Community mailing list archives

community@mail.odoo.com

Re: FW: access to code under AGPL v3

by
Andi Becker
- 01/23/2016 22:53:20
sorry Eric my students are simply to young! ;-)


With kind regards,
Mit freundlichen Grüßen,
Con un cordial saludo,
Cordialement,
с сердечным приветом,
เรื่องที่เกี่ยวกับชนิด,
與親切的問候,

 ANDI BECKER

CEO/General Manager LisAndi Co., Ltd.

--------------------------------------------------

LisAndi Co. Ltd., Phuket, Thailand (lisandi.com)
15/21 M.2 Viset Road, Rawai, Muang, Phuket, Thailand 83130

Mobile: +66 (0)81 606 3378
VoIP:   +49 (0)711 50 88788 50
Fax:     +49 (0)711 50 88788 50
Skype:          lisandi
Facebook:     andibecker
Google Talk/Facetime/eMail:  andi@lisandi.com

--------------------------------------------------

This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email by mistake), please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly prohibited. Email transmission security and error-free status cannot be guaranteed as information could be intercepted, corrupted, destroyed, delayed, incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which may arise as a result of email transmission

On Sun, Jan 24, 2016 at 10:47 AM, Caudal Eric <caudaleric@gmail.com> wrote:

Andy,
Maybe you don't know but Pull request must be made in github, not in mailing list.
I wish you would contribute as many lines of code as your lines of mails...


On Sun, Jan 24, 2016, 11:22 Andreas Becker <andi@lisandi.com> wrote:
On Fri, Jan 22, 2016 at 7:22 AM, Daniel Reis <dreis.pt@hotmail.com> wrote:

Please someone correct me if I'm wrong on this:
- The Copyright is attached to authorship: it belongs to Authors only.
- The OCA did not author a single line of code and has no Copyright on the OCA modules.
- It does have special *(re)licensing rights* on the code granted by the Authors through the CLA.

Thus, IMHO it is incorrect to write the OCA as the copyright holder in the modules.

You are right!
They themselves as institution did not author any line of code in most modules.
Some modules might contain the OCA only as the author, similar to a company.

The point is that Maxime had written the following:

As a hoster, if you are installing AGPL modules from the OCA, you are fine. If you are installing the same module from a contributor, then this contributor can take action for license infringement.
First, he would have to inform the user, which would inform you. At this step, your customer and you can decide to :
  1. switch to install and use the module from the OCA, and your customer and you will be fine; 
  1. remain on his version and then he can sue your customer, who can sue you.
So the recommendations I give is to use OCA modules because the OCA decided to protect the user. If a user uses the contributor version of the module, he doesn't have the long term guarantee that this module and its future versions will remain available under an OSI compatible license. The contributor can decide to close it when migrating to version 9, for example.

The current situation and in the OCA repositories does not help at all to find a clear answer if a module is an OCA module or not.

On the other side if OCA is NOT the copyright owner, they can also not help or ensure that a customer does not get in trouble like explained before. 

"he doesn't have the long term guarantee that this module and its future versions will remain available under an OSI compatible license"

Also the OCA can't ensure that actually IMHO - a module which simply does no more get maintained on OCA would be worthless and also here customers would need to switch to the module the original author provides as a second relicensed version i.e. in another repository. So there is no actual benefit for a customer.

About AGPL + Proprietary, it can be read from the license that only "subprograms that the work is *specifically designed to require*" are covered.
This is the support for the interpretation that AGPL can run alongside Proprietary as long as it's not designed to require it.
If an Odoo module is well constructed, it translated to not having a AGPL module depend on Proprietary ones.

In my (informed but personal) opinion, everything points for that being correct.
But there is not 100% consensus on this, of course. Some wordings of the AGPL don't have direct translation to Python programs.
So, IMO the OCA statement was just to publicly ensure everyone that they share this interpretation.

To be clear there is no such thing as a special OCA AGPL license - all OCA modules must have an unmodified OSI approved license, the AGPL is the one recommended and used by default by contributors.

This is correct Daniel
 
IMHO a much better way to ensure customers that rights get respected and which would give OCA also much more power would be to relicense all OCA modules under AGPL or GPL with "OCA Teams" as the copyright owners and maintainers. In other CMS you will see more and more modules and extensions having this kind of authorship. 

The author is no more a named person or a company - it is a Team - and that team would be under the umbrella of OCA. 
The contributors, which also contains the authors in person, will be listed additional. It would be very clear for customers in those cases who is actual the one making sure that they won't get hopefully not into trouble.

