Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Oracle Quietly Switches BerkeleyDB To AGPL

Soulskill posted about a year ago | from the changing-licenses-loudly-is-just-rude dept.

Oracle 219

WebMink writes "A discussion in the Debian community reveals that last month Oracle quietly disclosed a change for the embedded BerkeleyDB database from the quirky Sleepycat License to the Affero General Public License (AGPL) in future versions. AGPL is only compatible with GPLv3 and treats web deployment as a trigger to license compliance, so developers using BerkeleyDB will need to check their code is still legally licensed. Even if they had made the switch in the interests of advancing software freedom it would be questionable to force so many developers into a new license compatibility crisis. But it seems likely their only motivation is to scare more people into buying proprietary licenses. Oracle are well within their rights, but developers are likely to treat this as a betrayal. As a poster in the Debian thread says, "Oracle move just sent the Berkeley DB to oblivion" because there are some great alternatives, like OpenLDAP's LMDB."

cancel ×

219 comments

Sorry! There are no comments related to the filter you selected.

Yawn, another fork (4, Insightful)

binarylarry (1338699) | about a year ago | (#44196353)

BrownDB will now be created to complement MariaDB and the other forks Whoracle has forced with their greed.

Re:Yawn, another fork (2)

Lonewolf666 (259450) | about a year ago | (#44196437)

In this case, I have my doubts. MySQL was pretty popular, BerkeleyDB seems to be a niche product and according to TFA, the most prominent projects relying on it are already moving away.

I guess BerkeleyDB will simply disappear.

Re:Yawn, another fork (0)

Anonymous Coward | about a year ago | (#44196605)

BDB has been mostly replaced by SQLite for local, non-network based databases. And SQLite has been working well in many critical appliations. There is no market left for BDB except to migrate people off of it.

Re:Yawn, another fork (4, Informative)

jythie (914043) | about a year ago | (#44196611)

Niche is a tricky description since BerkeleyDB tends to lurk in the underbelly of projects. MySQL you can see running, but Berkeley you generally do not know if a project is using it unless you look through the library linkage and cat a bunch of data files.

Re:Yawn, another fork (4, Informative)

Xtifr (1323) | about a year ago | (#44196851)

BerkeleyDB seems to be a niche product and according to TFA

It comes standard with Perl, Python and Java, among many other things. It may appear niche because it rarely gets much mention, but it's pretty much been the standard tool used for persistent associative arrays for a long time. Of course, it's also fairly generic, and eminently replaceable. I agree that this is unlikely to be a huge problem.

Re:Yawn, another fork (0)

Anonymous Coward | about a year ago | (#44197683)

Python no longer ships the Berkeley DB module (it's still in 2.x for compatibility reasons, but is considered deprecated in 2.6 and 2.7 and was removed in 3.x). Perl only ships with support for Berkeley DB 1.x; you need to download a CPAN package to get support for anything newer. And I cannot find anything about Java shipping with Berkeley DB. It may have been the standard 10 years ago, but it hasn't been for quite a while.

Re:Yawn, another fork (1)

jbolden (176878) | about a year ago | (#44197965)

I agree with you it is niche. It is sort of one step up from SQLLite. There are other options today but it is a good fit for that "I don't want to force a database server but I need some storage..."

Re:Yawn, another fork (4, Informative)

Just Some Guy (3352) | about a year ago | (#44198173)

Up? Sideways. They both fit in the same solutionspace of "internal, in-process databases" but serve utterly different use cases. BDB is sweet when you want a key-value store. SQLite is awesome when you want a relational DB with an SQL frontend. Neither is better than the other because you wouldn't really use them for the same problems.

Re:Yawn, another fork (0, Flamebait)

Lunix Nutcase (1092239) | about a year ago | (#44196447)

Using the AGPL is being "greedy"? Isn't that the very license the FSF recommends for software run over a network? MongoDB is also AGPL and there was none of this drama directed at 10gen over it.

LOL hypocritical freetards.

Re:Yawn, another fork (4, Insightful)

rwven (663186) | about a year ago | (#44196525)

The problem isn't the AGPL (though it's a pretty horrible license in its own right). The problem is the license change, the reason for the change, and how the change will adversely affect people who currently use the product.

They're very different things.

Re:Yawn, another fork (-1)

Anonymous Coward | about a year ago | (#44196673)

It will only affect people distributing less free software. They should consider that a bug and fix it by license their software under a compatible license. There, problem solved and more free software to the world.

Re:Yawn, another fork (1)

AMDinator (996330) | about a year ago | (#44196755)

Because, you know, some businesses don't rely on closed-source software for their continued existence...

Re:Yawn, another fork (1)

guruevi (827432) | about a year ago | (#44197571)

Yes they do but the fact remains that this is a horrible business model. Someone, somewhere has already built an open or cheaper alternative to whatever software you can think up.

Re:Yawn, another fork (4, Insightful)

Just Some Guy (3352) | about a year ago | (#44198231)

It will only affect people distributing less free software.

...for certain bizarre-ass values of "distributing" that include "running on their own server but allowing external users to interact with it".

Re:Yawn, another fork (-1)

Anonymous Coward | about a year ago | (#44198243)

There's nothing bizarre about it. You are distributing the software. Just because there used to be a loophole where someone could distribute free software without distributing the source doesn't mean that always has to be. It was a bug and the bug was fixed.

