Forgejo is changing its license to a Copyleft license. This blog post will try to bring clarity about the impact to you, explain the motivation behind this change and answer some questions you might have.
…
Developers who choose to publish their work under a copyleft license are excluded from participating in software that is published under a permissive license. That is at the opposite of the core values of the Forgejo project and in June 2023 it was decided to also accept copylefted contributions. A year later, in August 2024, the first pull request to take advantage of this opportunity was proposed and merged.
…
Forgejo versions starting from v9.0 are now released under the GPL v3+ and earlier Forgejo versions, including v8.0 and v7.0 patch releases remain under the MIT license.
TLDR; from MIT to GPL.
always a pleasure to see big projects going full copyleft amidst the recent influx of projects sadly going source-available
this is the main reason not to sign a CLA (edit: both the aforementioned projects seem to adopt CLAs, though it seems that they aren’t hostile and are especially pro-copyleft. see this amazing correction by @princessnorah@lemmy.blahaj.zone for context). you should not let a third-party use your copyright to restrict user freedom in the future because they swear “they ❤️ open source” now, and would never use your code to only their own benefit.
Except both of the projects you just linked too have CLAs, which they updated on switching to AGPLv3. Both use them as a way to offer dual-licensing, so they can charge companies for an AGPL-exception by selling them a proprietary-licensed version, which then supports the FOSS-development. They both were also only able to change to AGPL because of already existing CLAs. At least in Element’s case though, they created a two-way commitment in their CLA:
Now, CLAs come in all shapes and sizes: some good and some bad. It’s critical to understand that our reason for requiring one here is to give us the right to sell AGPL exceptions: not to “do a Hashicorp” and switch to a non-FOSS licence in future. We’ve made this clear in the wording of the CLA (using a similar approach to Signal’s CLA) by committing to distributing contributions as FOSS under an OSI-approved licence – many thanks to those who gave feedback on the original announcement to suggest this. You can find the final CLA wording here, derived from the well-respected Apache Software Foundation CLA.
Here’s the specific text from the CLA:
Element shall be entitled to make Your Contribution available under Element’s proprietary software licence, provided that Element shall also make Your Contribution available under the terms of an OSl-approved open-source license.
I personally consider that a fairly reasonable term. Especially because they specified an OSI-approved license. Element are always going to be bound to that now. This is like the copyleft of contributor license agreements.
whoa! thanks a lot! that’s my mistake.
thanks for the awesome info, I should’ve at least check the repo of the individual projects first (only did so with Forgejo).
I totally agree with you, and do think that it is possible to have positive and harmless CLAs. though I do think we should always take a step back and not assume that a project’s CLA will be in favor of our copyright, with the case being more the exception than the norm, unfortunately.
in the end, I will always be happy that a copyright holder wants to be able to reliably make money with copyleft software, but I can never really face a CLA without at least initial hostility anymore. you may say I have prejudice against CLAs lol
Maybe a more appropriate practice is to only engage with a Contributor License Agreement if the repository one contributes to is already available with the GNU AGPL or one is actually in control of some money the person one contracts with will gain due to one’s changes. For example:
- Before I contribute to a project, I should make a copy of as many relevant repositories I’m able to and ensure each one is easy to redistribute, and only make changes to my copies. That way, I can continue distributing the improved software if a person I engage in a CLA with does something I don’t like later, but they are still able to apply any change of mine to a repository that gets more attention (thus helping more people). Also, I might get money (as an employee) for doing this, which would prevent that money from being used against the Free Software Movement.
- If I were a board member, manager, or employee and someone engaged in a CLA with an entity I have influence over, I have a good chance to direct more money to support the Free Software Movement (or block dealing with a person where doing so would be harmful).
If I have already fixed a software issue, made it clear what license should be used with my change, and made it available to the public, I wouldn’t necessarily be against engaging in a CLA (though I might ask to be paid to do so since I wouldn’t normally go out of my way to manually sign things, and I do value my time).
FYI I can navigate to https://blog.hansenpartnership.com/why-microsoft-is-a-good-steward-for-github/ from https://drewdevault.com/2018/10/05/Dont-sign-a-CLA.html (using https://blog.hansenpartnership.com/gpl-as-the-best-licence-governance-and-philosophy/ for an intermediary step), so I’m a little suspicious about the author’s thoughts on these matters. I also didn’t find any useful information about the GNU Affero General Public License from the same author, and I consider the GNU AGPL to be important based on https://ploum.net/2024-07-01-opensource_sustainability.html and https://lemmy.world/post/16602135
Would you not consider signing a CLA (without remuneration) if it binds a project to releasing your code under an OSI license? The only way they could have done better I think is by specifying AGPL instead. I’m not trying to argue that all CLAs are good here, but I don’t think that when they achieve the goals of the free software movement, they should be treated with suspicion or derision.
