The only real reason to use non-copyleft licenses for these kinds of projects is to be able to do the rug pull, so you should have expected it instead of feeling betrayed.
I imagine they will now require copyright assignment or something like that for external contributors to be able to relicense new code under a commercial license.
A copyleft license like the AGPL didn't stop MongoDB from rugpulling. I'd argue that the AGPL, and the copyright assignment that tends to go with it, makes it easier to rugpull because forking entities would be at an extreme disadvantage in keeping the lights on compared to the closed-sourcing company. A non-copyleft license, on the other hand, makes it much easier for a forking company to cover all the same niches as the original company, making a rugpull that much more difficult.
MongoDB used to be AGPLv3. A year after their IPO they realized "aww shit, Wall Street wants continuous growth, being profitable isn't enough" and decided to migrate to a completely new license, SSPL, that's designed to put everything surrounding the software in scope of the copyleft. The implication being that if Amazon were to offer MongoDB they'd also have to release all of AWS RDS[0] as a thing you could just download and use.
The community did not like this one bit, but MongoDB doesn't need to care about what the community thinks because they had CLA'd all their contributors. That is, if you wanted something in MongoDB upstream, you had to give MongoDB full copyright ownership over the software. Which exempts them from copyleft[1]. One of the critical parts of copyleft is the "no further restrictions" rule; otherwise copyleft is just proprietary with extra steps.
[0] I don't remember if they were hosting MongoDB as part of RDS or something else.
[1] As we've seen with the Neo4J lawsuit, copyright licenses cannot tie the hands of the copyright owner. The only way for copyleft to work is to create a Mexican standoff of contributors who will sue each other to death if any one of them decides to relicense without unanimous community consensus.
AWS never offered the AGPLv3 licensed version of the MongoDB server as part of any managed service. There were large cloud providers in China that _did_ offer MongoDB as a service. They also provided the corresponding source code [1]. Despite signs that they were complying with the obligations of the license, they had the SSPL drafted anyway.
Because once it was clear that software as a service was a compelling model, it was no longer appealing to give everyone the permissions needed to offer the software as part of a service (as AGPLv3 was always designed to do).
Changing the license seemingly worked, as a partnership was eventually announced [2].
> The only real reason to use non-copyleft licenses for these kinds of projects is to be able to do the rug pull
That’s an exaggeration. The vast majority of permissively licensed projects have never “rug pulled” and never will. It might be one possible reason to choose such a license but it’s very far from the only one.
Unless a CLA transfers copyright to the project owner, the copyright owners are every historical contributor to the project. Each contribution is owned by the contributor alone and they alone are able to grant rights to it.
A CLA often tries to mitigate this by making contributors give the project owners special rights at the time of contribution.
(Note that even if relicensed, this itself can never revoke licenses granted for prior versions unless that license specifically had revocation written into it.)
Yes, a project can only be relicensed if a CLA assigning licensing rights (not ownership) is signed by all contributors, or if all code is owned by the entity relicensing it. Whether it's under a copyleft license, a permissive license, or even a proprietary license is irrelevant.
> there are open legal questions about whether the GPL and its variants are enforceable.
At this point in history, there are multiple legal cases where GPL violators were taken to court and lost or settled. See: BusyBox and Linksys/OpenWrt.
GPL v3 also has a nice clause that allows companies to "repair/cure" their non-compliance.
> Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice.
if that's your "good legal reason" to avoid the GPL, then it's just as much a "good legal reason" not to open source your work at all: if the GPL is not enforceable, that would mean you have used a non-copyleft license, which according to you is the thing you want to avoid for good legal reasons.
you said "avoid gpl". reason? "unenforceable". eliminating gpl from consideration, thus you advocate non-copyleft licenses instead.
with me so far?
but gpl's "unenforceability" could only mean it turns into a non-copyleft license, one which you say one should not use, so if one shouldn't use gpl because in reality it is a non-copyleft license, then you must be against non-copyleft licenses.
just to state it again for clarity: "don't use gpl because copyleft is unenforceable so gpl is just MIT underneath, and I repeat, don't use it" is a recommendation not to use MIT license.
