I have a query regarding the GPLv3 license of NodeBB and commercializing my final product
-
Think about this in practical, extreme terms. Linux is GPL'd. Android is Linux. The things that you are concerned about would mean that someone looking over your shoulder on a train and reading your screen would violate the GPL. Obviously, that isn't true.
And think about your OS. Thousands of pieces of software under GPL and similar licenses will be also running to make all of this possible. Linux, the database, the NodeJS system, libraries, proxies, caches, web servers, etc. You are able to use all of those because they are under the GPL.
The things that you are concerned about would make every user, of every computer, phone, microwave, etc. have to go out and acquire a license to use everyday items. It wouldn't make any sense.
GPL has literally zero restrictions on use. None whatsoever.
-
@scottalanmiller I am just concerned about its 'virality' clause. That if for some reason my program is considered to be distributed, I would have to open source the entirety of it.
-
I have read that if the server sends javascript to the user's browser, that is considered 'distribution' under GPL. Is that true?
-
Would the manifests and service workers of progressive web apps be considered distribution? Since they store a little bit of cached data on the user device itself?
-
-
@boson_96 said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
I am just concerned about its 'virality' clause. That if for some reason my program is considered to be distributed, I would have to open source the entirety of it.
Of course, but that's a reference to distribution, not running, software. Remember, this is the most well known and most used license on the planet with literally billions of users using it daily without problems.
-
@boson_96 said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
I have read that if the server sends javascript to the user's browser, that is considered 'distribution' under GPL. Is that true?
It is, yes. But what goes to the browser is already visible source and, by definition, loosely coupled to the server back side. If your concern is that people will be able to read and use your JavaScript, you are already out of luck because JS is sent "open" to the browser and there is very little that you can do to control it because it's a pushed distribution.
So if you are trying to lock down the GUI piece of code, you are already conceptually in a problematic position. And no license is going to protect you.
If you are concerned about the code showing the information in the browser somehow making server side code be forcibly open sources, you are not understanding coupling. In browser code cannot be tightly coupled to server code. HTTP is an API call between them guaranteeing that there is no coupling.
-
@boson_96 said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
Would the manifests and service workers of progressive web apps be considered distribution? Since they store a little bit of cached data on the user device itself?
Where data is stored is not relevant. The code you put onto the end user's device, being part of a web page, will need to be GPL'd, but like any other part of a web page, this doesn't change the licensing on the server side.
-
Think of it another way, WordPress is GPL'd. If you run WordPress on IIS on Windows, it doesn't cause Windows or IIS to become open source. They are not tightly coupled, they don't have intermingled code. They aren't codependent.
The GPL is extremely simple to follow. It's really all common sense based on the goals. The idea is that you can use the software anyway that you want to with no negatives or concerns. You can modify and learn from the software all that you want to, no limits or concerns.
You only have to GPL your own code when you've created a derivative work AND distribute that work to people (not use it, distribute it.)
-
In terms of code, what's running in a web browser is a separate piece of code from what is running on the server. The two are independent. They might be made by the same person, at the same time, meant to work together, but they are independent. Each one is a different code base, different application, running on different machines. They talk to each other through a communications API (using HTTP in most cases.)
What goes out to the browser is getting distributed and is always open (meaning readable by the end user.) You cannot have secrets in that code, because it is not compiled or secret, it's wide open and always visible. So while you can have different licenses involved, you can't keep anything there secret. So that GPL can be viral in that code base should never have an impact on you and no one in the real world cares about it.
On the server side, you have different code. Likely in a different language, runtime, and likely even architecture. That code is never distributed because it's not display code.
If you think of it in terms of ancient client/server apps from the 1980s... if you have data in a database and you make apps that run on desktops that talk to it, and you license those apps under the GPL, that would never imply that because they talked to the database that that database is now GPL'd too.
If the GPL worked that way, you'd have problems because you'd have a situation where end users, buying software with never having seen code or even knowing what it was, would be forcibly making every product on earth GPL'd by nature of installing them and using them together. It just can't work that way or else installing LibreOffice on Windows would make Windows GPL'd.
-
@boson_96 said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
I am interested in using NodeBB(Open-source option) as the forum for my larger project.
If I incorporate NodeBB into my project, would I have to open-source my entire project or just the derivatives of NodeBB that I use?
Let's go back to this. This can mean multiple things. I have lots of projects that use NodeBB as their forum, but that doesn't tie them together. Are you planning to actually use NodeBB inside or as a base for your larger application? I don't want to pry into what kind of application you are trying to build but, this feels like a really weird way to approach application design unless you are trying to build a competing forum product.
-
@scottalanmiller Thanks for all your help, you have cleared a lot of my doubts.