Re:Yawn, another fork (2)

angel'o'sphere (80593) | about a year ago | (#44196843)

A license change does not affect the people who currently use the product.

They still have the old license.

it only affects new "customers"/users.

Re:Yawn, another fork (3, Insightful)

Goaway (82658) | about a year ago | (#44196919)

And, you know, anyone who wants to actually have bugfixes and updates.

Re:Yawn, another fork (1)

Richard_at_work (517087) | about a year ago | (#44197705)

Are they owed those things?

Re:Yawn, another fork (2)

rwven (663186) | about a year ago | (#44197015)

It absolutely affects them. If they want to upgrade to the next version, they are forced into a license that may be incompatible with their needs.

Re:Yawn, another fork (4, Insightful)

fuzzyfuzzyfungus (1223518) | about a year ago | (#44196591)

Using the AGPL is being "greedy"? Isn't that the very license the FSF recommends for software run over a network? MongoDB is also AGPL and there was none of this drama directed at 10gen over it.

LOL hypocritical freetards.

I'm going to make the optimistic assumption that you aren't merely trolling: AGPL is, indeed, what the FSF recommends for software likely to be used primarily on backend-type stuff(where conventional GPL, even v3, does nothing to stop the formation of an in-house mostly proprietary setup).

Oracle, however, is in the business of selling database software, not of being the FSF. So, when they take an existing database and re-license it in ways that are calculated to force existing users of that database to either leave or stump up for a proprietary license from Oracle, they get called 'greedy'.

This really isn't all that difficult.

Re:Yawn, another fork (1)

gl4ss (559668) | about a year ago | (#44196877)

it is kinda difficult, since as you say even when oracle goes by FSF's best practice for backend sw license they get flack..

Re:Yawn, another fork (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#44197045)

Eh, people saying mean things on the internet are a dime a dozen, I doubt Oracle cares very much. And(not that there's anything requiring them to) the fact that Oracle tends to get religion on the GPL only when they either wish to sell commercial licenses for a product, or to push people onto a commercial product, tends to make people rather mistrustful of their altruism.

Re:Yawn, another fork (1)

greg1104 (461138) | about a year ago | (#44198209)

The FSF's best practice for software licenses involves zero license fees, always. There are multiple practices the FSF follows that people accept only because they are the FSF. Copyright assignment is another thing the FSF can do, but when it's adopted by a commercial company it's presumed they are violating the spirit of free software by taking contributor work into a private commercial version. The exact motives and license recommendations of the FSF may change over time, but they are transparent and as consistent as they can be. When a commercial entity emulates part of their behavior, but they add a profit motive and license inconsistency, they are not acting like the FSF anymore at all.

Re:Yawn, another fork (1)

jbolden (176878) | about a year ago | (#44198057)

I should say though I don't really have any problem with Oracle making Berkley a good AGPL product, MySQL a good GPL product and Oracle a good commercial product. Berkley's big usage was the scripting community and it wouldn't shock me if many of them are comfortable with the AGPL. In some way by ditching the commercial and semi-commercial customer base they allow Berkley to focus on an easy to support niche which doesn't have conflicting interests with Oracle.

Oracle could move Berkley over to other groups like their development tools group who might get along fine with the Perl / Ruby / Python crowd.

Re:Yawn, another fork (2)

drinkypoo (153816) | about a year ago | (#44196597)

Using the AGPL is being "greedy"? Isn't that the very license the FSF recommends for software run over a network?

Sure. That's not what bdb is. You can use it to build software run over a network, though. If it should be changed to anything, it should be LGPL.

Re:Yawn, another fork (3, Informative)

Phs2501 (559902) | about a year ago | (#44196617)

The MongoDB core is AGPL. Its drivers are all Apache license, as explained here [mongodb.org] , therefore not polluting your web application code and forcing it under the AGPL.

BerkeleyDB, on the other hand, is linked in directly, and would force anything using it to be under the AGPL.

Re:Yawn, another fork (1)

gl4ss (559668) | about a year ago | (#44196891)

The MongoDB core is AGPL. Its drivers are all Apache license, as explained here [mongodb.org] , therefore not polluting your web application code and forcing it under the AGPL.

BerkeleyDB, on the other hand, is linked in directly, and would force anything using it to be under the AGPL.

would anything limit you from making that part separate though? the performance hit wouldn't be that bad.

you could of course just use sqlite or something else..

Re:Yawn, another fork (1)

jbolden (176878) | about a year ago | (#44197983)

I agree. It isn't being "greedy". This is something the /. crowd should applaud.

Re:Yawn, another fork (0)

Tough Love (215404) | about a year ago | (#44197081)

I do not agree that "Whoracle" is being evil this time, quite the contrary, but I agree strongly with your point about forking. If it bugs you, don't waste bandwidth whining, just fork, it's your right. Even your duty, if you want to be honest.

lol (-1)

Anonymous Coward | about a year ago | (#44196367)

but GPL v3 and AGPL are good, right? Right?

