I have some questions about AGPL if anyone has answers:
1. If you have code, let's say FooProject, that's AGPL. In which of these scenarios is someone in the wrong for using it?
1a. Google uses FooProject in delivering one GoogleApi, but does not opensource GoogleApi with AGPL.
1b. Facebook uses FooProject in an internal project, FacebookInternal, that's not exposed to the internet, but does not open source FacebookInternal with AGPL.
1c. Microsoft uses FooProject in a special version of Office, which is only distributed via BluRay and does not open source Office under AGPL.
1d. Netflix uses FooProject in AlienNetflixViewer, which is used over the internet, and makes some modifications to FooProject as its used in AlienNetflixViewer. They open source ModifiedFooProject under AGPL, but not AlienNetflixViewer
2. If you have FooProject, and you have 3 libarires, LibraryOne, LibraryTwo, and LibraryThree included in FooProject that are under the MIT license, can someone take Library[Number] and use it under the MIT license? Let's assume these are not actually separate projects, and for all intents and purposes it's the same project as FooProject, but for whatever reason the folders associated with each library has its own license.
3. Assuming someone uses an AGPL project and does not follow the license, what's the penalty? What if its so incorporated into its project its effectively impossible to remove?
4. How do you enforce someone using the AGPL?
5. If you go to a public facing site and suspect that they're using an AGPL project (perhaps because of the nature of the API calls or the client facing JavaScript) can you demand to see the full source?
1c: Not allowed (this is a distribution, and actually is also in violation of general GPL)
1d: Not allowed, linking against the library means using it, which means GPL violation.
2: If (x) is licenses as MIT and does not contain AGPL underneath (it shouldn't, they are not compatible), you can take X under that MIT license. Regardless of actual repository layout.
3: Penalty is a pretty grey area, and this is a civil suite, not a criminal suite. As a result it goes into damages etc
4: I reckon EFF etc. Look for "GPL enforcement" (AGPL is not very different)
5: You can try.. but I reckon only in the discovery etc for a lawsuit a judge can force them to give access to the source-code to verify your claim.
For all intents and purposes, AGPLv3 is GPLv3 with the addendum that distribution also covers "As a Service". Also.. at our company we completely banned AGPL because we simply don't want to deal with any potential violations. So I reckon 1b in your example would also not happen in a place like Facebook (I reckon all 4 companies have an AGPL ban in place :) )
In practice applies the same rules as the GPL except that they cover not only the distribution of copies of the software but also the use of the software in a network service. In practice if something is considered derived work under the GPL is the same also for the AGPL, and the source code must be released to all the people that uses the service (if the service is used internally, you can avoid to do so, also with the standard GPL).
So:
1a. violation
1b. ok if used internally and employee doesn't request the code
1c. violation, doesn't matter here the fact that is AGPL, is a violation also for the standard GPL
1d. if AlienNetflixViewer uses FooProject is derived work and thus must also be released under the AGPL
2. yes, as long you use only the code with the MIT license you can do that under their license
3. he can be sued for violation of the copyright. In practice it's rare that he will get any penalty in real life, especially if we talk about a big corporation...
4. Same as previous answer, in theory you can sue someone if he violates the license
5. Again, if you suspect a violation of the AGPL you can try to sue them. But it's rare that you will get anything done, also if someone is not stupid he will use the code under AGPL and masquerade that, so you will have no way to know (it's difficult to know if someone violates the GPL, good luck finding someone that violates AGPL).
In practice AGPL is a license that is practically impossible to enforce.
There is two basic principles to look at when answering those question.
1) What would a judge/jury perceive as the full copyrighted work, in contrast to individual parts.
2) In all copyright cases there is a author who can enforce copyright. People who want permission to do something which copyright would make illegal need to prove that they are in compliance to the conditions, and its on them to raise the fact that they have a legit license.
So to give some quick answers, if judges would see googleapi as the "complete work" then the author of the AGPL could sue Google for not having a license to use FooProject in GoogleAPI.
AGPL do have some exceptions which allow internal use, so facebook could raise the AGPL in court and say that the license do give them permission to use FooProject in facebookInternal. It would also depend on the question if the judge/jury perceive FacebookInternal as an individual work or as a part of facebook itself.
The AGPL is an additional condition over GPL that restrict work that has an interface that get accessed over a network. The condition would unliekly apply for microsoft BlueRay, through the GPL part would.
If Fooproject is a part of AlienNetflixViewer then AlienNetflixViewer need to be under AGPL.
When the FooProject is distributed the AGPL license also apply to the MIT licensed parts. If people use the MIT licensed parts exclusively then they only need to follow the MIT license.
