On the AGPL license and the idea to move away from it

Weeks ago the Logseq team sent an email to contributors asking to sign a CLA and the email contains this line:

Sorry for the inconvenience but the CLA is basically for switching our license from AGPL, as it’s so viral that some companies ban AGPL

This is the intended behavior of the AGPL: it forces to contribute back. It’s not that the AGPL is “viral” (a nasty term), it’s that some corporations are predatory towards FOSS.

There is no need to give up AGPL, you can sell licenses to who don’t want to comply with the AGPL. You would basically say: contribute your changes to the FOSS ecosystem or fund our work. If you don’t want to openly sell licenses you can ask companies to contact you to find ad hoc agreements.

Companies that are not willing to do so are predatory at the core. In the link you provided it is mentioned that Google bans the AGPL: of course, it’s Google we are talking about!

Combining multiple licenses to reach goals like funding the development while stopping predatory practices is an established approach that is used for example by Qt.

Also, notice that the OpenSource.org website mentioned in the email is not a good reference as it seems: it is part of the decades-old attempt to rebrand and dilute the original Free Software by Richard Stallman. This rebranding is meant to enable the predatory practices towards FOSS and in particular by big corporations like Google and more recently Microsoft.

Moving away from AGPL to something else listed on OpenSource.org is not neutral as it seems: some people can complain that they supported an AGPL-licensed project and don’t want corporations to take advantage of it for free and without contributing back. This would be mitigated by keeping the AGPL and providing other licenses (eventually selling them) to specific companies that don’t want to comply with the AGPL.

@cannibalox using multiple licenses at the same time doesn’t mean splitting the program in multiple parts. It means everything has two or more licenses at the same time.

Most of the time the point is licensing with a Copyleft license so that everyone can use that software without turning it into something proprietary and at the same time selling commercial licenses to someone else that for whatever reason can’t comply with the Copyleft one.

If one buys a commercial license for example they are making use of the software according to that license only and they can ignore the licenses other people have.

But in theory nothing stops you from licensing some software both as MIT and GPL. It wouldn’t make sense, of course.

See: Multi-licensing - Wikipedia

7 Likes

R Studio is an example of desktop application released as AGPL but with also a commercial license:

4 Likes

Sounds great on paper, but in practice it’s not so cut & dry. A lot of companies are not going to pay for licenses for one off users. From conversations I have had in my own company it sounds like a liability concern and its easier on them to avoid the entirety of the situation. IT will simply block the user from being able to install the app and tell them to use whatever flavor note tool the company uses. So you run the risk of loosing users.

1 Like

If you are not going to modify Logseq source code you are fine. Just in case for whatever reason you need to modify the source code and redistribute or make people interact with Logseq over a network, you just need to publish your changes as AGPL.

Users shouldn’t have any issue even in companies, AGPL does not restrict usage in any way.

So from your point of view Logseq team should give away their protection from someone else building something like Roam or Tana by modify Logseq source code and running it behind a server… because some people in some companies hypothetically don’t understand licenses?

I imagine that in real life you make an effort to know the laws to respect them and to defend your rights. Can you imagine a world where you give up on that and limit yourself in your choices out of fear? Why should it be different with software licensing? If we are talking about companies, they already have to deal with the law and bureaucracy, but they complain about the AGPL…

I will say it clearly: there are predatory corporations that have been spreading FUD and propaganda for years just to take advantage of the FOSS and today ordinary people use unreasonable arguments because they perceive them as normal.

But it shouldn’t be acceptable to propose to waive the protection of the AGPL because you risk losing users that work for incompetent or predatory companies.

7 Likes

Users shouldn’t have any issue even in companies, AGPL does not restrict usage in any way.

Like I said what you stated sounds good on paper but it’s not practical in the real world. These are policies put in place by a companies legal team intended to protect the company from any type of liability. They will not even entertain the thought. So no, not all companies will allow the general use of APGL software. It’s the risk you take.

Me personally I do not care what the devs choose to do with their license, it’s their choice. I am not trying to tell anybody what they should do with their license so do not insinuate that I am.

1 Like

Again, this is what they tell you, I explained what is really going on.

