Comment by evanelias
2 days ago
In the "paid SaaS" situation, the SaaS version almost always has proprietary changes and enhancements, which are infeasible to open-source without ruining the business. With the code fully available, since anyone else can then launch an identical business on the same codebase, there's little chance for the project creator's own business to succeed, as it can't stand out on feature-set.
With a CLA on third-party contributions, the project creator can still operate an enhanced SaaS without that massive problem. And revenue from the business can then support sustainable development of the project as a whole.
fwiw, I have recently seen at least two "Show HN" posts where the author was running an enhanced paid SaaS on their AGPL project, which accepted many contributions without a CLA, but did not offer the enhanced SaaS codebase to users. That's a clear copyright violation and any of those contributors can sue the project creator if they wish; this is what I meant by "cannot legally host their own SaaS" although in retrospect I should have clarified the scenario.
> With the code fully available, since anyone else can then launch an identical business on the same codebase, there's little chance for the project creator's own business to succeed, as it can't stand out on feature-set.
This is not at all clear on the face of it. For example, RedHat has succeeded as a company for a very long time (ultimately getting themselves bought out by IBM for a very good price) by just selling support for Linux and other open source packages, even though anyone could just run CentOS and get the exact same code for most of this duration.
The point of the GPL and AGPL is to not allow any company to have a monopoly on code that users run - including the company that built that code in the first place. Subverting it with a CLA and first party proprietary extensions is a direct strike at its core purpose. I doubt you'll find many people willing to sign a CLA whose explicit goal is to prevent the main purpose of the AGPL.
RedHat killed off CentOS in its previous form. RedHat also now has a written policy of terminating customers who exercise their GPL rights of republishing RHEL source code. That seems like subverting the GPL far worse than a CLA. If that's the best example here, then that already speaks volumes.
Perhaps you can list some other examples of successful businesses who offer their core product under AGPL without a CLA?
As far as I've ever seen, when AGPL software is built by a business, a CLA is used.
To quote Heather Meeker: "In privately funded business, AGPL is almost always used as part of a dual licensing strategy [...] Vendors almost always use a contribution license (CLA) for contributions from the community." https://heathermeeker.com/2023/10/13/agpl-in-the-light-of-da...