Oracle Quietly Switches BerkeleyDB To AGPL

WebMink writes "A discussion in the Debian community reveals that last month Oracle quietly disclosed a change for the embedded BerkeleyDB database from the quirky Sleepycat License to the Affero General Public License (AGPL) in future versions. AGPL is only compatible with GPLv3 and treats web deployment as a trigger to license compliance, so developers using BerkeleyDB will need to check their code is still legally licensed. Even if they had made the switch in the interests of advancing software freedom it would be questionable to force so many developers into a new license compatibility crisis. But it seems likely their only motivation is to scare more people into buying proprietary licenses. Oracle are well within their rights, but developers are likely to treat this as a betrayal. As a poster in the Debian thread says, "Oracle move just sent the Berkeley DB to oblivion" because there are some great alternatives, like OpenLDAP's LMDB."

Yawn, another fork

[binarylarry]

BrownDB will now be created to complement MariaDB and the other forks Whoracle has forced with their greed.

Re:

[Lonewolf666]

In this case, I have my doubts. MySQL was pretty popular, BerkeleyDB seems to be a niche product and according to TFA, the most prominent projects relying on it are already moving away.

I guess BerkeleyDB will simply disappear.

Re:Yawn, another fork

[jythie]

Niche is a tricky description since BerkeleyDB tends to lurk in the underbelly of projects. MySQL you can see running, but Berkeley you generally do not know if a project is using it unless you look through the library linkage and cat a bunch of data files.

Re:

[MichaelSmith]

Berkeley DB is often used as a back end for MySQL.

Re:

[S.O.B.]

Berkeley DB is often used as a back end for MySQL.

[Citation needed]

[Citation given]

http://dev.mysql.com/doc/refman/5.0/en/bdb-storage-engine.html [mysql.com]

Although it disappears from the manual after 5.0. The conspiracist in me would think the removal had something to do with an impending license change. Hmmmmm.

Re:Yawn, another fork

[Xtifr]

BerkeleyDB seems to be a niche product and according to TFA

It comes standard with Perl, Python and Java, among many other things. It may appear niche because it rarely gets much mention, but it's pretty much been the standard tool used for persistent associative arrays for a long time. Of course, it's also fairly generic, and eminently replaceable. I agree that this is unlikely to be a huge problem.

Re:

[Dcnjoe60]

BerkeleyDB seems to be a niche product and according to TFA

It comes standard with Perl, Python and Java, among many other things. It may appear niche because it rarely gets much mention, but it's pretty much been the standard tool used for persistent associative arrays for a long time. Of course, it's also fairly generic, and eminently replaceable. I agree that this is unlikely to be a huge problem.

Wait, if BerkelyeDB comes standard with Java, does that mean Java is going to be AGPL instead of LGPL?

Re:

[batkiwi]

Only if they take updates as opposed to forking it.

You cannot remove a license from something you've already released.

Re:

[jbolden]

I agree with you it is niche. It is sort of one step up from SQLLite. There are other options today but it is a good fit for that "I don't want to force a database server but I need some storage..."

Re:Yawn, another fork

[Just Some Guy]

Up? Sideways. They both fit in the same solutionspace of "internal, in-process databases" but serve utterly different use cases. BDB is sweet when you want a key-value store. SQLite is awesome when you want a relational DB with an SQL frontend. Neither is better than the other because you wouldn't really use them for the same problems.

Re:

[jbolden]

That's a good clarification of my answer. You are right there.

In terms of up I was thinking speed. I know there are a lot of complex issues about contention and... but Berkley is under most conditions way way faster.

Re:Yawn, another fork

[rwven]

The problem isn't the AGPL (though it's a pretty horrible license in its own right). The problem is the license change, the reason for the change, and how the change will adversely affect people who currently use the product.

They're very different things.

Re:

[angel'o'sphere]

A license change does not affect the people who currently use the product.

They still have the old license.

it only affects new "customers"/users.

Re:Yawn, another fork

[Goaway]

And, you know, anyone who wants to actually have bugfixes and updates.

