Clarifying armoryd software license

[btchris]

Armory is released under the Affero GPL v3 software license.

According to the GPL FAQ:

Where's the line between two separate programs, and one program with two parts? This is a legal question, which ultimately judges will decide. We believe that a proper criterion depends both on the mechanism of communication (exec, pipes, rpc, function calls within a shared address space, etc.) and the semantics of the communication (what kinds of information are interchanged).

If the modules are included in the same executable file, they are definitely combined in one program. If modules are designed to run linked together in a shared address space, that almost surely means combining them into one program.

By contrast, pipes, sockets and command-line arguments are communication mechanisms normally used between two separate programs. So when they are used for communication, the modules normally are separate programs. But if the semantics of the communication are intimate enough, exchanging complex internal data structures, that too could be a basis to consider the two parts as combined into a larger program.

(emphasis mine)

IOW, it seems likely that software which uses armoryd's RPC interface is probably a separate program which can have a different license or even be closed source, but short of some new court decision, it's not entirely clear. If such software isn't considered a separate program, then it must also be licensed under Affero GPL v3. Furthermore, if such software is accessed over the Internet (e.g. an armoryd-based block explorer, storefront, etc.), then the entire source code must be made available for download (as per the Affero GPL).

So, I'd like to make a small request: could this be clarified one way or the other, perhaps right in the armoryd.py file itself?

[1714670851]

1714670851

[StinkiePhish]

btchris,

I am Armory Technologies, Inc.'s COO and General Counsel, and although I am not an IP attorney, I can hopefully provide a brief response to the problem that you have highlighted regarding a great deal of open sourced software and what Armory's intent has always been regarding its license. We hesitate to make any modification to the AGPL 3, since we are relying on the critical mass of acceptance of AGPL 3 that give it its legal credibility.

ATI believes that the use of Armory or Armoryd, licensed under the AGPL 3, as a backend application that interacts with any information from the Internet, causes all software in between Armoryd and the Internet to also be AGPL 3 licensed. Therefore, the source code is required to be publicly available.

We encourage developers who desire to customize or use Armory/Armoryd in other processes to contact us regarding custom licensing terms. If you seek to run an exchange or webshop with Armoryd as the backend and you do not want your exchange or webshop code to be publicly available under AGPL 3, then a custom license is necessary.

[btchris]

I was personally less interested in a legal interpretation, and more interested in ATI's intent when choosing the license they've chosen (so that I and others can respect that intent). You've made the intent perfectly clear.

Thank you for taking the time to respond, it's much appreciated.

[Carlton Banks]

Is it not the whole point of Bitcoin to begin with that trying to control abstract concepts is rather pointless? The statement above from ATI general counsel implies there exists a legal threat to those that do not respect this so-called "license".

My attitude to intellectual property respects the laws of nature. If you release a piece of information publicly, you cannot reasonably expect to maintain "control" over that information by definition. On a purely logical basis, the GPL and it's variants are a contradiction in terms. Stallman essentially wrote down a logical appraisal of the fundamentals of information, and somehow expected that the act of putting pen to paper made it so. Everything it contained was all true before, during and after the creation of the GPL.

Anyone not accept this?

Ok then, I hereby state that anyone who replies to this thread or any other on bitcointalk.org about IP is agreeing to a contract that agrees with whatever I say about it. You're saying you don't agree? Well, you are, of course, free to choose to not enter into my contract by not expressing views on IP that constitute reneging this incredibly valid contract. Happy now?

[btchris]

First off: pretend that "IANAL" is added to every single opinion you see below. With that said....

Is the AGPL enforceable? I've absolutely no idea. It's probably the most copylefty license out there, though.

Is ATI's application of the AGPL to armoryd's JSON-RPC interface enforceable? Again, no real idea, although it seems like a stretch to me.

Is ATI's desire clear? Yes, unless a principal at ATI steps forward with a different statement, I'd say it's pretty clear. They don't want anyone using armoryd with an Internet-facing service unless you open-source that service, or seek an alternate license from ATI.

Will I ever use armoryd for such a project? Almost certainly not; I find the terms of such use far too burdensome. (not that this is a threatening a statement... I have no particular uses in mind as I write this)

Is it not the whole point of Bitcoin to begin with that trying to control abstract concepts is rather pointless?

Perhaps, but there are plenty of options released under a multitude of licenses out there. Some are completely closed-source (I don't touch those), some are source-code-available but not open source (I avoid them too), some are copyleft and some are permissive. ATI is free to make it's own choice. I think the marketplace is fully capable of choosing winners and losers from the bunch.

The statement above from ATI general counsel implies there exists a legal threat to those that do not respect this so-called "license".

