[HN Gopher] Minio Changes License to AGPL ___________________________________________________________________ Minio Changes License to AGPL Author : r3dey3 Score : 81 points Date : 2021-04-23 21:37 UTC (1 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | marcinzm wrote: | No PR and no discussion and no announcement. This will be a fun | time bomb for anyone using Minio at a company where legal | dislikes AGPL licenses. | slaymaker1907 wrote: | IANAL, but this may be illegal. I noticed that they have a large | number of contributors yet seem to have no contributor agreement | with ownership assignment. This generally means that any license | change would need the agreement of every past contributor (as it | should). There are good reasons (for the primary author(s)) to | enforce copyright assignment for contributions. | | Besides legal issues, I consider changes like this to be very | slimy since you are kind of pulling the rug out from under | people. I would expect a huge discussion to take place before | doing something like this to try and let people move off of the | platform if AGPL does not work for them for whatever reason. | pipeep wrote: | What's more concerning IMO is that despite the fact that I | can't find a CLA, their pricing page claims that if you buy | their support contract that they'll give you the software under | a "Commercial" license: https://min.io/pricing | staticassertion wrote: | Why would that be concerning? That's probably the most common | use case for AGPL. | [deleted] | monocasa wrote: | IANAL also, but since Apache is considered compatible with GPL3 | and AGPL3, I think they have the ability to, since they can | simply relicense their parts of it, and the resulting work is | de facto AGPL3 taken as a whole. They might have to drop a | 'portions are licensed under the Apache...' blurb somewhere, | but the overall idea should be OK. | sdesol wrote: | > I noticed that they have a large number of contributors yet | seem to have no contributor agreement with ownership | assignment. | | I did a quick analysis of the project and there were 42 | contributors in the last year that contributed more than 10 | lines of code churn to go files. See the following for an | analysis: | | https://public-001.gitsense.com/insights/github/repos?q=file... | | If you switch to the impacts view, you can see that of the 42 | contributors, there was 1 frequent contributor, 3 occasional | contributors and 37 seldom contributors. | | I can't tell how many of the contributors are Minio employees, | but I'm guessing in the worst case scenario, they could look at | re-implementing contributions by non Minio employees, since the | vast majority of code changes were by Minio employees. I know | re-implementing previous contributions is a strategy that some | use when they change their license, but I'm not sure how | practical this is for Minio. | | As a side note, do not install my tool as the docker image has | expired license that I need to update. | [deleted] | bluefox wrote: | I'm not sure it's "illegal"... but according to [0] the Apache | license is subsumed by AGPL3, so I think this means they can | add AGPL3 code freely and the result still makes sense to | lawyers. They may also relicense code fully authored by | themselves as AGPL3. Perhaps it may be even possible to | relicense contributor code given these specific licenses? I | don't know. They can push to that repository, so it's their | prerogative to add whatever. Of course, people could use their | own forks without these commits, not upgrade, etc. | | [0] https://www.gnu.org/licenses/license-compatibility.en.html | jcadam wrote: | The rationale for doing this escapes me. Is minio concerned | about one or more cloud providers forking minio and then going | closed source with their modifications? | | I generally only run minio from the official docker image, so I | don't reckon this would affect "normal" usage? | zamalek wrote: | > forking minio and then going closed source with their | modifications? | | Which is somewhat bizarre given that aims to MinIO emulate a | closed-source system. Open source businesses usually use AGPL | or similar to prevent "Big Cloud" from stealing their | business, this is a very strange inverted approach and I | can't figure out _why._ | rytill wrote: | Would it be possible to simply fork an MIT-style license and | relicense the new fork as AGPL? The pre-fork version can | continue with its old license, but the new fork is AGPL. | Laremere wrote: | IANAL. The lack of forking isn't the issue here. When someone | writes code they (or their company) owns the copyright to it. | They then contribute the code to the project using the terms | of the project's license. Eg, for GPL, it allows others to | modify, build, and run the code. However those modifications | must be released to the public under the same license. | (skipping over some minor technical details) | | Unless you get everyone who has contributed code to also | release their code under the new license, the old license is | the only one which all of the code has. | | It is possible to start contributing code to a project under | a new license (effectively re-licensing the project in the | eyes of the community), provided that the new license does | not violate the old one. Specifically the Apache license | REQUIRES that the code be distributed with a copy of the | Apache license. Just removing or changing that license | without the copyright holder's permission is in violation of | that copyright. | | A lot of projects avoid potential future issues by having a | contributors agreement in addition to the project's | distribution license. Essentially, you give an extremely | permissive (possibly up full ownership) of the code you write | to the project. That is, some legal entity such as a person | (the head maintainer) or a foundation. This legal entity then | distributes the project to the community using the license of | their choice. | cygx wrote: | You can't just change the license of code contributed by | someone else without approval. But you can relicense your own | contributions, which - unless that code can be trivially | ripped out - would basically have the same effect as placing | the whole thing under the AGPL. | Quekid5 wrote: | You can't really just 'slap a new license on