Re:lol (4, Insightful)

dgatwood (11270) | about a year ago | (#44196481)

AGPL is not good. AGPL is horribly evil. It means that I, as a sysadmin installing a piece of software, cannot make changes necessary to tailor it to my particular site configuration without releasing the source to those changes, even though those changes cannot possibly be of any use to anyone outside my server team except for attackers wishing to discover security bugs, learn the names of database tables, etc. for nefarious purposes.

I don't know about anyone else, but I personally have an absolute zero tolerance policy for Affero. It has no valid place among reasonable open source and free software licenses, as it is the antithesis of software freedom.

Re:lol (2, Interesting)

Anonymous Coward | about a year ago | (#44196541)

Not true, it has good use in webapplications. Think about something like phpbb where they want to release full code for it, but don't want people to modify it even if "only for their server".

Re:lol (4, Informative)

dgatwood (11270) | about a year ago | (#44196885)

PHPB is precisely the sort of situation where AGPL is unacceptable, because it infects code that has no legitimate association with the software itself. For example, on a website that I run, I currently use a heavily customized PHPBB setup that hooks into the (non-open-source) login system used for the site that it is integrated into. None of those changes would be even slightly useful to anyone but me.

Further, without the ability to migrate the actual data, being able to replicate the service itself is basically useless, which means that putting something like PHPBB under a horrible license like AGPL would buy you absolutely nothing.

Basically, AGPL is only useful for a very, very narrow range of software designed specifically for use in "software-as-a-service" situations, and even then, it is only acceptable if you don't need to tie it into existing infrastructure. In short, it is basically never acceptable, and its only sensible use is for businesses to be able to say, "Hey, look, we've open sourced our stack," while simultaneously ensuring that no legitimate business would ever even contemplate replicating that stack and competing with them.

Re:lol (-1, Flamebait)

devent (1627873) | about a year ago | (#44197423)

What a hypocrite you are. Why aren't you build your own forum software, why are you getting a free ride?
Or, if you lack skill or time, why aren't you buy a proprietary license from the developers of PHPBB?

If your modifications are useless to anyone else then there is no risk and no argument to release them. Just drop your code to Gibhub and be done. You could have an argument 20 years ego, when you have do mail CDs or Floppies to anyone ask for them, but today sharing code have zero costs and takes maybe 5 minutes of your time.

> Basically, AGPL is only useful for a very, very narrow range of software designed specifically ....

You know, you are an ass. It's up to the software developer to decide what license is best for their project.
If you don't like the license, you are free to negotiate a different license.
How about a little email to the developers of PHPBB:

Dear Developers,
I'm a small software developer myself, and I can't release my modifications, because I'm a lazy ass.
How about 50$ and a case of beer for a proprietary license?
Regards.

Re:lol (0)

Anonymous Coward | about a year ago | (#44196631)

So exactly how many custom changes do you make to large projects for your own little in-house needs?

Re:lol (1)

Anonymous Coward | about a year ago | (#44196789)

So exactly how many custom changes do you make to large projects for your own little in-house needs?

Easily one of the lamest questions you could ask.

Serious answer: It's a database program. He/she needs to create a schema. That schema would be covered under the AGPL.

Re:lol (1)

dgatwood (11270) | about a year ago | (#44196973)

Lots of them, actually. Any website is likely to have an authentication system already. Any website wanting to add features using existing open source technology is going to want to tie into that system. This common use case is fundamentally incompatible with Affero, because that authentication system cannot necessarily be made open source, and the AGPL does not provide a linking exception.

Also, before I adopt any piece of software these days, I do a thorough security audit. Mind you, I prefer to give those changes back when possible, because it makes future upgrades easier, but when the changes involve many thousands of lines of code changes (e.g. rewriting every single SQL query in parameterized form), this is often not appreciated as much as one might expect.

In short, anything I touch usually experiences a major fork and a large-scale rewrite prior to deployment. And that's not even counting all the minor stuff like skins, custom icons, etc., much of which often involves minor code changes because of inadequate class and ID attributes in HTML output, the need to manipulate the order of large blocks in ways that makes CSS unhappy, etc.

Re:lol (1)

jythie (914043) | about a year ago | (#44196659)

As an embedded developer, I sympathize with why one would find the AGPL evil... though at the risk of going down a 'they came for the X, but I was not an X' line. Back end developers did not seem to understand why embedded developers were uncomfortable with GPLv3, which was written in such a way as to not anger the more network and infrastructure oriented projects but really put the screws on embedded ones.

Re:lol (1)

Anonymous Coward | about a year ago | (#44198083)

I don't have any sympathy for embedded projects that are uncomfortable with GPL V3. It was specifically designed to prevent the TIVO situation. I heartily approve of that. Let me tweak the software, for heavens sake.

Re:lol (2)

KiloByte (825081) | about a year ago | (#44196725)

From FSF's very own "Four Freedoms":
Freedom 0: The freedom to run the program for any purpose.
From the DFSG:
6. No discrimination against fields of endeavor

With this non-free piece of shit license, you can't take parts of the code and reuse them in about anything else than pretty much just a web service. Want a mail server (both exim and postfix use bdb)? An IMAP server? A networked lift control (don't laugh, I've seen a wifi-connected one)? An IRC bot? Sorry.

I'm a strong proponent of the GPL, but AGPL is a train wreck akin to GnonFDL (literal reading of which prohibits using a technology known as "door lock" from protecting your machine).

