Skip Navigation
No Stupid Questions @lemmy.world
Electricd @lemmybefree.net

Does the AGPL license allows not disclosing the source of third party scripts (in)directly interacting with the main software?

Let's say I use some AGPL software like Mastodon or Gitea. If I write a script to interact with some elements, like a nodejs script that interacts with the messages posted to act as an antispam, is it considered derivative work?

If I use a custom theme, does it have to be AGPL? If I add an overlay over the interface or interact with Mastodon through JS, does it have to be AGPL?

For Gitea, if I make a script to scrap some visual elements and send it by email to some people, does it have to be AGPL?

For an email software like Mailcow, if I write an antispam script that communicates with Mailcow's API, does it have to be AGPL?

2 comments

  • My understanding -- IANAL -- of the central thrust of the AGPL is that if there is software that runs somewhere else and serves the result to a user, then that is considered a "distribution" of the software and thus requires the source to be made available to said users, if they want a copy. If you run an unmodified copy of that software, you satisfy your obligation simply by linking to where the unmodified source can be found.

    So for your title question, I don't think the dividing line is whether your software is directly/indirectly interacting with existing AGPL software, but rather the question is whether your software affects the service provided to the user.

    Starting with your first scenario, I presume that you mean a server-side NodeJS script, and that would modify the results returned to the user. Thus, I would think this is indeed a distribution and the AGPL's provisions would require your NodeJS script being made available to the user.

    For your second scenario, I'm not entirely sure if you mean a server-side or client-side theme or overlay. If you modify a CSS file that is served to the user, I would think that's a distribution. But if you're writing a browser extension that overrides the default CSS file from the server, then no distribution of the server software has been made, I think. If you edit a JavaScript file that is part of the Mastodon package, I suspect that is a distribution, because that file is loaded to the user in order to use the service. But I'm not entirely certain on this.

    In the third scenario, a scraper would be consuming the result returned by an unmodified AGPL software package, so there is no obligation to offer the source code for your scraper.

    The fourth scenario is also a "use" of unmodified AGPL software, and so you have no obligation to offer your custom script to your users.

  • This is a question about what constitutes a derivative work. IANAL and that's a difficult question most of the time. I'm not going to try to answer it. I'm reasonably sure that the last 3 are not derivative works, but again, IANAL.

    If something is a derivative work of an AGPL-licensed product, that work must also be AGPL. This basically means you must provide source to anyone who has a copy of the binary or any user of the software. If only you are using the script, it's a pretty trivial case. You're the only author/user of the software and you have the source so you're in compliance.