As a user Logseq using a Copyleft or a permissive license doesn’t matter, I am trying to help the team that don’t know what they are doing and prevent them from shooting themselves in the foot.

One of the devs said they are currently not taking advantage of the AGPL, when it is instead protecting them from someone building the next Roam/Tana (proprietary closed source online service) starting from Logseq code. This makes clear Logseq devs have no idea of how AGPL works and how much it is protecting them.

If they will switch to a permissive license and I hear monetization complaints, I’ll be sure to point out that it was their choice to opt out of the dual licensing option.

Same if an alternative Roam/Tana appears but based on Logseq and whose changes will remain closed source: it will be just their fault.

Logseq userbase mostly doesn’t care about Logseq being FOSS, local etc. They will switch to something like Roam/Tana but based on Logseq and improved if they have the chance. This can easily become the end of Logseq.

4 Likes

Again, this is what they tell you, I explained what is really going on.

I’m sorry but I disagree with you. Any company is going to put limitations on APGL to protect their company. What if a employee for the company was to modify the code in logseq that became hugely integrated into their internal network, and included company code that is not open source? They would then be obligated to open source that software, or they now have to assign engineering resources to reverse these changes which takes their time away from other projects, or pay license fees. This has now created a liability issue on the company they have to address.

Now imagine that but you now have 50k+ employees globally. It would become a very high risk and tough situation to manage. This is not just the sake of company being “Predatory” as you state, but a matter of protecting company assets. This is not based out of fear. It’s a logical understanding of how it imposes a risk on a company and their inlectual property. If on the other hand a company was 100% open source, then I would expect they would be ok with APGL.

Again, I respect the devs for Logseq and support whatever decision they make. I don’t condone the way you communicate this where you are creating a toxic image by portraying these companies as Predatory to the core.

1 Like

I am talking about companies that bans AGPL and that are not willing to pay for a commercial license. That is predatory by definition.

And then there are the incompetent ones who fell into FUD and propaganda.

Same here, I’m just trying to help them understand what they are doing because from the few messages I read from them, they are clearly confused.

Please don’t turn this against me personally, I respect everyone and I debate their opinions, avoid personal attacks, thank you.

I didn’t mention any specific company except Google and Microsoft that yes, they are predatory towards FOSS and it is a well enstablished opinion among many people, so I think I don’t need to explain why here.

2 Likes

I work in such a place. I would not classify us as predatory, and we heavily sponsor open source development. For good or bad reasons, AGPL is a big no-no. Even as and end user with no plan to look at the source.

The legal department might not even understand the intricacies of software licensing, but it doesn’t matter in the end. What am I going to do? Go to the head of legal? I don’t think my management would see this as time well spent. In the end, they will tell me that we already pay for Teams which now has a wiki feature that can do everything Logseq does.

On the other hand, I don’t think it is likely others would steal the software. My experience over the years is that many companies are reluctant to use other people’s code for liability reasons, and if they do, they are probably in another jurisdiction anyway.

Either way, litigation would be an existential risk for Logseq. It is for them to balance this risk against the risk of loosing potential customers because of a license seen as infectious.

I just looked at our github repo, most of our projects are freely available under Apache, and sometimes BSD and MIT licenses. For us, Apache v2 is the default license.

1 Like

To better understand the issue here you need to be on the other side: permissive “Open Source” always has a funding problem because it relies on people spontaneously contribute financially.

Even though many companies support OSS with money it is not enough and this funding model is extremely fragile towards external factors like economic recession, in which the first thing to cut are donations even to very important OSS.

See for example what happened recently to core-js:

core-js is a very important piece of software that is used by 85 of the top 100 websites. It is ubiquitous. Still, the maintainer can’t get enough money from donations to work on it while guarantee a decent life to his wife and son (he was willing to work for a while on the project for a fraction of what the average developer earns).

He asked for help with a message in the console and people started to attack him even with racist insults and threaten him with death.

A Copyleft license plus commercial licenses give guarantees instead, not only hopes that people will help when they can.

So please don’t think that supporting FOSS when you can is enough: respect the need for others to have guarantees.