Re:lol (1)

dgatwood (11270) | about a year ago | (#44197173)

Well, I know that a lot of folks moved away from Berkeley DB several years ago when Oracle first acquired it (and by "moved away", I mean "ran away") and embraced SQLite. Now might be a good time for the rest of the open source community to do the same.

Alternatively, for situations where SQLite is insufficient, IMO, PostgreSQL is usually a good alternative.

Better yet, adopt a middleware library like PDO so that with a small amount of effort (rewriting CREATE/ALTER TABLE queries, anything involving triggers or automatic time/date stamping, and a few other rough edges), it can be ported to arbitrary backend databases.

Re:lol (0)

devent (1627873) | about a year ago | (#44197783)

Yes just ignore the other freedoms.

The use of the BerkeleyDB do not put any restrictions on your software, as long as you do not statically link it.
A database connection is not covered by the GPL or AGPL and do not make it a derivative work.
As long as you use, for example Debian, you already comply with the AGPL license, because Debian distribute the sources already.

Re:lol (1)

KiloByte (825081) | about a year ago | (#44198063)

As long as you use, for example Debian, you already comply with the AGPL license, because Debian distribute the sources already.

Alter a single bit and you need to distribute your modified version. Which for most networking protocols is impossible or impractical.

Re:lol (1)

gl4ss (559668) | about a year ago | (#44196817)

ironically though it should be more RMS friendly.

it's entirely reasonable. it's just not the kind of open and free you're looking for :)

(in fact, most gpl web sw is quite irrelevant that it is such.. because the end users can't get the code)

Re:lol (2)

dgatwood (11270) | about a year ago | (#44197319)

Oh, it's relevant. The principle users of web software are the admins. They configure the software, they maintain the installation, they monitor what people are doing to it, etc. The GPL does something useful for those folks; it ensures that someone won't fork these tools, create their own versions of them, and sell them without giving their changes back. So it serves a useful purpose.

The AGPL, by contrast, adds additional restrictions on the site admins, but adds nothing of value for the so-called "users". Random website guests do not have direct access to the database (and it would be disastrous to give them such access), making their ability to spin off their own copy of the site largely moot except in very limited circumstances. And even if they somehow could get their data, for the most part, what makes a site valuable is usually the community, not the data, which means it would mostly be useless anyway.

In other words, it's a solution in search of a problem—maybe if someone were writing Google Docs under the AGPL... but nobody is ever going to do that, realistically—nobody sane, anyway.

Ironically, the software that Affero builds, given that it involves payment systems, is again precisely the sort of software where private customization is most crucial to the success of the software, and where again no end user could usefully take advantage of the changes anyway.

Re:lol (2)

Ly4 (2353328) | about a year ago | (#44196869)

Are you sure the damage is just limited to the configuration changes you made? The attorneys in my organization believed that the language could be extended to anything that runs on the same set of servers, and anything that interacted with the same database.

And it's even worse for libraries (e.g. iText) - there, the thought was that it could require sharing every bit of code used to run the web site. Not surprisingly, we're not using or contributing to anything licensed under the AGPL.

Re:lol (0)

Anonymous Coward | about a year ago | (#44196909)

i doubt AGPL requires you to release your data or scripts, since they are not part of the software. If you change the actual code of the database itself, then you need to release the changes. Do you hardcode you table names into the database itself?

Re:lol (1)

aztracker1 (702135) | about a year ago | (#44197057)

BDB is embedded, which means your code that reads/writes database access in fact does need to be AGPL too.

C'mon. That's moronic (0)

Anonymous Coward | about a year ago | (#44197021)

AGPL is horribly evil. It means that I, as a sysadmin installing a piece of software, cannot make changes necessary to tailor it to my particular site configuration without releasing the source to those changes, even though those changes cannot possibly be of any use to anyone outside my server team except for attackers wishing to discover security bugs, learn the names of database tables, etc. for nefarious purposes

Sigh. Just the usual red herring.

You never know how useful those changes might be to others.

Besides, if you're that bad at coding that knowing your table names yields a vector of attack... you should probably better leave that to others.

Re:C'mon. That's moronic (1)

dgatwood (11270) | about a year ago | (#44197485)

You never know how useful those changes might be to others.

Yes, I do. Unless someone steals the closed-source authentication system in question, tying into it is not useful in the slightest.

Besides, if you're that bad at coding that knowing your table names yields a vector of attack... you should probably better leave that to others.

If you think that not knowing the table names does not make all vectors of attack more difficult, you should probably leave the advice to people who understand security. :-)

In computer security (or any security, for that matter), the best defense is a layered defense [wikipedia.org] . I'm quite good at performing security audits, having spent significant amounts of time over the years doing so. However, any sufficiently large chunk of code, no matter how well analyzed, stands some small risk of containing security holes. So in the event that I missed something, using nonstandard table names provides an additional defensive layer that makes any sort of compromise considerably more difficult.

Implicit right to audit (0)

Anonymous Coward | about a year ago | (#44197065)

The Affero GPL gives parties the implicit right to audit your software code. If you run affero, you might find a bailiff at your door serving an order for an inspection of your server.