Are you planning to actually use NodeBB inside or as a base for your larger application?
The main product would be a marketplace platform where users would buy and sell services. Since they would be logged into the website, I also want a forum for them to interact with each other and have discussions. Based on how helpful they are to other users, they will accumulate karma/reputation. That karma would in turn be shown alongside their service listings on the platform, which will help them gain new customers for their services. Would such a system require the forum to be 'coupled' with the rest of the program?
-
@boson_96 said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
@scottalanmiller Thanks for all your help, you have cleared a lot of my doubts.
Are you planning to actually use NodeBB inside or as a base for your larger application?
The main product would be a marketplace platform where users would buy and sell services. Since they would be logged into the website, I also want a forum for them to interact with each other and have discussions. Based on how helpful they are to other users, they will accumulate karma/reputation. That karma would in turn be shown alongside their service listings on the platform, which will help them gain new customers for their services. Would such a system require the forum to be 'coupled' with the rest of the program?
It would not. You could couple it, of course, but there's no need to and it would not be natural to. If you do things like communicating through files, sockets, networking, or databases that's not coupling.
The natural ways to handle this would be to have either NodeBB authenticate users by calling your new system's API or vice versa. That's just the same as being any end user, you don't even have to modify code.
Unless you are trying to build the marketplace on top of nodeBB, which feels quite awkward as an approach, NodeBB and your marketplace will be two applications that run side by side and share some data. This is totally normal and you aren't the only one using NodeBB as a forum for a product where there is some data passing back and forth.
Any easy way to think of it is... when you open up your IDE, are you forking NodeBB to make your marketplace? Or are you building your own software, and running NodeBB as well?
And even if you are writing both in the same language, with the same tools, and put the files in the same repo, that doesn't make it coupled. It's just that unless you are, you can be quite confident that they are not.
-
IANAL. But my daddy was. And I know what he'd say. He'd say:
- Yyou need to consult with an attorney about this, and much else, prior to commencing a business operation.
- You can pay me now, or you can pay me later. Only it is gonna cost you a lot more later when you come knocking for me to dig you out of the hole you've gotten yourself in.
- If nothing else, it demonstrates to the courts that you made a best faith effort to do your due diligence. If your lawyer gave you poor advice, they will be more likely to be lenient w.r.t. giving you chance to remedy w/o further damages.
@scottalanmiller Good stuff. Thorough. Yet, despite your elocution, the GPL still instills fear, real or imagined, of legal repercussions. So we need to cover our arses in the due diligence department.
Rock on BSD!
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
Good stuff. Thorough. Yet, despite your elocution, the GPL still instills fear, real or imagined, of legal repercussions. So we need to cover our arses in the due diligence department.
It should not. This has been the industry standard for decades. It's so clear and easy to deal with and textbook development basics that it should not instill fear nor should you need an attorney. It's meant specifically so that you'd never feel fear or need an attorney. It's been around for forever and should be understood by everyone doing development because it's so common and you use it every day whether you know it or not. It's built into Windows all over the place, into Mac all over the place, everywhere.
CYA is always good, but there is a point where it's way over the top. The GPL is the best known license out there. If this causes concern, every other license would cause more concern because it's less common and less obvious. The cost of an attorney to look over every bit of code or every new use case would simply make making software impossible - both because it would make it slow, and because it would make it costly.
As a developer, knowing when you are extending someone's code and when you are simply operating their code as an end user, is something ultimately you have to know and track and a lawyer can only repeat back to you what you are telling them. So a lawyer would only be good as your own interpretation of the use. If you know your code, you don't need a lawyer, if you don't, your lawyer can't help.
-
@scottalanmiller Indubitably.
Be all that as it may... a decent attorney is maybe $250-$500/hr, depending on geolocation data? So a couple hours consultation up front offers some advantage, at least defensive position wise, in an increasingly litigious world were might makes right and the little guy gets worked.
I trust we are all familiar with a certain Federal District Court in a certain part of Texas, eh?
To reiterate salient take aways:
- Indubitably. As Scott emphatically states; it should not.
- Any new biz venture w/any hopes of not loosing early in the game is well advised to develop some relationship legal eagle side. Not all are scum. Cultivate a relationship w/one you feel comfortable with. Document that you at made at least some effort at due diligence up front cuz it's a wacked out world out there, eh?
INAL... but I did get sued once by a mightier than thou bully boy. And prevailed w/o it costing me a small fortune. Not anything I'd want to repeat. But... Just sayin'...
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
So a couple hours consultation up front offers some advantage, at least defensive position wise, in an increasingly litigious world were might makes right and the little guy gets worked.
