GPL Project Watch List for Week of 04/11/2008


Bouchot_-_Napoléon_signe_son_abdication_à_Fontainebleau_4_avril_1814he GPL v3 Watch List is intended to give you a snapshot of the GPLv3/LGPLv3 adoption for April 4th through April 11th, 2008.

This day in 1814, the Treaty of Fontainebleu was signed.


Tracking AGPL v3
This week we have incorporated the AGPL v3 projects we have found over the past months. We will continue to track this license to see how it progresses, seeing as it also has its fair share of controversy, much like the GPL v3. We have put the 55 AGPL v3 projects that we have found thus far into our system. We have also performed another audit on our database to take out any projects in error, so the numbers will be a little shorter than expected. In the last week we have also added 29 GPL v3 projects as well as 9 LGPL v3 projects. The AGPL has never been a large license, but since this version closes the ASP loophole, who some believe to be a flaw in the GPL v3, it is stirring up the community and may draw more adopters than its previous versions. Additionally, for those of you looking for a public forum to announce your next project version, check out our reader contributions regularly under “User Updates” herein.

This Week:

  • New Projects
  • Lucky Number 13 – Affero GPLv3 and interpreting Section 13
  • AGPL v3 and the Google Code Repository
  • User Updates



New project conversions this week include:

  • CiviCRM: CiviCRM is an open source and freely downloadable constituent relationship management solution.
  • Clipperz Community Edition: Clipperz Community Edition allows you to host on your own server a web service identical to Clipperz online password manager.
  • eyeOS: an Open Source Platform designed to hold a wide variety of Web Applications over it.
  • Funambol: Mobile 2.0 messaging, powered by open source.
  • picoplog: Picoplog is a minimalistic photoblogging tool. Picoplog’s major strength is its simplicity: posting a photo is done by just uploading it to your web space.


Lucky Number 13 – Affero GPLv3 and interpreting Section 13

“Software as a Service” (SaaS) and “remote network interaction” are the latest catchphrases in software distribution. What’s different, though, is that a “distribution” of code is not really taking place in these situations. At least not in the sense of an entire application being downloaded to a user’s machine before being installed and used. The GNU Affero GPL version 3 (AGPLv3) was created in order to address this particular usage/interaction model.

The AGPLv3 has substantially the same license terms as the GNU General Public License version 3 (GPLv3) with the exception of Section 13, which deals with remote network interaction and the use of AGPLv3-licensed code with GPLv3-licensed code. We will limit this discussion to the remote network interaction portion of that section.

The majority of the “copyleft” power of the GPLv3, and consequently the AGPLv3 is the automatic application of its license terms to downstream recipients to whom a copy of the licensed source code has been “conveyed.” The GPL/AGPL define convey as:

 

To “convey” a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying.


What is interesting is that the sharing of source code as stated in Section 13 of the AGPLv3 is not based on this definition of “convey.” Instead, it appears to give users a new right to an opportunity to receive such source code if such source code is 1) modified; and 2) users interact with it over a computer network (if the modified version supports such interaction):

 

Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.


The Free Software Foundation has clarified what it means to “interact with [the software] remotely through a computer network” on its FAQ for the GPL:

 

If the program is expressly designed to accept user requests and send responses over a network, then it meets these criteria. Common examples of programs that would fall into this category include web and mail servers, interactive web-based applications, and servers for games that are played online.

If a program is not expressly designed to interact with a user through a network, but is being run in an environment where it happens to do so, then it does not fall into this category. For example, an application is not required to provide source merely because the user is running it over SSH, or a remote X session.


So it appears that, in a SaaS arrangement, if a developer modifies the underlying AGPL-licensed source code for the program that the opportunity to receive such source code must be prominently offered to all users who interact with the program remotely over a computer network. Since the requirement that a developer prominently offer such users this opportunity is not based on “conveying” the program’s source code, it also appears that if a developer merely uses an existing program without modification that the requirement to prominently offer to users the opportunity to receive the original source code does not exist.It will be interesting to see how SaaS developers, vendors, users and others actually interpret and use these provisions in the AGPLv3 as the license is adopted and used.

-Kevin Howard

References:
http://www.gnu.org/licenses/agpl.html
http://www.gnu.org/licenses/gpl-faq.html#AGPLv3InteractingRemotely
http://egofood.blogspot.com/2008/03/updates-soc-orgs-selected-funabol-ceo.html


AGPL v3 and the Google Code Repository
Since the release of the AGPL v3 in November, there has been some head butting with some members of the open source community and those who run the Google Code repository. Closing the ASP loophole, some say, threatens the business model that Google was built on. By closing the loophole, if Google wanted to use a project under the AGPL v3, they would have to release any changes they make to the code for use as a service as well as distribution.