Re:lol (0)

Anonymous Coward | about a year ago | (#44197107)

I don't think your interpretation is right: AGPL affects source code, not configuration files. As long as you ship an "example config file" when a user requests the source code, should be enough.

Re:lol (0)

Anonymous Coward | about a year ago | (#44197291)

The "example config file" is not in the license language: http://www.gnu.org/licenses/agpl.html [gnu.org]

Re:lol (1)

dgatwood (11270) | about a year ago | (#44197531)

Who is talking about a configuration file? Have you ever tied a piece of software into a different authentication system? This isn't a config file change. It's potentially thousands of lines of code changes throughout the software, depending on how the software was written and how many assumptions it makes about the nature of the authentication system. (For example, my current authentication system does not use cookies. Any software that assumes cookie-based authentication tokens requires considerable changes.)

Re:lol (1)

jbolden (176878) | about a year ago | (#44198169)

If you are talking about thousands of lines of code changes to dozens of files ... yes you should be make it public. It becomes an example for the next person looking to use an authentication system.

Alternatively you could write an authentication layer make it BSD and make that public.

Re:lol (1)

DigiShaman (671371) | about a year ago | (#44197299)

So basically, AGPL is just poisoning the well waters here intentionally?

Re:lol (1)

LordLimecat (1103839) | about a year ago | (#44197443)

AGPL is horribly evil.

Wow, so I might have reserved that word for something like "genocide" or "the holocaust", but if you want to use it for a license which you happen to have a dislike for, I guess that works.

After all this is slashdot, and perspective is SO passé.

Re:lol (1)

jbolden (176878) | about a year ago | (#44198099)

Configuration files aren't under AGPL. The source code itself is. System admins don't need and generally aren't capable of making C-langauge source changes for using software in normal configs.

Re:lol (3, Interesting)

harlows_monkeys (106428) | about a year ago | (#44198167)

The FSF has a definition [gnu.org] of the term "free software".

Software under AGPL is not not free software according to that definition. It violates freedom 0.

Yet the FSF approved AGPL! This was an ethical disaster.

A key difference between free software licenses and commercial software EULAs was that the latter was a two way bargain. The copyright owner, who the law gives the exclusive right to make copies (including, for computer software, making temporary copies in RAM to use the software) grants you via the EULA permission to do that, in exchange for you agreeing not to do some things that otherwise would be allowed under copyright law. For example, you might have to agree to not reverse engineer the software, or to sell it when you are done with it.

The free software licenses, on the other hand, only grant you permissions. They do not require you to give up anything.

Until AGPL. AGPL goes beyond just granting you permission to do things that copyright law says require permission. It places restrictions on what you do with the software on your own machine. It is a EULA.

Software freedom as a tool of the oppressor? (1)

Anonymous Coward | about a year ago | (#44196381)

Say it ain't so!

Where is your God now RMS, WHERE IS HE???

License drama (0)

Anonymous Coward | about a year ago | (#44196383)

Has anyone ever been sued over an open source deployment done off license? This seems to be much ado about nothing.

Re:License drama (3, Informative)

Xtifr (1323) | about a year ago | (#44196759)

Has anyone ever been sued over an open source deployment done off license?

Um, yes, it happens all the time. The owners of BusyBox, for example, have not only sued, but won several cases [wikipedia.org] , for example. And Oracle sued Google, in part because Google's Dalvik was under a less restrictive license than Java's GPL—and they only lost because Google was able to show that the parts they actually copied (the API) weren't subject to copyright. But that's a clear precedent for worry about what Oracle might do.

Wait.. let me get this straight... (0)

Anonymous Coward | about a year ago | (#44196397)

I thought we liked the GPL around here?

Isn't Oracle using a GPL compatible license exactly what we want and should support?

Re:Wait.. let me get this straight... (0)

Anonymous Coward | about a year ago | (#44196475)

Yes. TFS is yet another anti-copyleft troll.
You can tell by the blatant misuse of the verb use:

developers using BerkeleyDB will need to check their code is still legally licensed.

As usual with copyleft licenses, use is as free as with public domain software.

Re:Wait.. let me get this straight... (1)

Goaway (82658) | about a year ago | (#44196941)

Except with the AGPL, use is not free.

Re:Wait.. let me get this straight... (0)

Anonymous Coward | about a year ago | (#44197083)

Here's a hint: the user is the person running the program in a web browser, not the admin deploying it on the server.

Re:Wait.. let me get this straight... (0)

Anonymous Coward | about a year ago | (#44197157)

If that were true, it wouldn't be compatible with the GPL.

Re:Wait.. let me get this straight... (1)

Nerdfest (867930) | about a year ago | (#44196495)

It's the intentions behind it. Switching to GPL3 means it is much more restrictive in how it can be used in commercial products. As a general guideline, if there's ever a question about Oracle's motivations when it comes to a choice between advancing open source and trying to force more people to their proprietary products, he answer is pretty straight forward.

Re:Wait.. let me get this straight... (1)

gl4ss (559668) | about a year ago | (#44196855)

you can use it for commercial products.. you just can't take the freedoms for yourself while restricting your users from those freedoms.

you could always just go for some bsd licensed db if you'd rather want that.

