Thanks for all the comments! We need some license expert to carefully handles. Any advises from you on the license issue would be helpful.
Legal departments are supposed to protect the company from liability and legal peril, but from what I’ve seen, usually their number one priority is making 100% sure that there’s absolutely zero chance that anyone will ever be able to come back and blame them if something with even the most minuscule chance of happening happens. They’d even rather the company miss out on substantial business opportunities (the pursuit of which always involves risk) because if the company doesn’t perform as well as it could have, the people who get blamed for that won’t be in the legal department.
Apparently (based on the comments in the thread) in this case they’re worried that some rogue engineer will download a copyleft-licensed app’s source code and incorporate it into their company’s product or internal tool and literally no one else on the dev team or in the company will notice until it’s too late, and it will then cost a ton of money and time to rip and replace it, which is of course a vanishingly small possibility.
It doesn’t seem to have dawned on them that downloading a binary to use a copyleft-licenced app is different from downloading its source code, and that a company can allow one while making the other a firing offense.
Months ago I sent a couple of contacts for FOSS legal advice to @Bader that said he would forward them to the team.
here are the sources @alex0 shared with me.
3 recommended legal firms/groups that specializes in FOSS licensing:
You are absolutely right. If there’s any margin for vulnerability they will eliminate it no questions asked. To them its a black and white process. It feels like you are talking to a brick wall when you are trying to reason with them and incredibly frustrating. Hopefully one day that will improve though.
I’m hoping to see more discussion on the licensing topic. Specifically:
- There’s a category of users who would simply like to buy a commercially licensed version of logseq – either one-time or subscription.
- Moving away from AGPL is not necessary to satisfy this requirement – only that logseq also be offered under a paid commercial license.
- For companies like mine, AGPL is a complete no-go, but if there are commercial licenses available those are perfectly acceptable.
Basically, I think there’s considerable agreement that having a commercial license available would both support the project and enable a certain category of new users.
At this point I’m curious about the state of the CLAs; the CLA appears to give logseq the ability to offer an alternative paid commercial license (good!).
@anticlimber just to be clear: everyone can use Logseq right now. It’s some companies’ decision to ban AGPL licensed software to avoid it to be modified and hosted on their servers without releasing the modifications’ source, violating the license. There is no way to violate the license by just using Logseq as a desktop application. So if someone can convince their IT department they could make an exception for desktop applications.
You may not grasp the implications of AGPL in a corporate setting. In large companies with thousands of employees, it becomes practically impossible for the Global IT department to track who is installing or modifying the source code. While I personally appreciate Logseq, I’m unable to use it because our Global IT has made it clear that they cannot effectively monitor the instances in use or identify those modifying the source code. Even if no one has any intention to modify it, the Global IT Department is not willing to take any risks and has chosen to outright ban it. Consequently, we end up in using Microsoft OneNote.
And I personally feel, the contributor will be increased based on the quality of the product, not because of the AGPL license. As you decided to be opensource I highly recommend GPL, atleast more end users will be using it and the words keep spreading.
For corporate AGPL is like nuclear missile even though they don’t have any intent to modify it.
And? Have you read my post? My replies here? How many times I have to say it? Do I have to repeat the same thing to every single user? OK, here you go:
THE VIOLATION OF THE AGPL LICENSE HAPPENS IF YOU HOST A PUBLIC SERVICE ON YOUR SERVER USING THAT CODE MODIFIED WITHOUT RELEASING IT AS AGPL
THERE IS NO PROBLEM IN USING A DESKTOP APP LIKE LOGSEQ
WHAT YOU CAN’T DO IS USING LOGSEQ SOURCE CODE TO CREATE SOMETHING LIKE ROAM RESEARCH OR TANA PUBLICLY ON THE INTERNET
YOUR IT DEPARTMENT HAS TO CHECK WHO INSTALL WHAT ON A SERVER THAT PROVIDES PUBLIC SERVICES AND EVERYONE ALREADY CHECK THAT
You understand that, I understand that, others here likely understand that. I’ve pointed this out to you before Alex. I’ll point it out again. IT Departments and Legal do not care about in-between the lines. It’s black and white to them. They’ll block it all together to avoid the risk. Any violation of that license puts the company at risk, not the individual. That can involve IP for the company that is not publicly available to other competitors which can lead to large losses in revenue. The risks are too high for them. Argue it all you want, corporations/large businesses will do all they can to protect and reduce as much risk as they can.
