Contributors mailing list archives

contributors@odoo-community.org

[15139] Re: Licensing dependency AGPL/private

by
InitOS GmbH, Frederik Kramer.
- 21/10/2018 12:26:45
Hi Eric, 

sorry for being late on this. Here are my fifty cent on your question:

There has been amble discussions about the term "copyleft" its reach and the notion of "virality" as the principle nature of copyleft licenses (e.g. GPL, AGPL) 
every since the GPL first appeared. This discussion even amplified when the v3 of GPL/AGPL had been introduced. This is the case because GPL/AGPLv3 
were designed to clarify the misinterpretable nature of static vs. dynamic linking and the terms "combined", "modified" and / or "derivative" work [see 2 for
and extensive discussion of changes between v2 and v3 of GPL (also greatly applies to AGPL)]. 

Now probably the most often debated issue is the reach of virality of the AGPL as it purposefully extends the virality to cloud usage aka "propagation" 
(i.e. offering publicly accessible web interface, aka object version of the code)

The author of [3] basically constructs two cases that exemplify when and when not a work is affected by "virality". From reading [3] and the 
presented cases one may argue that Odoo has a well defined "interface" between its LGPLed core and potential modules that "extend" the application 
by using this interface (the famous Odoo API). If you now provide access to the LGPLed core together with the AGPL part (base_user_role) lets say by providing 
the resulting ERP on the publicly accessible server, you would have to grant the same permissions to the user that you obtained yourself 
(meaning LGPL to the core, AGPL to the OCA module) to the user by providing the source code and the license of exactly those two elements.

Conclusion:

Now in your case it is interesting whether the intended "use" of a data artifact created in the database by an AGPled module is 
actually a "modification" or "adaption" in the AGPL sense (and hence requires you to accept the AGPL). 

The AGPL refers to the term modification / adaption by stating the following:

"To 'modify' a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, 
other than the making of an exact copy." [see section 0 in 4]

As you are planning to make an "exact copy" of the base_user_role module, i think you would clearly not "modify or adapt" the 
work but you just use it in a connective (say interfaced) way with the core and use its output. 

This alone would not even require you to accept the AGPL but in section 9 of the license [4] the propagation (aka public web server use) 
requires you to do so (i.e. accept the license). Now that you do have to clearly "accept" the terms and conditions of the AGPL the remaining
question is: 

Do you have to provide AGPL to the whole body of your work including your code or not (because your code would be infected or not).

Again this requires to study the "modification / adaption" terms of the AGPL and these -to my point of view-
don't reach out to your code. Only if you "copied" code, "parts of it" or even the "architectural concept and idea" of the AGPLed base_user_role
module you would clearly adapt and modify and would hence be obliged to offer the source code also of your "proprietary" part of the work.

So the primary "technical" question is, if the Odoo API would be interpreted or interpretable as an Interface according to the legal standards.
I would clearly say "yes". Moreover it needs to be said that wheres some lawyers (especially in anglo-america) believe that interfacing is actually 
modifying, at least "European Law" does clearly neglect this notion (see 5).

So all in all i think you would not breach law by doing what you plan to do.

Hope this helps

Best Frederik

Disclaimer:

I am not a lawyer or anything close to it, but used to address these issues in a scientific manner (see for instance [1]). If you would like to have a (meaning literally "one" ;-)) definitive answer
on the matter, i would highly recommend you to ask somebody more knowledgable on this field of expertise. Though i haven't had to do with him personally up to that point one of the most reknowned
experts in the field (with many publication on the matters) and also a founder of the Institue of Legal Concerns of Free and Open Source Software (ifross, see 6) is Dr. Till Jäger [7]

[1] https://www.sciencedirect.com/science/article/pii/S0164121216300905
[2] https://scholarship.law.berkeley.edu/cgi/viewcontent.cgi?referer=https://www.google.com/&httpsredir=1&article=1740&context=btlj
[3] https://softwareengineering.stackexchange.com/questions/107883/agpl-what-you-can-do-and-what-you-cant
[4] https://www.gnu.org/licenses/agpl-3.0.de.html
[5] https://joinup.ec.europa.eu/news/why-viral-licensing-ghost
[6] http://www.ifross.org/
[7] https://www.jbb.de/anwaelte/dr-till-jaeger 

Am Donnerstag, den 18.10.2018, 15:31 +0000 schrieb Eric Caudal:

> Hi,

> I would like to use the module base_user_role (AGPL).

> For the project at hand, I need to create set up (groups  roles) in other modules that are potentially private license.

> I do not need to copy code or inherit models but only need to make reference to roles xml_id and somehow depend on the base module.

> What is the situation on licensing in this case and propagation of the AGPL in this case?

> 

> I personally understand that this is data and that technically licenses might be compatible but I any wise and expert clarification on the usage would be appreciated

> --

> Eric Caudal [Founder and CEO]

> Skype: elico.corp. Phone: + 86 186 2136 1670 (Cell), + 86 21 6211 8017/27/37 (Office) 

> Elico Shanghai (Hong Kong/Shenzhen/Singapore)

> Odoo Gold Partner // Best Odoo Partner APAC 2014 and 2016 

> _______________________________________________

> Mailing-List: https://odoo-community.org/groups/contributors-15

> Post to: mailto:contributors@odoo-community.org

> Unsubscribe: https://odoo-community.org/groups?unsubscribe

-- 
Dr.-Ing. Frederik Kramer
Geschäftsführer
        
initOS GmbH
An der Eisenbahn 1
21224 Rosengarten
        
Phone:  +49 4105 56156-12
Fax:    +49 4105 56156-10
Mobil:  +49 179 3901819
        
Email: frederik.kramer@initos.com
Web:   www.initos.com
        
Geschäftsführung:
Dr.-Ing. Frederik Kramer & Dipl.-Ing. (FH) Torsten Francke

Sitz der Gesellschaft: Rosengarten – Klecken
Amtsgericht Tostedt, HRB 205226
Steuer-Nr: 15/200/53247
USt-IdNr.: DE815580155