Re:

[Richard_at_work]

Are they owed those things?

Re:

[Goaway]

Generally, it is considered ethical to provide people with bugfixes for code you are responsible for.

Re:

[angel'o'sphere]

My point was: everybody seems to believe that changing the current license affects stuff that already *is* licensed.
It does not.
On top of that: they switch from one open source license to another one.
I hardly see a reason to even make a /. article about this.
You use a software someone else has written. You payed nothing for it. Why do you complain? Do you have a god given right(priviledge) which I'm not aware off?

Re:

[rtfa-troll]

And, you know, anyone who wants to actually have bugfixes and updates for BerkleyDB from Oracle .

TFTFY. And you will notice it also became a much smaller problem.

Re:

[Goaway]

I am confused. Did you think I was ever referring to anything other than exactly that?

Re:

[rwven]

It absolutely affects them. If they want to upgrade to the next version, they are forced into a license that may be incompatible with their needs.

Re:

[angel'o'sphere]

You see: "want" and "forced" are at a very distributed end of the spectrum.

Re:

[Dcnjoe60]

You see: "want" and "forced" are at a very distributed end of the spectrum.

Which is probably why the summary says the change will killoff BerkelyDB. To avoid being forced into the new license, people will continue with the old version. Of course, if they want bug fixes and new features, then they have to choose between using the new new license and BerkelyDB or swiching to some other database that doesn't make them make such choices.

Re:Yawn, another fork

[Just Some Guy]

It will only affect people distributing less free software.

...for certain bizarre-ass values of "distributing" that include "running on their own server but allowing external users to interact with it".

Re:

[guruevi]

Yes they do but the fact remains that this is a horrible business model. Someone, somewhere has already built an open or cheaper alternative to whatever software you can think up.

Re:

[RulerOf]

Yes they do but the fact remains that this is a horrible business model. Someone, somewhere has already built an open or cheaper alternative to whatever software you can think up.

There are cheaper, open source alternatives to Windows. Its closed-source nature can't really be a horrible part of Microsoft's business model if it's profitable.

I'd like to see Windows (more specifically, the NT kernel itself) be both free and open source, but that has nothing to do with business.

Re:Yawn, another fork

[fuzzyfuzzyfungus]

Using the AGPL is being "greedy"? Isn't that the very license the FSF recommends for software run over a network? MongoDB is also AGPL and there was none of this drama directed at 10gen over it.

LOL hypocritical freetards.

I'm going to make the optimistic assumption that you aren't merely trolling: AGPL is, indeed, what the FSF recommends for software likely to be used primarily on backend-type stuff(where conventional GPL, even v3, does nothing to stop the formation of an in-house mostly proprietary setup).

Oracle, however, is in the business of selling database software, not of being the FSF. So, when they take an existing database and re-license it in ways that are calculated to force existing users of that database to either leave or stump up for a proprietary license from Oracle, they get called 'greedy'.

This really isn't all that difficult.

Re:

[gl4ss]

it is kinda difficult, since as you say even when oracle goes by FSF's best practice for backend sw license they get flack..

Re:

[fuzzyfuzzyfungus]

Eh, people saying mean things on the internet are a dime a dozen, I doubt Oracle cares very much. And(not that there's anything requiring them to) the fact that Oracle tends to get religion on the GPL only when they either wish to sell commercial licenses for a product, or to push people onto a commercial product, tends to make people rather mistrustful of their altruism.

Re:

[greg1104]

The FSF's best practice for software licenses involves zero license fees, always. There are multiple practices the FSF follows that people accept only because they are the FSF. Copyright assignment is another thing the FSF can do, but when it's adopted by a commercial company it's presumed they are violating the spirit of free software by taking contributor work into a private commercial version. The exact motives and license recommendations of the FSF may change over time, but they are transparent and a

Re:

[jbolden]

I should say though I don't really have any problem with Oracle making Berkley a good AGPL product, MySQL a good GPL product and Oracle a good commercial product. Berkley's big usage was the scripting community and it wouldn't shock me if many of them are comfortable with the AGPL. In some way by ditching the commercial and semi-commercial customer base they allow Berkley to focus on an easy to support niche which doesn't have conflicting interests with Oracle.

