wouldn't chose it. Essentially it translates to "I chose it because I chose it".
But why? If I would participate in the voting I would probably skim both, look at Wikipedia and some of these "license explained" projects, but I doubt it would be enough to be sure my vote is the right one whatever election result will be in the end. What it actually means for the project to take this or that stand?
I wonder, how many people who actually voted where thinking something like this? Maybe it would be better if anybody who knows for himself which decision is right would share his opinion explicitly. Who knows, maybe the voting result wouldn't look so "divided" after such a discussion.
> he didn't actually explain, why he chose AGPLv3.
He did.
> "Because I think it is the right license for this project".
That's the introduction sentence of that section. He then goes into more detail. Did you skip the last 3 paragraphs?
---------------
Mailpile is a project about freedom. It is not a popularity contest or a startup, it's not "industry infrastructure", nor does it aim to be. Mailpile is a political project which aims to improve the privacy and digital independence of individuals everywhere.
The Apache License is a wonderful thing, an open, generous, pragmatic, apolitical license. The AGPLv3 on the other hand, is a political and ethical line in the sand.
Yes, this is exactly right. If you want to write free software just use a nice license like MIT, BSD, Apache, Eclipse etc. Why would you want to force your views on people?
The whole point of Mailpile is to take your data off the cloud and control it yourself. It is explicitly and deliberately anti-cloud. If the license makes it nearly impossible for others to use Mailpile as part of a cloud-based platform, the developers probably consider it a feature, not a bug.
If there's any program for which AGPL is an appropriate license, Mailpile is it.
> - you proved to me that AGPL is not usable in any professional system that runs in the cloud
That interpretation is wrong. The AGPL just prevents you from pursuing a business model that is based on leeching off the mailpile project without contributing back.
It's the decade old misunderstanding. The GPL is about user freedom. You talk about developer freedom. Mailpile tries to optimize for user freedom. The whole project is about preventing business models like the one you proposed. Choosing the AGPL is completely coherent with the stated project goals.
I am not leaching on anything. You can twist words as much as you want but freedom is not defined by you or RMS or for that matter anybody else. It is pretty clearly defined in the dictionary and AGPL contradicts the foundation of freedom. If you dont want people use your software freely dont call it free software. Call it "limited use to a subset of non-profit oriented users who contribute everything back in return of using my software". That would greatly simplify the life for everybody and we could save the planet instead of haveing this thread about what is the definition of freedom and who does it apply to.
> You can twist words as much as you want but freedom is not defined by you or RMS or for that matter anybody else. It is pretty clearly defined in the dictionary and AGPL contradicts the foundation of freedom.
It's never as simple as this. That dictionary entry you refer to is meant for people who don't know the word and want to learn its meaning. Have a look at the theoretical spectrum here: https://en.wikipedia.org/wiki/Political_freedom#Views
(Mostly) independent of political leaning, it's more or less consensual that freedom is a social category. The concept only makes sense if we talk about human societies in one form or the other. That, by definition, involves other people, and other people's freedom. You always have a boundary where your desire to exercise your freedom conflicts with the desire of another person. We can't escape that. Theories of freedom all try to find an optimal way to lay out these boundaries while maximising freedom. But there is no objectivly archievable optimum, as every theory has to use certain axioms for defining the _details_ of that nebulous term.
You can lump together most schools into two categories: the institutionalist one and the consequentialist one. The US-American interpretation of freedom is strictly institutionalist. The Western European is mostly consquentialist. That's why both sides think the other part is less free :)
An example for instutionalist thinking: Both men and women are by law allowed to pursue every job they want. Therefore, both are equally free.
An example for consquentialist thinking: Observably, women choose jobs that earn them less money. In a capitalist society, that makes them less free. Therefore, we as a society have to intervene so they can get equally free.
The difference between AGPL and Apache etc. is exactly the same. Apache style licenses see freedom as theoritcal freedom of choice. That's the institutionalist way. AGPL goes the consquentialist way. It limits certain freedoms with the goal of maximising certain other freedoms. It defines the boundary between individual interests in a different way to enable higher observable freedom for those parties it deems more in need of protection: users, not entrepreneurs.
No. The foundation of freedom as defined in Western and European law comes mostly from the roman empire and is what later defined the political science of liberty.