The GNU Licenses give rights for the copyright holders and also give rights to those who contribute but there is not an AGPL plus special agreements or similar.

Our question here was actually how to make it easier for customers, hosters and developers to find out who actually can ensure their "freedoms" to avoid legal problems. Do you have another suggestion?

some examples:
IN OCB there are Modules [module.py] which are 
GPL-2
GPL-2 or any later version
GPL-3
GPL-3 or any later version

the pylint mentions in no_modules.py three licenses: 
'AGPL-3', 'GPL-2', 'GPL-2 or any later version' line 145
'GPL-3', 'GPL-3 or any later version', 'LGPL-3', line 146

the module_prototyper under server-tools has license:
(licenses.GPL3, 'GPL Version 3') in line 65
(licenses.GPL3_L, 'GPL-3 or later version'), in line 66

also this got found:
'license': terp.get('license', 'LGPL-3'),

in account-financial-tools, bank-payment, c2c-rd-addons, l10n-switzerland, OCB/addons/, reporting-engine, server-tools and web (58 cases while taking only __init__.py, __openerp__.py. [modulename].py into account)
you will find - Copyright (c) All rights reserved mentioned 
The copyright holders seem to be in all those cases companies actually only mentioned and in some cases nobody gets mentioned.

IMHO even the pasus "All rights reserved" has no legal value anymore it steers up confusion which does not need to be.

There don't seem to be a standardised format and naming/labeling in OCA too - and also not on ODOO, like you can find it in most other CMS systems. This makes it quite difficult to search for certain terms or output i.e. all licenses of the modules in one line.

Some authors use different labeling for the actual 'license' : and write multiple licenses in multiple lines.

for people to search for it would be actual great to have

This top section could be actually be much smaller as I suggested before if the part below it would be more consistent throughout all modules and clearly specifying contributors, authors etc.

################################################################################
Copyright (c) ENTER THE YEAR WHERE THE COPYRIGHT STARTED 
- Odoo Community Association (OCA)
- ENTER THE NAME(S) OF ALL OTHER COPYRIGHT HOLDERS - ONE IN EACH LINE (best with valid contact email)
# - ... 
# This program is free software: you can redistribute it and/or modify# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.## This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License# along with this program. If not, see <http://www.gnu.org/licenses/>
###############################################################################

# Module Section
'name': Module name
'version': current version
'category': assign a category for that specific module
'website': which would be the website of the module if there is one or perhaps a link to the manual

# Legal Section
'copyright': which lists the current copyright holder at least
'copyright-year': here the year the copyright started and the periode could get listed.
'license': which lists all licenses under which that module has been licensed
'author': lists all authors - or better lists the OCA Team and in the Readme you name the team members.
'author-email': lists at least on contact email to contact those authors
'author-company': lists all their companies if they are working for a company
'author-website': websites of the authors
'contributors': comma separated list of all contributors

# Admin Section
'depends':
'conflicts':
'data':
'views':
etc ...

It is quite important that not each entry is in one line as mentioned by me previously, but instead records get written in a comma separated style in one single line. 

If those part get mentioned as above it would be easy also to create a module which would output that data in a sortable and searchable table in the backend visible for developers, hosters and customers who have access to it.

Also this would make it very easy i.e. to search with grep for all licenses or all authors, or all copyright holders, or to compare them with the authors and contributors or to check if the module still falls under any copyright or that has already been expired due to the fact that a specific end date or period of the copyright got mentioned.

i.e.:

grep -n -r -I "All rights reserved" * >OCA-AllRightsReserved.txt
grep -n -r -I \'AGPL* * >OCA-AGPL.txt
grep -n -r -I \'GPL* * >OCA-GPL.txt
grep -n -r -I \'LGPL* * >OCA-LGPL.txt
grep -n -r -I "Community Association" * >OCA-OCA.txt
grep -n -r -I -v "OCA" * >OCA-COM.txt

grep -n -r -I --include="**/__*__.py" OCA >OCA-py.txt

and you can even use regular Expressions

681 times our students found 'license': 'AGPL-3', in __openerp__.py files
10 times LGPL-3 got mentioned
58 time "all rights reserved got mentioned" by modules of only 4-5 companies
From 1938 lines where "Odoo Community Association (OCA)" got mentioned 1019 times they got mentioned as 'authors' in __openerp__.py
sometimes alone, sometimes together with other authors.

---
Those statistics are not representative, nor are they complete, they only give an idea!
---

Have a nice sunday

Andi

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe

--

Eric  Caudal (from my mobile)

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe