I have a query regarding the GPLv3 license of NodeBB and commercializing my final product
-
IANAL. But my daddy was. And I know what he'd say. He'd say:
- Yyou need to consult with an attorney about this, and much else, prior to commencing a business operation.
- You can pay me now, or you can pay me later. Only it is gonna cost you a lot more later when you come knocking for me to dig you out of the hole you've gotten yourself in.
- If nothing else, it demonstrates to the courts that you made a best faith effort to do your due diligence. If your lawyer gave you poor advice, they will be more likely to be lenient w.r.t. giving you chance to remedy w/o further damages.
@scottalanmiller Good stuff. Thorough. Yet, despite your elocution, the GPL still instills fear, real or imagined, of legal repercussions. So we need to cover our arses in the due diligence department.
Rock on BSD!
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
Good stuff. Thorough. Yet, despite your elocution, the GPL still instills fear, real or imagined, of legal repercussions. So we need to cover our arses in the due diligence department.
It should not. This has been the industry standard for decades. It's so clear and easy to deal with and textbook development basics that it should not instill fear nor should you need an attorney. It's meant specifically so that you'd never feel fear or need an attorney. It's been around for forever and should be understood by everyone doing development because it's so common and you use it every day whether you know it or not. It's built into Windows all over the place, into Mac all over the place, everywhere.
CYA is always good, but there is a point where it's way over the top. The GPL is the best known license out there. If this causes concern, every other license would cause more concern because it's less common and less obvious. The cost of an attorney to look over every bit of code or every new use case would simply make making software impossible - both because it would make it slow, and because it would make it costly.
As a developer, knowing when you are extending someone's code and when you are simply operating their code as an end user, is something ultimately you have to know and track and a lawyer can only repeat back to you what you are telling them. So a lawyer would only be good as your own interpretation of the use. If you know your code, you don't need a lawyer, if you don't, your lawyer can't help.
-
@scottalanmiller Indubitably.
Be all that as it may... a decent attorney is maybe $250-$500/hr, depending on geolocation data? So a couple hours consultation up front offers some advantage, at least defensive position wise, in an increasingly litigious world were might makes right and the little guy gets worked.
I trust we are all familiar with a certain Federal District Court in a certain part of Texas, eh?
To reiterate salient take aways:
- Indubitably. As Scott emphatically states; it should not.
- Any new biz venture w/any hopes of not loosing early in the game is well advised to develop some relationship legal eagle side. Not all are scum. Cultivate a relationship w/one you feel comfortable with. Document that you at made at least some effort at due diligence up front cuz it's a wacked out world out there, eh?
INAL... but I did get sued once by a mightier than thou bully boy. And prevailed w/o it costing me a small fortune. Not anything I'd want to repeat. But... Just sayin'...
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
So a couple hours consultation up front offers some advantage, at least defensive position wise, in an increasingly litigious world were might makes right and the little guy gets worked.
My guess is that you'll find that it's not a couple of hours. Either its a tremendous amount of time and extremely costly, or it doesn't CYA and is rarely going to be an attorney that knows this as well as decades of the industry.
Normal companies don't use an attorney for GPL basics. It's a dangerous path that, of course, lawyers want you to think that every line of code needs legal review.
I'm not against CYA and I keep an lawyer on retainer and use the constantly. But never for code license review, you could never afford software that way.
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
INAL... but I did get sued once by a mightier than thou bully boy. And prevailed w/o it costing me a small fortune. Not anything I'd want to repeat. But... Just sayin'...
Right, but did the lawyer correct you from making a mistake or just confirm that you didn't. And did that prep ahead of time protect you or would you have been the same regardless?
Bullies will come after you regardless. And a lawyer paid to rubber stamp the obvious shouldn't help CYA.
-
@scottalanmiller Jeeze. Everyone wants a debate today...
First off, hey, I already agreed w/you. The OP seems nervous about it so I suggested they talk to a legal eagle. Lawyers read things differently from normal folk. If the OP is really that nervous, and seems they are, a couple hours consultation wherein they can confidentially discuss details my well be worth the peace of mind.
Otherwise... not.
Second off, my incident was DMCA related, a far more complex can of worms.
We now return you to your regularly scheduled programming. Peace.
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
@scottalanmiller Jeeze. Everyone wants a debate today...
First off, hey, I already agreed w/you. The OP seems nervous about it so I suggested they talk to a legal eagle. Lawyers read things differently from normal folk. If the OP is really that nervous, and seems they are, a couple hours consultation wherein they can confidentially discuss details my well be worth the peace of mind.
Otherwise... not.
Second off, my incident was DMCA related, a far more complex can of worms.
