Community mailing list archives
Re: access to code under AGPL v3by
Who is this legal institution which will sue OCA? For clarifying their interpretation of a license which has never been tested in court? And if such magical beings existed, as the copyright holder they just explicitly state the exception if indeed such exception was required as allowed by AGPL. In any case, it is the copyright holders choice to enforce their license, not the other way around.
Please go troll elsewhere and stop your ten cent lawyer FUD.
Dear Houssine BakkaliWho are you that you hate people so much?Who are you accusing people which only are looking for answers?Nobody is stressing here!License infringements are a serious factor in business and many customers especially in Europe will be affected if things get even more complicated as they are already. The same by the way than any phoning home stuff inside Odoo would probably violate against i.e. german privacy laws. Think about how many ODOO sites with ODOO 7 and ODOO8 and meanwhile also ODOO 9 are already running only in Germany. There are a lot and for sure they all would be in focus if things not get solved! We need a "secure" Odoo and this means to have an ODOO which is respecting licenses and privacy laws!Fact is:Fabien Pincaers answered the question concerning AGPL modules in a comment on that Thread already:> 1/ If I make an installation for a customer, he (the final customer) could get a mail from anyone requesting the code used in his instance?Yes. Provided that this anyone as, at least, access to the login page.> 2/ Is it correct that the code to be provided access to, would be only the modules used publicly on the website (and not a module that is used internally - only in the backend)?
No, you must provide ALL modules. (as they have to be AGPLv3 too)If you don't like AGPLv3 constraints, you should now that Odoo 9 is under LGPL and does not have such constraints. So, you might prefer Odoo 9.If you are using an AGPL module you have to make your site available publicly as soon as you are using i.e. the website module which gives access to users to the site so that they can interact with them publicly.But don't get it wrong:If you don't like AGPLv3 constraints, you should now that Odoo 9 is under LGPL and does not have such constraints. So, you might prefer Odoo 9.if you are using the LGPL in your module than your code might get integrated into a commercial proprietary module and you won't have anymore access to further developments which might have been done to that module by the one using and modifying/improving it.The only way to get ensure that you also will be able to have your benefits out of improvements made to your modules will be the AGPL License!Read more about why you should NOT use the LGPL here:Most sites most contributors, Agencies and Developers did until now fall actually under the AGPL category as mentioned by Fabien!Now ask yourself? Are you sharing the code? Are you listing all modules involved in your site?I guess the answer will be in most cases "no"Dominique brought up a very important point which simple says that OCA is allowing and I would say even promoting license infringements as a solution!Maxime just verified that statement in his last post by writing that if people use OCA modules them and their customers will be on a safe site. He did not deny the license infringements. I checked the community list and saw several other posts with exactly the same matter. This problem is a real problem as it harms everybody as long as it does not get solved and an allowance for license infringements by any company or organisation is not at all a solution where customers can build and trust on.But WHO ensures that ONLY OCA modules are used in a site and this is a very very critical point as in most sites there is a mixture of many modules from many different contributors. In other words your customer will be not on a safe site.Take Dominique who hosts 1000 of sites as he wrote. well he will get in really serious problems with such positions which Maxime just wrote.Maxime has left out one important case!What is if the legal institution which is taking of that matter of license infringements come to the result that OCA is acting in an illegal way as they promote license infringements? Who will save your customers or the hoster and perhaps finally the developer from being sued by whom however it will be?Only to let you know we are currently investigating that matter i.e. also on some examples which than might affect also your customers as they are located also in EU. License infringement as well as copyright infringements are a serious matter and additionally privacy laws too.To summarize the current state is the following:
- If a customer is deciding to use ODOO in his business than he should first check all the modules used in his Odoo installation to make sure that they are 100% coming from OCA as otherwise he might get in serious legal problems. (Please read the comment from Maxime again and please try to understand the concerns than only trying to flame with accusations. be simply a bit more productive Houssine! please!)Exception: If a court comes to the decision that OCA is acting illegally by tolerating and allowing license infringements than your customer will have again the same problem!