it' AFAIUI. What | you _can_ do is fork and license any new derivative work | under a new license (which is one-way compatible with the old | one). Effectively that means that the fork can only be used | under the new license. | ChickeNES wrote: | I suppose we'll see a fork this weekend if they don't come to | their senses, because it very much appears like there was no | discussion about relicensing, nor is there a CLA | bhickey wrote: | The AGPLv3 and Apache 2 licenses are compatible. The | maintainers are welcome to relicense their own contributions | under the AGPLv3 and distribute the whole subject to that | license (and the Apache 2 license), but that doesn't magically | make contributed source AGPL. Removing the Apache license is | suspicious because there are a heap of commits that are still | covered by this license and without it the core MinIO devs have | no right to use it. This is a full on cluster. | khuey wrote: | As is this clearly doesn't satisfy clause 4 of the Apache | License for external contributions in the absence of a | copyright transferring CLA. | clarkevans wrote: | GPLv3 is compatible with Apache 2.0. This copyright statement | should have addendum which indicates that portions of the code | (written by contributors) are under the Apache 2.0 license. | This could be addressed. | | There's no pulling the rug under people here: it's not like the | previous releases, under the Apache license, are rescinded. | Someone can still fork the project and keep it under the Apache | license. | | If they are using a proprietary license for their commercial | offering, they will probably require future community | contributions to be donated under the Apache 2.0 license. | mbreese wrote: | _> This could be addressed _ | | You'd think they would have thought of this first. The fact | that we're having this conversation isn't a good sign. | Quekid5 wrote: | Is there a CLA or similar? Maybe I missed it, but I couldn't find | anything in the CONTRIBUTING.md document. Or did they literally | get every past contributor to agree? | bobthebuilders wrote: | Yet another Rust project sinking to the depths of closed source. | dang wrote: | Could you please stop posting unsubstantive and/or flamebait | comments to HN? You've done it repeatedly, and we ban that sort | of account, as we are trying for something different here. | | If you wouldn't mind reviewing | https://news.ycombinator.com/newsguidelines.html and taking the | intended spirit of the site more to heart, we'd be grateful. | orra wrote: | The AGPL is free and open source. It's a strong copyleft | licence. | monocasa wrote: | Also, this is a go project, not a rust project. | carlhjerpe wrote: | What's the difference between the languages got to do with | the license? | henvic wrote: | Not sure about what he means, but I've written this | https://medium.com/@henvic/opensource-and-go-what- | license-f6... in the past mostly about the impact of | permissive vs. non-permissive licenses on Go code | (because Go programs are statically linked; not sure | about Rust). | the_duke wrote: | Nothing, but OP mentioned Rust. | jabo wrote: | Let's say I use Minio in a SaaS app and allow my end users to | upload directly to it. With this AGPL license change, is this now | considered to be a form of distribution, that would then require | me to open source the rest of my SaaS app? | temp667 wrote: | Correct - you would need to open source your entire app (or at | least a strong arguement can be made that you must do so). | | "The primary risk presented by AGPL is that any product or | service that depends on AGPL-licensed code, or includes | anything copied or derived from AGPL-licensed code, may be | subject to the virality of the AGPL license. " | | Almost all larger places have very strict bans on evening | touching AGPL - | | https://opensource.google/docs/using/agpl-policy/ | | The contributors can of course license commercially, so this | has made it a popular sort of "shared source" type license - | you can look at the code, but can't use it in your own projects | unless they are open source too or pay for the commercial | license. | enriquto wrote: | > you can look at the code, but can't use it in your own | projects unless they are open source too or pay for the | commercial license. | | Please, stop spreading ridiculous FUD. | | You can use copylefted code in your own projects without any | restriction. It is only when you distribute this copylefted | code (e.g., by letting users run it in your computer) that | you need to publish your modifications to it. And then, this | is only relevant when you have modified the copylefted code; | otherwise you just need to distribute code that is public | elsewhere, which is a non-issue. | throwaway888abc wrote: | Same question for same situation | rad_gruchalski wrote: | You only have a problem if you modify anything in the source | code of minio that you host. | jabo wrote: | Based on [1] it sounds like even if you "link" to AGPL | licensed code over a network, unmodified or not, it would | require you to also license your own code as AGPL? That | sounds pretty far reaching, if I'm reading it correctly. | | [1] | https://softwareengineering.stackexchange.com/a/107931/28221 | rad_gruchalski wrote: | I didn't downvote you. No, that's not the case. Here's a | better explanation: | https://writing.kemitchell.com/2021/01/24/Reading-AGPL.html | | Basically, if you ever need to use agpl stuff, do not embed | or add your proprietary ip to a modified version. Use a | sidecar. Only embed features you don't care about. | enriquto wrote: | > You only have a problem if you modify anything in the | source code of minio that you host. | | And even in that case, you only need to share your | modifications of minio, not anything about the rest of your | system. Doesn't seem too much of a problem, to begin with. | rad_gruchalski wrote: | That's right. | jcadam wrote: | If my layman's reading of the affero license is accurate (ha!), | I think it only affects you if you run minio with (your) custom | modifications, in which case you would have to make the source | of your custom minio fork available. It shouldn't affect the | source of other services on your system. ___________________________________________________________________ (page generated 2021-04-23 23:00 UTC)