The foundation of freedom rest in the individual ability to create agency. Freedom is not the "liberty for everyone to do what he likes, to live as he pleases, and not to be tied by any laws", but "consists of being under no other lawmaking power except that established by consent".
It was a licensed chosen by a vote. As freedom goes, it more or less defines the ideal situation.
It's more complicated than that. Part of the problem is that it's difficult to predict how a variety of complex situations will turn out in court. With strongly opinionated licenses like AGPLv3, it's difficult to know if you're using the software "safely" in full compliance with the license without putting yourself at risk in unintended ways. Many of the complex situations that could come up in a protracted legal battle have not been tested in a court, so there is no precedent allowing one to determine for sure how technical issues will be viewed in terms of the license.
Due to the risks and complexity around these issues, and the high cost of "getting it wrong" either in one's analysis or in making a mistake, many firms choose to stay away from projects licensed with AGPLv3 even if they are actually intending to use the software in a way completely compliant with the license. Using it even the right way, safely, is viewed as too much of a risk.
The legal teams for many large companies recommend a company policy that prohibits using GPL and AGPL software outright - that's just using (running on company servers), not modifying, and not redistributing anything but the original version. Attaching a license like GPL or AGPL is a good way to kill enterprise use of a program even by companies that are conscientious about open source. See how Google views the AGPL, for example: http://www.theregister.co.uk/2011/03/31/google_on_open_sourc...
Perhaps it shouldn't be this way, and perhaps these legal teams are being overly cautious and someone should be push back, but that's how it is today at many companies. Attaching an AGPLv3 license means that I can't use it, while I can and do use Apache-licensed projects, and contribute improvements or fixes arising out of corporate usage.
Choosing a license is difficult. There is no question that choosing a more permissive license lowers the bar for participation.
However consider what they are building here: a mail client that purports to securely send and store email. Imagine you are working for a company that uses Mailpile. You think that your email is secure and encrypted because you are using Mailpile. Instead, you management has hacked in a back door to spy on your communications.
As you mentioned, perhaps someone should push back. I'm not involved in Mailpile, but it seems that this is exactly what they are doing. They are drawing a line in the sand and saying, "You must show your users any changes you have made to the system because otherwise how are they to trust it?"
It's clearly a tradeoff and also clearly not an easy decision. Do you give up a little bit of your goal of protecting users at the benefit of having wider exposure? Or do you refuse to compromise and suffer from potentially having less adoption? It doesn't seem that they took the decision lightly.
You think that your email is secure and encrypted because you are using Mailpile. Instead, you management has hacked in a back door to spy on your communications.
I don't think a license can solve this problem. I doubt someone who's willing to spy on people is afraid of breaking an open source license.
In that article, the Google employee explicitly said that they do not want to publish a lot of service based software to the outside world. Their business model is based on proprietary service based software, and AGPL is about free and open source in service based software.
GPL on the other hand is about free and open source in product based software, and this do not conflict with Google's service based business model. This allow them to use GPL licensed copyrighted work which they have not authored, and distribute that to gain an competitive advantage in markets that supports their service based revenue source.
If a company do not have an identical business model, copying google will only cost the company. Either they will be overly cautious and the competition will produce cheaper and better way to produce revenue, or they will be overly receptive to legal actions. To make the car analogy, trying to drive exactly like someone else is going to make you crash into something. You need to make a analysis where your car is, and make decision based on the road and the traffic in relation to you.
Examples where AGPL makes little impact on a company revenues and commonly uses a webmail product: Internal use in a company, an ISP, or a dns/hosting provider.
I can definitely see how AGPL would give legal departments a collective heart attack. It's quite onerous, if triggered, and who wants to risk their job for a stupid piece of software?
Yep, many organizations banned it already and few guys are learning it the hard way that they should have. Google requires special approvals to even use AGPL in their network. It is kind of funny that these guys who want AGPL showed down your throat happily use non-AGPL code.
If you modify the source, the AGPLv3 requires you to "prominently offer all users interacting with it remotely through a computer network" the ability to download the modified source. As far as I can tell, that includes anyone who can so much as view the login screen - there's no minimum level of interaction required - which means that even people who are only running Mailpile for their own personal use are affected. It definitely doesn't just affect SaaS providers even though they were the main target of the clause.