Please link to where I said not to use copyleft licenses. Check the usernames carefully.
Note that I don't agree that GPL and MIT are equivalent, or that GPL becomes a non-copyleft open source license if not enforceable. IANAL but it might revert to the regular copyright law for wherever you publish software, not an open source license.
just be honest, you don't like GPL. The reason you don't like GPL is not because it's not enforceable, but because you don't want to enforce it, or be subject to its strictures. Your argument that you use MIT because GPL is unenforceable makes no sense, as I pointed out.
(also, it is enforceable and has been enforced, but that's a separate topic.)
All advantage accrues to hyperscaler "managed" versions. That's so much more fucked than a rug pull.
Amazon gets to make millions off of the thing you built.
"Equitable source" licenses with MAU / ARR limits, hyperscaler resale limits, and AGPL-like "entire stack must be open" clauses is the way to go. It's a "fuck you" to Amazon, Google, and Microsoft in particular and leaves you untouched.
Open source today is hyperscaler serfdom. Very few orgs are running Redis on bare metal, and a equitable source license can be made to always support the bare metal case.
If you open source something, the rich trillion dollar companies just steal it.
If you're okay with that, that's cool. But they'll profit off of your work and labor. And the worst part is that at scale, the advantages of the sum total of open source is used to compete with you and put price pressure on your salary and career options. To rephrase that, the hyperscalers are in a position to leverage open source to take advantage of market opportunities you cannot, and they can use that to compete with your business or competing businesses that might otherwise pay you better.
Open source needs anti-Google/Amazon/Microsoft clauses.
Yes, it does! The "problem" with AGPL3 is that it has no carve-out for companies smaller than Amazon, Microsoft, or Google. If you use AGPL, you have to open source your entire stack.
Not everyone thinks infectious copyleft / free software is a problem. But it will mean that if you use AGPL3, every part of your stack has to be open. That doesn't work for everyone.
This is why "equitable source" / "fair source" is gaining traction. You can use a license like Apache and add in clauses with MAU/ARR/Hyperscaler limits that allows practically everyone else to use your software.
No, SSPL requires you to open source your entire stack. That's why the OSI and FSF rejected it.
AGPLv3 says, if you modify the software and put it on a network, you have to provide a link for anyone accessing the software to download the modified source. There's numerous drafting and technical problems with this arrangement[0] but the only parts of your stack you have to release are the parts that are actually part of the program covered by AGPLv3.
The "strong copyleft" strategy[1] is to identify a specific freedom-restricting behavior we don't like and prohibit just that. We're not saying "Amazon is not allowed to use this software", we're saying "Anyone who turns this software into a service needs to provide a way to fork the service and get the software back without losing anything". If such a copyleft license happens to scare a company into buying license exceptions, that's a happy accident.
In contrast equitable source doesn't say anything about freedom, it just says "these people need to pay a license fee". That's not FOSS, that's shareware. In FOSS, free-riding is not a bug. The problem with AWS isn't that they aren't paying a license fee, it's that they are building roach motels out of community projects.
[0] I'd link to Hector Martin's incredibly informative Mastodon posts regarding the subject, but he deleted his account after crashing out of LKML. As a substitute for that, I'll summarize my hazy memories:
- The intended compliance mechanism is to make your app a quine; but that only makes sense for webapps written in PHP/Python/etc. Someone actually put AGPLv3 on an Ethernet stack - how do you comply with that?
- It's unclear how license compliance works in a pull request driven Git workflow. If you're running the server locally for testing, and someone accesses it, have you violated the license?
- You can filter out the source offer with an HTTP proxy not covered by AGPLv3. That seems like a very wide loophole which the FSF apparently believes would work.
I imagine they will now require copyright assignment or something like that for external contributors to be able to relicense new code under a commercial license.