Contributor License Agreement, AGPL

[esi_y]

EDIT (after comments #2 and #3): So as there is no reason to keep this off the record.

This thread originally started due to having had AGPL-compliant submitted content censored on the forum [1]. That topic was well covered there.

I then pointed out to the discrepancy between AGPL licensing out PVE and requesting entirely different license from the developer. I appreciate I was effectively asked to keep this conflated discussion off the forum (original staff reactions below), but there were others in the past inquiring about the contributing license specifically - in fact the same person repeatedly [2ab].

So I went ahead and asked specifically why the contributor license agreement is needed and got an answer [2a]. When I further refined my question, there was no more answers, so I will keep it here in this separate thread with appropriate subject.

[1] https://forum.proxmox.com/threads/moderator-removal-no-valid-subscription-popup-removal.153059/
[2a] https://forum.proxmox.com/threads/czech-translation-for-2-x.11797/#post-696451
[2b] https://forum.proxmox.com/threads/czech-translation-for-4-1.25448/

 

[tom]

This is the community support forum for Proxmox VE.
So if you have any support request, your are very welcome here.

For all other topics: Please email to office@proxmox.com

 

[tom]

Please read my previous answer again.

 

[esi_y]

The issue I see with the official explanation is the same as the original OP came with some years later with the same contribution again [1a]: "with most of open source and FOSS projects it is just sufficient to let users contribute under some open source license".

The official explanation [2], does not address the "need" part of my question [1b]. In layman terms, Proxmox brought in e.g. Corosync, I suppose Red Hat did not sign CLA with Proxmox. Proxmox did not need it.

Due to AGPL, Proxmox already have the right to get back and use from the contributor whatever they modified / derived from Proxmox code. Proxmox does not need a "relationship" or permission if the license is permissive. Even if Proxmox took in completely foreign and independent contribution, if licensed under AGPL [3], it is already covered:

Developers that use our General Public Licenses protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License which gives you legal permission to copy, distribute and/or modify the software.

Proxmox CLA [4] goes beyond these terms, it adds [emphasis mine]:

a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license under the Copyright covering the Contribution, with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute the Contribution

... and continuing ...

[Proxmox] may license the Contribution under any license, including [...] commercial, or proprietary licenses

Is this intentional (e.g. does Proxmox want to have the option to dual license in the future and be able to transfer to another entity)?

I want to point out there's absolutely nothing controversial about wanting to dual license, what I would prefer is to have it communicated well, instead of Proxmox claiming that it [2] "enables [Proxmox] to be better stewards of these projects."

[1a] https://forum.proxmox.com/threads/czech-translation-for-4-1.25448/
[1b] https://forum.proxmox.com/threads/czech-translation-for-2-x.11797/#post-696451
[2] https://pve.proxmox.com/wiki/Developer_Documentation#Software_License_and_Copyright
[3] https://www.gnu.org/licenses/agpl-3.0.en.html
[4] https://www.proxmox.com/en/download...xmox-individual-contributor-license-agreement

 

[BobhWasatch]

The issue I see with the official explanation is the same as the original OP came with some years later with the same contribution again [1a]: "with most of
open source and FOSS projects it is just sufficient to let users contribute under some open source license".

Ah, you are an Internet Developer and an Internet Lawyer. Do you also do tax policy?

This is why people get annoyed with you. You ask a question, you get an answer, but then you don't like the answer so you start arguing that somebody is Doing It Wrong and demand further explanations and it turns into a long thread about How Things Ought To Be according to esi_y. This is precisely what I meant when I said you do "passive-agressive criticism".

Proxmox staff do not need to justify every design decision and every policy and possible future policies to you, a person who is apparently not a subscriber and who has said you don't even use Proxmox products regularly. The fact that they try to provide explanations shows they are decent people, but they don't have to answer to you at all, especially since these threads are way off-topic.

Just FYI, the Free Software Foundation requires copyright assignment for contributions to their projects. Are they Doing It Wrong? Never mind, it is a rhetorical question.

 

[esi_y]

Proxmox staff do not need to justify every design decision and every policy and possible future policies to you, a person who is apparently not a subscriber and who has said you don't even use Proxmox products regularly.

Right and if I release something as a series of patches (under AGPL when I have to, but not subject to an arbitrary CLA) and there will be customers who want to roll them on, will that not increase the income for Proxmox GmbH as well?

The fact that they try to provide explanations shows they are decent people, but they don't have to answer to you at all, especially since these threads are way off-topic.

No one has to answer me anything here, but I should be allowed to ask, as much as anyone else, don't you agree? I never said anything about people being somehow shady. I just asked why the license is so and so when it does not have to be. If it is different, more people might contribute. If it is intentional, it would suffice to say that's the case.

Just FYI, the Free Software Foundation requires copyright assignment for contributions to their projects. Are they Doing It Wrong?

Proxmox actually also DOES NOT require COPYRIGHT ASSIGNMENT (there's reasons for that I won't go into unless asked, for the sake brevity). But it requires LICENSING which very BROAD, literally stopping short of that assignment, much broader than taking something in under GPL.

