(Note 1: I AM NOT A LAWYER. THIS IS BASED ON MY READING OF LEGAL DOCUMENTS, WHICH MAY BE FLAWED. I MAY BE WRONG, TAKE THIS WITH A GRAIN OF SALT)
(Note 2: All links to the gradient git repo are permalinks to specific git hashes. This is to ensure that the issues presented here are clear when the links presented are pressed.)
I’ve noticed some licensing complications resulting from a dual-license between AGPL 3.0(specifically AGPL-3.0-only, but that doesn’t specifically impact this issue) and the proprietary WaveLens 1.0(referred to as WL-1.0) license used(source here). Note that if the license is updated, this link will continue to work, as it points to the first commit this license was introduced.
Distribution of modified versions
WL-1.0 states the following:
2.2. Public distribution of the Software or any modified versions under this license is strictly
prohibited. This includes selling, leasing, sublicensing, or redistributing the Software
to third parties.
However, the AGPL states this:
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions: […]
Therefore, there is a significant conflict between these licenses, as the AGPL allows distribution of modified version of the software, while WL-1.0 does not. Therefore, there is no clear answer to whether modified versions can be used, as each license opposes the other. Further, AGPL’s section 4 states that you may distribute verbatim copies of the source code, meaning that the first part of WL-1.0 section 2.2 is also in question.
Circumvention of copyright control measures(license keys, etc)
AGPL-3.0 states the following regarding whether technological protections such as License Keys subscriptions are able to be bypassed in appropriately-licensed software:
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work’s
users, your or third parties’ legal rights to forbid circumvention of
technological measures.
However, WL-1.0 states the following: [1] [2]
2.3. Licensee is prohibited from bypassing, removing, or altering any licensing mechanisms,
such as License Key validation, implemented by the Licensor.
- LICENSE KEY AND COMPLIANCE
3.1. Licensee must acquire and maintain a valid License Key from Licensor for the Software.
3.2. Any attempt to bypass or alter License Key functionality constitutes a material breach
of this Agreement.
Therefore, the licenses are again at odds with regards to this situation. Either it is not allowed to bypass these protections, or it is allowed to do so. The two cannot be true at the same time.
Additional Licenses
Further, there are several files under a license that is neither AGPL-3.0-only or WL-1.0. For instance, the gradient/backend/nix-daemon folder contains code exclusively licensed under EUPL, which says that if you must “produce a derivative of the used components” to use the software(like using a library in a rust binary, as is done here), then the distribution of the new derivative(the rust binary) “could be legally impossible (under any license) as soon a copyleft conflict exists”, i.e if EUPL conflicts with WL-1.0 licensed code. Note that while AGPL-3.0 is in the EUPL Downstream Compatibility List, WL-1.0 is not, as it is a proprietary license. However, even if this does not conflict with either other license in the repo, it is not mentioned in CONTRIBUTING.md nor is a copy of the EUPL-1.2 license text included in the LICENSES folder of the repo. I would consider this an issue, as a major component of the backend does not have its license listed publically in the repo.
Conclusion
As someone who is a casual user and contributor to NixOS, I like that the licensing on both Nix and Nixpkgs are clear. This situation makes me nervous to use the software, as not only is an incredibly restrictive license in use here(the WL-1.0), but it is seemingly at odds with the other main license in the repo.
Thank you for your consideration of these issues. Have a good day, wavelens team.