And isn’t this a nonsense on their end? Why they can’t simply forbid to download AGPL-licensed source code instead of forbidding to run binaries?

Also, as I said (but maybe you hadn’t a chance to read my last message) I use the term predatory only for companies that ban AGPL but at the same time won’t pay for commercial licenses: they are looking for permissive FOSS to use it for free and eventually support it financially only when they want and with the amount they want. This is predatory.

This is a very common pattern in our today society: even when people recognize there is something wrong, they won’t face those in power by risking, in this case, to be fired.

Instead, people in an attempt to preserve their working condition put pressure on other people so that they give away some of their rights for them.

We shouldn’t attack each others like Martin did with me nor we should give away rights altogether, we should instead recognize the core issue and risk ourselves to fix it.

Indeed, in the same way you guys are trying to preserve your income, so do FOSS developers and Copyleft is an important tool to better guarantee themselves an income and a future for the project.

Thanks for saying “seen as infectious”. Indeed it is ironic that Martin accused me of being toxic while it’s companies, Google included, that says AGPL is “viral”: viral comes from virus that is the Latin for poison, toxin.

GPL, AGPL and LGPL licenses are not toxic, poisonous or viral: it’s just that under certain circumstances they can propagate.

3 Likes

Thanks for the core-js story, this is terrible. I am happy to work in a different field.

Yes, it is nonsense. Many corporate users have to deal with this kind of nonsense every day.

Just recently, they announced an audit, and we were supposed to submit the full license text of every single OSS package we were using for legal review. If I had done so it would have been tens of thousands of pages. I was tempted to print it all out, but we were told by management (verbally of course) to ignore that directive.

And ours is a very OSS friendly place who spends a lot of money supporting external developers.

Unfortunately there is no arguing with that level of ignorance. I have escalated issues to the very top, but even that didn’t work.

I understand the different licenses and their respective merits, my point isn’t even a legal one. There is a good chance, even if there was a dual licensing option, the legal review would stop the moment they see the letters AGPL.

This is an issue of corporate bureaucracy, and in my experience, the only way to get money out of the system is if there is a way that fits within the corporate process.
It is not just the money, we have no issues paying Oracle and accepting the most outrageous license terms from commercial vendors, but we would rather shut down a factory than deviate from our internal regulations or touch AGPL code.

So whatever licensing terms the Logseq team chooses, I hope they can package it in a corporate-friendly fashion.

This is not a personal attack against you. Since you have the lead badge some would look towards you as an example in the community. We do not want our community message to be a negative one targeting or accusing any specific entities of such things.

I’m sorry but I will never self-censor my opinions in the name of political correctness.

Please read what happened to core-js. If it’s not the result of predatory attitude what is it?

And here none of you have addressed the question of how to prevent the creation of a new proprietary service like Roam/Tana but based on Logseq, which could drain a large part of the userbase, precisely because the latter, of which I am proudly not a good example, doesn’t give a damn about Logseq being FOSS and using standard formats, maybe a bit about running locally.

You’re just thinking about your own problem with ignorant (as confirmed by Gax) IT departments.

I don’t want to take this personally, really, so please don’t provoke further.

Let’s stay on topic, that is how Logseq licensing policy can reach out to people working in specific environments without giving away a major protection like the AGPL.

Notice that every developer in the world uses Git that is released as GPL and the AGPL just add a clause for networking.

And Qt, that is one of the major GUI toolkit and an industry standard in sectors like embedded devices and automotive, is released both as LGPL and commercial licenses, that is how the Qt Company supports the development.

Libreoffice was forked from OpenOffice while adding a Copyleft license to protect it. Result: Libreoffice is still developed and improved while OpenOffice is basically dead.

Nextcloud that is the leading self-hosting alternative to Dropbox, Google Drive etc and is used by many companies and public institutions is released as AGPL just like Logseq.

Blender, the famous 3D graphics suite, was almost dead as commercial proprietary software, now is one of the best in its category, the only FOSS one and it is released as GPL.

R Studio that I already mentioned is released as AGPL with commercial licenses and support available to fund the development.

As AGPL we also have Mastodon, Grafana, PeerTube, OnlyOffice, Signal server part and Wiki.js.