TO BE CLEAR!!! IT IS NOT ABOUT WHAT IS RIGHT. IT IS ABOUT REDUCING OVERALL RISK TO THE COMPANY.
This needs more clarification. Regarding the AGPL violation, it occurs if you host or provide a network service using modified AGPL-licensed code without offering the modified source code to its users. This applies whether the service is private or public. For a private service, the source code must be made available to those authorized users. If the service is public, then the source code must also be publicly available to comply with the AGPL.
@SkyRacer85 clearly has not read the thread because their reply doesn’t add anything new.
And I already replied that it is not ethical to ask a small company like Logseq to give away such an important protection because some users want to use it as a personal tool in a big company that is too lazy to setup an automated check that they don’t use AGPL code to provide services over the network and so they forbid AGPL software even as desktop app.
The check is trivial to implement because these days code has metadata attached that specify the license. You really have to intentionally violate the AGPL for that to happen.
The case of private networks is not relevant because Logseq team wouldn’t be able to provide proofs to sue the big company.
And the risks? Do you know what are the risks? That they need to stop that service or release the modifications they made to Logseq code as AGPL. Whoa, what a risk for a big company! AGPL really is a bomb meant to kill companies!
And again, it’s me suggesting that Logseq should have also a commercial license for these cases, but if those big companies don’t even want to pay for a commercial license there is only one solution:
Write your own software and release it with whatever license your company allow, investing your own time and money.
P.S. Obsidian has a commercial license and it’s needed to use it in a company. Why people don’t complain about that? Logseq users already have much more than what Obsidian provides, yet some want even more. And no one is suggesting a solution that keep protecting Logseq like the AGPL does. They are just trying to lobby without promising anything in return to Logseq.
That is the price of APGL and one of the things I have pointed out before as well. You risk loosing that user base. If that is ok with Logseq, then that is their choice. However, do not sit here and say there is no risk to companies by allowing APGL, you do not understand the risk if you say there are no risk.
Also, implementing monitoring at that level is MUCH easier said than done. You make it sound like its a flip of a switch, when there’s multiple systems that have to be implemented within the company to track this at this level.
What most companies likely do is implement a lite version of this, then ban the use of APGL to the general population, while leaving your dev teams a process to submit for review and approval of APGL code for their projects.
My point proven. You do not understand the risk.
This I would agree with. I believe this would solve the issue in most cases.
Does not matter. It is part of the requirements of the license. If someone from inside the company leaked this back to the dev team; highly unlikely with a small dev team like logseq, but in cases of bigger software packages, that would be a liability on the company.
By allowing an AGPL-licensed desktop app like Logseq there is no risk.
Thanks for pointing out the real risks in details /s.
Are you serious?
- You can’t use information by an insider to sue the company. We have not a criminal offense here.
- Who is so stupid to witness against their own company just to make it say “sorry, it was a mistake, we’ll stop the service/release the changes”.
The risks some companies see in AGPL is that some employees could use AGPL code in one of their services and if found out it could be expensive to replace the code.
So the IT department can just allow employees to install Logseq as a desktop app on their workstations and enforce the AGPL-ban for who is responsible to develop/deploy services on the network.
Do you really expect Logseq team could trade the AGPL protection for a few users that happen to develop/deploy services on a network and that in doing so they somehow may use Logseq source code?
As I said previously; I understand this, you understand this. The companies however do not. Most companies only care about one thing, that is their profits. They will do everything they can to reduce their risk that will harm their profits. That is all they care about. They do not do things that are convenient for their users. It’s sometimes the complete opposite of that and it is for that reason.
HAH! Like I am going to do the work for you. You’ve proven time and time again that you ignore those facts and stick to only what you believe. No thanks! Not wasting my time.
Sure, but there is no risk in running an AGPL-licensed desktop app. And I doubt there is a company that doesn’t distinguish workstations from servers. And even if there were and they also ignore a reasonable request by an employee, it’s not a matter that should be discussed in this forum.
I have debunked the myths about AGPL, everyone is free to use these informations when approaching their IT department. Peace.
I feel like i’m going in circles here with you.
