Comment by KronisLV
4 years ago
Sometimes it's pretty cut and dry, just people using open source without attribution and hoping that nobody will find out. But why?
MinIO is licensed under AGPL (the current versions, at least): https://github.com/minio/minio/blob/master/LICENSE
It effectively mandates that the modified version needs to be made available: https://en.wikipedia.org/wiki/GNU_Affero_General_Public_Lice...
The GNU Affero General Public License is a modified version of the ordinary GNU GPL version 3. It has one added requirement: if you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there.
So the logical first question is: why pick software that is using AGPL? Did the engineers/managers just not care? Did they miss it? I know for a fact that there are many out there who couldn't care less about licenses and compliance. Maybe companies haven't been strong armed into caring about licensing as much as they have been in regards to GDPR, for example?
Secondly, why should the modified version remain a "secret"? Would competition suddenly spring up? Or maybe the project contains tight coupling to the rest of the platform, which could be considered a security risk?
Why isn't open sourcing a modified version something that would take a few hours anyways, since then none of this would be an issue?
(disclaimer: I discuss SSPL below because I find it interesting; apologies for the tangent)
Honestly, the state of software licensing sometimes puzzles me. For example, MongoDB switched over to SSPL altogether: https://www.mongodb.com/community/licensing
If you make the functionality of the Program or a modified version available to third parties as a service, you must make the Service Source Code available via network download to everyone at no charge, under the terms of this License. ...
Seems like that applies to even patches: https://github.com/mongodb/mongo
MongoDB is free and the source is available. Versions released prior to October 16, 2018 are published under the AGPL. All versions released after October 16, 2018, including patch fixes for prior versions, are published under the Server Side Public License (SSPL) v1. See individual files for details.
DigitalOcean, for example, proudly advertises managed MongoDB as a service: https://www.digitalocean.com/products/managed-databases-mong...
And yet, to the best of my understanding, the entirety of the DigitalOcean platform isn't open source (even though many projects are): https://github.com/orgs/digitalocean/repositories
Or even anything that might have something to do with MongoDB in particular: https://github.com/orgs/digitalocean/repositories?q=mongo&ty...
It just feels like one of those "rules for thee, not for me" situations, since it wouldn't be feasible for small companies to compete with them. Edit: someone mentioned them probably running the enterprise version which is probably the explanation for this!
That said, the thought experiment of building a company (including all systems) as 100% open source is really interesting, whether such a thing would be feasible if people stopped caring about "guarding" their IP and whatnot.
> DigitalOcean, for example, proudly advertises managed MongoDB as a service: https://www.digitalocean.com/products/managed-databases-mong...
> And yet, to the best of my understanding, the entirety of the DigitalOcean platform isn't open source (even though many projects are): https://github.com/orgs/digitalocean/repositories
I don't think it's required to open source everything, only the bits that provide the MongoDB service. I don't know if they've done that.
Also, the SSPL seems to be a little controversial [1] as it appears to want to relicence all software it's running near under itself.
[1] https://en.wikipedia.org/wiki/Server_Side_Public_License
> I don't think it's required to open source everything, only the bits that provide the MongoDB service. I don't know if they've done that.
Yes, that's my exact point - these things are sometimes full of finer points. I don't doubt that DigitalOcean have talked with MongoDB and have probably figured out some sort of a deal, or another way to offer it as a service (someone mentioned them using the enterprise version, where the terms are probably different).
Though offering MongoDB as a service for a small no-name company all of the sudden seems impossible, unless they actually want to open soruce lots of their own code.
> Also, the SSPL seems to be a little controversial [1] as it appears to want to relicence all software it's running near under itself.
Of course, there was backlash to it even existing, much like larger companies didn't really like AGPL being a thing either.
Then again, I guess one could argue that MongoDB definitely can create such a license, as a reaction against cloud platforms utilizing their solution: https://www.mongodb.com/blog/post/mongodb-now-released-under...
I don't really have a horse in that race, though in theory such a license would be good for the open source community, whilst its effects on larger cloud vendors are also pretty much clear. Of course, there is a lot of controversy around it and it's not considered "open source" at all by many.
It's a tricky problem one can only have when one chooses to give one's work away with zero strings attached :)
2 replies →
No idea about the relationship between MongoDB and DigitalOcean, but note that you've linked to the "community" edition; their site also shows an "enterprise" edition, which is more likely for a large entity like DigitalOcean to be using.
That's a great point, thanks for bringing it up! I've updated my original post with this detail as a possible explanation, since it's the one that makes the most sense.
I guess that MinIO or any other company could also do something similar, have dual licenses, where interested parties can pay for commercial usage and whatnot.
Why is it more likely?
nutanix uses the apache licensed version probably, which changed in 2021. so it's even more buzzling since they would've just needed a NOTICES file.