3 Likes

This is my last response to this thread. I will list out my concerns, but I am not engaging on this any further.

APGL raises the following concerns for a company:

Liability for any code changes their user’s make that’s offered as a service over network would result in an obligation on the company to release the entire source code including any of their own internal proprietary code which will lead to:

  • Risk of damages to the company
  • Loss of competitive edge with competitors
    • Some large companies are going through serious layoffs right now. Something like this would cause even more damage and havoc for those employed by these companies and result in more folks being layed off.
  • Their services & offerings that use the code will now be publicly accessible (loss of market advantage)
  • Exposure of their intellectual property

Inability to watch what every user on their network is doing or modifying which leaves them exposed to unexpected consquences:

  • Legal filings or lawsuits if the code changes are not made avaialble which would hold the company in a legal issue for failing to uphold the license agreement.
  • Managing and ensuring the adherence of APGL can and is a complex issue for a company at large scale which takes more man hours to manage that process.

For user’s they believe Companies who boycott APGL are doing so because they do not want to contribute back to the community, when in fact the real reason is:

  • Complexity
  • Legal Issues
  • Liability
  • Loss of proprietary code
  • Loss of market shares
  • Damages

For developers they could end up loosing control of their source code to these companies if they convert to a different license like MIT. This is a risk that every open source project has to consider. My answer to the devs is I would default to assuming that some company would take the source code and hash out an altered logseq with altered features, if this is not OK then do not change the license, period. However you have to be aware that you could and will face the other spectrum of this risk, and that is companies who will ban the use of the software due to APGL not being accepted. Companies are not going pay one off fees because a few select employees want to use a specialized piece of software to take notes. So this in turn hurts the end users who end up not being able to use logseq.

The issue of APGL is multifaceted and involves numerous factors that require careful consideration. Each company must take certain significant aspects into account before deciding on how to proceed, and this is not a decision that should be made lightly. It’s important to note that companies don’t necessarily refrain from contributing to FOSS or APGL Open Source Projects because they are intentionally predatory towards APGL. In fact, many companies, including Google, have contributed to a number of projects that they did not solely create. Here are some examples.

Projects Google has contributed to: (Thank you Chat GPT)

  1. Linux: Google has contributed to the development of the Linux kernel, which is the core component of the Linux operating system. Google uses Linux extensively in its own infrastructure and products, and has contributed code and resources to the project.
  2. Apache Hadoop: Google has contributed to the development of Apache Hadoop, an open source big data processing framework. Google has contributed code and resources to the project, and uses Hadoop in its own data processing pipelines.
  3. Apache Spark: Google has contributed to the development of Apache Spark, an open source data processing engine. Google has contributed code and resources to the project, and uses Spark in its own data processing pipelines.
  4. OpenCV: Google has contributed to the development of OpenCV, an open source computer vision library. Google has contributed code and resources to the project, and uses OpenCV in its own products.
  5. LLVM: Google has contributed to the development of LLVM, an open source collection of modular and reusable compiler and toolchain technologies. Google has contributed code and resources to the project, and uses LLVM in its own products.
  6. Apache Cassandra: Google has contributed to the development of Apache Cassandra, an open source distributed database management system. Google has contributed code and resources to the project, and uses Cassandra in its own infrastructure.
  7. Apache ZooKeeper: Google has contributed to the development of Apache ZooKeeper, an open source distributed coordination service. Google has contributed code and resources to the project, and uses ZooKeeper in its own infrastructure.
3 Likes

These are legitimate concerns but when it comes to Logseq it is a nonsense to forbid even running it. These companies can just forbid the download of AGPL-licensed source code but still allow running binaries locally. Maybe Logseq team could, with the help of a lawyer, figure out how to provide additional licenses for the binaries (even for free) but still protecting the source code under AGPL.

This is a concern that exists for companies independently from AGPL mainly because of copyrighted or trademarked material.

And even when you takes all the precautions and respect every possible license and agreement, there are so called “patent trolls”: for example recently the FOSS voice assistant Mycroft had to give up shipping their hardware because of the money they lost in a court case against a patent troll, that registered a very generic patent about interacting with a voice assistant (yeah, patent system is really broken).