Honestly, all of the recent light shone on CLAs is a great thing. But there are still valid reasons to maintain a unified copyright for a project. None of these projects would have been able to move to AGPL without having used a CLA for that purpose. It also allows enforcement of that license via things like litigation, because you can have one entity on the docket, instead of a thousand contributors all defending their copyright.
I think the correct course of action isn’t to avoid signing one, but to force projects to commit to the social contract of open source in writing. I think there’s also a discussion that no one has earnestly talked about. A contributor license agreement is a contract between two parties, and under contract laws both parties must materially benefit. “I will get x, and you will get y”. This is known as consideration, and courts will nullify contracts that only benefit one of the parties. The only consideration I think there is to be found in most of the CLAs that have been brought up lately, is basically “your code will be merged into the project and released under it”. They don’t specify the continuation of open source, but it’s heavily implied by the aforementioned social contract. So when someone like RHEL goes and closes their source, they’ve essentially changed that contract to “you will sign over your copyright to us, and we will exploit your labour for profit”. That is not consideration, and it calls into question the validity of every single CLA signed. I genuinely think there’s grounds for every RHEL contributor that signed one to form a class and sue, and I would love to see FSF or EFF organising and supporting that sort of effort.
Back to Element for a second though, as far as I can see, their new CLA is a valid contract, because it gives a right to the contributor, that their code will always be released under an OSI license. So if a successful suit was brought against someone like RHEL, or Hashicorp, we could see other projects scramble to repeat Element here. That would be, in my opinion, a very good thing for the free software movement.
Unless you’re selling the software or licenses to it, I don’t really see a reason not to go copyleft. I mean, think about it. If someone tries to make your thing but better, they have to release the modifications, so you can grab it for yourself and suddenly you’re at the same level. If they piggyback off your work, you can piggyback off theirs, and you have the advantage of being the original. Correct me if I’m wrong.
Does it? proceeds to compile paid software and release a free package for it
Torrenting has existed for a long time, yet people still buy software. There is a lot more to software distribution than traditional product sale.
You want to have frequent fixes, compatibility with modern tools, new features and a trustworthy distribution pipeline. These are all things people and corps are willing to pay for in FOSS software.
You can do that with permissively licensed software too. Except with those, the party distributing their repackaged version doesn’t have to distribute source code alongside it. A lot of companies avoid copyleft software because they don’t want to or cannot deal with stricter licensing terms. If you’re a company creating commercial software which you intend to sell, you don’t want to use any GPL code, because you want to keep your software closed source to avoid exactly what you described from happening.
This can be exploited by primarily licensing your open source code using strong copyleft (like the AGPLv3) while selling commercial licenses to businesses that don’t want to comply with the AGPL and are willing to pay up. Qt is able to successfully use this even with weaker copyleft (LGPLv3) because it’s used a lot in embedded systems (like smart cars) which cannot comply with the LGPLv3’s anti-tivoization clause.
This means copyleft licenses can make it easier to profit if you’re the author of the code, but of course third parties can more easily profit from permissive licenses.
there’s certainly a camp in FOSS that considers “whatever you like including commercial activity” to be the one true valid version of “free software”
like… if someone wants to take an MIT project, add a bunch of extra features to it keeping some available only with payment, and contribute back bug fixes and some minor features etc, i wouldn’t necessarily say that’s harming the project and this is overall a good thing? it gets the original project more attention
like it’s perhaps a little unfair, but if the goal is quality and scope of the original project - or even broader of the goal is simply to have technology AVAILABLE even if it is with a few - then that goal has been met more with an MIT-like license than it would be with a copyleft license
So, for the slow people in the back… (me)
Copyleft = permanently open source? Ie, you can’t take the open source code/project and make it closed source? (or build a new closed project off of it?)
Or am I misunderstanding?
Yep, that’s the gist of it. In order to change the license from the GPL, they’d need the permission of all of the copyright holders who’ve contributed code under the GPL to the project. After a few months have passed, this basically makes it impossible (or at least extremely difficult) since at least one person (and likely many people) will say no.
AGPLv3 is not anti-business or anti-money. It’s saying if you want to use the code in a closed source project you need to pay the copyright holder
The copyright holder is the original author, not a maintainer or someone who forked a project and renamed it.
That’s why the #1 thing mentioned in copyleft licenses is you can’t alter the copyright notice and declare yourself the original author
AGPLv3 is a good license to choose. All the other licenses are naive and do not combat closed source projects and the slave worker that keeps our projects unfunded
This URL might help you (I see it linked from the URL of this post): https://en.wikipedia.org/wiki/Copyleft
If it doesn’t, I suggest looking at https://en.wikipedia.org/wiki/Wikipedia:Be_bold
“Copyleft licenses do not only benefit the developers. They also guarantee freedoms to users of the software. They reduce the risk of exploitive business practices, like creating a modified version of Forgejo with less freedoms to the users, which could ultimately trap users in a vendor lock-in.”
God, you absolutely love to see it. So called “permissive” licenses should be banned because of this.