Community mailing list archives

Re: access to code under AGPL v3

Andi Becker
- 01/16/2016 23:48:45

On Sun, Jan 17, 2016 at 10:10 AM, Andreas Becker <> wrote:
Dear Houssine Bakkali

Who are you that you hate people so much?
Who are you accusing people which only are looking for answers?
Nobody is stressing here!

License infringements are a serious factor in business and many customers especially in Europe will be affected if things get even more complicated as they are already. The same by the way than any phoning home stuff inside Odoo would probably violate against i.e. german privacy laws. Think about how many ODOO sites with ODOO 7 and ODOO8 and meanwhile also ODOO 9 are already running only in Germany. There are a lot and for sure they all would be in focus if things not get solved! We need a "secure" Odoo and this means to have an ODOO which is respecting licenses and privacy laws!

Fact is:

Fabien Pincaers answered the question concerning AGPL modules in a comment on that Thread already:

> 1/ If I make an installation for a customer, he (the final customer) could get a mail from anyone requesting the code used in his instance?
Yes. Provided that this anyone as, at least, access to the login page.
> 2/ Is it correct that the code to be provided access to, would be only the modules used publicly on the website (and not a module that is used internally - only in the backend)?
No, you must provide ALL modules. (as they have to be AGPLv3 too)
If you don't like AGPLv3 constraints, you should now that Odoo 9 is under LGPL and does not have such constraints. So, you might prefer Odoo 9.
If you are using an AGPL module you have to make your site available publicly as soon as you are using i.e. the website module which gives access to users to the site so that they can interact with them publicly.

But don't get it wrong:

If you don't like AGPLv3 constraints, you should now that Odoo 9 is under LGPL and does not have such constraints. So, you might prefer Odoo 9. 

if you are using the LGPL in your module than your code might get integrated into a commercial proprietary module and you won't have anymore access to further developments which might have been done to that module by the one using and modifying/improving it. 

The only way to get ensure that you also will be able to have your benefits out of improvements made to your modules will be the AGPL License!

Read more about why you should NOT use the LGPL here:

Most sites most contributors, Agencies and Developers did until now fall actually under the AGPL category as mentioned by Fabien!

Now ask yourself? Are you sharing the code? Are you listing all modules involved in your site?
I guess the answer will be in most cases "no"

Dominique brought up a very important point which simple says that OCA is allowing and I would say even promoting license infringements as a solution!

Maxime just verified that statement in his last post by writing that if people use OCA modules them and their customers will be on a safe site. He did not deny the license infringements. I checked the community list and saw several other posts with exactly the same matter. This problem is a real problem as it harms everybody as long as it does not get solved and an allowance for license infringements by any company or organisation is not at all a solution where customers can build and trust on.
But WHO ensures that ONLY OCA modules are used in a site and this is a very very critical point as in most sites there is a mixture of many modules from many different contributors. In other words your customer will be not on a safe site.

Take Dominique who hosts 1000 of sites as he wrote. well he will get in really serious problems with such positions which Maxime just wrote.

Maxime has left out one important case!

What is if the legal institution which is taking of that matter of license infringements come to the result that OCA is acting in an illegal way as they promote license infringements? Who will save your customers or the hoster and perhaps finally the developer from being sued by whom however it will be?
Only to let you know we are currently investigating that matter i.e. also on some examples which than might affect also your customers as they are located also in EU. License infringement as well as copyright infringements are a serious matter and additionally privacy laws too.

To summarize the current state is the following:
  1. If a customer is deciding to use ODOO in his business than he should first check all the modules used in his Odoo installation to make sure that they are 100% coming from OCA as otherwise he might get in serious legal problems. (Please read the comment from Maxime again and please try to understand the concerns than only trying to flame with accusations. be simply a bit more productive Houssine! please!)
Exception: If a court comes to the decision that OCA is acting illegally by tolerating and allowing license infringements than your customer will have again the same problem!
  1. If people are using the Enterprise Edition they also are on a safe site but they can't easily switch back to community Version if they later realise that this way is getting much to costy for them. Also here I recommend to all customers to read the comments and search here on the mailinglists!
The FSF has already been informed and perhaps affected customers might also intend to inform the "Datenschutzbeauftragte" so they can check the ODOO privacy matters they brought up too. Unfortunately it seems not to be possible to solve such serious legal and privacy problems, without their involvement. Especially not if people like you Houssine are trying to block any initiative to solve that matter without their involvement! 

Odoo has several serious license and privacy problems as discussed here on the list in the past years, which could be addressed easily and could be solved quite easily with a bit more cooperation.
  1. License issues AGPL module build into an LGPL site will make the site to have to follow the AGPL rules - no matter if OCA or not OCA!
  2. read the CLA of the OCA than also Developers should actually be warned to contribute to OCA as long as things don't get changed immediately their too. Yesterday the CLA issue was brought up by 
Better tell your customers to involve first their lawyers before using ODOO seems to be the summarised advice!
after what Maxime just answered to Dominiques Questions. With every answer we get from OCA actually I got the feeling more and more open points get discovered, which will cause even more questions!

The Odoo CLA allows Odoo s.a. to relicense from AGPL to LGPL without getting explicit approval from all people who once contributed to the core, provided all these contributors do sign the CLA (otherwise they will have to remove the contributions first). 

or to say in ODOO words: They have to rewrite it! 

