A few disclaimer upfront:
I am not a lawyer
I am working for a big company’s legal department
And what I am writing is my personal opinion, I am not writing representative for that company.
So first of all, what you wrote about the measures to take when using AGPL FOSS, that is not the wording of the license. It is your personal interpretation of the license terms and I assume you are not an lawyer either. So in the end what matters is, how a court would decide this to be.
Now what I am here for?
I came across this topic, since I currently have to evaluate logseq to be used in our company.
(spoiler: we will have to ban this software due to the AGPL license. But with a paid version my company gladly would take it I suppose)
Having read all that had been said here, I just wanted to also share with you the perspective of one of these legal guys claimed to not having understood how FOSS licenses work.
So in theory, what you had written is, how one could understand that license.
But as there are predatory companies, there are also predatory FOSS orgs.
I was quite some time ago involved in a case, where we had been using a FOSS that was monitoring a applications performance. We permitted the use of that FOSS despite being under AGPL, since we are just using it, as you just said before, that shouldn’t be a problem.
But then, the AGPL softwares organisation approached us, claiming that embedding the binaries of their monitoring app triggers the network clause of AGPL. And even despite we were not publishing anything of their software, by the nature of the AGPL license, we would have to publish all our products that had been tested with their software under the AGPL terms. (edit for clarification: that AGPL FOSS was part of the build pipeline for the testing. The final product was not interacting with that FOSS in any way)
So they prepared a lawsuit claiming that they had a loss by the broad usage of their FOSS, given they were planing to commercialise their FOSS soon, demanding indemnification in the range of a single diget billion amount.
I am not sure if you would consider this case as intended by the AGPL design. But my company had not expected it to be like this. Before it went to court, we agreed on a settlement, it was like a 3 digit million amount. It wasn’t clear who would have won that case. But we did not want to risk loosing it. So in the end we had to pay a lot. And all what we got for that was enough permited time, to remove that “FOSS” again from our processes it had been implemented before.
So while you interpretation of what AGPL is about is in theory correct. The problem about AGPL is, its terms are rather vague. And this invites to come up with a lot of crazy ideas what could already be triggering the network clause. And hence just on a general policy banning AGPL software is not about not understanding that one still can use the binaries. But rather about what exceptions could be seen in that wording AND how would a court decide about that?
And having had a loss of a tripple digit million $ due to that AGPL license in the past.
I find it reasonable that a company bans AGPL. Even if most FOSS projects are having good intends, you can’t know who plans to just make advantage of you. And where even the project team might hand over a project and the new team has different opinion on it.
So high risk of financial damage due to AGPL isn’t just a theoretical thing.
And as long there are FOSS orgs, trying to take advantage on the rather vague network clause to make profit, as long comapnys will rather avoid using AGPL software.