Simply running the software does not require me to accept the license. This is explicitly stated in section 9 of the licence. So it doesn't matter what it says in section 13, I don't have to comply with it. If you don't modify the software and don't "convey" it (for which usage is specifically not "conveyance" as per section 0), then there is no exposure to risk at all.
What does trigger that (which you somehow elided from your quote) is modifying the source. I must accept the license in order to modify the code as stated in section 9.
Having accepted the license I have a responsibility to offer the changes to all "users" interacting with it remotely. Very unfortunately, they don't provide a definition of "user". This may be intentional, though. There are legal definitions of the word "user" and it may not be possible/desirable to try to override the term in the license.
IANAL but in my experience, people who gain unauthorized access to software are not defined as a "user". I can't enter into a contract with an entity of whom I am unaware. There is a crucial difference between inviting people (even random people) to use the software and having a system that just happens to be accessible. There is a huge amount of case law on the topic, so if you are really curious I'm sure any lawyer can give you good advice.
Yep, these licenses are banned in Amazon for example. I am also refusing to use AGPL projects because I think free supposed to be free in the BSDL sense and not some weird awkward way that AGPL is trying to force on people.
Trying to follow your logic... Freedom is important to you... so you measure a software license's merits by whether or not it is blessed by Amazon "We-delete-Orwells-1984-from-your-kindle" Inc. Amazon probably just hates RMS because he always calls them out in every speech he makes.
And the licenses are 2 totally different animals anyhow... BSD license incidentally grants some freedom... but FSF's licenses are designed to protect it.
Not really. I just know that Amazon's lawyer team has more expertise in law than I do. They also run a relatively large business while I am working for a small company. If their legal team decided that protecting their IP is best done by not opening up the company to a lawsuit (have you seen what happened to VMware btw?) than I think it is a pretty safe policy to follow for us the smaller corporation with smaller legal team.
I measure freedom in the license context by how much I have to do using a certain licensed software.
MIT, BSDL, Apache, EPL -> nothing
AGPL -> I need to open up every single thing that touches the service that uses AGPL
Which one is more free? In my interpretation the former. Please convince me that AGPL is more free than the other licenses. On the top of all that jazz, I really dislike the GPL/Gnu agenda of defining freedom to me. Let me show you what is the definition of freedom:
"the power or right to act, speak, or think as one wants without hindrance or restraint."
Opening open source code that I have no intention to open up sounds pretty restraining to me and also it qualifies as hindrance...
Screw millenia of political thought. Someone on Hacker News has defined what freedom is. That problem is now officially solved. Everyone can go home now. All those tiresome debates on libertarianism and positive vs. negative freedoms, dead. You've solved it. Congratulations. The debate is officially over.
I also don't necessarily agree with them, but: As already pointed out in other places in this thread, (A)
GPL isn't about your (the developer offering a service) freedom, but focuses on the users. If you don't subscribe to their definition of freedom, of course it doesn't appear more free to you, and really the only way to convince you otherwise would be to convince you that their definition of freedom is the more important one.
And even then one can argue if the AGPL serves this best, because it also doesn't really help users if no-one offers services based on the software because they don't trust the legal situation.
By your definition, my inability to fly like birds qualifies as a lack of freedom.
I think you may be confusing your freedoms with your concrete possibilities (i.e what you can do).
Also, you need to distinguish the freedom of your users (X) from the freedom of the redistributors (Y).
The (A)GPL licenses are about taking away some of Y to increase X.
The reasoning also does not make sense at all to me. Making secure email popular is hard enough without restrictive licensing. At this point almost no-one cares about this problem and even fewer about this solution. I donated money to the project and considering the goal behind the project is to make e-mail secure, allowing liberal reuse of components in commercial projects seems very desirable as a way to spread the concept. However, they just made this impossible by choosing AGPLv3.
Which of the license restrictions actually poses a challenge to anyone who is trying to further the goals of the mailpile project? The emphasis on security and not trusting the server or service providers already precludes integrating it into a closed-source product.
It hinders growth paths and stops reuse that would lower the bar for spreading secure e-mail support.
AGPLv3 has license restrictions that are unacceptable to many or maybe even most companies, and secure company e-mail would be a great first growth application. Even for personal use easy 3rd-party deployment by hosting providers would be desirable, but AGPLv3 may be of concerns for these hosts for a fringe-application.
AGPLv3 also prohibits code-reuse in most contexts, so it makes surprising reuse of sub-components less likely. Stopping this reuse is a shame since it could have reduced the bar for implementing secure email support in more e-mail clients.
