Forgejo is changing its license to a Copyleft license. This blog post will try to bring clarity about the impact to you, explain the motivation behind this change and answer some questions you might have.
…
Developers who choose to publish their work under a copyleft license are excluded from participating in software that is published under a permissive license. That is at the opposite of the core values of the Forgejo project and in June 2023 it was decided to also accept copylefted contributions. A year later, in August 2024, the first pull request to take advantage of this opportunity was proposed and merged.
…
Forgejo versions starting from v9.0 are now released under the GPL v3+ and earlier Forgejo versions, including v8.0 and v7.0 patch releases remain under the MIT license.
TLDR; from MIT to GPL.
always a pleasure to see big projects going full copyleft amidst the recent influx of projects sadly going source-available
this is the main reason not to sign a CLA (edit: both the aforementioned projects seem to adopt CLAs, though it seems that they aren’t hostile and are especially pro-copyleft. see this amazing correction by @princessnorah@lemmy.blahaj.zone for context). you should not let a third-party use your copyright to restrict user freedom in the future because they swear “they ❤️ open source” now, and would never use your code to only their own benefit.
Except both of the projects you just linked too have CLAs, which they updated on switching to AGPLv3. Both use them as a way to offer dual-licensing, so they can charge companies for an AGPL-exception by selling them a proprietary-licensed version, which then supports the FOSS-development. They both were also only able to change to AGPL because of already existing CLAs. At least in Element’s case though, they created a two-way commitment in their CLA:
Now, CLAs come in all shapes and sizes: some good and some bad. It’s critical to understand that our reason for requiring one here is to give us the right to sell AGPL exceptions: not to “do a Hashicorp” and switch to a non-FOSS licence in future. We’ve made this clear in the wording of the CLA (using a similar approach to Signal’s CLA) by committing to distributing contributions as FOSS under an OSI-approved licence – many thanks to those who gave feedback on the original announcement to suggest this. You can find the final CLA wording here, derived from the well-respected Apache Software Foundation CLA.
Here’s the specific text from the CLA:
Element shall be entitled to make Your Contribution available under Element’s proprietary software licence, provided that Element shall also make Your Contribution available under the terms of an OSl-approved open-source license.
I personally consider that a fairly reasonable term. Especially because they specified an OSI-approved license. Element are always going to be bound to that now. This is like the copyleft of contributor license agreements.
whoa! thanks a lot! that’s my mistake.
thanks for the awesome info, I should’ve at least check the repo of the individual projects first (only did so with Forgejo).
I totally agree with you, and do think that it is possible to have positive and harmless CLAs. though I do think we should always take a step back and not assume that a project’s CLA will be in favor of our copyright, with the case being more the exception than the norm, unfortunately.
in the end, I will always be happy that a copyright holder wants to be able to reliably make money with copyleft software, but I can never really face a CLA without at least initial hostility anymore. you may say I have prejudice against CLAs lol
Yeah honestly these feelings are so bloody valid after the way they’ve been used lately. It’s always good to be sure of these things.
Unless you’re selling the software or licenses to it, I don’t really see a reason not to go copyleft. I mean, think about it. If someone tries to make your thing but better, they have to release the modifications, so you can grab it for yourself and suddenly you’re at the same level. If they piggyback off your work, you can piggyback off theirs, and you have the advantage of being the original. Correct me if I’m wrong.
It makes just as much sense if you’re selling it!
Does it? proceeds to compile paid software and release a free package for it
Torrenting has existed for a long time, yet people still buy software. There is a lot more to software distribution than traditional product sale.
You want to have frequent fixes, compatibility with modern tools, new features and a trustworthy distribution pipeline. These are all things people and corps are willing to pay for in FOSS software.
You can do that with permissively licensed software too. Except with those, the party distributing their repackaged version doesn’t have to distribute source code alongside it. A lot of companies avoid copyleft software because they don’t want to or cannot deal with stricter licensing terms. If you’re a company creating commercial software which you intend to sell, you don’t want to use any GPL code, because you want to keep your software closed source to avoid exactly what you described from happening.
This can be exploited by primarily licensing your open source code using strong copyleft (like the AGPLv3) while selling commercial licenses to businesses that don’t want to comply with the AGPL and are willing to pay up. Qt is able to successfully use this even with weaker copyleft (LGPLv3) because it’s used a lot in embedded systems (like smart cars) which cannot comply with the LGPLv3’s anti-tivoization clause.