Although I didn't read his post that way, the fact is that every piece of copyrighted content (rightfully) carries this inherent threat if misused. Of course I'm happy to argue that copyright law needs a major overhaul in my country (U.S.), but that doesn't change the current state of things.

If you release a piece of information publicly, you cannot reasonably expect to maintain "control" over that information by definition.

Just in the interest of not starting a flame war , is it OK to limit this thread to ATI's particular choice of license, and leave out the more general copyright/left/permissive debate?

Ok then, I hereby state that anyone who replies to this thread or any other on bitcointalk.org about IP is agreeing to a contract that agrees with whatever I say about it. You're saying you don't agree? Well, you are, of course, free to choose to not enter into my contract by not expressing views on IP that constitute reneging this incredibly valid contract. Happy now?

Still not a lawyer here, but I'm nonetheless quite confident that your licensing terms are unenforceable, and so I'm daring to ignore them.

We do share a similar opinion, though: the thought that everything which touches armoryd's JSON-RPC interface is tainted by AGPL is too copyleft for my taste.

[Carlton Banks]

First off: pretend that "IANAL" is added to every single opinion you see below. With that said....

Is the AGPL enforceable? I've absolutely no idea. It's probably the most copylefty license out there, though.

Is ATI's application of the AGPL to armoryd's JSON-RPC interface enforceable? Again, no real idea, although it seems like a stretch to me.

Ditto, I don't know how enforceable they are on any legal basis

Is ATI's desire clear? Yes, unless a principal at ATI steps forward with a different statement, I'd say it's pretty clear. They don't want anyone using armoryd with an Internet-facing service unless you open-source that service, or seek an alternate license from ATI.

I'd agree that their wishes are clear, but not any reason for them (although I seriously doubt ill intention on ATI's part, Alan's rationale for choosing the license was likely informed by practicality rather than ideology or marketplace strategy).

The statement above from ATI general counsel implies there exists a legal threat to those that do not respect this so-called "license".

Although I didn't read his post that way, the fact is that every piece of copyrighted content (rightfully) carries this inherent threat if misused. Of course I'm happy to argue that copyright law needs a major overhaul in my country (U.S.), but that doesn't change the current state of things.

If you read what I said carefully, I didn't identify the issuer of the threat.

I would make the case that the problem could now be solved using a different approach: proof. Prove you wrote the code/whatever you created, at the time at which you did so. Generate cryptographic proof. Get that publicly recorded. The technology (but not the infrastructure) exists now to perform this properly, we all know this better than any.

Additionally, ATI are uniquely positioned to promote such a convention (using an appliance of their new DNS/DANE based name resolution/PKI protocol).

If you release a piece of information publicly, you cannot reasonably expect to maintain "control" over that information by definition.

Just in the interest of not starting a flame war , is it OK to limit this thread to ATI's particular choice of license, and leave out the more general copyright/left/permissive debate?

No  . Seriously though, I can only apologise, I'm terrible for going off topic.

Still not a lawyer here, but I'm nonetheless quite confident that your licensing terms are unenforceable, and so I'm daring to ignore them.

I agree. I would add that the terms of my contract are also massively unreasonable (and I intended both attributes from the outset).  

We do share a similar opinion, though: the thought that everything which touches armoryd's JSON-RPC interface is tainted by AGPL is too copyleft for my taste.

What I like least is, it suggests the possibility of leveraging the licensing terms to engage in rent-seeking behaviour by means of proxy litigation, i.e. satisfying the licensing terms can be used as a euphemistic vehicle for generating revenue. That's not moral behaviour. The ATI legal dept have a perverse incentive to encourage the company to take that stance, not just so they can all make money, but in order to enforce the law (which in turn is purported to be enforcing moral behaviour). It's perfect nonsense.

[StinkiePhish]

I thought I would add the relevant explanation from https://www.gnu.org/licenses/why-affero-gpl.html :

Why the Affero GPL

The GNU Affero General Public License is a modified version of the ordinary GNU GPL version 3. It has one added requirement: if you run the program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the program that it's running. If what's running there is your modified version of the program, the server's users must get the source code as you modified it.

The purpose of the GNU Affero GPL is to prevent a problem that affects developers of free programs that are often used on servers.

Suppose you develop and release a free program under the ordinary GNU GPL. If developer D modifies the program and releases it, the GPL requires him to distribute his version under the GPL too. Thus, if you get a copy of his version, you are free to incorporate some or all of his changes into your own version.

But suppose the program is mainly useful on servers. When D modifies the program, he might very likely run it on his own server and never release copies. Then you would never get a copy of the source code of his version, so you would never have the chance to include his changes in your version. You may not like that outcome.