In email clients with either more permissive or even proprietary licenses, where those Mailpile most wants not to use their source (evesdropper backend email services like gmail) can then use their work to enhance their user experience without providing their users the software freedoms they enjoyed when modifying mailpile or a permissive fork of a permissive piece of it.
Who needs an evesdropper backend when you can just watch the network traffic? The messages back and forth are just data, and an MITM proxy is invisible. The end result being that the company has a face of providing privacy, but knows every little thing about you.
I did not vote. Not because I don't care, but because I agree with RMS.
We use AGPL for the code we write ourselves in our project https://cloudfleet.io (sorry for the shameless plug), so Mailpile choosing AGPL fits in nicely.
But it would not have fit less so, had it chosen Apache.
Regardless of the AGPL vs Apache debate, isn't it extremely poor practice to retroactively decide how votes are to be interpreted? The manner of weighting would have changed the voter turnout: e.g. if high-donaters know their votes would be weighted higher, then there may have been greater turnout among high donaters, or may have even been uproar by the low donaters.
He only thought about retroactively change how votes were to be interpreted. The default choice and the one used is to simply tally the number of votes and whatever get a higher number wins.
But I agree that if they had decided to use a non-default method, it really should have been said before the vote rather than after. How to count votes is a common theme in manipulating vote results.
Strange to choose between two such starkly different options. AGPL is about the most commercially hostile license you can find, while Apache is at the complete opposite end of the spectrum. Given the results are so polarised, I wonder if they could not have achieved a better outcome by offering something in the middle (regular GPL, or LGPL, etc.).
Only if you speak about components. Mailpile is a complete product, so the viral nature of it being used as a component is not a problem for the project.
The AGPL itself makes a lot of sense, as any other licenses you mention would never have any teeth, as the software is - by nature - never distributed by the service provider.
An Apache/AGPL dual license is basically the same as Apache-only (thus eliminating all the benefits of AGPL), except it would allow someone to create an AGPL-only fork (which would probably hurt the project).
You can make an AGPL fork anyway. You cannot relicense other peoples code, but you can make all your changes in your fork AGPL. That gives you as most user freedom as possible for a permissively licensed project.
I personally have no intention to actually work on this project. I just forked it to create the possibility to use this project with the apache 2 licence. :)
AGPLv3 can be a bad idea for software that will be hosted internally only, particularly if you are modifying it.
The remote network interaction clause makes no differentiation between internal and external users.
They are all just users[1]
As such, you owe all them all source to modified versions.
Why does this matter?
A lot of companies have internal systems, and temps, vendors, and contractors who access those systems.
If those systems are (or are linked to) modified AGPL software (no matter how small the modification), they owe the temps, vendors, and contractors access to the source code to those systems.
That seems ... bad :)
[1]
"if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network ... an opportunity to receive the Corresponding Source of your version ... at no charge ..."
Your quote is misleading. The "at no charge" refers only to providing access to a server at no charge. If you wish you can provide the source and charge what it costs to physically perform the copy.
The intent is to provide access to the source code for no more than what you charged for access to the service itself. It doesn't mean that you necessarily will be out of pocket.
Putting your changes on GitHub or the equivalent and providing a link would satisfy the requirement completely. This is not exactly an onerous requirement unless your intent is to keep your changes secret.
The "That seems ... bad" part, really depends on your point of view, I guess. Letting all my temps, vendors, and contractors have access to this code means that any of them can inspect it for problems, learn from it, fix bugs, improve it for themselves and help others improve it.
That seems ... good ... to me, anyway.
At worst, they'll do nothing and I won't be any worse off. Of course, if I'm relying on secret source code to obfuscate my security holes, then perhaps I'll be in trouble, but I'm not about to do that. At best, I've turned my users into collaborators.
Perhaps you can enlighten me as to why you think this is bad.
>Perhaps you can enlighten me as to why you think this is bad.
You can't see why a Google lawyer would think it 'bad' for a temporary member of staff to be able to receive the full source (with licence to use and redistribute) for Google search, adwords, gmail etc etc?
Why would it be? Employees having access to modifications to open-source software the company made surely wouldn't materially affect any aspect of the business. It doesn't mean they can change the code running on your servers, or peer into other people's accounts.
You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you.
