Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is AGPL a lateral move? #1362

Closed
andreimc opened this issue Mar 18, 2019 · 3 comments
Closed

Is AGPL a lateral move? #1362

andreimc opened this issue Mar 18, 2019 · 3 comments

Comments

@andreimc
Copy link

Why the sudden change to AGPL from MIT ?

What's the main reason for this?

Thanks
@dguido
Copy link
Member

dguido commented Mar 19, 2019
edited
Loading

We've had a handful of VPN services and router manufacturers contact Trail of Bits for assistance integrating Algo over the last few months. It's rare that they know what they are doing and have needed hand-holding to understand which ports to open and how the software works. In each case, Trail of Bits provided that assistance and did it for free even though we were under no obligation to do so.

When these services inevitably stumble through their development and build their service, they have made promises to contribute financially or technically back to Algo. This is the big win for an open source project, since more adoption helps enhance the entire community. Here is a quote directly from one VPN service that is entirely dependent on Algo to function:

Giving Back
We contribute 15% of our net proceeds to these incredible organizations
Algo: Open-source project utilized to configure your [redacted] VPN.

As far as I am aware, we have never received any financial support or code contributions from a company that has incorporated Algo into their product, including the company I quoted. I'd like to make our relationship with these firms more equitable so we have now changed the license for Algo to AGPL.

In our 1.0 release, we have reserved a few more rights than before while keeping the software open source and freely available. Notably, the ability to build a closed-source service based on Algo is now disallowed unless you also release the technical changes you made to accommodate such a development (as per the terms of the AGPLv3). If you want to sidestep that requirement, then you can make a donation and we will provide an exception. We think this is a fair tradeoff and it mirrors how other successful security tools work, like Snort and NMAP.

@dguido dguido closed this as completed Mar 19, 2019
@dguido dguido mentioned this issue Mar 19, 2019
Merged
@TC1977
Copy link
Contributor

TC1977 commented Mar 20, 2019
edited
Loading

@andreimc Here's some reading on the topic. Basically AGPL seems to be more restrictive towards developers who might want to incorporate the Algo code (for free) into their own closed-source or commercial projects. I don't understand how or if it affects us here as end-users or contributors.

https://www.slant.co/versus/3575/3582/~mit-license_vs_agpl
https://news.ycombinator.com/item?id=1273231

From the developer's point of view:
https://thebetterstory.co/the-saas-developers-uber-short-guide-to-using-open-source-projects-f32511fe118d
https://softwareengineering.stackexchange.com/questions/150534/want-to-use-a-lib-for-my-project-confused-with-license-agpl-vs-mit-license

@andreimc
Copy link
Author

@dguido makes sense - was just wondering , thanks for the response. I am planning to use Algo commercially in a project. Sticking with my MIT fork for now, once I make some money from it I will consider the AGPL3!

Great work anyway!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dguido @andreimc @TC1977