Oracle could move Berkley over to other group

Re:

[drinkypoo]

Using the AGPL is being "greedy"? Isn't that the very license the FSF recommends for software run over a network?

Sure. That's not what bdb is. You can use it to build software run over a network, though. If it should be changed to anything, it should be LGPL.

Re:Yawn, another fork

[Phs2501]

The MongoDB core is AGPL. Its drivers are all Apache license, as explained here [mongodb.org], therefore not polluting your web application code and forcing it under the AGPL.

BerkeleyDB, on the other hand, is linked in directly, and would force anything using it to be under the AGPL.

Re:

[gl4ss]

The MongoDB core is AGPL. Its drivers are all Apache license, as explained here [mongodb.org], therefore not polluting your web application code and forcing it under the AGPL.

BerkeleyDB, on the other hand, is linked in directly, and would force anything using it to be under the AGPL.

would anything limit you from making that part separate though? the performance hit wouldn't be that bad.

you could of course just use sqlite or something else..

Re:

[jbolden]

I agree. It isn't being "greedy". This is something the /. crowd should applaud.

Re:

[jbolden]

The latter, what they have actually done, is (ironically) an assault on Free Software, because it will force downstream projects to change licenses or libraries, or to deal with a fork.

It only does that for non Free Software. Free Software doesn't have a problem with AGPL.

How big a deal is this?

[fuzzyfuzzyfungus]

Even as the copyright holder, Oracle can't do jack about existing versions released under other licenses(even if they went full nuclear, and actually terminated all downloads/media purchases under any prior license, there are still third party mirrors. So, Version X-1 is Sleepycat forever.

Is BerkeleyDB a project where Big New Features or Much Needed Upgrades are something that happens frequently, meaning that if you aren't running Version X, you might as well go home? If so, Oracle has actual leverage. If n

Re:

[jythie]

I do not think BDB has changed much in the last two decades.... it is a pretty conservative project.

Re:

[jbolden]

This started with a thread on Debian. There are dozens of projects on Debian that use BerkleyDB. Should they be configured to 5.3 forever? If so what if there are security problems how will Debian even know? If not they go over to 6. Which means dozens of libraries switch over to AGPL....

Re:

[fuzzyfuzzyfungus]

This started with a thread on Debian. There are dozens of projects on Debian that use BerkleyDB. Should they be configured to 5.3 forever? If so what if there are security problems how will Debian even know? If not they go over to 6. Which means dozens of libraries switch over to AGPL....

I suspect that that depends on who actually does the work to keep those packages in Debian. As a distribution(considering their positions on firmware blobs, what you have to do to qualify as 'debian' rather than 'debian-unfree', etc.), Debian doesn't seem like a terribly obviously candidate for being hugely worried about the AGPL.

Given that Debian is also the basis of about a zillion other distros, as well as in-house quasi-distros, though, I suspect that they have a reasonable number of users, probably inc

Re:

[jbolden]

I think Debian will go AGPL without much problem. They are a free software distribution. I think RedHat will likely fork but they will call the project something else. And from I think Debian will allow individual maintainers to decide which to link to.

who cares?

[magic maverick]

AGPL is a perfectly fine license, and I use it myself for certain projects. I'm not sure it's quite appropriate for this case though.

It is intended to attack the software-as-a-service loophole in the GPL, which allows people to take software (e.g. WordPress Multisite) and because it never leaves the server it is running on, it's not being distributed, and so changes are not distributed. And so users cannot take the modified software and run it on their own server.

Like the GPL, the AGPL is a license for end users. It allows them (the end users) to ensure that they always have access to the source code of the software they use.

And frankly, I think that if anyone really cares, they can just fork from the last "good" version.

The only issue that I can just think of (and pointed out in the Debian thread), is that for software that uses the database, they may have to be re-licensed. AGPL is irrelevant though, it would still be the case if BerkeleyDB was re-licensed to GPL or another strong copyleft (OMG virus!) license.