This is only one example out of many!

The association is a membership-based organization incorporated under the laws of association, Switzerland.

Switzerland is an island inside and surrounded by EU countries with quite different laws!
read more about OCA here

Indeed this here is in question - a big question as Jairo Llopis pointed out already

You grant to Us a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license under the Copyright covering the Contribution, with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute the Contribution as part of the Material
Jairo answered that point as followed and he is absolutely correct:

"That means that you can wake up one day and realise that module you contributed last week under AGPL is today LGPL, BSD or Apache. Not fun either."
This is absolutely no fun if you are either working in Germany or having customers from Germany or any other EU countries or even US where more and more "Abmahn Anwaelte"  are only looking for such cases. This can ruin your customer, it can ruin your company and if you are a developer it can ruin even you! only because things have not been proofed before decisions have been made and illegal ways get walked!

Things decided here are actually doing much more harm to the community than they would help her.

as you can read here it is necessary to have ALL agreements from all contributors to change licenses:

The OCA made a great decision actually:
Regarding the OCA addons, the OCA Board’s decision is to keep the AGPL for existing addons

In other words this means ANY site where one of the OCA modules get included its modules code has to be made publicly available as soon as it interacts with users over the internet i.e. by using the website module! As Fabien Pincaers stated correctly it means ALL modules and not only one single AGPL module!

The following is actually what every developer really will like!

  • First, the OCA Board asked a lawyer specialized in Intellectual Property and FLOSS for advice about a license change. His answer confirmed that we would need the agreement of all contributors of a module to change its licensing. Since we don’t have a CLA signed for all past contributors, we would need to contact each of them one by one, a tedious task, and if any refused to change the license, then we would have faced the choice to either leave the addon unchanged or to remove it from the OCA.
    Second, all the contributions made to the OCA were made under that AGPL license, and the board felt that the best interest of its members was to stay with the AGPL, in line with the GNU project’s recommendations. Both the AGPL and the LGPL licenses are Copyleft license, which is a strong FLOSS statement. The additional benefit of the AGPL is to protect users of OCA addons from being locked-in by service providers. The license guarantees that they will be able to ask any service provider for the whole source code of their instance, and that they will stay free to change providers. This freedom of choice is an important part of a FLOSS ecosystem.

Yes this is the best way to keep ODOO available as a feature rich community version which does not get locked and which does not get "outsourced into proprietary ODOO S.A. modules.

BUT unfortunately the CLA which has been set up by the OCA makes exactly those two moints to nothing else than makulatur. "Not worth the ink (time) on the paper those two points have been written (published) on".

The reason which stands behind this gets mentioned in the last paragraph:

The Board therefore encourages all Odoo users to purchase an Odoo Enterprise contract for their instance to support the R&D effort of Odoo s.a. which benefits everyone in the community.

As it looks like the OCA itself has no interest actually to keep the Community Edition as a feature rich edition and is supporting 100% the ODOO effort to get more customers for them which will buy their ODOO Enterprise Edition, which holds proprietary code nobody again will have access too beside ODOO S.A. themselves!

Summarise it:

If you contribute to OCA you are actually contributing to ODOO S.A. and you are promoting and building up the more and more proprietary Enterprise Edition.


To contribute you need to sign the CLA. This CLA will give OCA the right to sublicense your module to ODOO which than will be able to even change it's License to LGPL so they will be able to integrate your "originally" AGPL module into their Proprietary software suite called "Enterprise Edition" which gets 100% promoted by OCA as stated in that paragraph just mentioned where OCA encourages users to buy the proprietary Software Solution called Enterprise Edition instead of helping to get customers supporting the Community Edition and getting i.e. Enterprise features rewritten for Community purposes! The last would be the Community supporting way!

In other words OCA is nothing else than the sales office for the Enterprise Edition of ODOO S.A. and their members might benefit from it in what way however! With supporting community and keeping ODOO AGPL and Open Source this has absolutely nothing to do anymore!


I will stop here now as it does not make sense to get any further and to find a good solution. From my experience as a mediator I would recommend to sit together again, even open up a complete new section about licensing and discussing that matter entirely with the involvement of lawyers until a solution will be available for all sites.

All sites means 

OCA - ODOO S.A. - Developers - Hosters - and of course the most important part the customers!


Odoo is a great system which has serious legal problems for all of them and those need to be solved! 
Solved means not - to agree to illegal or license infringments or copyright infringements etc.
instead solving this problems means to simply follow the GNU GPL Licenses 100%!

People like Dominique, like us like many others who have already posted and commented about that matter here on the mailinglist are aware of this immense problem, especially also because they are concerned about their customers and legal problems they could get into if this matter does not get solved sufficiently. I am sure not only we need a solution which helps to keep our businesses running in a legal way! 
Please help to find that legal way!


only a final comment concerning people who intend to block to find that solution:

if again people try to block this effort than their will be no other way as to find another - but than public - forum to discuss that matter.
IMHO it would be best if we could solve and keep that matter inside the family! Searchengines already index all posts of this mailinglists and the more often this matter will come up - and it will come up over and over again as long as it isn't solved - the more it might harm also exactly that family and all of its members. Therefore it would be great to solve it urgently!

Have a nice sunday

And Thumbs up for the OCA to find a solution which will fit all!