My guess is that you'll find that it's not a couple of hours. Either its a tremendous amount of time and extremely costly, or it doesn't CYA and is rarely going to be an attorney that knows this as well as decades of the industry.
Normal companies don't use an attorney for GPL basics. It's a dangerous path that, of course, lawyers want you to think that every line of code needs legal review.
I'm not against CYA and I keep an lawyer on retainer and use the constantly. But never for code license review, you could never afford software that way.
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
INAL... but I did get sued once by a mightier than thou bully boy. And prevailed w/o it costing me a small fortune. Not anything I'd want to repeat. But... Just sayin'...
Right, but did the lawyer correct you from making a mistake or just confirm that you didn't. And did that prep ahead of time protect you or would you have been the same regardless?
Bullies will come after you regardless. And a lawyer paid to rubber stamp the obvious shouldn't help CYA.
-
@scottalanmiller Jeeze. Everyone wants a debate today...
First off, hey, I already agreed w/you. The OP seems nervous about it so I suggested they talk to a legal eagle. Lawyers read things differently from normal folk. If the OP is really that nervous, and seems they are, a couple hours consultation wherein they can confidentially discuss details my well be worth the peace of mind.
Otherwise... not.
Second off, my incident was DMCA related, a far more complex can of worms.
We now return you to your regularly scheduled programming. Peace.
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
@scottalanmiller Jeeze. Everyone wants a debate today...
First off, hey, I already agreed w/you. The OP seems nervous about it so I suggested they talk to a legal eagle. Lawyers read things differently from normal folk. If the OP is really that nervous, and seems they are, a couple hours consultation wherein they can confidentially discuss details my well be worth the peace of mind.
Otherwise... not.
Second off, my incident was DMCA related, a far more complex can of worms.
We now return you to your regularly scheduled programming. Peace.
Yeah, DMCA is an enemy of the public - a tool to attack. The GPL is meant to protect the OP.
The advantage to a GPL code base is that lawyers have covered it a lot and that stuff is all available for free, no need to pay until you want a code review. For basic questions, it's all covered better by the experts who've been over it a lot, rather than one off first timers or whatever.
The risk is that a lawyer is almost certainly inexperienced in this as it's so rare that GPL has any need for council, but every lawyer is going to happily recommend spending many hours with them. But the GPL is so well known in tech circles and so well covered by lawyers for decades, there would actually be more risk to introducing a new lawyer to the mix because you always risk that they don't understand the material or are the wrong type of lawyer, and risk that they will just use the opportunity to generate huge bills without producing anything of value.
It's a little like insurance. Sounds good, but when you write code, often carrying insurance increases your chances of something going wrong and rarely covers anything that does go wrong. So the more insurance you have, often the more risk you have and the less cash you have to protect against it. It can easily have the opposite effect that it feels like it would have.
In general, I'm a HUGE "always have a lawyer" proponent. But with this kind of stuff, it's so basic to code writing and needed so continuously and only the dev has the code use insight to really know how it applies, that I think the lawyer is actually a risk, or at very least a waste.
-
The real question is.... why are we worried about the GPL that is designed and has been proved and well known for decades to ensure that the OP is safe to do what they want here - that's it's point... but ignoring the non-GPL MongoDB license that does NOT provide for commercial use?
It's not the GPL license here that is viral or scary. The GPL doesn't even come into effect in the situation described.
But MongoDB when used under normal conditions has a EULA that says anything using it is open source. So using NodeBB is of zero concern, but using MongoDB is a huge risk here and will easily get used "by accident" if it is installed.
There are ways to buy commercial use licenses, but you have to be aware of it. The GPL concern is really just 20 year old Microsoft FUD that they tried to use to scare people in the ear before they embraced open source and that has been long ago torn apart as being ridiculous. But the new, aggressive MongoDB use rights that are not related to MongoDB's code is the real concern and will almost certainly cause all or more problems than the OP is talking about and isn't even being discussed.
-
@scottalanmiller And damn good reason, in an ideal world, to find replacement for mongodb. Kind of sad Mongo chose this path. But oh, well, into each life some rain must fall. When I first started putz'ing about with NodeBb I spent significant effort chasing the elusive Postgresql unicorn variant... which ended being more headache than I was willing to endure. So I endure the Mongo curse as least of requisite evils.
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
@scottalanmiller And damn good reason, in an ideal world, to find replacement for mongodb. Kind of sad Mongo chose this path. But oh, well, into each life some rain must fall. When I first started putz'ing about with NodeBb I spent significant effort chasing the elusive Postgresql unicorn variant... which ended being more headache than I was willing to endure. So I endure the Mongo curse as least of requisite evils.
Yeah, it's been easy, fast, etc. But I'd love to see something else in use now.