But the main concern for legal departments is AGPL, uh?

A large company probably already has in place a Continuous Integration infrastructure. We figured out how to manage complex dependencies, tests and so on and we can’t make a check that no AGPL-licensed code is involved? FYI there are already software solutions that automate license related stuff.

No, not “every open source project”: only the FOSS ones with a permissive license, not Copyleft projects.

Since the beginning I am trying to stress that here the point is not “Open Source” (please use the term FOSS instead) but Copyleft licenses Vs permissive ones.

In discussions like this people keep drawing the line between closed source and open source software and it is exhausting to keep them on point.

As I already explained the point is not FOSS Vs proprietary and of course companies prefer to use FOSS with permissive licenses and contribute to it with code or money. This discussion is not about that and you have not to prove these companies contribute back and to whatever extent is enough for you. The point is companies pretending to support FOSS as they please with no obligation. This is what leads to FOSS funding issues including emblematic cases like core-js’.

There will never be someone that can guarantee to Logseq a life-time financial support, while a license like AGPL protects Logseq indefinitely. On the other hand, there will always be a certain amount of money enough to fund the development of Roam/Tana-like service but based on Logseq that can destroy the project forever. And only the AGPL license can protect Logseq from this eventuality.

As I just said this is not the point but this is a silly list that doesn’t reflect at all what Google does: Google produces and contribute to a huge amount of FOSS. Mentioning Android and Chromium/Blink should be enough but they have a lot of repositories on GitHub. Again, it’s you drawing the line between FOSS and closed source proprietary software. My point has always been that big corps are perfectly integrated with FOSS but mostly only with the permissive licensed side.

As mentioned in my early messages, it totally makes sense for corps like Google or Microsoft to release permissively licensed FOSS but they keep calling it “Open Source” in an attempt to cancel the Free Software movement and Copyleft with it for their own interest.

It is also true that Google contributes to GPL licensed code too, like the Linux kernel, but that’s because projects like Linux are so big that can’t be boycotted and instead they serve as an example that integrating Copyleft and big corps is possible. Same with Git, it’s GPL and literally every developer in the world uses it.

It also makes sense for public institutions to release FOSS code with a permissive license. For me there should be a law that forces all public institutions to release code as permissive FOSS and not with a Copyleft.

P.S. it’s A-G-P-L. Not “APGL”. I can’t understand how you can misspell it everywhere while still being so concerned about it.

Disclaimer: I work for one of the “predatory” companies mentioned above. And I’m not a lawyer.

I’m currently forced to use Obsidian instead of Logseq at work due to the AGPL situation, so I wish to provide more context on the “employee at an evil corp” side of the story. Hopefully this can help address concerns around the CLA.

I agree that it’s totally fine for Logseq to keep its AGPL license. As long as a different (commercial) license is available for purchase, or somehow available for the binaries only, we can jump through some hoops to get the usage approved (and license fees expensed). However, this is currently impossible because the past code contributions were made under AGPL. The CLA should enable the Logseq team to relicense the code under these circumstances, and Logseq development could still be under AGPL in general. We still won’t be allowed to contribute to Logseq under AGPL, but at least we’ll be happy users.

Earlier in the thread there were some discussions about Google’s contribution to OSS, and people seem to have the impression that Google is hostile towards all Copyleft licenses. I’d like to digress a little bit and point out that Google is basically only hostile towards AGPL, and is perfectly fine with GPL, LGPL, and others. (If Logseq were under either of these licenses, we wouldn’t be having this conversation at all.) This is because accidental misuse of code/software under AGPL poses an existential risk to Google (and likely other Internet companies).

I think the conversation above undersells the virality (or infectiousness if you dislike the connotations): both GPL and AGPL spreads not only through modification, but also (potentially) via linking. What’s special about AGPL is that it’s triggered by website visits. Given how tightly different parts of Google’s mono-repo are integrated with each other, one employee (out of tens of thousands of employees) “accidentally” checking in any AGPL code can make Google liable to open-source the entirety of its source code.