Seems rather clear cut to me how contractors are handled. Since we are talking about legal risk and risk is measured in likeliness of an event happening, and as a lawyer you were expected during training to find and provide legal precedence as proof for legal reasoning, how high risk is there that this would not cover internal systems, temps, vendors, and contractors who access those systems? Has there been any cases involving that kind of employee status, having access to source code with similar licensed agreement, and the court finding a decision which support your conclusion? If you worked for a insurance company, how much money per month would you advice them to charge for this "risk", and would you then in good-faith advice companies that it is a good deal rather than shouldering the risk themselves?
Unfortunately, that exemption doesn't apply to clause 13, which is the one that requires you to give copies of the source to anyone that can access the software remotely through a network server.
This is a fairly nasty difference from the standard GPLv3 that I don't think enough people appreciate. As you point out, companies that modify GPL code for internal use don't have to release the source code and aren't affected by most of its provisions, and this is intentionally one of the freedoms it gives users. This isn't true of the AGPLv3.
The clause 2 permits you to add terms that prohibit the contractors from making any copies. While technically, a contractor could request the source code by clause 13, it do not conflict with the contractually term that they have which says they are not allowed to make copies.
DannyBee said the word "access", and technically that would then be "read only" access. While I could conceive a situation in which a disgruntled contractor plus the original author could in theory make a case, read-only access is a odd thing to create a court case around and a judge decision could really go anywhere. I don't think anyone would be willing to test it or feel that the court costs would be worth paying for the privilege.
Bad seems a little strong. But I think your point is valid, if rephrased as "potentially problematic". If you consider the common kind of scenario where a company wants or needs to integrate back end systems with one another, and the viral nature of copyleft licenses, you could quickly end up with your external contractor having the right to ask for code to completely unrelated internal systems that have nothing to do with Mailpile. I am sure that is not the intent of Mailpile authors, and I wonder if they fully understand that this might well put Mailpile straight onto a blacklist for a lot of companies.
You could have your temps and employees waive their rights under the AGPLv3 as a condition of their employment, contract, etc.
Most legit AGPL projects I've seen by the way don't really try to trap you like that anyhow... for instance, you can re-theme mediagoblin etc. And if you're going to hack on the core... would it really be so bad to upstream the code?
Is that tested in court? Because that was one of the scenarios described as potentially problematic before to me by a lawyer (Applying a corporate theme to an AGPL system, breaching the contract with the designer of the theme that doesn't allow you to re-license the design, only to use it)
There doesn't seem to be a court case that defined if images should count as part of the work or not when talking about licenses. Many AGPL projects clarify their intention and exclude css, images and styling regarding agpl compliance. At this point it could almost be said to be a industry practice.
Outside software, there doesn't seem to be a clear legal precedence either. I commonly see news paper include CC-share-alike images in articles without adding the CC license to the article, website or the news paper itself. The question about copyright almost exclusively end up being about distribution rights of the work in isolation, or the right of the author to have the work associated in a specific context.
> If those systems are (or are linked to) modified AGPL software (no matter how small the modification), they owe the temps, vendors, and contractors access to the source code to those systems.
Which is exactly the point. Don't modify the source code or use a different product if you don't want to accept the license.
So just don't make any modification that you aren't willing to give to the public. If you're really concerned, just don't make any modifications period.
I'm sympathetic to the larger goals of the project, but whenever someone starts invoking "the corporations" it's nearly always a great sign that logic has exited the building and we are firmly in the realm of emotional reasoning.
I read the name as "Manpile" and immediately wondered if was a service dealing with h1bs. But then I thought it might a spoof of "Malepile", a dating site.
Hah, thanks for the bug report. Maybe skip the snark next time? :-P
My work-flow is to draft posts and other changes on my laptop and then use PageKite to show things to a friend or two to get feedback on spelling and content. In this case I mistakenly copy-pasted a link verbatim from the draft site into the post itself.
PageKite was working 100% as intended, this was just a typical copy-paste error. If I hadn't been using PageKite, you'd have seen a localhost link instead.
RMS himself: "Both of these licenses qualify as free/libre; neither of them is unethical. Given a choice between two ethically valid options…"
some anti-GPL person: "The GPL irritates me -- mostly because of RMS's "this is the only answer" attitude"
I could go on about this, but just think about it for yourself. Don't be that foolish person making up straw men.