Why the sudden change to AGPL from MIT ?
What's the main reason for this?
Thanks
We've had a handful of VPN services and router manufacturers contact Trail of Bits for assistance integrating Algo over the last few months. It's rare that they know what they are doing and have needed hand-holding to understand which ports to open and how the software works. In each case, Trail of Bits provided that assistance and did it for free even though we were under no obligation to do so.
When these services inevitably stumble through their development and build their service, they have made promises to contribute financially or technically back to Algo. This is the big win for an open source project, since more adoption helps enhance the entire community. Here is a quote directly from one VPN service that is entirely dependent on Algo to function:
Giving Back
We contribute 15% of our net proceeds to these incredible organizations
Algo: Open-source project utilized to configure your [redacted] VPN.
As far as I am aware, we have never received any financial support or code contributions from a company that has incorporated Algo into their product, including the company I quoted. I'd like to make our relationship with these firms more equitable so we have now changed the license for Algo to AGPL.
In our 1.0 release, we have reserved a few more rights than before while keeping the software open source and freely available. Notably, the ability to build a closed-source service based on Algo is now disallowed unless you also release the technical changes you made to accommodate such a development (as per the terms of the AGPLv3). If you want to sidestep that requirement, then you can make a donation and we will provide an exception. We think this is a fair tradeoff and it mirrors how other successful security tools work, like Snort and NMAP.
@andreimc Here's some reading on the topic. Basically AGPL seems to be more restrictive towards developers who might want to incorporate the Algo code (for free) into their own closed-source or commercial projects. I don't understand how or if it affects us here as end-users or contributors.
https://www.slant.co/versus/3575/3582/~mit-license_vs_agpl
https://news.ycombinator.com/item?id=1273231
From the developer's point of view:
https://thebetterstory.co/the-saas-developers-uber-short-guide-to-using-open-source-projects-f32511fe118d
https://softwareengineering.stackexchange.com/questions/150534/want-to-use-a-lib-for-my-project-confused-with-license-agpl-vs-mit-license
@dguido makes sense - was just wondering , thanks for the response. I am planning to use Algo commercially in a project. Sticking with my MIT fork for now, once I make some money from it I will consider the AGPL3!
Great work anyway!
Most helpful comment
We've had a handful of VPN services and router manufacturers contact Trail of Bits for assistance integrating Algo over the last few months. It's rare that they know what they are doing and have needed hand-holding to understand which ports to open and how the software works. In each case, Trail of Bits provided that assistance and did it for free even though we were under no obligation to do so.
When these services inevitably stumble through their development and build their service, they have made promises to contribute financially or technically back to Algo. This is the big win for an open source project, since more adoption helps enhance the entire community. Here is a quote directly from one VPN service that is entirely dependent on Algo to function:
As far as I am aware, we have never received any financial support or code contributions from a company that has incorporated Algo into their product, including the company I quoted. I'd like to make our relationship with these firms more equitable so we have now changed the license for Algo to AGPL.
In our 1.0 release, we have reserved a few more rights than before while keeping the software open source and freely available. Notably, the ability to build a closed-source service based on Algo is now disallowed unless you also release the technical changes you made to accommodate such a development (as per the terms of the AGPLv3). If you want to sidestep that requirement, then you can make a donation and we will provide an exception. We think this is a fair tradeoff and it mirrors how other successful security tools work, like Snort and NMAP.