[Koha] AGPL 3 objections and replies

[david at lang.hm]

On Tue, 13 Jul 2010, Thomas Dukleth wrote:

>>> Aaron had seemed to imply that parties with
>>> responsibilities for complying with the license need to control or
>>> direct
>>> their own compliance but could contract with others to provide such
>>> services.
>>
>> I think a market in compliance services is an evil bureaucrat's dream
>> and not something which the Koha community should encourage by picking
>> such an ununderstood licence.
>
> People at libraries should not be frightened or overly anxious about
> copyright liability.  Risks of copyright violation have to be managed for
> libraries every day.  Providing access to materials with or without copy
> machines exposes libraries to the risk of being sued for facilitating
> copyright infringement.  Library administrators unduly fearful of
> unreasonable action over any possible copyright violation would need to
> close the library.  Reasonable policies help manage risks and AGPL 3 would
> be a small addition to all the other risks of libraries which would be
> duly addressed.

but the probelm is that the people at libraries understand what to do with 
books to comply with copyright. It's not nearly as clear what they would 
need to do with software (as this discussion shows, even programmers 
aren't clear on what is needed to comply)

>>>>> 3.3.  SECURITY CONFIGURATION.
>>>> [...]
>>> Section 1 of the license clarifies the issue of automatic generation.
>>>
>>> "The Corresponding Source need not include anything that users can
>>> regenerate automatically from other parts of the Corresponding Source."
>>
>> I don't think that effective security settings can regenerate
>> automatically at the moment.  Maybe they should and this is a bug
>> in koha to report at bugs.koha-community.org which should block
>> AGPL 3 adoption.
>
> If we choose to upgrade to AGPL 3 for Koha 3.4, we should file some
> blocker bugs for issuing an AGPL 3 release until there is some automated
> support for complying with the license.  There would also be blocker bugs
> for Open NCIP and NCIP 2 code license compatibility We are at least
> several months from the prospect of a Koha 3.4 release with or without
> AGPL 3.
>
>>
>>>>> 3.4.  DATA.
>>>> [...]  Lack of
>>>>> such coverage in AGPL 3 is not a reason to object to AGPL 3 for an
>>> issue
>>>>> it could never have addressed with any certainty.
>>>>
>>>> Why not?
>>>
>>> Copyright licenses are only effective in the domain of copyright.
>>> Software licenses specifically are only effective for software. [...]
>>
>> That's a misleading place to cut.  I meant: why not object to AGPL 3
>> for *not* being a significant "measure of protection more against Koha
>> related code becoming locked up on a saas platform"?
>
> A copyright license is not a data contract.
>
> I think that your particular request that the copyright license should
> address more is similar to asking why apples are not oranges or oranges
> are not apples.  The fact that apples and oranges are not the same does
> not keep you from having both apples and oranges.  Maybe you have a clever
> way of making an apple/orange hybrid.  I would be happy to taste your
> hybrid, if you have one.

especially in light of the e-mails on the list about how a dump of code is 
not that useful (the changes need to be merged and that is the 
responsibility of the submitting orginization) I have to ask again what 
you plan to get by changing the license.

it doesn't prevent the data from being locked up by hosting companies.

it doesn't get code into the upstream koha (it does make it possible to 
get a dump of the code, but this will be without even version control 
clues like you have with the libline code so it will be even harder to 
deal with)

so what is this solving?

>>> What AGPL 3 does do is allow users of software as a service to take the
>>> software which they have been using a server which they do not control
>>> and
>>> move it to a different server including their own server over which they
>>> would have complete control.
>>
>> AGPL 3 is much more limited than that.  Only the source code of the
>> one public-facing service can be taken.  Much other software,
>> including the database, may remain locked up.
>
> FSF is encouraging the development of software which uses a different
> database model ensuring that users can run a local copy of the database in
> which private information is encrypted but everyone can have a copy of the
> whole database.  We should consider the possibility of such a distributed
> design for Koha.  Such a distributed design may never be sufficiently
> efficient for Koha but the possibility should be considered.

I haven't heard this before, could you point me at info on this?

David Lang