Also, the Infoworld article is simply wrong. If someone uses BerkeleyDB for a webapp, they don't have to make the whole app AGPL, merely GPL3 (which means that if it's an internal only (not distributed) webapp, that nothing changes). Just because it is GPL3, it doesn't mean that it has to be distributed. Though, as pointed out, you can continue to buy a proprietary license if you want.

This is an embeded library database

[Electrawn]

Why is this not LGPL? (Keep the "viral" self contained to the library), or GPL (Application level viral-ability). AGPL? That "infects" everything (Airborne meta-viral!)

Either the developers/lawyers at Oracle don't understand their own product ... or worse that they are nefariously trying to end of life BDB.

Re:

[KiloByte]

"Never attribute to stupidity that which can be adequately explained by malice."

How does copyright cover non-copying?

[Bogtha]

treats web deployment as a trigger to license compliance

How does this work in the USA? If you obtain it from them directly, they are giving you a copy, you aren't copying it yourself - so that's not copyright infringement. Copying software as an essential step in using it does not count as copyright infringement in the USA [copyright.gov] - so installing it on your server doesn't count as copyright infringement. Responding to incoming web queries doesn't copy any of their work - so that's not copyright infringement

Re:

[Todd Knarr]

The thing in question is a Web app. That means that the end user doesn't make or get a copy of the program. It runs on the server, the user accesses it but never actually copies it. Which left the possibility of someone taking a GPL'd program, adding their own extensions and setting it up as a Web application, offering access to it without having to give users the source code to it as they normally would.

The AGPL was the response. The end user may not be copying, but the operator of the Web app would've had

Re:

[devman]

I don't like AGPL for the simple reason that it is a EULA. It is no better than any of the other shrink wrap EULA's of questionable enforcability. Fundamentally it violates freedom zero. GNU should have stuck to distribution licenses instead of wading in to the mess that is EULAs with AGPL.

Re:

[Todd Knarr]

That depends. For a Web app, who is the end user, the author/operator of the Web app or the person using the Web app? And I view the AGPL as addressing the issue of public performance. Web apps don't involve copying in the way conventional software distribution does, but copyright gives me as the copyright holder control over more than just that. As the copyright holder I also have the sole right to publicly perform (or authorize the public performance of) my works. If you want to read my book aloud to an a

Re:

[gl4ss]

it's an use license...

call it an EULA if you wish. since shrink wrap and install EULA's are legal in usa too bad.

It's a Bug

[Somebody Is Using My]

Don't worry, I'm sure that in a few days Oracle will announce that this change was just a bug, just like when they did it with the MariaDB man pages a few weeks back. It's all an innocent mistake made by their software. Oracle is our friend and only has the best of intentions for everything it does.

(The above was intended to be somewhat tongue-in-cheek; I have no real opinion of the change or whether it is good or bad for the end-uses. It just amuses me that Oracle would attempt something like this after ge

AGPL != AGPL3

[wiredlogic]

The AGPL in question is actually AGPL3 (implemented using the GPL3 extension mechanism). AGPL is a derivative of GPL2.

Re:lol

[dgatwood]

AGPL is not good. AGPL is horribly evil. It means that I, as a sysadmin installing a piece of software, cannot make changes necessary to tailor it to my particular site configuration without releasing the source to those changes, even though those changes cannot possibly be of any use to anyone outside my server team except for attackers wishing to discover security bugs, learn the names of database tables, etc. for nefarious purposes.

I don't know about anyone else, but I personally have an absolute zero tolerance policy for Affero. It has no valid place among reasonable open source and free software licenses, as it is the antithesis of software freedom.

Re:

[Anonymous Coward]

Not true, it has good use in webapplications. Think about something like phpbb where they want to release full code for it, but don't want people to modify it even if "only for their server".

Re:lol

[dgatwood]

PHPB is precisely the sort of situation where AGPL is unacceptable, because it infects code that has no legitimate association with the software itself. For example, on a website that I run, I currently use a heavily customized PHPBB setup that hooks into the (non-open-source) login system used for the site that it is integrated into. None of those changes would be even slightly useful to anyone but me.

