[HN Gopher] Minio Changes License to AGPL
___________________________________________________________________
Minio Changes License to AGPL
Author : r3dey3
Score : 81 points
Date : 2021-04-23 21:37 UTC (1 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| marcinzm wrote:
| No PR and no discussion and no announcement. This will be a fun
| time bomb for anyone using Minio at a company where legal
| dislikes AGPL licenses.
| slaymaker1907 wrote:
| IANAL, but this may be illegal. I noticed that they have a large
| number of contributors yet seem to have no contributor agreement
| with ownership assignment. This generally means that any license
| change would need the agreement of every past contributor (as it
| should). There are good reasons (for the primary author(s)) to
| enforce copyright assignment for contributions.
|
| Besides legal issues, I consider changes like this to be very
| slimy since you are kind of pulling the rug out from under
| people. I would expect a huge discussion to take place before
| doing something like this to try and let people move off of the
| platform if AGPL does not work for them for whatever reason.
| pipeep wrote:
| What's more concerning IMO is that despite the fact that I
| can't find a CLA, their pricing page claims that if you buy
| their support contract that they'll give you the software under
| a "Commercial" license: https://min.io/pricing
| staticassertion wrote:
| Why would that be concerning? That's probably the most common
| use case for AGPL.
| [deleted]
| monocasa wrote:
| IANAL also, but since Apache is considered compatible with GPL3
| and AGPL3, I think they have the ability to, since they can
| simply relicense their parts of it, and the resulting work is
| de facto AGPL3 taken as a whole. They might have to drop a
| 'portions are licensed under the Apache...' blurb somewhere,
| but the overall idea should be OK.
| sdesol wrote:
| > I noticed that they have a large number of contributors yet
| seem to have no contributor agreement with ownership
| assignment.
|
| I did a quick analysis of the project and there were 42
| contributors in the last year that contributed more than 10
| lines of code churn to go files. See the following for an
| analysis:
|
| https://public-001.gitsense.com/insights/github/repos?q=file...
|
| If you switch to the impacts view, you can see that of the 42
| contributors, there was 1 frequent contributor, 3 occasional
| contributors and 37 seldom contributors.
|
| I can't tell how many of the contributors are Minio employees,
| but I'm guessing in the worst case scenario, they could look at
| re-implementing contributions by non Minio employees, since the
| vast majority of code changes were by Minio employees. I know
| re-implementing previous contributions is a strategy that some
| use when they change their license, but I'm not sure how
| practical this is for Minio.
|
| As a side note, do not install my tool as the docker image has
| expired license that I need to update.
| [deleted]
| bluefox wrote:
| I'm not sure it's "illegal"... but according to [0] the Apache
| license is subsumed by AGPL3, so I think this means they can
| add AGPL3 code freely and the result still makes sense to
| lawyers. They may also relicense code fully authored by
| themselves as AGPL3. Perhaps it may be even possible to
| relicense contributor code given these specific licenses? I
| don't know. They can push to that repository, so it's their
| prerogative to add whatever. Of course, people could use their
| own forks without these commits, not upgrade, etc.
|
| [0] https://www.gnu.org/licenses/license-compatibility.en.html
| jcadam wrote:
| The rationale for doing this escapes me. Is minio concerned
| about one or more cloud providers forking minio and then going
| closed source with their modifications?
|
| I generally only run minio from the official docker image, so I
| don't reckon this would affect "normal" usage?
| zamalek wrote:
| > forking minio and then going closed source with their
| modifications?
|
| Which is somewhat bizarre given that aims to MinIO emulate a
| closed-source system. Open source businesses usually use AGPL
| or similar to prevent "Big Cloud" from stealing their
| business, this is a very strange inverted approach and I
| can't figure out _why._
| rytill wrote:
| Would it be possible to simply fork an MIT-style license and
| relicense the new fork as AGPL? The pre-fork version can
| continue with its old license, but the new fork is AGPL.
| Laremere wrote:
| IANAL. The lack of forking isn't the issue here. When someone
| writes code they (or their company) owns the copyright to it.
| They then contribute the code to the project using the terms
| of the project's license. Eg, for GPL, it allows others to
| modify, build, and run the code. However those modifications
| must be released to the public under the same license.
| (skipping over some minor technical details)
|
| Unless you get everyone who has contributed code to also
| release their code under the new license, the old license is
| the only one which all of the code has.
|
| It is possible to start contributing code to a project under
| a new license (effectively re-licensing the project in the
| eyes of the community), provided that the new license does
| not violate the old one. Specifically the Apache license
| REQUIRES that the code be distributed with a copy of the
| Apache license. Just removing or changing that license
| without the copyright holder's permission is in violation of
| that copyright.
|
| A lot of projects avoid potential future issues by having a
| contributors agreement in addition to the project's
| distribution license. Essentially, you give an extremely
| permissive (possibly up full ownership) of the code you write
| to the project. That is, some legal entity such as a person
| (the head maintainer) or a foundation. This legal entity then
| distributes the project to the community using the license of
| their choice.
| cygx wrote:
| You can't just change the license of code contributed by
| someone else without approval. But you can relicense your own
| contributions, which - unless that code can be trivially
| ripped out - would basically have the same effect as placing
| the whole thing under the AGPL.
| Quekid5 wrote:
| You can't really just 'slap a new license on it' AFAIUI. What
| you _can_ do is fork and license any new derivative work
| under a new license (which is one-way compatible with the old
| one). Effectively that means that the fork can only be used
| under the new license.