*************************************************************************
“Makes perfect sense (that Google does not support the AGPL v3) , really. Google has made bazillions of dollars using free software in their backend without having to release any of their modifications back into the world. Something like the AGPL which requires server-side modifications to also be released is a direct threat to their way of doing business. Refusing to add AGPL to the list of open source licenses on Google Code to help promote is unsurprising, and in fact expected.”

Russel Beattie
*************************************************************************

However, the staff at the Google Code repository is taking a considered approach to managing the various projects hosted there and their associated licenses. One method of doing this is not hosting projects with code licensed under every new OSS license that is released. If they hosted projects under every new custom license that maintainers submitted there would eventually be a glut of dead projects with unusable licensing terms, a condition unfortunately too common at existing popular FOSS repositories. They recognize and address the fact that new licenses need time to be put into practice and used before they are more fully understood and worthy of support. The AGPL contains new terms that deal with a new software usage model, so from the perspective of the Research Team, Google Code is merely proceeding cautiously.

*************************************************************************
“Basically the answer is when I (Chris DiBona, Open Source Programs Manager, Google Inc.), Fitz, Greg or the team think it is popular enough. I know you guys think we don’t like it for nefarious reasons, but what you’re missing is we dislike -all- new licenses that
are unpopular. They lead to bifurcation of the open source development
world and that is a high price to pay.

I (Chris DiBona) personally think the AGPL is deeply flawed, and I’ve commented on
that on my own blog and on others, but that really -doesn’t- matter.
If the AGPL gets to be popular, like lgpl or bsd popular, than we’ll
certainly offer it as an option on code.google.com, but until then,
it’ll be a judgment call on our part. One you might not agree on, but
that’s okay.”

Chris DiBona
*************************************************************************


We are not going to choose sides in this debate, but what we will do is provide unbiased AGPL v3 adoption numbers to help resolve this issue. Both sides have made their points, and hopefully our research will provide the necessary data to end this controversy.

References:
http://www.russellbeattie.com/blog/google-hates-the-agpl-not-surprising

http://www.clipperz.com/users/marco/blog/2008/04/04/clipperz_not_welcome_google_code
http://groups.google.com/group/google-code-hosting/browse_thread/thread/1714c5c0ef5d9f9f/7d59a938d295bb8f


User Contributions

Our database is partly maintained by our team of researchers as well by the contributions that are received from the community. We have received email contributions to our R&D Group email (
rdgroup@palamida.com) of projects moving to the AGPL v3 license. Here are the two contributions we received last week:

******************************************************************************************
Picoplog Dear Palamida researchers,
I’d like to inform you of another project that is using the AGPL. It’s a
photoblogging tool, its name is Picoplog. http://daubau.it/picoplog/

Like many others, we chose the AGPL because we’re aware of the infamous “ASP loophole”. We don’t like companies bypassing the spirit of the GPL in that way.

Description:
Picoplog is a minimalistic photoblogging tool. Picoplog’s major strength is its simplicity: posting a photo is done by just uploading it to your web space.

Newest Release:
Picoplog 0.9.1 Alpha – Released on March, 29 2008

******************************************************************************************
Clipperz Community Edition
Hi, I would like to inform you that Clipperz Community Edition has been recently released under an AGPL license. Clipperz is a web-based password manager. Learn more here: http://www.clipperz.com/. “

Description:

You can think of Clipperz as your web Rolodex, a card index where you can enter any sort of confidential data without worrying about security. It can be used to store and freely organize passwords, confidential notes, burglar alarm codes, credit and debit card details, PINs, software keys, …

Clipperz does solve the “password fatigue” and make the Internet the most convenient and safe place to store private and sensitive data. However since passwords are the most common type of sensitive information that you need to protect, we added a lot of functionalities to make Clipperz the best online password manager.

Newest Release:
Clipperz Community Edition, version revision 003 is available from SourceForge.net.

*************************************************************************

We appreciate all the contributions that have been made, either through our form on our web page or by email, and we also like to hear why you are changing your project’s license as in the email above. It gives us more insight into which direction license trends are moving. We will continue to post up user contributions to our blog each week, and we may quote parts of your emails. If you wish the email to remain private, just mention so and we will not disclose any part of it.

Much Appreciated,

Palamida R&D Group

Notable Mentionpg-35-napoleon-1-dea-getty
Palamida actively takes submissions from visitors on updates on new GPL v3/LGPL 3 projects. We are amazed at the number of submissions we have gotten to date, but even more so, we are incredibly grateful to the almost 100 core contributors who have devoted their time and resources at helping us provide up-to-date information.