Further, without the ability to migrate the actual data, being able to replicate the service itself is basically useless, which means that putting something like PHPBB under a horrible license like AGPL would buy you absolutely nothing.

Basically, AGPL is only useful for a very, very narrow range of software designed specifically for use in "software-as-a-service" situations, and even then, it is only acceptable if you don't need to tie it into existing infrastructure. In short, it is basically never acceptable, and its only sensible use is for businesses to be able to say, "Hey, look, we've open sourced our stack," while simultaneously ensuring that no legitimate business would ever even contemplate replicating that stack and competing with them.

Re:

[batkiwi]

Free software advocates would argue that your users are "running" your software, and thus are owed the source code.

If you are running a forum you ARE running software as a service.

Re:

[VortexCortex]

Basically, AGPL is only useful for a very, very narrow range of software designed specifically for use in "software-as-a-service" situations, and even then, it is only acceptable if you don't need to tie it into existing infrastructure. In short, it is basically never acceptable, and its only sensible use is for businesses to be able to say, "Hey, look, we've open sourced our stack," while simultaneously ensuring that no legitimate business would ever even contemplate replicating that stack and competing with them.

I'll give an example of a use of AGPL. I develop game software with a handful of other devs. I'm the only coder. Prior to game release I license all my contributions under the AGPL so that if I quit, I can take my code with me. However, if they want to sell my code as closed source, they'll need to make it to completion and have me dual license under BSD. At that point we can sell a closed source version of the game software. At any time after sales begin, any member of the dev team can then release

Re:

[greg1104]

phpBB is currently under the GPLv2. The person you replied to didn't say they are unwilling to share their source code, just that such work would be unproductive. Do you always rant about straw men like this?

Re:

[dgatwood]

If the license would say that you need to share your modifications, then that is what you agreed to.

PHPBB is licensed under GPL, not under AGPL. The GPL requires you to share your source code modifications with anyone to whom you distribute the software. PHPBB being a server-side app, none of the software is distributed. At all. Therefore, its license says that I am under no obligation to make available local modifications.

But you are a hypocrite if you take a free product, and demanding that the develo

Re:

[jythie]

As an embedded developer, I sympathize with why one would find the AGPL evil... though at the risk of going down a 'they came for the X, but I was not an X' line. Back end developers did not seem to understand why embedded developers were uncomfortable with GPLv3, which was written in such a way as to not anger the more network and infrastructure oriented projects but really put the screws on embedded ones.

Re:

[jythie]

Our product used open source. We gave back a significant amount. Library work, bugfixes, drivers, management was supportive of contributing. But, our final device required a network of trust, people using them (and, more importantly, underwriters and regulators) needed to know that OTHER people were not running modified software and cheating other users.

So when GPLv3 came out, we had to stick to GPLv2, which ment participating less. Then we switched to Windows, which ment we did not participate at all

Re:

[KiloByte]

From FSF's very own "Four Freedoms":
Freedom 0: The freedom to run the program for any purpose.
From the DFSG:
6. No discrimination against fields of endeavor

With this non-free piece of shit license, you can't take parts of the code and reuse them in about anything else than pretty much just a web service. Want a mail server (both exim and postfix use bdb)? An IMAP server? A networked lift control (don't laugh, I've seen a wifi-connected one)? An IRC bot? Sorry.

I'm a strong proponent of the GPL, but AGPL

Re:

[dgatwood]

Well, I know that a lot of folks moved away from Berkeley DB several years ago when Oracle first acquired it (and by "moved away", I mean "ran away") and embraced SQLite. Now might be a good time for the rest of the open source community to do the same.

Alternatively, for situations where SQLite is insufficient, IMO, PostgreSQL is usually a good alternative.

Better yet, adopt a middleware library like PDO so that with a small amount of effort (rewriting CREATE/ALTER TABLE queries, anything involving trigger

Re:

[KZigurs]

You are a confused man and it appears you might have never used ether one of those.