- If people are using the Enterprise Edition they also are on a safe site but they can't easily switch back to community Version if they later realise that this way is getting much to costy for them. Also here I recommend to all customers to read the comments and search here on the mailinglists!The FSF has already been informed and perhaps affected customers might also intend to inform the "Datenschutzbeauftragte" so they can check the ODOO privacy matters they brought up too. Unfortunately it seems not to be possible to solve such serious legal and privacy problems, without their involvement. Especially not if people like you Houssine are trying to block any initiative to solve that matter without their involvement!Odoo has several serious license and privacy problems as discussed here on the list in the past years, which could be addressed easily and could be solved quite easily with a bit more cooperation.
- License issues AGPL module build into an LGPL site will make the site to have to follow the AGPL rules - no matter if OCA or not OCA!
- read the CLA of the OCA than also Developers should actually be warned to contribute to OCA as long as things don't get changed immediately their too. Yesterday the CLA issue was brought up byBetter tell your customers to involve first their lawyers before using ODOO seems to be the summarised advice!after what Maxime just answered to Dominiques Questions. With every answer we get from OCA actually I got the feeling more and more open points get discovered, which will cause even more questions!The Odoo CLA allows Odoo s.a. to relicense from AGPL to LGPL without getting explicit approval from all people who once contributed to the core, provided all these contributors do sign the CLA (otherwise they will have to remove the contributions first).or to say in ODOO words: They have to rewrite it!This is only one example out of many!https://odoo-community.org/groups/contributors-15/contributors-30908?mode=thread&date_begin=&date_end=The association is a membership-based organization incorporated under the laws of association, Switzerland.Switzerland is an island inside and surrounded by EU countries with quite different laws!read more about OCA here https://odoo-community.org/page/faqIndeed this here is in question - a big question as Jairo Llopis pointed out alreadyYou grant to Us a perpetual, worldwide, non-exclusive, transferable, royalty-free, irrevocable license under the Copyright covering the Contribution, with the right to sublicense such rights through multiple tiers of sublicensees, to reproduce, modify, display, perform and distribute the Contribution as part of the MaterialJairo answered that point as followed and he is absolutely correct:"That means that you can wake up one day and realise that module you contributed last week under AGPL is today LGPL, BSD or Apache. Not fun either."This is absolutely no fun if you are either working in Germany or having customers from Germany or any other EU countries or even US where more and more "Abmahn Anwaelte" are only looking for such cases. This can ruin your customer, it can ruin your company and if you are a developer it can ruin even you! only because things have not been proofed before decisions have been made and illegal ways get walked!Things decided here are actually doing much more harm to the community than they would help her.as you can read here it is necessary to have ALL agreements from all contributors to change licenses:The OCA made a great decision actually:Regarding the OCA addons, the OCA Board’s decision is to keep the AGPL for existing addonsIn other words this means ANY site where one of the OCA modules get included its modules code has to be made publicly available as soon as it interacts with users over the internet i.e. by using the website module! As Fabien Pincaers stated correctly it means ALL modules and not only one single AGPL module!The following is actually what every developer really will like!
- First, the OCA Board asked a lawyer specialized in Intellectual Property and FLOSS for advice about a license change. His answer confirmed that we would need the agreement of all contributors of a module to change its licensing. Since we don’t have a CLA signed for all past contributors, we would need to contact each of them one by one, a tedious task, and if any refused to change the license, then we would have faced the choice to either leave the addon unchanged or to remove it from the OCA.
Second, all the contributions made to the OCA were made under that AGPL license, and the board felt that the best interest of its members was to stay with the AGPL, in line with the GNU project’s recommendations. Both the AGPL and the LGPL licenses are Copyleft license, which is a strong FLOSS statement. The additional benefit of the AGPL is to protect users of OCA addons from being locked-in by service providers. The license guarantees that they will be able to ask any service provider for the whole source code of their instance, and that they will stay free to change providers. This freedom of choice is an important part of a FLOSS ecosystem.