Do note that FSF is not a for-profit organisation, I am NOT holding any commercial entity to the same standard. But since you bring it up, FSF actually explained what they do and why [1ab] and guarantee that:

1) "copyright for changes and/or enhancements to a specific GNUpackage is what is being transferred, and nothing else"
2) "will always keep the software free" (i.e. it won't go proprietary)

Eben Moglen made a note on that [2] which is then up to you if his stance is your cup of tea. It is certainly not mine, but most importantly it is NOT COMPARABLE, especially due to (2) above which a commercial entity will not want to guarantee.

What is comparable is to look at other projects that e.g. make use of DCO's [3ab] and do not need a License Agreement for achieving similar commercial goals.

[1a] https://www.fsf.org/bulletin/2022/fall/copyright-assignment-with-the-fsf
[1b] https://www.fsf.org/blogs/licensing/FSF-copyright-handling
[2] https://www.gnu.org/licenses/why-assign.en.html
[3a] https://github.com/chef/chef-oss-practices/blob/main/contributors/guide/README.md#signing-the-dco
[3b] https://github.com/chef/chef-oss-practices/blob/main/DCO.md

 

[BobhWasatch]

Right and if I release something as a series of patches (under AGPL when I have to, but not subject to an arbitrary CLA) and there will be customers who want to roll them on, will that not increase the income for Proxmox GmbH as well?

Self-important much?

Proxmox lawyers have surely advised them on their current policy based on their interpretation of the law and what the goals of the company are and possible future directions. You, on the other hand, are an Internet Lawyer offering self-serving free advice.

Proxmox actually also DOES NOT require COPYRIGHT ASSIGNMENT (there's reasons for that I won't go into unless asked, for the sake brevity). But it requires LICENSING which very BROAD, literally stopping short of that assignment, much broader than taking something in under GPL.

What University is your law degree from again?

 

[esi_y]

Proxmox lawyers have surely advised them on their current policy based on their interpretation of the law and what the goals of the company are and possible future directions. You, on the other hand, are an Internet Lawyer offering self-serving free advice.

Meanwhile I wonder how other GNU projects [1] can live without copyright assignment still:

The sign-off is a simple line at the end of the explanation for the patch, which certifies that you wrote it or otherwise have the right to pass it on as a free software patch. The rules are pretty simple: if you can certify the below:

Developer's Certificate of Origin 1.1​

By making a contribution to this project, I certify that:

1. The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
2. The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
3. The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
4. I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.

then you just add a line saying: Signed-off-by: Random J Developer <random@developer.example.org>

EDIT: @BobhWasatch

Proxmox actually also DOES NOT require COPYRIGHT ASSIGNMENT (there's reasons for that I won't go into unless asked, for the sake brevity). But it requires LICENSING which very BROAD, literally stopping short of that assignment, much broader than taking something in under GPL.

This is because they make use of the CLA, not the CAA, from the templates [2].

[1] https://gcc.gnu.org/dco.html
[2] https://www.harmonyagreements.org/use

 

[esi_y]

In the light of further questioning by @BobhWasatch on supposedly "passive-agressive criticism" and my posts being "self-serving", I wanted to add a bit of a rationale behind the kind of question I posed here (that I absolutely understand I might never get a direct response to).

Not wanting to go into trends like open-core and what they lead to, I take an article from years back on "making the GPL more scary" [1] which takes MongoDB as an example of a player that went on to use contributor license agreements with actual copyright assignment. They shifted from AGPL to SSPL [2], which would then become a concern perhaps more to a cloud provider rather than a contributor. After all, it is completely legitimate way of driving up more proprietary license sales. There was a further concern that it meant "changing the license steward from the FSF to MongoDB" [3] or this to be a "campaign by a well-resourced for-profit company to reframe what copyleft is" [4]. Needless to say, the Open Source Initiative never approved the license, even as more companies shifted [5].

There were two takeouts pointed out [1].

One for users:

One could see this change as being just another company trying to go proprietary without actually looking proprietary. But there are a couple of points to take away here. The first of these is that this kind of license change is just one of the types of obnoxiousness that can come with software that is owned by a single company, whether that software is open-source or not. Anybody depending on such software should always be aware that abrupt and unwelcome policy changes are possible.

Another one for contributors:

a developer must first sign MongoDB's contributor agreement, which assigns copyright ownership to MongoDB. Those contributors all gave MongoDB the right to relicense their code in this manner — a permission that some of them may be reconsidering now. Some of the affected contributions may well have come from the very companies that the new license is meant to target. Developers should always be aware of the possibility of this kind of change before handing ownership of their code to another organization.

MongoDB is dual licensed, the non-commercial license still being the SSLP one that had they shifted to from AGPL.

This was the rationale for my question, this was the concern of mine when being asked to take the topic off-forum.

I will end up quoting the original author [1] rather than with my own language that some found a mere criticism.

Making money with free software can be challenging, beyond any doubt, just like most other ways of running a business. But if that challenge is solved by making the software non-free, the business may have gained something, but the community around that software can only lose.

Thank you for keeping the forum open and any constructive discussion. This post, after all, is about Installation as licensing is a very major concern before considering any deployment.

---

[1] https://lwn.net/Articles/768670/
[2] https://www.mongodb.com/legal/licensing/server-side-public-license
[3] http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-October/003621.html
[4] http://lists.opensource.org/pipermail/license-review_lists.opensource.org/2018-October/003632.html
[5] https://opensource.org/blog/the-sspl-is-not-an-open-source-license