The use cases are completely different. You cannot seriously talk about substituting BerkeleyDB with PostgreSQL (not that it wouldn't work, but it is so far at each extremes of persistence spectrum when it comes to functionality and operational overhead that they might as well be from different planets).

Re:

[dgatwood]

If you depend on the high-availability, replicated functionality available in recent BerkeleyDB systems, then PostgreSQL can potentially be used as an alternative where many lightweight database systems (SQLite, for example) cannot be seriously considered.

I have no idea what the NoSQL space is like these days, so there may be better choices over there. I've never used those parts of BerkeleyDB (those features didn't even exist until years after I last touched BerkeleyDB), so I can't say how they compare p

Re:

[Grishnakh]

He never said that. He suggested SQLite as an alternative to Berkeley DB.

He only suggested PostgreSQL if you have DB needs greater than what SQLite can offer, but that doesn't cover BDB; basically, he's saying that you can cover most of your database needs with one of those two databases: SQLite on the low end, and PostgreSQL on the high end.

Re:

[batkiwi]

Your description and outrage is how MANY people feel about the GPL vs the LGPL.

Re:

[KiloByte]

As long as you use, for example Debian, you already comply with the AGPL license, because Debian distribute the sources already.

Alter a single bit and you need to distribute your modified version. Which for most networking protocols is impossible or impractical.

Re:

[greg1104]

Altering BerkleyDB has nothing to do with this. The existing Sleepycat license [wikipedia.org] has always said that compiling against their libraries and distributing the result requires that you either release your application as open source, or buy a commercial license. You can't assume it acts like a GPL or BSD license, it's really aggressive in its own unique way. This is not Oracle taking a regular open-source product and giving it a restrictive commercial license. BerkleyDB always had such a commercial license cl

Re:

[greg1104]

The use of the BerkeleyDB do not put any restrictions on your software, as long as you do not statically link it.

The Sleepycat license doesn't trigger based on linking; it's triggered by compiling against it. See The Sneaky Sleepycat License [techlawgarden.com] and comments from Oracle's forums [oracle.com]. The existing license was already very "viral" in terms of how aggressively it required either open source distribution or a commercial license.

Re:

[gl4ss]

ironically though it should be more RMS friendly.

it's entirely reasonable. it's just not the kind of open and free you're looking for :)

(in fact, most gpl web sw is quite irrelevant that it is such.. because the end users can't get the code)

Re:

[dgatwood]

Oh, it's relevant. The principle users of web software are the admins. They configure the software, they maintain the installation, they monitor what people are doing to it, etc. The GPL does something useful for those folks; it ensures that someone won't fork these tools, create their own versions of them, and sell them without giving their changes back. So it serves a useful purpose.

The AGPL, by contrast, adds additional restrictions on the site admins, but adds nothing of value for the so-called "use

Re:

[Ly4]

Are you sure the damage is just limited to the configuration changes you made? The attorneys in my organization believed that the language could be extended to anything that runs on the same set of servers, and anything that interacted with the same database.

And it's even worse for libraries (e.g. iText) - there, the thought was that it could require sharing every bit of code used to run the web site. Not surprisingly, we're not using or contributing to anything licensed under the AGPL.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[LordLimecat]

AGPL is horribly evil.

Wow, so I might have reserved that word for something like "genocide" or "the holocaust", but if you want to use it for a license which you happen to have a dislike for, I guess that works.

After all this is slashdot, and perspective is SO passé.

Re:

[dgatwood]

Wow, so I might have reserved that word for something like "genocide" or "the holocaust", but if you want to use it for a license which you happen to have a dislike for, I guess that works.

It's a question of scale. Consider an ant attacking another ant; it's murder from an ant's perspective, but on the human scale, we don't care. Same deal for AGPL vs. the holocaust. In the context of licensing, AGPL is horribly evil. In the context of human civilization as a whole, it's below the noise floor. :-)

Re:

[jbolden]

Configuration files aren't under AGPL. The source code itself is. System admins don't need and generally aren't capable of making C-langauge source changes for using software in normal configs.