We now return you to your regularly scheduled programming. Peace.
Yeah, DMCA is an enemy of the public - a tool to attack. The GPL is meant to protect the OP.
The advantage to a GPL code base is that lawyers have covered it a lot and that stuff is all available for free, no need to pay until you want a code review. For basic questions, it's all covered better by the experts who've been over it a lot, rather than one off first timers or whatever.
The risk is that a lawyer is almost certainly inexperienced in this as it's so rare that GPL has any need for council, but every lawyer is going to happily recommend spending many hours with them. But the GPL is so well known in tech circles and so well covered by lawyers for decades, there would actually be more risk to introducing a new lawyer to the mix because you always risk that they don't understand the material or are the wrong type of lawyer, and risk that they will just use the opportunity to generate huge bills without producing anything of value.
It's a little like insurance. Sounds good, but when you write code, often carrying insurance increases your chances of something going wrong and rarely covers anything that does go wrong. So the more insurance you have, often the more risk you have and the less cash you have to protect against it. It can easily have the opposite effect that it feels like it would have.
In general, I'm a HUGE "always have a lawyer" proponent. But with this kind of stuff, it's so basic to code writing and needed so continuously and only the dev has the code use insight to really know how it applies, that I think the lawyer is actually a risk, or at very least a waste.
-
The real question is.... why are we worried about the GPL that is designed and has been proved and well known for decades to ensure that the OP is safe to do what they want here - that's it's point... but ignoring the non-GPL MongoDB license that does NOT provide for commercial use?
It's not the GPL license here that is viral or scary. The GPL doesn't even come into effect in the situation described.
But MongoDB when used under normal conditions has a EULA that says anything using it is open source. So using NodeBB is of zero concern, but using MongoDB is a huge risk here and will easily get used "by accident" if it is installed.
There are ways to buy commercial use licenses, but you have to be aware of it. The GPL concern is really just 20 year old Microsoft FUD that they tried to use to scare people in the ear before they embraced open source and that has been long ago torn apart as being ridiculous. But the new, aggressive MongoDB use rights that are not related to MongoDB's code is the real concern and will almost certainly cause all or more problems than the OP is talking about and isn't even being discussed.
-
@scottalanmiller And damn good reason, in an ideal world, to find replacement for mongodb. Kind of sad Mongo chose this path. But oh, well, into each life some rain must fall. When I first started putz'ing about with NodeBb I spent significant effort chasing the elusive Postgresql unicorn variant... which ended being more headache than I was willing to endure. So I endure the Mongo curse as least of requisite evils.
-
@gotwf said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
@scottalanmiller And damn good reason, in an ideal world, to find replacement for mongodb. Kind of sad Mongo chose this path. But oh, well, into each life some rain must fall. When I first started putz'ing about with NodeBb I spent significant effort chasing the elusive Postgresql unicorn variant... which ended being more headache than I was willing to endure. So I endure the Mongo curse as least of requisite evils.
Yeah, it's been easy, fast, etc. But I'd love to see something else in use now.
-
@scottalanmiller we're finding that Redis and Mongo have their drawbacks, although for production builds in our SaaS and premium offerings, mongo has been rock solid.
I personally see the winds a-changin' wrt mongo licensing, and so we will either double down on psql or investigate other options, but no word on what direction we will go as of yet.
-
@julian said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
@scottalanmiller we're finding that Redis and Mongo have their drawbacks, although for production builds in our SaaS and premium offerings, mongo has been rock solid.
I personally see the winds a-changin' wrt mongo licensing, and so we will either double down on psql or investigate other options, but no word on what direction we will go as of yet.
Nothing is perfect. Other than the licensing, we've been super happy with MongoDB. But we've dropped it for all of our own products due to licensing problems. Just more risk and/or complication that we want to deal with.
ScyllaDB is worth an investigation. And, of course, PostgreSQL is always amazing and super universal.
We use tons of PostgreSQL for other kinds of workloads. And if you do PostgreSQL as the standard, you get CockroachDB by default, too.
-
@julian said in I have a query regarding the GPLv3 license of NodeBB and commercializing my final product:
Eh? What's cockroachDB, can it survive a nuclear blast?
Thanks for the recomendations, we'll consider them
I think that that's the reference, yes. It's a NoSQL database that is PostgreSQL API compatible. It's open source and free. It's definitely not as fast as PostgreSQL, but it has a great web GUI and is a "drop in" for PostgreSQL but with different behaviour characteristics. So PostgreSQL will be way better for normal NodeBB deployments, but if someone wants a geographically diversified server farm, CockroachDB will do that using NoSQL mechanisms behind the scenes. it's pretty cool.