Why GPLv2 and not GPLv3 / AGPL?

Is there a specific reason the project is licensed under GPLv2, and not the more recent GPLv3? To get the most out of GPL, the AGPL license would be a perfect fit for this project, as it also affects instances of Pijul running in the cloud.

Excellent question, usually people ask the other direction (why GPL and not BSD/MIT?). It was AGPL initially, but the legal possibilities of enforcing the cloud aspects of AGPL isn’t clear to me, and the boundaries of these restrictions is also not very clear: if you use an AGPL Pijul to manage a project unrelated to version control, does that mean you can’t run that project in the cloud? Lawyers, managers and programmers have different opinions on that, and there are few court rulings to take as examples.

Also, I don’t mind that people write commercial services based on Pijul, on the contrary, I believe it increases adoption.

That makes sense. But GPLv3 doesn’t have the cloud component, so is there any reason not to use it in favor of GPLv2? If the problem is that it isn’t compatible with GPLv2, the GPLv2-or-later license is also a possibility.

Pijul is GPLv2-or-later, actually. GPLv3 has the tivoization thing, and I don’t fully know what that entails, since I’m not a lawyer.

Oh, sorry. I should’ve done more research then. I just read what was written on the homepage:

Pijul is a free and open source (GPL2) distributed version control system

No, in the same way that an MIT project using Git would not need to also be licensed under the GPL 2.0. A GPL tool (for example, text editor) does not affect what is being worked on whatsoever. Only by combining work with or basing work on a GPL project is the licensing requirement triggered.

Even if it did somehow make that work also AGPL, it would not mean it cannot run in the cloud, just that, as the AGPL states, a modified version of the program that interacts with users over the network must offer them the corresponding source of the modified version. The corresponding source being exactly the same term as the GPL 3.0. Anything that you would share under the GPL 3 is what is being shared in the AGPL, only difference is that use of an AGPL program over the network (if the work even has such a capability) would also trigger the sharing requirement, and not only sharing binaries like with the GPL.

The text relevant to “tivoization” are the last 5 paragraphs of section 6 of the GPL. Basically, if you buy a consumer product like a fridge, and that fridge comes with object code that is GPL, and it is possible for who sold it to you or some other third party to install modified object code into that product, then who is selling it to you MUST provide the information necessary for you to also be able to do so.

So if my smart fridge uses GPL GUI, and i want to change it to look nice or something, and it is possible to load a modified version of the code (because the memory isn’t read-only or something), then the fridge salesman must provide me with whatever is needed to do that, such as authorization keys.

A related feature of the GPL 3 is that if you use GPL code to implement DRM, that DRM will not count as an Effective Technological Measure against access, therefore it will not have legal protection against people trying to crack your code to exercise their freedom to, for example, run modified versions, or run as they’d like.

I encourage you to read the license texts to better understand what it is they’re are requiring and when. They are written fairly straightforwardly and it is important to understand, not just for when you want to use GPL code, but also what you are asking of your users. The AGPL is exactly the same as the GPL except for the Preamble and the small extra paragraph in Section 13 about network use.

Other features of the GPL 3 include explicit patent license, improved compatibility with other free licenses (most notably Apache 2.0), more approved ways to provide modified sources, language that makes the GPL more applicable in countries other than the United States, and allowing offenders to comply within 30 days rather than outright instantly losing the license.

To me, the GPL 3 is a total upgrade form the GPL 2. Notice that the license doesn’t forbid you from writing DRM, nor does it forbid a manufacturer from using encryption on their firmware or anything like that. Simply, the person you SOLD that product to OWN, is guaranteed their software freedoms, by being provided (if it is possible to provide) the information necessary. GPL actually compromises there by only requiring it for consumer products. Products meant only for businesses and organization don’t have this requirement.

I have said before that I wished Pijul was not copyleft, but I think the complete opposite now. Of course it should be at least LGPL or stronger! Why would you do Apache 2.0 when a copyleft keeps the code free? People make incompatible competing closed extensions, and how do we keep up and keep it free? Who can’t use (A)GPL 3.0 code? Only those that want to make selfish extensions and malware.

That’s my interpretation as well. I’ve been told that some companies treat it like that though.

About Tivoization, I’m sympathetic with the intention, but I don’t fully know what it entails, in the sense that I don’t know whether it restricts my freedom of (say) uploading code onto the device that uses Libpijul. My main problem with these paragraphs is that I don’t know what to think of a device I’ve received as a gift, for example.

Could you flesh-out the example a bit? I’m not really sure why the license of pijul would prevent putting a copy of some other code in a device that just happened to have also use libpijul in it. Debian ships with AGPL code, maybe that answers your question?

I don’t know if gifting triggers the tivo paragraphs (it doesn’t sound like a transaction), but if it does, then whoever gifted it must’ve at some point acquired it from somebody else in such a way that would’ve also triggered the requirements, and so on. So it should be possible for that person to comply as long as everybody in the chain complied. It may be unknown if somebody in the chain didn’t comply, but in the same way it may be unknown it used any copyleft code at all, in such cases after it’s found out, there can be litigation against the company selling this product for non-compliance.