Re:Wait.. let me get this straight... (3, Informative)

Xtifr (1323) | about a year ago | (#44196613)

It already was GPL-compatible, so that part hasn't changed. They've gone from a more liberal license (the old license was compatible with, among other things, the GPL v2) to a less liberal one. That's always going to piss off some people. Just look at the controversy when a project goes from BSD or MIT to GPL.

Re:Wait.. let me get this straight... (1)

Anonymous Coward | about a year ago | (#44198199)

You've described this as if it weren't a big deal, but there is a lot of GPLv2 software that's going to require changes if the new version of BerkeleyDB is giong to be used with it. For Debian that means either a) sticking wtih an old version of BerkeleyDB before the license change, b) a LOT upstream projects changing their license (which realistally they likely can't), or c) switching away from BerkeleyDB to an alternative and patching the various source packages to make it work.

Just to give you a short list of packages affected (Ondej Surý gave an exhaustive list, which I'm greatly summarizing here):

      apt
      bind9
      bitcoin
      bogofilter
      boxbackup
      cfengine2
      cfengine3
      cyrus-imapd
      cyrus-sasl2
      dnshistory
      dovecot
      drac
      dsniff
      exim4
      glusterfs
      iproute
      iproute2
      lucene2
      opendkim
      openldap
      nvi
      pam
      perdition
      perl
      php5
      postfix
      python2.7
      python3.2
      python3.3
      reprepro
      rpm
      sendmail
      spamprobe
      squid
      squid3
      squidguard
      subversion
      tcpstat
      webalizer
      vacation

and many others. Regardless of the solution chosen, this change represents a lot of required work needed to fix something that before now wasn't broken.

How big a deal is this? (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#44196413)

Even as the copyright holder, Oracle can't do jack about existing versions released under other licenses(even if they went full nuclear, and actually terminated all downloads/media purchases under any prior license, there are still third party mirrors. So, Version X-1 is Sleepycat forever.

Is BerkeleyDB a project where Big New Features or Much Needed Upgrades are something that happens frequently, meaning that if you aren't running Version X, you might as well go home? If so, Oracle has actual leverage. If not, it seems likely that a maintained-if-not-terribly-active version can exist in perpetuity, with Oracle having to offer serious advantages in order to retain their status as the standard against which 3rd party development is done.

Re:How big a deal is this? (1)

jythie (914043) | about a year ago | (#44196675)

I do not think BDB has changed much in the last two decades.... it is a pretty conservative project.

Re:How big a deal is this? (0)

Anonymous Coward | about a year ago | (#44196895)

Yes, it did. Minor API changes (enough to break code, though), and very very noticeable scalability and internal changes.

That said, it would not be a problem to just fork BDB 5, for example. Debian is likely to just do that.

Upstream FLOSS projects are all jumping ship to LMDB, which is _really_ nice for most uses one would want berkeleydb for.

iText (0)

Anonymous Coward | about a year ago | (#44196687)

That's what happened with iText (a Java library for manipulating PDFs.) It was LGPL, the author got tired of well-heeled organizations using it without contributing either blood or treasure (including, I hear, some who were violating LGPL) and switched new versions to AGPL (with the option of a paid commercial license.)

Some went along, the project (under AGPL) is still going, but many others just keep using the last LGPL version. It ain't exactly broke.

Re:How big a deal is this? (1)

jbolden (176878) | about a year ago | (#44198237)

This started with a thread on Debian. There are dozens of projects on Debian that use BerkleyDB. Should they be configured to 5.3 forever? If so what if there are security problems how will Debian even know? If not they go over to 6. Which means dozens of libraries switch over to AGPL....

does anyone actually give a shit? (0)

Anonymous Coward | about a year ago | (#44196417)

license shmicense i use what i want.

Confused! (0)

Anonymous Coward | about a year ago | (#44196551)

So, all projects should be Open with as much Freedom as possible UNLESS they're run by Oracle??? Am I supposed to support the GPL or not???

Please /., tell me how I'm supposed to think on this!!!

Re:Confused! (2)

bonehead (6382) | about a year ago | (#44197121)

Actually, "Open with as much Freedom as possible" would be releasing the code into the public domain.

The entire purpose of a license, ANY license, is to place restrictions on what can be done with the code.

who cares? (2)

magic maverick (2615475) | about a year ago | (#44196577)

AGPL is a perfectly fine license, and I use it myself for certain projects. I'm not sure it's quite appropriate for this case though.

It is intended to attack the software-as-a-service loophole in the GPL, which allows people to take software (e.g. WordPress Multisite) and because it never leaves the server it is running on, it's not being distributed, and so changes are not distributed. And so users cannot take the modified software and run it on their own server.

Like the GPL, the AGPL is a license for end users. It allows them (the end users) to ensure that they always have access to the source code of the software they use.

And frankly, I think that if anyone really cares, they can just fork from the last "good" version.

The only issue that I can just think of (and pointed out in the Debian thread), is that for software that uses the database, they may have to be re-licensed. AGPL is irrelevant though, it would still be the case if BerkeleyDB was re-licensed to GPL or another strong copyleft (OMG virus!) license.

