Closed MrJoy closed 8 years ago
zdavatz
commented
8 years ago What I and GPLv3 cares about is if spreadsheet gem is used and distributed in combination with closed source (not Open Source Software). Then you will have to buy a license, no matter where your software runs.
MrJoy
commented
8 years ago tl;dr: One of these situations appears to be going on:
Longer form:
My concern is that you have adopted the GPLv3 when you may have intended to adopt the GNU AGPL instead. Your response does not make it clear why you believe the GPLv3 is not appropriate to use on Heroku.
At present, my understanding is this: If your interpretation is correct, GPLv3 software used on Heroku constitutes a violation of that license.
Why only Heroku? What makes Heroku different from, say, EC2 or Google Compute Engine? What makes it different from running something on my own public-facing server?
If your assertion is that Heroku is closed source, I would note that Heroku's buildpack system is open source, their servers run on Linux, etc -- there are proprietary components around transmitting slugs to nodes, scheduling the execution of those slugs, and SDN but those are not "linked" to one's application code in the sense described by the GPL.
From the perspective of most developers making use of Heroku (or EC2), nothing is being "distributed" here in a meaningful sense: End-users do not receive object code, and Heroku is not being granted a license to use the code, just to host it.
However, let us say for the sake of argument that sending one's application to Heroku constitutes "distribution" of the app to them. Nothing is being distributed without source code, as gems are all installed from source -- so the only organization to which the code could be described as being "distributed" to (Heroku) is also simultaneously receiving a copy of the source code.
Put another way: Is the problem that Heroku is closed source, or that Heroku is used by its customers to run closed source applications?
If the problem is the former, you either have a clarity of insight into how the GPL works that would turn much of the industry on its ear -- or you are simply wrong. If you are not wrong, then it bears clarification: Your understanding is so divergent from the rest of the industry that it is unreasonable to expect that people will properly interpret what they are / are not allowed to do.
If the problem is the latter, then singling out Heroku is confused as there's no longer a meaningful distinction between running it on Heroku or on one's own public-facing servers. If this is the case you've picked the wrong license by mistake and should correct this error.
Either way, by closing this ticket without improving the clarity of the situation you create a minefield for potential and current customers making it a very poor idea to use your library.
MrJoy
commented
8 years ago Allow me to present the relevant portions of the GNU AGPL and GPLv3 in case you have not bothered to re-read them:
This is from the GNU AGPL:
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the Program, your modified version
must prominently offer all users interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding Source of your version by
providing access to the Corresponding Source from a network server at no charge, through some
standard or customary means of facilitating copying of software. This Corresponding Source shall include
the Corresponding Source for any work covered by version 3 of the GNU General Public License that is
incorporated pursuant to the following paragraph.
Notwithstanding any other provision of this License, you have permission to link or combine any covered
work with a work licensed under version 3 of the GNU General Public License into a single combined
work, and to convey the resulting work. The terms of this License will continue to apply to the part which
is the covered work, but the work with which it is combined will remain governed by version 3 of the GNU
General Public License.However, this is from the GPL:
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have permission to link or combine any covered
work with a work licensed under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this License will continue to apply to the
part which is the covered work, but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the combination as such.You'll note the latter is what's in your current LICENSE file -- and that the LICENSE file makes no restrictions that would prohibit the use of this gem in a public-facing service, even if the source to that service is closed. In fact, this "loophole" is why the GNU AGPL exists!
Edit: Formatting
zdavatz
commented
8 years ago No, I do not think that. Spreadsheet gem is licensed under GPLv3. I state clearly that if you use Heroku AND your source code is closed source you will have to buy a license.
MrJoy
commented
8 years ago Yes, and that is not how the GPLv3 works. That is how the GNU AGPLv3 works.
zdavatz
commented
8 years ago Well then write your own software and license it with whatever you want.
MrJoy
commented
8 years ago I'm not arguing with your intent, just your execution. If you want to enforce this limitation, why not use the correct license? Is it so onerous and burdensome to change the LICENSE file, gemspec, and README?
What value or purpose is there in claiming that the software is under one license but acting as though it is under another?
MrJoy
commented
8 years ago Also, I don't need to write my own here. If I need to wrangle binary XLS files at any point, I'll simply use writeexcel, which is MIT licensed and thus I avoid the legal uncertainty you seem intent on fostering.
Muddying the waters does nothing to benefit the free software movement.
MrJoy
commented
8 years ago For anyone following along, this discussion has bled into another issue. I'll try to avoid further double-posting of things but there's relevant info there, including a link the the FSF's FAQs that address this exact issue.
zdavatz
commented
8 years ago Thank you for your opinion.
stringsn88keys
commented
7 years ago The perception of this licensing is a possible minefield. So, @zdavatz, your interpretation of your license is that if a closed source project has spreadsheet in its list of dependencies, then a commercial license is required? There is at least one project (roo-xls / roo) which has a dependency on the spreadsheet gem, so it would seem that all closed source projects including roo would be in violation if they don't have a commercial license.
zdavatz
commented
7 years ago correct, if their software is not OpenSource.
jwilsjustin
commented
5 years ago I think @MrJoy's assertions are right. Using this Ruby code on a 3rd-party host likely does not constitute a "distribution". The AGPL license was made for this case.
zdavatz
commented
5 years ago @jwilsjustin: The Ruby Spreadsheet gem is licensed under the GPLv3.0. Did you know that?
jwilsjustin
commented
5 years ago @zdavatz Yes I do know that :smile:
You have a blog post suggesting that using this gem under it's GPLv3 license on Heroku is not acceptable, and that an alternative commercial license is required.
I think perhaps you are confusing the GPLv3 with the GNU AGPL, which is meant to address the issue of running closed-source services while using (and benefiting from) free software. If your intention is, in fact, to ensure people cannot derive benefits without giving something back by running hosted services then you would need to relicense under the GNU AGPL, or some other license as the GPLv3 very explicitly does not impose such a constraint (see section 13 in particular).
If that is not your intent, another possibility springs to mind:
That you are interpreting how Heroku's system works as "linking" their infrastructure code with the code from this gem. I would suggest that that's a novel, and problematic interpretation. In effect, it seems like you are interpreting their system's supervision and control of a customer's processes as a form of "linking". By that reasoning, it would become a violation to use this library on OS X, Windows, or any non-Free operating system in any capacity whatsoever -- possibly even for local development. In fact, it would be legally problematic for any person or entity to use this gem in any context where they did not control all code (possibly even firmware/BIOS code!), as they would not be able to guarantee that your code was not -- according to your interpretation -- being "linked" to code they had no ability to ensure was in fact in compliance.
AWS EC2, for example, makes use of hypervisors that are based on free software but which in all likelihood contain proprietary alterations. A laptop not based on LibreBoot would be suspect because this broad interpretation of the term "linking" could reasonably be understood to include anything necessary for the code to execute either directly or indirectly.
A litmus test you could use here to clarify your thinking on the matter would be this:
Imagine a user of this gem has developed a Ruby to native machine code compiler. (Ignore the practical problems of this, it's just a thought experiment!) Their compiler, much like Go, is aimed at producing statically linked binaries. The end result is that using
lddone sees an ELF executable with no linker directives to load other libraries -- and no runtime code that usesdlopenor other analogous system calls. Would it be a violation for this binary to run on any of the following:If the answer is "yes" to any of those, then your interpretation of "linking" may vary from both that of the authors of the license and of the community writ-large. At a minimum you may wish to consider using a revised license that makes your intent more clear, if that is the case.