Re:

[kthreadd]

Some of the best C programmers I know are system administrators. Going into the source code to something really helps when you're debugging why a specific service doesn't work or program X hammers the NFS share with 4 kB requests.

Re:

[bug1]

AGPL is not good ... cannot make changes necessary to tailor it to my particular site configuration without releasing the source to those changes

I dont know berkleyDB, can you explain the reasonaing behing concluding that "site configuration" changes are part fo the program.

Does it not have seperate config files or something... maybe you could submit a patch ?

Re:

[dgatwood]

Lots of them, actually. Any website is likely to have an authentication system already. Any website wanting to add features using existing open source technology is going to want to tie into that system. This common use case is fundamentally incompatible with Affero, because that authentication system cannot necessarily be made open source, and the AGPL does not provide a linking exception.

Also, before I adopt any piece of software these days, I do a thorough security audit. Mind you, I prefer to give t

Re:

[icebraining]

because that authentication system cannot necessarily be made open source

What? Why not? There are plenty of open source authentication systems. In fact, I'd say it's extremely reckless to use a security system that hasn't been widely vetted, and that requires available source.

Besides, it's not true that it would necessarily require open sourcing the authentication system. If you're using something with a service interface, then only the "bridge" that extends the webapp to talk to it should have to be open sourced.

Mind you, I prefer to give those changes back when possible, because it makes future upgrades easier, but when the changes involve many thousands of lines of code changes (e.g. rewriting every single SQL query in parameterized form), this is often not appreciated as much as one might expect.

Irrelevant. None of the (A)GPL licenses require you to give anythi

Re:

[dgatwood]

because that authentication system cannot necessarily be made open source

What? Why not?

Because I spent a lot of time on that software, and I'm not really interested in giving it away? Look, the only reason I'm modifying the open source software at all is so that users don't have to create two login accounts. That hardly warrants giving away the source code for an existing login system that is an entirely separate piece of software in its own right, merely so that the open source software can use that lo

Re:

[icebraining]

I find it extremely hard to believe that a court would consider a schema to be a "derivate work".

Re:

[aztracker1]

BDB is embedded, which means your code that reads/writes database access in fact does need to be AGPL too.

Re:

[dgatwood]

You never know how useful those changes might be to others.

Yes, I do. Unless someone steals the closed-source authentication system in question, tying into it is not useful in the slightest.

Besides, if you're that bad at coding that knowing your table names yields a vector of attack... you should probably better leave that to others.

If you think that not knowing the table names does not make all vectors of attack more difficult, you should probably leave the advice to people who understand security. :-)

In

Re:

[dgatwood]

Who is talking about a configuration file? Have you ever tied a piece of software into a different authentication system? This isn't a config file change. It's potentially thousands of lines of code changes throughout the software, depending on how the software was written and how many assumptions it makes about the nature of the authentication system. (For example, my current authentication system does not use cookies. Any software that assumes cookie-based authentication tokens requires considerable

Re:

[jbolden]

If you are talking about thousands of lines of code changes to dozens of files ... yes you should be make it public. It becomes an example for the next person looking to use an authentication system.

Alternatively you could write an authentication layer make it BSD and make that public.

Re:lol

[harlows_monkeys]

The FSF has a definition [gnu.org] of the term "free software".

Software under AGPL is not not free software according to that definition. It violates freedom 0.

Yet the FSF approved AGPL! This was an ethical disaster.

A key difference between free software licenses and commercial software EULAs was that the latter was a two way bargain. The copyright owner, who the law gives the exclusive right to make copies (including, for computer software, making temporary copies in RAM to use the software) grants you via the EULA permission to do that, in exchange for you agreeing not to do some things that otherwise would be allowed under copyright law. For example, you might have to agree to not reverse engineer the software, or to sell it when you are done with it.

The free software licenses, on the other hand, only grant you permissions. They do not require you to give up anything.

Until AGPL. AGPL goes beyond just granting you permission to do things that copyright law says require permission. It places restrictions on what you do with the software on your own machine. It is a EULA.