This means copyleft licenses can make it easier to profit if you’re the author of the code, but of course third parties can more easily profit from permissive licenses.
there’s certainly a camp in FOSS that considers “whatever you like including commercial activity” to be the one true valid version of “free software”
like… if someone wants to take an MIT project, add a bunch of extra features to it keeping some available only with payment, and contribute back bug fixes and some minor features etc, i wouldn’t necessarily say that’s harming the project and this is overall a good thing? it gets the original project more attention
like it’s perhaps a little unfair, but if the goal is quality and scope of the original project - or even broader of the goal is simply to have technology AVAILABLE even if it is with a few - then that goal has been met more with an MIT-like license than it would be with a copyleft license
So, for the slow people in the back… (me)
Copyleft = permanently open source? Ie, you can’t take the open source code/project and make it closed source? (or build a new closed project off of it?)
Or am I misunderstanding?
Yep, that’s the gist of it. In order to change the license from the GPL, they’d need the permission of all of the copyright holders who’ve contributed code under the GPL to the project. After a few months have passed, this basically makes it impossible (or at least extremely difficult) since at least one person (and likely many people) will say no.
AGPLv3 is not anti-business or anti-money. It’s saying if you want to use the code in a closed source project you need to pay the copyright holder
The copyright holder is the original author, not a maintainer or someone who forked a project and renamed it.
That’s why the #1 thing mentioned in copyleft licenses is you can’t alter the copyright notice and declare yourself the original author
AGPLv3 is a good license to choose. All the other licenses are naive and do not combat closed source projects and the slave worker that keeps our projects unfunded
Copyleft means: “if you modify the program and share it, you also have to include the source code for your modifications.”
The owner of the copyright (usually the developers or their employer) can still change the license later.
“Copyleft licenses do not only benefit the developers. They also guarantee freedoms to users of the software. They reduce the risk of exploitive business practices, like creating a modified version of Forgejo with less freedoms to the users, which could ultimately trap users in a vendor lock-in.”
God, you absolutely love to see it. So called “permissive” licenses should be banned because of this.
I wonder why they didn’t go with AGPL, which is made for server-based software like Forgejo.
From my understanding GPL does nothing to force hosting services to open their code as long as they don’t distribute builds.
As someone who worked at a business that transitioned to AGPL from a more permissive license, this is exactly right. Our software was almost always used in a SaaS setting, and so GPL provided little to no protection.
To take it further, even under the AGPL, businesses can simply zip up their code and send it to the AGPL’ed software owner, so companies are free to be as hostile as possible (and some are) while staying within the legal framework of the license.
simply zip up their code and send it to the AGPL’ed software owner
That seems good enough to me. No?
Sure, it would be nice to have the whole versioning system history, but even having the current version of the code makes it possible to do a code review. And modification too.
Self-Building and deployment might turn out to be harder, but that would just be about which side is having to put the effort of making something comprehensive.
Good enough? I mean it’s allowed. But it’s only good enough if a licensee decides your their goal is to make using the code they changed or added as hard as possible.
Usually, the code was obtained through a VCS like GitHub or Gitlab and could easily be re-contributed with comments and documentation in an easy-to-process manner (like a merge or pull request). I’d argue not completing the loop the same way the code was obtained is hostile. A code equivalent of taking the time (or not) to put their shopping carts in the designated spots.
Imagine the owner (original source code) making the source code available only via zip file, with no code comments or READMEs or developer documentation. When the tables are turned - very few would actually use the product or software.
It’s a spirit vs. letter of the law thing. Unfortunately we don’t exist in a social construct that rewards good faith actors over bad ones at the moment.
Or it could just be laziness.
In case you don’t want to put the effort into making a system into your organisation, to update code in a public-facing versioning system hosted setup, just tell someone to zip whatever you compiled and package it along with the rest of the stuff.
- Packaging the whole .git directory would make it significantly larger
- This method is bankruptcy-safe, as compared to hosting on the internet.
- Ideally, I would like there to be both, a zip (in case I don’t have an internet atm) and a link to the vcs
- Yes, the companies mostly don’t care enough and people doing it won’t think of it as being hostile, just as putting the least effort.
Exactly. They obviously didn’t research licensing enough.
Closed source projects need to pay for licensing. Or they will force you to work for them designing web forms and smartphone apps
Am i wrong?
This is gonna stop corporations from making a closed source ver of forgejo
permissive license
Definition?
TL;DR: A permissive license allows doing almost everything, including turning the code into proprietary products.
It means you don’t have to release the source code of your software if you use the source code of the open source project
Permissive licenses permit a broader range of use compared to “copyleft” licenses.
“copyleft” here just being a cute way of being the opposite of copyright - instead of disallowing others from what they can do with “copyrighted” code, “copyleft” requires that they (upon request) share modifications to your code.
Permissive takes away this requirement to share your modifications. “copyleft” is considered more free and open source (FOSS), permissive is more business friendly.