Canonical Fully Open-Sources the Launchpad Code 104
kfogel writes "Canonical has just fully open-sourced the code to Launchpad. Although we'd said earlier that a couple of components would be held back, we changed our mind. All the code has been released under the GNU Affero General Public License, version 3. 'Canonical will continue to run the Launchpad servers, taking care of production and deployment issues; opening up the code doesn't mean burdening the users with all of that stuff. At the same time, we'll institute processes to shepherd community-contributed code into the system, so that people who have ideas for how to improve Launchpad can quickly turn these ideas into reality.'"
sweet (Score:4)
I [heart] this company and Ubuntu,
Really? (Score:4, Interesting)
https://bugs.launchpad.net/ubuntu/+bug/377005 [launchpad.net]
https://bugs.launchpad.net/ubunet/+bug/375345 [launchpad.net]
Re: (Score:1)
Big deal, Canonical is a company that pushes a giant open-source project, and it not coincidentally has a lot of control over it and uses its name in a service they offer (it's not even necessarily a paid service - I believe the 2gb plan is free!). I think they've earned that much.
Debian (Score:5, Interesting)
Re: (Score:1)
Sounds good to me!
Re: (Score:1)
Re:Debian (Score:4, Insightful)
That's ass backwards. We need *more* PPAs with the latest versions. What's missing is an easy way to pick them from a checklist while automatically fetching GPG keys. This way you have something like an open app store, and it solves the problem of not having recent enough versions in the repository - you need a bleeding edge version, you check the relevant PPA and the latest bells and whistles magically appear in the package manager.
Re: (Score:1)
Re: (Score:2, Informative)
And we could call that "unstable", right?
Actually launchpad for Debian would suck - we shouldn't have to sign up to a site to submit bug reports.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:3, Insightful)
Personally I'm waiting for them to add better integration of PPAs into Synaptic. For example, when I need a bleeding edge version of Banshee, or some application not in Debian like Handbrake, I pick its PPA from a list, enter the password and it magically appears in Synaptic. After this I'm asked which programs from this PPA I want to install (again a list for PPAs that have several). Since it allows only PPAs and not some arbitrary repositories, it could be protected against malware to some extent. This wo
Re:Debian (Score:5, Informative)
The problem with this is that PPA means "Personal" Package archive and a lot of them are just that - an arbitrary repository. In many cases you are trusting some random stranger, and not Canonical, to have produced a package that doesn't contain horrendous malware. Every Launchpad user is entitled to a 1GB PPA just by signing up. Mine contains packages for MythTV with patches to fix a bug that hasn't made it out to the stable branch yet. You can install them if you really want to, but do you trust me? And how do you distinguish from all the other people with MythTV in their PPA?
Lots of projects have links to deb packages that install their GPG key and their PPA, after which you can see them in Synaptic, but this still isn't any guarantee. About the only thing you can do is be careful which groups you install keys and PPAs from. And I'd guess the reason that more of them aren't in the Universe repository is that the task of vetting them all is a mammoth one.
Re: PPA and GPG keys (Score:2)
Lots of projects have links to deb packages that install their GPG key and their PPA, after which you can see them in Synaptic, but this still isn't any guarantee. About the only thing you can do is be careful which groups you install keys and PPAs from.
I'm curious if anyone thinks the "web of trust" around signing other GPG keys could work here. The idea being that more trustworthy PPA members would have their keys signed by many others, while less reputable PPA members would have limited key signatures. This would essentially be a rating system of trust for PPAs.
I know when I use add a new PPA, I try and do a bit of research (e.g. find a lot of links to, or comments about, the PPA) that makes me feel better about trusting some third party binary.
Re: (Score:3, Informative)
Well unless the authors become dumbasses overnight, you'll probably be waiting a long time. Package management needs to be a single coherent database, making it much more distributed than it needs to be is just asking for pain ... PPAs/KoPeRs aren't terrible in moderation, and solve a couple of problems. But if you make them easily available (ie. available to people who don't know what problems they cause) the solution is much
Re: (Score:2)
... PPAs/KoPeRs aren't terrible in moderation, and solve a couple of problems. But if you make them easily available (ie. available to people who don't know what problems they cause) the solution is much worse than the problem.
I agree PPA are good if you want the newest software and understand that installing these packages might break your system... People who don't understand that shouldn't be using PPAs...
I guess it closes bug #393596 ? (Score:4, Insightful)
Status should be changed to "Fix released", then:
https://bugs.launchpad.net/ubuntu-community/+bug/393596 [launchpad.net]
Re: (Score:2)
Re:I guess it closes bug #393596 ? (Score:5, Insightful)
what.