Re:

[Nerdfest]

It's the intentions behind it. Switching to GPL3 means it is much more restrictive in how it can be used in commercial products. As a general guideline, if there's ever a question about Oracle's motivations when it comes to a choice between advancing open source and trying to force more people to their proprietary products, he answer is pretty straight forward.

Re:

[gl4ss]

you can use it for commercial products.. you just can't take the freedoms for yourself while restricting your users from those freedoms.

you could always just go for some bsd licensed db if you'd rather want that.

Re:Wait.. let me get this straight...

[Xtifr]

It already was GPL-compatible, so that part hasn't changed. They've gone from a more liberal license (the old license was compatible with, among other things, the GPL v2) to a less liberal one. That's always going to piss off some people. Just look at the controversy when a project goes from BSD or MIT to GPL.

Re:

[Goaway]

Except with the AGPL, use is not free.

Re:

[Goaway]

And it is not, except by having special case terms in the license to allow it even though it would not usually be allowed.

Re:License drama

[Xtifr]

Has anyone ever been sued over an open source deployment done off license?

Um, yes, it happens all the time. The owners of BusyBox, for example, have not only sued, but won several cases [wikipedia.org], for example. And Oracle sued Google, in part because Google's Dalvik was under a less restrictive license than Java's GPL—and they only lost because Google was able to show that the parts they actually copied (the API) weren't subject to copyright. But that's a clear precedent for worry about what Oracle might do.

Re:

[Xtifr]

They sued because they wanted people to use Java ME instead, but if they'd actually tried to sue over Java ME, the case would never have gotten as far as it did, because Dalvik was based on Apache Harmony, which in turn was an implementation of Java SE. Not ME. There was absolutely no copying from ME, either actual or even alleged.

The patent part of the suit was more strongly related to Java ME, insofar as the patent licenses for SE didn't apply to mobile devices. However, since Google wasn't practicing the

Re:

[ilguido]

Don't worry, it's the usual anti-FSF, anti-GPL FUD by soulskill.

Re:

[Todd Knarr]

It's not that they have to provide source to BDB. It's that the AGPL changes the rules. Before usage as an embedded database in a Web app was considered internal use, not distribution, so BDB's license didn't impact the licensing of the Web app itself and didn't require release of the source code for the Web app. The AGPL means that if you use BDB in a Web app then the Web app itself has to be licensed under AGPL-compatible terms. That's... a huge change. And even though I normally use GPL terms, I don't re

Re:

[devman]

AGPL is bad EULA, and it violates freedom zero. If they had just changed it to GPL I don't think you'd be seeing this backlash.

Re:

[peppepz]

Your eyesight must be going because Oracle didn't build it

Oh, don't be pedantic, they bought the company that built it.

and the impact of a license change effects large numbers of non-commercial existing open-source projects.

If anything, it will impact closed-source adopters of those projects. Open-source projects, by definition, have no problem in distributing their source code.

Re:

[drinkypoo]

No, no it doesn't. Oracle did not initially develop BDB, and is now paying for its maintenance. We call that further development, but it is not all of the development.

Oracle didn't create BDB, which is what we mean when we say "developed", as denoted by the past tense. Oracle is not in a condition of having developed BDB, they are in a condition of maintaining and developing it.

Further, not all development is benevolent, so I'm really not clear on what you hoped to prove to begin with.

Oracle clearly has the

Do they actually have the legal right?

[tlambert]

Oracle clearly has the legal right to do what they are doing, and there is no morality in business, so that is the only right that matters.

Do they actually have the legal right? I contributed patches to BDB 1.0; I don't remember being asked for an assignment of rights so that they could legally change the license. The SleepyCat license only applied to the newer code added by Margo, which, if you wanted to use the newer code, you accepted the license on the aggregate work, and if not, you could excise the new work from the code by using an older version.

It's not clear to me from TFA exactly what the license change means, or if this is merely

Re:

[bonehead]

Actually, "Open with as much Freedom as possible" would be releasing the code into the public domain.

The entire purpose of a license, ANY license, is to place restrictions on what can be done with the code.