From this perspective, it’s understandable for internet companies to be paranoid about avoiding AGPL code. This is arguably also what the designer of the license intended: making tools like Logseq unavailable to big corp employees can be seen as “giving free software developers an advantage over proprietary developers”. Whether the Logseq team wants to be a part of this free v.s. proprietary software holy war is a different question, of course.

6 Likes

There are not concerns around the CLA at all on my side, I thought I made that clear: I was worried by the rest of the email where the team seem to want to give up on the AGPL for something else.

This is exactly what I am suggesting, I started this discussion to point out that multi-licensing is possible and a meaningful strategy.

Google in particular is willing to pay for commercial licenses, it is written in their page about AGPL (the same one where they call it “viral”). Google is not predatory towards FOSS for this particular policy but for the rest. As I said, since Free Software movement started, it was boycotted with a rebrand called “Open Source” that means basically the same (“Open Source” doesn’t mean source available for those people) but that the industry controlled and used to promote the use of permissive FOSS and make people totally forget why Free Software started in the first place, that is not the convenience of collaboration FOSS enables, but a matter of principles: people’s rights as users, freedom and digital sovereignty.

Indeed, I stressed this when mentioning Git and Linux.

Yes but only when linking (people who don’t know about software development: it’s a technical term that indicates a very specific way to interact with portions of the code, indeed it’s possible to use AGPL software as intended by its developers, but allowing linking too would nullify the efforts to make AGPL what it is).

As I said, a company like Google is perfectly capable to perform a check in CI to avoid accidents, instead, they (legitimately) decided to forbid AGPL licensed software to be run and this is fine as far as they are willing to pay commercial licenses without complaining: people working at Google must pretend it to buy the commercial licenses for them because it’s Google’s very preventive policy that is making them a requirement.

I think people working for such companies are not fully aware of what’s going on so they are not able to argue properly and complain to them.

No, this is not the intention, you can clearly tell from Free Software Foundation explanations that the purpose is only protecting users’ rights and it shouldn’t surprise that this gets in the way of big corps that constantly try to abuse their users.

I hope you are not referring to this effort of mine to make Logseq team aware of multi-licensing as “holy war”.

For sure you don’t like that I am using the term “predatory” but you make fun of me for avoiding terms like “viral” and “infectious” (both of them, I can’t understand how the latter would be better than the former for you; I used “propagate under certain circumstances”).

For the rest you argued very well and we totally agree on what Logseq team should do, so please in the future avoid the nasty rhetoric.

1 Like

About the intension of Copyleft v.s. other OSS licenses, I was quoting from Why you shouldn’t use the Lesser GPL for your next library, which I think also applies to AGPL:

Using the ordinary GPL for a library gives free software developers an advantage over proprietary developers: a library that they can use, while proprietary developers cannot use it.

Apologies about my tones. I understand both the position of FSF as well as the necessity and importance of someone in the world to hold such a position. Just can’t help poke fun at it from time to time (as I do to our corporate overlords).

3 Likes

As someone who uses a mix of open and closed source software—I’m sympathetic to FOSS but by no means a purist—I just want to offer a few observations.

The reason why Google and other behemoths want Logseq to shift from a copyleft to a permissive license—which they’re quite open about, as some of the responses here make clear—seems telling: they want to be able to use Logseq’s code any way they want without the risk that Logseq might be reciprocally entitled to read and use their (closed source) code in the same way.

Think about that for a minute.

I’m not a lawyer, but it seems to me that there are two ways a smaller or indie dev can make sure a big (or really, any size) rapacious company can’t take your code, develop or incorporate it into their own product, and use it to compete against you without any financial compensation or obligation to you.

One is to keep your source code closed, as Obsidian has done. The other is to use a copyleft open-source license, as Logseq has done. I don’t have a problem with either approach, and I’m comfortable using both apps.

But I do think it would be wise for the Logseq devs to think long and hard about why Google, etc. might want them to hand over the unrestricted use of their code—for free, as if they are somehow in need of charity.

They might find that the best answer they can give to Google, etc., is, “We’ll give you a permissive license to use our mission-critical code when you give us a permissive license to use yours.”

6 Likes