No, there is no risk. You and I understand that. Companies however see it overall as a risk and will eliminate it to reduce that risk factor, therefore they block it entirely. There will be cases where users will be able to get exceptions made but that will not always be the case, such as skyrockets case.
Sooooooo… Regardless of whatever you may say, there is a risk of loosing users due to this license choice in the work place due to IT Departments blocking it. I do not encourge logseq to move away from AGPL, that is not my place to encourage what path they should take and I personally think AGPL is fine, it really does not matter to me. However, it is worth pointing out these risks involved since it would affect total number of users who can use the application. With Logseq/PKM being a very niche community, the total number of users is already low.
I worked at Adobe (after they acquired Macromedia, where I’d worked for six years) and their legal team was pretty much death on GPL/LGPL/AGL software. As @Zyrohex says, there’s “no risk” but that doesn’t matter in the real world: companies make policy based on the advice of counsel and those licenses are often an impediment to employees at a company even trying the software.
For the projects I was involved in, we asked OSS maintainer teams to reconsider their use of those licenses and if they switched to something “acceptable”, we could use their software. Otherwise, we either needed to expend a lot of energy and time fighting for an “exception” or we’d just find some other project to use.
I sympathize with @alex0 and I understand their position – heavily repeated in this thread – but it just doesn’t line up with corporate policy, regardless of how misguided that policy might be.
My current employer is much more lenient, so I’m able to use logseq however I want, mostly for personal/OSS project stuff, but also for some work stuff. Not all employers are that reasonable and it is a consideration for broader adoption.
You both are naive, companies like Adobe are not worried to be sued, they just boycott *GPL licenses because Free Software could be an alternative to the software they sell.
It’s not like a company like Adobe doesn’t userstand that they can use some software for free on their workstations but they can’t reuse the source code in their products.
And I have said from the beginning that Logseq could also have a commercial license, just like Qt, that is one of the most used GUI framework in the industry. At that point those companies have no excuses anymore and their intention to boycott is revealed.
I don’t see what’s the point of repeating the risk argument except to lobby Logseq team to give away the protection of the AGPL.
The only person you have proven to be naive is yourself. You have proven it time and time again. This is exactly why I do not provide you facts Alex, because you choose to ignore them and only focus on what you believe. You have multiple people in this thread who have commented and spoke the very thing I am talking about but you talk around it as if it does not exist. There’s nothing more that needs to be said here.
Alex has a viewpoint on the AGPL, and I am sure that he 100% believes that he is correct. I do not think he has any hidden agenda.
Within certain types of companies, it actually is straightforward to know if public services incorporate a given piece of software, and the blast radius of improper inclusion is limited.
That changes substantially with large companies and more complex coordination models across large (and extremely large) teams. There are a mixture of narrow interfaces, goals and production environments. Sometimes teams “temporarily” use a given bit of tech as a jumpstart or to study, and those can often stick around longer than intended. It can be far from clear what the usage of a given subsystem is. It is equally far from clear what a “public” system is.
We can argue all day about whether technologists understand and can agree on these matters, mostly because we generally can agree on them. Some of us have experience in the court systems, and reality is but one factor there.
Corporate legal teams weight the risks against the rewards. Any time you go into a courtroom there’s a nonzero chance of losing, regardless of the facts. You take that nonzero chance and you multiply it by the exposure, and then you weigh that against the potential benefits. In my org AGPL doesn’t get past that test, and probably never will as written.
But no matter, because it’s reasonably common for companies to offer commercial alternative licenses to AGPL software, and those work quite nicely. Logseq loses nothing by offering a commercial license, and definitely stands to gain users.
The problem here is that the alternative commercial license is not available (yet). I think the reason for this is that significant chunks of the development were done with contributions done under the AGPL. Relicensing those contributions is difficult. I truly hope Logseq can succeed at doing that, because I really want them to make a lot of money (truly!) and keep Logseq running for decades.
Finally, Alex: You make a blanket statement here that *"companies like Adobe are not worried to be sued, they just boycott GPL licenses because Free Software could be an alternative to the software they sell". That generalization is largely inaccurate. I suppose it’s possible to find a company exhibiting that kind of behavior, but that line of thinking is rarely in evidence at serious software companies.
Alex, you’ve brought a very active voice to this discussion, and I worry that your responses are being perceived as semi-official by readers. Do you represent Logseq in any way? If not, I think you should make that clearer.