Closing AGPL cloud services loop-hole: a MongoDB approach

Ever-increasing availability and the scope of cloud-based services pose various challenges for the open source community. GNU Affero General Public License (AGPL) has been created on the premise undergirding General Public License version 3 (GPL), specifically to address hosted services, where a user interacts with licensed software via the network, but which does not amount to a “distribution” triggering licence reciprocity. Under AGPL Section (13 Remote Network Interaction), if a user runs modified software on a server and allows other users to interact with it remotely through a network, the source code corresponding to the modified version must be made available at no charge. So where is the problem?

Big business defeats freedom

The problem comes with software-as-a-service. Large cloud or hosted services providers have found ways to commercialise popular open source projects without giving anything back, thus limiting software freedom intended by the licensors. The business model primarily focuses on offering managed services, e.g. customisation, integration, service levels and others, to a freely available open source component and charging a fee for this. Open source projects do not usually have the scale to effectively withstand such competition by providing similar offerings. To say the least, this pattern incentivises the writing of the software in closed source code.

AGPL is not enough to capture such a services scenario. Commercial entities rarely modify open source components and, if they do, releasing corresponding source code to such modifications does not affect their proprietary interests or revenue flow.

Contemplating new business models

MongoDB takes charge

Until 16 October 2018, MongoDB’s mongod and mongos database programs were available under AGPL. MongoDB explains:

“MongoDB has become one of the most popular databases in the industry. As a result, we have observed organizations, especially the international cloud vendors, begin to test the boundaries of the AGPL license. […] The community needs a new open source license that builds on the spirit of the AGPL, but makes explicit the conditions for providing the software as a service. We are issuing a new license to eliminate any confusion about the specific conditions of offering a publicly available MongoDB as a service.”

The new licence – Server Side Public License (SSPL),- is based on a GPL and applies to all versions released after 16 October 2018, including patch fixes for prior versions. MongoDB has also sought Open Source Initiative’s (OSI) approval to SSPL. Section 13 (Offering the Program as a Service) is the only provision that is substantially different from the origin licence. It closes the loop-hole by imposing a requirement to release Service Source Code when offering publicly available MongoDB as a service.

Service Source Code is defined to include any management software, user interfaces, application program interfaces, automation software, monitoring software, backup software, storage software and hosting software, all such that a user can run an instance of the service using the source code made available. Notably, the copyleft condition of Section 13 does not apply for other software-as-a-service applications that use MongoDB as a database and not as a service.

Impact is twofold

It will be interesting to see whether OSI grants its approval to SSPL. On its face, the licence seems to conform with the Open Source Definition and principles of software freedom: users are free to use, modify, and distribute the software. The only hiccup could arise from Section 13, should it be interpreted as an additional restriction on the “Freedom 0” principle, which mandates allowing the running of the software freely for any purpose.

The new licence is free to anyone to adopt, but its popularity seems to be facing an obstacle right at the outset. Red Hat announced it would no longer include MongoDB in version 8 of Red Hat Enterprise Linux because of SSPL. Debian project followed suit:

“[T]he SSPL is clearly not in the spirit of the DFSG, yet alone complimentary to the Debian's goals of promoting software or user freedom. In light of this, the Project does not consider that software licensed under the SSPL to be suitable for inclusion in the Debian archive.”

AWS chose to detour from the SSPL by launching its own DocumentDB, a managed document database service, which is compatible with MongoDB.

Cloud era is both promising and challenging for open source. It is difficult to predict whether SSPL will bring evolution and freedom or lead to less usage of the covered code or project forking.

Image credits: Benjamin Lang