afontenot
commented
3 days ago The AGPL requires that distributors of covered works in binary form also "convey the machine-readable Corresponding Source under the terms of this License". This means that it is not allowed for Arch Linux to distribute a "clean" version of the program without the enterprise crate, unless they also clean up the source tree to remove all SEL licensed code, as otherwise it's not possible to convey a source version under the AGPL's terms.
Chasing this part of the issue down a little further, the following script appears to turn the source tree into AGPL-clean code that compiles successfully. Obviously, you have to compile without the enterprise feature for this to work. I believe that building from a cleaned tree like this one, and then making that cleaned source available to users the binary is distributed to, would be sufficient to meet the conveyance requirements of the AGPL. It's my hope that something like this would be sufficient for including Stalwart in Debian.
perl -i -0pe 's/ *\/\/ SPDX-SnippetBegin[^\n]*\n[^\n]*\n[^\n]*SPDX-License-Identifier: LicenseRef-SEL.*?\/\/ SPDX-SnippetEnd *//gms' crates/**/*.rs
grep -l 'SPDX-License-Identifier: LicenseRef-SEL' crates/**/*.rs | xargs truncate -s0
perl -ne 'print if m/(?<!OR) LicenseRef-SEL/' crates/**/*.rsIf any of these lines print anything, you can assume something has gone wrong. Requires the globstar shopt in Bash.
In the process I discovered another issue, which is that some source code files are missing license annotations:
* crates/common/src/expr/functions/asynch.rs
* crates/common/src/listener/acme/directory.rs
* crates/common/src/listener/acme/jose.rs
* crates/common/src/listener/acme/order.rs
* crates/imap/src/core/mailbox.rs
* crates/jmap/src/api/management/log.rs
* crates/nlp/src/lib.rs
* tests/src/smtp/inbound/antispam.rs
williamdes
Which feature or improvement would you like to request?
Currently, as I read the SEL license, only the following things are allowed:
This omits the following things that are probably not intended to be prohibited:
--featureenabled.I suggest the following improvements:
I think Stalwart enterprise edition is clearly a "Material containing ... your contribution", which means Stalwart's CLA needs to allow the creation of combined works that are non-free. Otherwise the whole work becomes AGPL, and it explicitly allows stripping out additional restrictions added to combined works.
Is your feature request related to a problem?
I'm looking at this from the perspective of Linux distribution maintainers. As the community edition of Stalwart claims to be open source software, including it in e.g. Debian should be possible, but currently I think this is actually quite doubtful.
In particular Arch Linux appears to have been caught out by this. They're distributing Stalwart, but they're building it with the default features which means that SEL licensed code is included in the resulting binary. This means that the resulting program isn't AGPL, and also that Arch Linux is distributing Stalwart without the right to do so under the SEL. I've reported this issue to them.
The AGPL requires that distributors of covered works in binary form also "convey the machine-readable Corresponding Source under the terms of this License". This means that it is not allowed for Arch Linux to distribute a "clean" version of the program without the enterprise crate, unless they also clean up the source tree to remove all SEL licensed code, as otherwise it's not possible to convey a source version under the AGPL's terms.
My proposed solution would allow Arch Linux to continue distributing a non-free version of the work that users could add their own license keys to, if they decide to do that.
Code of Conduct