[Freedombox-discuss] Unforgivable Hacks for AGPL Compliance

Nick M. Daly nick.m.daly at gmail.com
Tue Apr 30 03:26:34 UTC 2013

Hi Bradley, thanks for the reply.

Bradley M. Kuhn writes:

> Thanks for making efforts to automate AGPLv3 compliance.  While I
> don't think it can be fully automated (verifying CCS is almost surely
> an undecidable problem in the computational complexity sense), I
> believe that it is possible to make a good-faith effort that can help
> the deployer yield a reasonable source release that should only
> require minor tweaks thereafter to get correct.

That's part of my goal.  I'd also like to help build social norms and
shortcuts that allow people to say, "if you do X (where X is discrete,
clear, and hopefully, simple), then you've satisfied the license's
requirements."  We might be able to establish these social norms by
making basic, "good enough", compliance trivial [0].  Who knows, that
sort of system might even help correct some misunderstandings about the
AGPL [1].

> Your Makefile hack is a good first step, but not that it might not
> find everything; I'd suspect only human intervention can do that
> reliably.

Yup, it's certainly not designed to find everything; it's far too
simple.  However it's (fairly) easy to understand and really
straightforward.  Therefore, it's simple to adjust and situationally
correct.  Since the AGPL (like the GPL) works best (only?) at the
project level, it makes sense to ask the project to manage its known
files.  Folks who want to comply with the license won't have difficulty
saving their files in the working directory.  If folks don't want to
comply, then we'll have an even harder time diagnosing non-compliance,
as services are remote.  I'm pretty sure the licenses were designed to
prefer this problem over the potential problem of removing users'


0: I wouldn't go so far as saying social norms are more important than
   the written license, but they certainly influence its use: I've never
   heard of someone being considered out of compliance for removing
   legal notices from the user interface while making the source code
   available, as mentioned in section 5, paragraph d.  If they exist,
   I'd be really interested in reading up on them.

1: Misunderstandings like "the AGPL requires distributing all source
   required to run the service in its current state, including dotfiles
   and other private config files".  However, that seems wrong (per
   section 13, paragraph 1 and section 1, paragraphs 4 - 6): it's all in
   how you interpret "all the source code needed to... run the object
   code."  Running most source without a configuration dotfile is
   possible, but will usually produce meaningless results.  The AGPL
   doesn't appear to require useful results, just the ability to produce
   them.  Therefore, dotfiles don't seem to be required.

   Of course, IANAL, so my opinions are illegal :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20130429/42d609ba/attachment.pgp>

More information about the Freedombox-discuss mailing list