Hector Martin on Nostr: I don't buy the EUPL claims. The whole "SaaS" fix seems to be based on this ...
I don't buy the EUPL claims. The whole "SaaS" fix seems to be based on this convoluted set of definitions:
- Article 3 requires source offer for "providing" the work. It specifically calls out Executable Code, but SaaS usage does not in fact "provide" executable code.
- Article 2 allows "communicating to the public", but it is unclear how this somehow qualifies as "providing" the work unconditionally.
- Article 1 defines "communication" as, among other things "providing access to its essential
functionalities at the disposal of any other natural or legal person".
- Finally, Article 5 does somewhat tie this together with "When distributing or communicating copies of the Work, the Licensee will provide a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available for as long as the Licensee continues to distribute or communicate the Work.". This might be enough to do the job, but it also becomes a restriction on *usage* since "communicating" is defined to include a subset of usage.
In addition, Article 2 allows you to "use the Work in any circumstance and for all usage", and I fail to see how that doesn't cover SaaS usage.
This whole thing is a flimsy contradicting mess as far as closing the SaaS hole goes, I wouldn't bet my code on it. Thankfully, unlike the AGPL, at least it isn't a compliance nightmare for mere contributors.
I do not believe it is legally possible to properly close the SaaS loophole and remain OSI compliant. If the Article 5 wording is legally sound and does that, this license should have never been OSI certified either as it becomes an EULA. You can't just redefine terms to include what is considered "usage" in common parlance and then claim you aren't restricting "usage" because you called it something else. If Article 5 is solid, it imposes a restriction on mere *users* (someone who doesn't modify the Work still has to ensure a source offer exists and is accurate if they install it and serve it), which makes the license into an EULA and decidedly not OSI compliant.
- Article 3 requires source offer for "providing" the work. It specifically calls out Executable Code, but SaaS usage does not in fact "provide" executable code.
- Article 2 allows "communicating to the public", but it is unclear how this somehow qualifies as "providing" the work unconditionally.
- Article 1 defines "communication" as, among other things "providing access to its essential
functionalities at the disposal of any other natural or legal person".
- Finally, Article 5 does somewhat tie this together with "When distributing or communicating copies of the Work, the Licensee will provide a machine-readable copy of the Source Code or indicate a repository where this Source will be easily and freely available for as long as the Licensee continues to distribute or communicate the Work.". This might be enough to do the job, but it also becomes a restriction on *usage* since "communicating" is defined to include a subset of usage.
In addition, Article 2 allows you to "use the Work in any circumstance and for all usage", and I fail to see how that doesn't cover SaaS usage.
This whole thing is a flimsy contradicting mess as far as closing the SaaS hole goes, I wouldn't bet my code on it. Thankfully, unlike the AGPL, at least it isn't a compliance nightmare for mere contributors.
I do not believe it is legally possible to properly close the SaaS loophole and remain OSI compliant. If the Article 5 wording is legally sound and does that, this license should have never been OSI certified either as it becomes an EULA. You can't just redefine terms to include what is considered "usage" in common parlance and then claim you aren't restricting "usage" because you called it something else. If Article 5 is solid, it imposes a restriction on mere *users* (someone who doesn't modify the Work still has to ensure a source offer exists and is accurate if they install it and serve it), which makes the license into an EULA and decidedly not OSI compliant.