[Koha] Corresponding Source under AGPL 3

Thomas Dukleth kohalist at agogme.com
Fri Jul 16 07:04:47 NZST 2010 

[I have changed the subject of this part of my reply to a different thread
most relevant to the issue raised.]

Reply inline:


Original Subject: Re: [Koha] AGPL 3 objections and replies

On Wed, July 14, 2010 01:01, david at lang.hm wrote:
> On Tue, 13 Jul 2010, Thomas Dukleth wrote:
>
>>
>> On Tue, July 13, 2010 20:26, david at lang.hm wrote:
>>> On Tue, 13 Jul 2010, Thomas Dukleth wrote:
>>
>>>>>>>> 3.4.  DATA.

[...]

>> The software license is part of the solution by making the version which
>> any particular library is using portable.  The library could install
>> that
>> version elsewhere under their own control with any effective access to
>> the
>> source code.  If the library is using AGPL 3 software, lock-in would not
>> be based on software code.
>
> I disagree with this assertion. It's very easy to have AGPL3 software
> which talks to some other service that is not open. This would prevent
> people from setting up their own instance.
>
> This could be something as simple as tieing in to some proprietary
> authentication server. you would be abel to get all the interface code,
> but unless you have the server to talk to you are out of luck. Yes, this
> simple example could be hacked around, but my point is that getting the
> source does not equate to being able to run your own instance of the
> service.

Corresponding Source for the object code form does "equate to being able
to run your own instance of the service."  The object code form is the
form applicable to AGPL 3 specific obligations to remote network users. 
Section 1 of the license clarifies.

"The "Corresponding Source" for a work in object code form means all the
source code needed to generate, install, and (for an executable work) run
the object code and to modify the work, including scripts to control those
activities."

See the full explanation given at http://tinyurl.com/24nwjdv .  [The link
is to the message in Nable.  Apparently, a bug in the Mailman archive copy
at Katipo truncated the message just before a line ending with a colon in
the body of the message.]  I changed the subject to "Corresponding Source
under AGPL 3" in my subsequent replies to accommodate requests for easier
to follow branches of the origin
al thread.

>
> If you try to say that the AGPL3 means that every service needed to run
> the code must be available, that would prohibit using Oracle as a
> database, or Active Directory as an authentication service (things that I
> am sure someone is doing somewhere that I'm sure we would all agree are
> perfectly legitimate)

If Oracle would be used as an unmodified separate work with standard
communication protocols and the SQL standard database language especially
with DBI as a database independent abstraction, then Oracle would not be
part of the Corresponding Source.

Use of Active Directory as an unmodified separate work would be a
sufficiently similar case with standard communication protocols, the LDAP
standard, and the Kerberos authentication standard, then Active Directory
would not be part of the Corresponding Source.

Under most circumstances, free software could be substituted to provide
identical functionality to use of Oracle or Active Directory.

[...]

>> AGPL 3 is not the whole solution, but it is part of a solution to the
>> general problem of user freedom in the context of remote network use of
>> software.  Other remedies are needed to address other parts of the
>> problem.
>
> I don't see AGPL3 being effective in blocking a bad actor. It's just too
> easy to setup whatever you don't want to share as a separate application
> and then modify Koha to access it via a web services call (or other
> RPC-like API)

Attempting to disguise one work as multiple works would fail on legal
grounds because a clear case of bad faith would be evident as failure to
comply with the license.  Most likely the bad actor would also be careless
enough to have otherwise failed in some details to create separate works
under copyright law.  In the history of GPL enforcement, the worst bad
actors have been the most careless and given up once properly exposed.

Our goal should not be to worry excessively about how some people might
try to evade the license.  Our goal should be to build tools to make
co-operation the easiest and most profitable route with the license
encouraging that co-operation.

[...]


Thomas Dukleth
Agogme
109 E 9th Street, 3D
New York, NY  10003
USA
http://www.agogme.com
+1 212-674-3783

More information about the Koha mailing list