Also, the Infoworld article is simply wrong. If someone uses BerkeleyDB for a webapp, they don't have to make the whole app AGPL, merely GPL3 (which means that if it's an internal only (not distributed) webapp, that nothing changes). Just because it is GPL3, it doesn't mean that it has to be distributed. Though, as pointed out, you can continue to buy a proprietary license if you want.

SleepyCat achieved the startup dream (0)

Anonymous Coward | about a year ago | (#44196593)

They built up a substantial developer interest, they hired a few people, they got some excited customer names, and they got bought. Their founder is now off suggesting *REALLY, REALLY BAD* database ides such as putting a "provenance aware" BDB database into the filesystem. (This failed in WinFS for much the same reasons it's a bad idea for BDB: it's a huge CPU hit and it's not possible to stabilize or recover from the inevitable corruption.)

It had achieved its limits. Errors are unrecoverable, it doesn't scale, and atomic transactions weren't, which led inevitably to errors. The open source world abandoned BDB years ago for precisely these reasons: Oracle bought it to get the customer list and put the existing customers out of their unsupportable misery, and migrate them to something usable and fixable, such as Oracle or MySQL now that they also bought Sun Microsystems.

Amusing . . . (0)

Anonymous Coward | about a year ago | (#44196645)

. . . unintended consequences.

GPLv3 = poison pill

Gratuitous criticism against Oracle (1)

peppepz (1311345) | about a year ago | (#44196721)

So they develop a complex software project in-house, they give it away for free, they put it under a well-respected, user-friendly, open source, free software license, and we attack them because that might scare away commercial freeriders lest they'd have to provide a link to the source code in case they modify it and then use it on a web site?

Bah, I must be getting old, because this looks completely unreasonable to me.

Re:Gratuitous criticism against Oracle (1)

ilguido (1704434) | about a year ago | (#44196805)

Don't worry, it's the usual anti-FSF, anti-GPL FUD by soulskill.

Re:Gratuitous criticism against Oracle (0)

Anonymous Coward | about a year ago | (#44197359)

hardly. Being /. I assume you didn't read discussion on the Debian dev list. There's plenty a number of them grousing on about how, in this case, the AGPL is too strong a license and that there are a number of different projects that are going to be affected by this including Debian's package manager, apt. Frankly, assuming this isn't an accident by Oracle, it is hilarious that these Debian devs (who are some of the most anal about FOSS license issues as witnessed by their usual ragging on Canonical/Ubuntu) think that Oracle is screwing them over because it changed a open source project's license to a stronger FSF approved copyleft license. It's brilliant.

Re:Gratuitous criticism against Oracle (0)

Anonymous Coward | about a year ago | (#44196833)

Bah, I must be getting old, because this looks completely unreasonable to me.

Your eyesight must be going because Oracle didn't build it and the impact of a license change effects large numbers of non-commercial existing open-source projects.

Re:Gratuitous criticism against Oracle (2)

peppepz (1311345) | about a year ago | (#44197221)

Your eyesight must be going because Oracle didn't build it

Oh, don't be pedantic, they bought the company that built it.

and the impact of a license change effects large numbers of non-commercial existing open-source projects.

If anything, it will impact closed-source adopters of those projects. Open-source projects, by definition, have no problem in distributing their source code.

Re:Gratuitous criticism against Oracle (1)

Todd Knarr (15451) | about a year ago | (#44196913)

It's not that they have to provide source to BDB. It's that the AGPL changes the rules. Before usage as an embedded database in a Web app was considered internal use, not distribution, so BDB's license didn't impact the licensing of the Web app itself and didn't require release of the source code for the Web app. The AGPL means that if you use BDB in a Web app then the Web app itself has to be licensed under AGPL-compatible terms. That's... a huge change. And even though I normally use GPL terms, I don't really agree with it. If you were talking about an entire Web app framework, AGPL is appropriate. But for such a small component? That smacks to me of arm-twisting in a bad way, of trying to force users into buying proprietary licenses without coming out and saying that's what you're trying to do.

Similar things are why we have the LGPL, and why so many library components use it instead of the GPL. The GPL is suitable for entire programs, the LGPL is more suitable for libraries used by other programs. And while I don't have a problem with a library declaring itself licensed under the GPL, I do have a problem with a library starting out under the LGPL and then changing it's licensing to GPL. That changes a fundamental rule about what kinds of usage impact licensing, and it feels to me like I was suckered in.

Re:Gratuitous criticism against Oracle (0)

drinkypoo (153816) | about a year ago | (#44197047)

So they develop a complex software project in-house,

Congratulations, you have no fucking idea what you're on about [wikipedia.org] .

Re:Gratuitous criticism against Oracle (1)

peppepz (1311345) | about a year ago | (#44197477)

Oracle paid the people who wrote it in order to acquire that software. Oracle is currently paying their wages while they continue to develop the software. Your sarcasm is completely out of place.

Re:Gratuitous criticism against Oracle (0)

drinkypoo (153816) | about a year ago | (#44197525)

Oracle paid the people who wrote it in order to acquire that software.

That is not even vaguely close to the same thing as developing it themselves, and no amount of wishing will make it so.

Oracle is currently paying their wages while they continue to develop the software.

Yes, and Oracle is currently retroactively changing the license to something less desirable, and it's reasonable for people to be upset about this. It is a form of bait and switch because if it had used this license from an earlier date, then less people would have used the library, and a competitor would have been used by more people, and experienced more improvement.

