AGPLv3 Licensing – Commercial Usage of Python Web Framework

licensingpythonweb-applications

There's shuup django based e-commerce web-framework which is licensed AGPL-3.0

I would like to use it in my commercial project, which ultimately means that I'll want to modify a thing or two in the source files, also add a dozen of extra features to fulfil specific project requirements.

After reading an answer to a similar question it seems to me, that I must expose my modifications or push my changes to shuup's repo especially because of the following quote:

These subsequent terms of the licenses require you

  • to also make available the "Corresponding Source" of the work
    if you distribute object code of the modified or unmodified
    work (Section 6)
  • to even do this if you do not distribute a modified work at all,
    but rather only make its services available via a network
    (Section 13, AGPL only)

So, if I'm about to use modified version of their source code in my project (nothing to do with redistribution or re-selling), do I need to expose my changes or by other means care about modified source code?

Best Answer

I assume that your commercial application based on shuup is something that you will make either publicly available on the open internet or at least make available to third-parties.

Furthermore you hinted that you intend to modify and enhance the shuup source code for your context.

I also assume for now that your intention is to "run" this commercial application of yours and not to "redistribute" it as a code package for others (e.g. customers) to deploy.

The AGPL license is quite specific in this case. Beside the GPL provisions the key new terms is in the AGPL section 13.

  1. Remote Network Interaction; Use with the GNU General Public License. Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.

You would have to incorporate a mechanism in your app that would provide access to the exact corresponding source code including your modifications.

The corresponding source code would likely cover all of shuup and your modifications as well as the source code for all the dependencies, and this recursively. This would not cover cover any configuration secrets of course (such as a config file with database password and settings, etc) and this may not cover your new original assets or media, assuming they are not essential to the working of your modified shuup.

If this application will be publicly and generally available, the simplest route I would take for compliance would likely be:

  1. fork shuup in a public repo
  2. add my changes (and document them per the AGPL section 5 as needed) directly in this public repo
  3. modify shuup such that there is a prominent link either in an about page or on each page that would point to the corresponding commit that is being published and setup my deployment scripts such that they include this link properly updated to the deployed commit.
  4. ensure that I keep a copy all the deps source code for each deployed version of my app and make these available for download with the code in 3.
    (this is because these dependencies may disappear and you still own the obligation nonetheless)

Note that if you would not modify shuup the requirements would be lessened significantly. Using an unmodified AGPL-licensed framework or library or app is not much different from using a GPL-licensed one as the Section 13 requirements do not apply.

One approach to avoid modifications would be to contribute your changes upstream and work out so that they are accepted (but they may not be accepted at all, in which case you are still dealing with your own modifications and you have the burden of compliance).

Related Topic