If a person does not follow the conditions under the AGPL then they do not have the permission for which the license grants. A person who do not have a permission to distributed a copyrighted work and still do it commits the crime of copyright infringement and depending on where, why and what get fined or risk imprisonment. If it is so incorporated into its project its effectively impossible to remove then you either get permission from the author or stop distributing the copyrighted work.
Enforcement of copyright depend on local law. It could be as simple as going to the police and file a police report, but usually it involves getting lawyers involved.
If a user suspect that someone is infringing copyright then they could inform the author. Knowingly accessing copyrighted material from an illegal source could also be illegal, depending on local law.
On a related note, say I have proprietary software A, but want to offer my customers the ability to use AGPL software hosted by me (Redash) on their data.
If the only link between my software and AGPL software is through SAML (and the customer DB), is there any "link" between the two programs for AGPL purposes?
> 1a. Google uses FooProject in delivering one of its GoogleApi, but does not opensource GoogleApi with AGPL.
Depends. GoogleApi may fall under any of these three cases:
i) is considered a covered work (A "covered work" means either the unmodified Program or a work based on the Program.), then it must be AGPL, therefore it falls under paragraph 1 of section 13, which means Google must offer the source of GoogleApi and FooProject. https://www.gnu.org/licenses/agpl-3.0.en.html#section13
ii) is considered combined/linked with FooProject, then GoogleApi may be AGPL or GPL (paragraph 2 of section 13). If it's AGPL, then same as point i; if it's GPL then I believe Google would only have to redistribute the code of FooProject if modified (but not GoogleApi because GPL doesn't require it)
iii) neither, eg. if GoogleApi communicates with FooProject over an internal network: then I don't know.
> 1b. Facebook uses FooProject in an internal project, FacebookInternal, that's not exposed to the internet
AGPL only considers users (ie. people who can access the software): "your modified version must prominently offer all users interacting with it remotely through a computer network"
> 1c. Microsoft uses FooProject in a special version of Office, which is only distributed via BluRay and does not open source Office under AGPL.
Basically the same as GPL: "You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License" https://www.gnu.org/licenses/agpl-3.0.en.html#section6
> 1d. Netflix uses FooProject in AlienNetflixViewer, which is used over the internet, and makes some modifications to FooProject as its used in AlienNetflixViewer. They open source ModifiedFooProject under AGPL, but not AlienNetflixViewer
see 1a
> 2. If you have FooProject, and you have 3 libarires, LibraryOne, LibraryTwo, and LibraryThree included in FooProject that are under the MIT license, can someone take Library[Number] and use it under the MIT license?
That's the definition of them being under MIT license.
> 3. Assuming someone uses an AGPL project and does not follow the license, what's the penalty? What if its so incorporated into its project its effectively impossible to remove?
licenses like AGPL grant the right to use software if the user follows certain restrictions. ("user" means developers using the code, here.): All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program." https://www.gnu.org/licenses/agpl-3.0.en.html#section2
If you do not follow these restrictions, then you do not have the right to the software, so it is a copyright violation.
> 4. How do you enforce someone using the AGPL?
Sue for copyright infringement, because someone used your program without permission.
> 5. If you go to a public facing site and suspect that they're using an AGPL project (perhaps because of the nature of the API calls or the client facing JavaScript) can you demand to see the full source?
I don't know. All I can find is that: "If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so."
1. If you have code, let's say FooProject, that's AGPL. In which of these scenarios is someone in the wrong for using it?
1a. Google uses FooProject in delivering one GoogleApi, but does not opensource GoogleApi with AGPL.
1b. Facebook uses FooProject in an internal project, FacebookInternal, that's not exposed to the internet, but does not open source FacebookInternal with AGPL.
1c. Microsoft uses FooProject in a special version of Office, which is only distributed via BluRay and does not open source Office under AGPL.
1d. Netflix uses FooProject in AlienNetflixViewer, which is used over the internet, and makes some modifications to FooProject as its used in AlienNetflixViewer. They open source ModifiedFooProject under AGPL, but not AlienNetflixViewer
2. If you have FooProject, and you have 3 libarires, LibraryOne, LibraryTwo, and LibraryThree included in FooProject that are under the MIT license, can someone take Library[Number] and use it under the MIT license? Let's assume these are not actually separate projects, and for all intents and purposes it's the same project as FooProject, but for whatever reason the folders associated with each library has its own license.
3. Assuming someone uses an AGPL project and does not follow the license, what's the penalty? What if its so incorporated into its project its effectively impossible to remove?
4. How do you enforce someone using the AGPL?
5. If you go to a public facing site and suspect that they're using an AGPL project (perhaps because of the nature of the API calls or the client facing JavaScript) can you demand to see the full source?