Re:Gratuitous criticism against Oracle (1)

peppepz (1311345) | about a year ago | (#44197735)

Oracle paid the people who wrote it in order to acquire that software.

That is not even vaguely close to the same thing as developing it themselves, and no amount of wishing will make it so.

That, together with

Oracle is currently paying their wages while they continue to develop the software.

is the same thing as "developing it themselves", and no amount of changing the point of the discussion will make your initial answer any less wrong.

Re:Gratuitous criticism against Oracle (1)

drinkypoo (153816) | about a year ago | (#44197817)

No, no it doesn't. Oracle did not initially develop BDB, and is now paying for its maintenance. We call that further development, but it is not all of the development.

Oracle didn't create BDB, which is what we mean when we say "developed", as denoted by the past tense. Oracle is not in a condition of having developed BDB, they are in a condition of maintaining and developing it.

Further, not all development is benevolent, so I'm really not clear on what you hoped to prove to begin with.

Oracle clearly has the legal right to do what they are doing, and there is no morality in business, so that is the only right that matters. It doesn't change the fact that this is an offensive action, and that the most likely reason is that it constitutes an attack on one or more applications using BDB. Oracle is perfectly capable of utilizing a nuclear option to handle a minor goal; they've demonstrated their antisocial nature repeatedly.

Re:Gratuitous criticism against Oracle (1)

peppepz (1311345) | about a year ago | (#44198029)

The people who initially created BDB (past tense) now work for Oracle, or have worked with Oracle as long as they've worked on BDB, and they're working there on further development of it.

http://en.wikipedia.org/wiki/Margo_Seltzer [wikipedia.org]
http://en.wikipedia.org/wiki/Keith_Bostic [wikipedia.org]

So Oracle have the past, the present and presumably the future of BDB within them, whether we like it or not.

This is an embeded library database (1)

Electrawn (321224) | about a year ago | (#44196751)

Why is this not LGPL? (Keep the "viral" self contained to the library), or GPL (Application level viral-ability). AGPL? That "infects" everything (Airborne meta-viral!)

Either the developers/lawyers at Oracle don't understand their own product ... or worse that they are nefariously trying to end of life BDB.

How does copyright cover non-copying? (1)

Bogtha (906264) | about a year ago | (#44196765)

treats web deployment as a trigger to license compliance

How does this work in the USA? If you obtain it from them directly, they are giving you a copy, you aren't copying it yourself - so that's not copyright infringement. Copying software as an essential step in using it does not count as copyright infringement in the USA [copyright.gov] - so installing it on your server doesn't count as copyright infringement. Responding to incoming web queries doesn't copy any of their work - so that's not copyright infringement. So if you aren't doing anything that is protected by copyright, why do you need a license?

Re:How does copyright cover non-copying? (0)

Anonymous Coward | about a year ago | (#44198025)

Just because they make the data generally available doesn't mean you're allowed to have a copy of it. They own the copyright to the data, and will only grant you the right to have a copy of that data if you follow whatever terms they set in place.

Re:How does copyright cover non-copying? (1)

Todd Knarr (15451) | about a year ago | (#44198247)

The thing in question is a Web app. That means that the end user doesn't make or get a copy of the program. It runs on the server, the user accesses it but never actually copies it. Which left the possibility of someone taking a GPL'd program, adding their own extensions and setting it up as a Web application, offering access to it without having to give users the source code to it as they normally would.

The AGPL was the response. The end user may not be copying, but the operator of the Web app would've had to copy the AGPL'd software onto their server. They can't make that copy without a license. The AGPL license says that if you make a copy and run it on your own server, you have to give users a copy of the code if they ask as a condition of you being able to copy the software to use in the first place. The intent of the AGPL was that it'd be applied to entire applications or to Web services (which're isolated by a network interface, so the AGPL wouldn't extend to software that used those Web services). Oracle here is trying to use it on a small but important component to force Web app developers to choose between AGPLing their entire Web app or buying a proprietary license to BDB.

Personally I'd have no problem with using the AGPL this way from the start. I wouldn't use a component like that, but the author IMO has every right just like they have the right to use the GPL instead of the LGPL on a conventional library intended for use in other programs. But I have heartburn with Oracle changing the license rules in such a fundamental way now, after people have committed to use based on the original rules. NB: I have the same heartburn with an LGPL project going GPL after widespread adoption.

Berkeley DB is a steaming POS (0)

Anonymous Coward | about a year ago | (#44197145)

who cares. the sooner it gets killed off the better

It's a Bug (1)

Somebody Is Using My (985418) | about a year ago | (#44197523)

Don't worry, I'm sure that in a few days Oracle will announce that this change was just a bug, just like when they did it with the MariaDB man pages a few weeks back. It's all an innocent mistake made by their software. Oracle is our friend and only has the best of intentions for everything it does.

(The above was intended to be somewhat tongue-in-cheek; I have no real opinion of the change or whether it is good or bad for the end-uses. It just amuses me that Oracle would attempt something like this after getting spanked for a similar change they made just a few weeks back. Did they think nobody would notice? They don't have such a good reputation to begin with; better to be above-board rather than try to silently slip in a new re-licensing).

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>