Using the GNU Affero GPL avoids that outcome. If D runs his version on a server that everyone can use, you too can use it. Assuming he has followed the license requirement to let the server's users download the source code of his version, you can do so, and then you can incorporate his changes into your version. (If he hasn't followed it, you have your lawyer complain to him.)

Both the ordinary GNU GPL, version 3, and the GNU Affero GPL have text allowing you to link together modules under these two licenses in one program.

The GNU Affero GPL does not address the problem of Service as a Software Substitute (SaaSS).

SaaSS means that users use someone else's web server to do their own computing. This requires them to send their data to the server, which does their computing for them and sends the results back to them. SaaSS is an injustice because the users cannot control their computing when it's done that way.

If some program on this server is released under the GNU Affero GPL, the server is required to offer the users the corresponding source of that program. That is good, but having this source code does not give them control over the computing done on that server. It also does not tell them what other software may be running on that server, examining or changing their data in other ways.

We don't see any sensible way to address the SaaSS problem with license conditions on particular programs. Even to write a legal condition to distinguish between SaaSS use and non-SaaSS use would be a challenge, and if we had that, it is not clear what we would want to require in the SaaSS case. Thus, our solution to the problem of SaaSS is simple: refuse to use it.

If a program is meant specifically and only for SaaSS, you shouldn't write it. But many programs are useful for a variety of kinds of services, including some that are SaaSS and some that are not. It's useful to write and release these programs so people can set up non-SaaSS services with them, and good to release them under the AGPL.

As for the reasoning why ATI has always licensed Armory under AGPL 3, it was an attempt to balance the benefits of allowing other people to see and use the code, which is absolutely critical for security related software, against the costs or lost opportunity associated with a third-party using it to build their own commercial platform. (I won't speak for Alan, although he and I had lengthy discussions regarding the choice of open source license years ago).

As a developer, once you release code with a license that is very permissive, you cannot re-license the released code with a more restrictive license. So, for example, if you release your code with the BSD license and then find out that someone is making millions using it as the foundation for their offering, you cannot go back and get value from them. Therefore, using a more restrictive license like the AGPL 3 from the start allows the developer to ratchet the license down on a case-by-case basis as users request.

Using the AGPL 3, we thought that it would either 1) force code into open source, which we thought was a good thing; 2) force developers to talk to us, which we also thought was a good thing.

Please don't misinterpret that when I say "custom license" that it means it has to have a price. If someone wanted to experiment or start their business using Armoryd, we certainly could talk about a no-cost license for a period of time.

[Carlton Banks]

So, you're literally confirming that the concerns above are valid? Wow. I do not endorse the ATI position on this in any way at all. Reconsidering my attitudes toward the project.

[Roy Badami]

ATI believes that the use of Armory or Armoryd, licensed under the AGPL 3, as a backend application that interacts with any information from the Internet, causes all software in between Armoryd and the Internet to also be AGPL 3 licensed. Therefore, the source code is required to be publicly available.

This seems like a rather surprising position to take.  It would, for instance, prohibit using an off-the-shelf commercial firewall between Armory and the Internet.

[btchris]

ATI believes that the use of Armory or Armoryd, licensed under the AGPL 3, as a backend application that interacts with any information from the Internet, causes all software in between Armoryd and the Internet to also be AGPL 3 licensed. Therefore, the source code is required to be publicly available.

This seems like a rather surprising position to take.  It would, for instance, prohibit using an off-the-shelf commercial firewall between Armory and the Internet.

Agreed.

It's rather ironic that ATI couldn't, as things currently stand, host an armoryd-based service off of their own website at https://bitcoinarmory.com/.

https://bitcoinarmory.com/ is (currently) hosted with the help of CloudFlare's anti-DDOS service. Although CloudFlare (as a for-profit company) has chosen to open-source some of their software (good for them!), their platform is not completely open source.

Although I don't have a problem in general with "copyleft" licenses (and have used them myself), I find (just IHMO) the AGPL license to be far too restrictive for my taste (edited to add: especially ATI's interpretation of the AGPL license)....

Having said all that, if that's how the Armory devs would like to see their code used, I can/will respect those wishes.

[Roy Badami]

It's rather ironic that ATI couldn't, as things currently stand, host an armoryd-based service off of their own website at https://bitcoinarmory.com/.

Actually they could, of course, because they own the copyright to the code so they don't require a license.  But I know what you mean...

[btchris]

It's rather ironic that ATI couldn't, as things currently stand, host an armoryd-based service off of their own website at https://bitcoinarmory.com/.

Actually they could, of course, because they own the copyright to the code so they don't require a license.  But I know what you mean...

Oops, you're completely correct there, my bad... but thank you for seeing past my technical failures