synseer wrote on Monday, January 27, 2014:
Hi,
IANAL but I have spent a lot of time thinking and focusing on licensing as it applies to Open Source Health IT.
Generally, Apache/BSD licensed code can be pulled into GPL projects, as long as source code copyright notices are honored.
The AGPL is another beast entirely. Accepting AGPL code into OpenEMR will require that the entire codebase is relicensed under the AGPL (probably a good time to move to v3 of the licenses if you have not already). This will have profound impacts on your community.
If I understand what MD Support is saying correctly, then I believe he is wrong. Putting something in a different directory does not absolve the requirements of the license. Once software is merged into a “whole” the license applies to the whole, or at least that is how the FSF “viral” or keep-it-free license operate.
In many GPL Health IT communities, there end up being “private forks” sold. These private forks are enabled b/c of two reasons:
First the GPL applies primarily to those who you transmit licenses too, i.e. third parties. Frequently doctors do not know or care that they have the right to republish the sourcecode they receive from a OpenEMR fork. That ignorance means that the OpenEMR fork owner is never in a position where the GPL is triggered meaningfully… In a sense your project encourages this misunderstanding of the implications of the current license by using the “vendor” directory. The GPL covers the content of the vendor directory too, and any end client can request the entirety of the software under the GPL and enforce the license. But they just don’t know to do that, and the “vendor” directory helps perpetuate ignorance.
Second, many offer OpenEMR based code “As a service” offered over a network, which means that they have not obligation at all to share their version of the code with their customers. This is frequently called the “Google loophole” since it is how Google avoids releasing their extensive modification to the Linux kernel.
The AGPL requires closes the Google Loophole and ensures that anyone who can access the service has the right to request the code. I see no reason why offering a demo to someone of an AGPL codebase would not trigger the “offering the service” part of the license which would mean that the AGPL would make it much more difficult to maintain private forks of the project.
Frankly, the OpenEMR community already probably overlooks traditional GPL violations, and it should be noted that AGPL will not help if OpenEMR continues to ignore its enforcement options. But switching to the AGPL would make enforcement much easier (if that is why it is ignored so much now).
Of course IANAL, and even if I were IANYL, and also YMMV.
Good luck.
-FT