It is approved by both the OSI [opensource.org] and, obviously, the FSF. [fsf.org] Are you trolling?
Re: (Score:1, Informative)
Re: (Score:2)
It is approved by both the OSI [opensource.org] and, obviously, the FSF. [fsf.org] Are you trolling?
GFDL (with those "invariant sections") also came from the FSF, is that "Free" too?
It is perfectly reasonable to not agree with how the FSF chooses to define things.
Is the AGPL a EULA? (Score:2)
But the AGPL says you have to release source if you run the code on a server exposed to the public... That's scarily close to a EULA: it takes away rights you have
Re: (Score:2)
The relevant language in the AGPL technically sidesteps this problem, although I'm not sure whether it addresses the spirit of your concern. The key point is section 13:
Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software.
So, the rule is that you can't modify AGPL software to remove an offer to provide source code to networked users; it's not technically a restriction on use, but rather on modification. The odd thing is that it applies to a modification that isn't distributed. Asserting the ability to use copyright to restrict that kind of modification is ver
Re: (Score:2)
It makes sense to me. Imagine something like Facebook, but on a much smaller scale, got open-sourced with the AGPL. Then someone took it, made a lot of improvements, and started a new site to compete with it. They're benefiting from the source, but they aren't giving back, because their modified code runs on their server and provides a service to others over the net. They aren't distributing the code, but they're distributing the resulting service, and no one else can also benefit from the improvements
Re: (Score:2)
Re: (Score:2)
I didn't say anywhere that AGPL prevents you from modifying software. The concern is that, by relying on the same legal reasoning that allows other software producers to use EULAs to restrict people's use of their software, the AGPL might have the unintended consequence of reinforcing these restrictions.
Re: (Score:3, Interesting)
So when (assuming it was under the AGPL rather than the GPL) I modify my Drupal settings.php file to include the connection string to my database, do I have to share that with my site visitors? Or do passwords want to be free as well?
The legal advice the Drupal community has got from the FSF with regards to the GPL is that with PHP apps any PHP include files fall under their linking clauses and are subject to the GPL as well. Which means that every Drupal (and also many other similar PHP apps) sites out the
Then use settings.json not settings.php (Score:2)
So when (assuming it was under the AGPL rather than the GPL) I modify my Drupal settings.php file to include the connection string to my database, do I have to share that with my site visitors?
Then modify the software to store the passwords in a container other than a PHP source code file, and share your modification with your users. This container might be a JSON or XML document, which is deemed data, not code, under the license.
Re: (Score:2)
How about you don't store your passwords in your scripts? Config files are where you want this kind of thing. I recommend a hashed passsword stored in YAML.
Re: (Score:2)
The relevant language in the AGPL technically sidesteps this problem, although I'm not sure whether it addresses the spirit of your concern... it's not technically a restriction on use, but rather on modification.
Yeah again, it's trying to take away a right I had (modification without distribution, that's ok under default copyright law, right?). So if I reject the AGPL and use the code anyway, am I doing anything wrong, from a legal point of view?
Re: (Score:2)
Yeah again, it's trying to take away a right I had (modification without distribution, that's ok under default copyright law, right?).
That's not entirely clear under the copyright law of the United States, where FSF is headquartered. MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511 (9th Cir. 1993).
So if I reject the AGPL and use the code anyway, am I doing anything wrong, from a legal point of view?
I wouldn't be surprised if an attorney enforcing the copyright in her client's AGPL software were to argue that making software available for interactive use over a network is a public performance.
Public performance (Score:2)
But the AGPL says you have to release source if you run the code on a server exposed to the public... That's scarily close to a EULA: it takes away rights you have (the right to use the code given to you; the intermediate copying steps are protected in part explicitly by law and in part implicitly under fair use).
When a computer program is used interactively over a network, one could argue that it is performed publicly. Performing a work publicly is the exclusive right of the copyright owner.
Re: (Score:2)
Are you trolling?
No. He just wants it under a BSD license so he can close it up, take a free ride on the work of others and make it part of his product.
Re:I guess it closes bug #393596 ? (Score:5, Interesting)
The GNU affero is an abomination.
A customer of mine was skeptical about open source. Then one of their people started reading the Affero GPL, and was terrified ("this means they can do a surprise inspection on our premises!") now anything with GPL or open source is out of the question. They even bought an xserve for php
You mean as opposed to the Business Software Alliance? Which you agree to allow to do a surprise inspection on your premises if you buy software from their members (Microsoft, Adobe, etc). Yeah they better not use open source because, you know, those guys might launch a surprise inspection, not that I have ever seen a report of them doing so (unlike the BSA), but they might.
