On Wednesday, January 30, 2019 8:10:13 PM EST Simon Farnsworth wrote:
I do if I'm using it to provide a service that could be construed
as "making
the functionality of the Program … available to third parties as a
service", under section 13 of the SSPL. As MongoDB's functionality includes
retrieval of documents and document fragments, it's possible to construe
the licence as covering anything that involves retrieval of a document or
document fragment from a server (so all web applications, for example).
Yeah, that's not what section 13 actually says.
If you make the functionality of the Program or a modified version available
to third parties as a service, you must make the Service Source Code available
via network download to everyone at no charge, under the terms of this
License.
While the license certainly doesn't require anything that uses MongoDB as a
backing store to be free software, you should definitely make that free
software under the terms of a license such as the AGPL.
This may not be what's intended, but it's a reasonable
reading of the
licence as written, and it could get expensive to argue in court that
covering all document retrieval was not intended.
Perhaps. The easiest option is to just use only free software.
>
>
>> I do not have sufficient rights to relicence the Linux kernel under the
>> SSPL - it's not GPLv2 compatible - and the Linux kernel is one part of
>> a service I might choose to offer using only Free Software from Fedora's
>> repos, plus an SSPL licensed component.
>
>
> Yeah, none of that matters. See section 1.
I've read section 1 - Linux implements more than just a "Standard
Interface"
as per that section (it goes beyond POSIX or any interface specified by an
Official Standards Body, and is not specified for a particular programming
language). Because of the way section 1 is drafted, "System Libraries" are
excluded from section 13, but *not* "Major Components"; the kernel in this
case is a major component, and is thus only definitively excluded if it
implements a "Standard Interface".
While I disagree, if you're worried about that just don't use grsecurity and
you're fine. Oh, and don't use proprietary kernel modules.
This may be an oversight - they may intend to exclude "Major
Components" as
well as "System Libraries", but it's not what they've written in the
licence text. Only an item "which is not part of that Major Component" or
which "serves only to enable use of the work with that Major Component, or
to implement a Standard Interface" are excluded from the SSPL's reach.
But not according to the text of the SSPL; for MongoDB specifically,
the FAQ
may act as "estoppel", but it's not part of the licence as written; merely
providing document storage or retrieval provides "the functionality of the
Program … to third parties". If I do that as a service - e.g. pulling out
billing records from MongoDB - I'm "mak[ing] the functionality of the
Program or a modified version available to third parties as a service", and
I'm covered by section 13 and have to distribute all but "System
Libraries"
as source under the SSPL. This *includes* "Major Components", as section 1
doesn't actually exclude them.
Yes, I think SSPLv2 is going to be coming around soon to address that.
Again, this may not be what they intended, but it's what the text
of the
licence says, and I would rather not rely on having to claim that what they
wrote is not what they meant in order to succeed in court.
Fair enough.
Given these issues with the drafting of the licence, and the need to
rely on
MongoDB's FAQ to argue that, in the MongoDB case, the FAQ acts as estoppel,
I can see why Fedora legal would consider the licence non-free. You've made
claims for it that aren't backed by the actual text of the licence, for
example.
Sure, but my interpretation of the License is based both on my comprehension
and on the intent set by the FAQ.
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/