| ChickeNES wrote:
| I suppose we'll see a fork this weekend if they don't come to
| their senses, because it very much appears like there was no
| discussion about relicensing, nor is there a CLA
| bhickey wrote:
| The AGPLv3 and Apache 2 licenses are compatible. The
| maintainers are welcome to relicense their own contributions
| under the AGPLv3 and distribute the whole subject to that
| license (and the Apache 2 license), but that doesn't magically
| make contributed source AGPL. Removing the Apache license is
| suspicious because there are a heap of commits that are still
| covered by this license and without it the core MinIO devs have
| no right to use it. This is a full on cluster.
| khuey wrote:
| As is this clearly doesn't satisfy clause 4 of the Apache
| License for external contributions in the absence of a
| copyright transferring CLA.
| clarkevans wrote:
| GPLv3 is compatible with Apache 2.0. This copyright statement
| should have addendum which indicates that portions of the code
| (written by contributors) are under the Apache 2.0 license.
| This could be addressed.
|
| There's no pulling the rug under people here: it's not like the
| previous releases, under the Apache license, are rescinded.
| Someone can still fork the project and keep it under the Apache
| license.
|
| If they are using a proprietary license for their commercial
| offering, they will probably require future community
| contributions to be donated under the Apache 2.0 license.
| mbreese wrote:
| _> This could be addressed _
|
| You'd think they would have thought of this first. The fact
| that we're having this conversation isn't a good sign.
| Quekid5 wrote:
| Is there a CLA or similar? Maybe I missed it, but I couldn't find
| anything in the CONTRIBUTING.md document. Or did they literally
| get every past contributor to agree?
| bobthebuilders wrote:
| Yet another Rust project sinking to the depths of closed source.
| dang wrote:
| Could you please stop posting unsubstantive and/or flamebait
| comments to HN? You've done it repeatedly, and we ban that sort
| of account, as we are trying for something different here.
|
| If you wouldn't mind reviewing
| https://news.ycombinator.com/newsguidelines.html and taking the
| intended spirit of the site more to heart, we'd be grateful.
| orra wrote:
| The AGPL is free and open source. It's a strong copyleft
| licence.
| monocasa wrote:
| Also, this is a go project, not a rust project.
| carlhjerpe wrote:
| What's the difference between the languages got to do with
| the license?
| henvic wrote:
| Not sure about what he means, but I've written this
| https://medium.com/@henvic/opensource-and-go-what-
| license-f6... in the past mostly about the impact of
| permissive vs. non-permissive licenses on Go code
| (because Go programs are statically linked; not sure
| about Rust).
| the_duke wrote:
| Nothing, but OP mentioned Rust.
| jabo wrote:
| Let's say I use Minio in a SaaS app and allow my end users to
| upload directly to it. With this AGPL license change, is this now
| considered to be a form of distribution, that would then require
| me to open source the rest of my SaaS app?
| temp667 wrote:
| Correct - you would need to open source your entire app (or at
| least a strong arguement can be made that you must do so).
|
| "The primary risk presented by AGPL is that any product or
| service that depends on AGPL-licensed code, or includes
| anything copied or derived from AGPL-licensed code, may be
| subject to the virality of the AGPL license. "
|
| Almost all larger places have very strict bans on evening
| touching AGPL -
|
| https://opensource.google/docs/using/agpl-policy/
|
| The contributors can of course license commercially, so this
| has made it a popular sort of "shared source" type license -
| you can look at the code, but can't use it in your own projects
| unless they are open source too or pay for the commercial
| license.
| enriquto wrote:
| > you can look at the code, but can't use it in your own
| projects unless they are open source too or pay for the
| commercial license.
|
| Please, stop spreading ridiculous FUD.
|
| You can use copylefted code in your own projects without any
| restriction. It is only when you distribute this copylefted
| code (e.g., by letting users run it in your computer) that
| you need to publish your modifications to it. And then, this
| is only relevant when you have modified the copylefted code;
| otherwise you just need to distribute code that is public
| elsewhere, which is a non-issue.
| throwaway888abc wrote:
| Same question for same situation
| rad_gruchalski wrote:
| You only have a problem if you modify anything in the source
| code of minio that you host.
| jabo wrote:
| Based on [1] it sounds like even if you "link" to AGPL
| licensed code over a network, unmodified or not, it would
| require you to also license your own code as AGPL? That
| sounds pretty far reaching, if I'm reading it correctly.
|
| [1]
| https://softwareengineering.stackexchange.com/a/107931/28221
| rad_gruchalski wrote:
| I didn't downvote you. No, that's not the case. Here's a
| better explanation:
| https://writing.kemitchell.com/2021/01/24/Reading-AGPL.html
|
| Basically, if you ever need to use agpl stuff, do not embed
| or add your proprietary ip to a modified version. Use a
| sidecar. Only embed features you don't care about.
| enriquto wrote:
| > You only have a problem if you modify anything in the
| source code of minio that you host.
|
| And even in that case, you only need to share your
| modifications of minio, not anything about the rest of your
| system. Doesn't seem too much of a problem, to begin with.
| rad_gruchalski wrote:
| That's right.
| jcadam wrote:
| If my layman's reading of the affero license is accurate (ha!),
| I think it only affects you if you run minio with (your) custom
| modifications, in which case you would have to make the source
| of your custom minio fork available. It shouldn't affect the
| source of other services on your system.
___________________________________________________________________
(page generated 2021-04-23 23:00 UTC)