So they better stick to safe software from Microsoft and Adobe, they would never invade the privacy of their customers (except of course when they can make money from doing so).
Re:I guess it closes bug #393596 ? (Score:5, Informative)
its not quite like that - we had a surprise inspection from Microsoft.. well, they surprised us by telling us we'd be inspected, and they kindly offered to come and do an analysis of our software licences to see which ones we'd accidentally forgotten to buy.
Unfortunately, the analysis required the use of a 3rd party who were very happy to charge us only a reasonable sum to let us run a licence-checker tool on every workstation and send the results to them where they'd put it in excel and tell us how many licences we should have bought, leaving us to compare that to the number we had bought.
so in effect, we had to pay to inspect ourselves. And we still owe MS a bundle!
Re: (Score:2)
Re: (Score:3, Informative)
The AGPL requires you to make the source code available to people who use the software over a network - so you cannot use AGPL code in a web app on the public internet without releasing the source.
The stuff about inspecting premises is FUD. I think this is a new version of an old troll comment.
Re: (Score:2)
While I feel that Affero GPL goes a little bit too far, your story only proves that your customer was an idiot.
Re: (Score:1)
...one of their people started reading the Affero GPL, and was terrified ("this means they can do a surprise inspection on our premises!")
What section(s) and/or line(s) of the license imply an authorization of surprise inspections?
Re: Ask Sterling Ball (Score:2, Interesting)
Re: (Score:2)
Same is true with almost all of the proprietary licenses too. They can do a surprise inspection. So your customer would be terrified either
Re: (Score:2)
Re: (Score:1)
Re: (Score:3, Interesting)
This is actually the first clever use of AGPL I am aware of: it prevents a competitor to form around an altered version of Launchpad. If they try, they have to give it to their users and thus Canonical.
It prevents fragmentation of the code base. Very, very clever.
Re: (Score:2)
But that's because of the business model. AGPL is to be used when you are not bothered by competition but you don't want fragmentation of your codebase.
Remember (A)GPL is for protecting the right of the users, not of the coders. If you want to protect your rights as the provider of a software-as-a-service solution, you'd better _not_ use AGPL.
If all you want is a free ride on the work of others, stay away of the AGPL.
Re: (Score:2)
Re: (Score:2)
I see we failed to see the "don't feed the trolls" sign...
Re: (Score:2)
Seriously. If it is true, which I doubt, how's that different from BSA members?
Re:I guess it closes bug #393596 ? (Score:5, Informative)
Wrong. Straight from the GNU:s mouth:
"The GNU Affero General Public License is a free, copyleft license [...]"
http://www.fsf.org/licensing/licenses/agpl-3.0.html [fsf.org]
Re: (Score:1)
It is clearly less free than the GPL just as the GPL is less free than BSD.
Whether it is free enough to count as free is a matter of opinion.
Re: (Score:2, Informative)
It is clearly less free than the GPL just as the GPL is less free than BSD.
Whether it is free enough to count as free is a matter of opinion.
Less free to whom? to the end user is just the same as they don't intend to redistribute the software. To some user who wants to distribute the code, it's less free. To the original developer no, it gives him the freedom to choose how his code is being distributed.
Re: (Score:2)
According to the FSF [fsf.org]:
Re: (Score:2, Insightful)
Re: (Score:2)
The AGPL isn't a Free licence.
Sure it is. You can get it here [fsf.org], doesn't cost a thing except the time to read 33kB of text, and we all know (your) time is worthless.
Bazaar only? (Score:2)
Hm, kind of like GitHub in that regard, then. The nice thing about just picking one source code mgmt system is that you can write a good UI specifically for it. Of course, the cost is that folks have to move over from Subversion or whatever.
Re: (Score:3, Interesting)
Re: (Score:2)
It's gotten to be very good ; I interact with SVN solely through Bazaar these days, not least because it makes the pain of our ludicrous network topology much less.
It also makes branching much easier - and you're much more likely to branch, because your boss isn't going to say "hey, who keeps cluttering the repo with new branches".
Although if he's the kind of boss who watches the commit RSS feed he might start to think you're slacking until you merge and push your first big patch.....
Re: (Score:2)
I don't understand why people have to move. PPA isn't exclusive of Subversion, or any other system, is it? I have some PPA's on my systems, some Subs, I mostly use Synaptic for over all management, but sometimes I find myself going CLI with apt-get - especially when dependencies just won't "resolve themselves". If/when PPA can do everything a person might want to do, then a lot of people probably will move. But, I don't see this happening soon, nor do I see it being a unanimous mass movement. Maybe amo
Re: (Score:1, Informative)
I don't understand why people have to move. PPA isn't exclusive of Subversion, or any other system, is it?
Launchpad's PPAs use existing Debian tools to submit source packages, along with some custom scripts to compile them.
To add a package to a PPA, you only need to upload a few files to a FTP server (after signing them with GPG).
Launchpad uses Bazaar for its hosted version control system. This is independent of the PPAs (and the Bug tracker, translation tool, and most everything else).
Talk about hoops (Score:3, Informative)
First problem is they require bzr 1.16.1 to download their rocket-fuel-setup script, the latest available version in the Ubuntu repo is 1.13.1 -- so you have to manually add the PPA source.
Why do they not have the version *they* use in the repo for *their* operating system?
That aside, the rocket-fuel script then downloads, unpacks, installs, alters and generally takes too long. And if that wasn't enough
## Note that this will make changes to your Apache configuration if ## you already have an Apache server on your box. It will also add ## entries to /etc/hosts and it will setup a postgresql server on
## you box.
## If you want to play safe with regards to your existing Apache,
## try this out in a virtual environment first.
And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.
How about a way to browse it online? I just wanted to see what language it was in, according to the docs it's Python but it would have been nice to be able to take a look at it without spending "a few hours to get everything" jumping through hoops.
Re: (Score:2)
I haven't looked that closely, but can't you go to https://launchpad.net/launchpad-project [launchpad.net] then click on a sub-project and then on the "Code"-tab?
Re:Talk about hoops (Score:5, Informative)
First problem is they require bzr 1.16.1 to download their rocket-fuel-setup script, the latest available version in the Ubuntu repo is 1.13.1 -- so you have to manually add the PPA source.
Why do they not have the version *they* use in the repo for *their* operating system?
Don't be a drama queen now, 1.16.1 was only recently released and you know Ubuntu policy about stable releases.
And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.
bzr get lp:launchpad
Is that easy enough for you? ;)
How about a way to browse it online? I just wanted to see what language it was in, according to the docs it's Python but it would have been nice to be able to take a look at it without spending "a few hours to get everything" jumping through hoops.
https://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/files
Re: (Score:2)
I was in the process of checking out the code using: bzr branch http://bazaar.launchpad.net/~launchpad-pqm/launchpad/devel/ [launchpad.net] Which I found after looking in the code for the setup script, but that's exactly what I wanted.
Re: (Score:1)
In response to your comment it has been added to the FAQ found at https://dev.launchpad.net/FAQ
Re: (Score:1, Informative)
You can browse the code here:
http://bazaar.launchpad.net/~launchpad-pqm/launchpad/devel/files [launchpad.net]
Re: (Score:1)
There is a link to the source code on this page.
https://code.launchpad.net/~launchpad-pqm/launchpad/db-devel/ [launchpad.net]
Re: (Score:1)
BTW, you can get to that page by searching for the "launchpad" project on launchpad, clicking on the "Code" tab, and then clicking on the "lp:launchpad" branch.
https://code.edge.launchpad.net/launchpad [launchpad.net]
Re: (Score:1)
There is a link to the source code on this page.
https://code.launchpad.net/~launchpad-pqm/launchpad/db-devel/ [launchpad.net]
Clicked files, received "Internal Server Error."
Re: (Score:1)
It's as if they don't want anyone to download it.
...
And because there's no way to just _get the source_ (ie. a tarball with source files in it) there's no way to download it without screwing with Apache.
Once you've got bzr 1.16.1 or later you can do bzr branch lp:launchpad to get the Launchpad code. That's pretty easy. Then, if you find yourself fixing a bug, you have a working tree in which to commit your changes. A tarball is a static lump with no history and no future, and if you want tomorrow's code, you'll have another big tarball to download.
How about a way to browse it online?
http://bazaar.launchpad.net/~launchpad-pqm/launchpad/db-devel/changes [launchpad.net]
Bzr 1.17.1 is in Karmic (Score:2)
So in other words, Launchpad developers are also Ubuntu developers. Imagine that.
Re: (Score:2)
Whinge moan :)
They decided to release early so people can have a go with it, give them a chance fs.
Re: (Score:2)
bzr-1.16.1-1.fc11 is the current version in Fedora 11 :)
Re:What influenced this move? (Score:5, Informative)
Did Google's Chrome OS have something to do with this move, I think so. Why you may ask: Because entry of another Linux based Open Source OS into the Linux playground does nothing to further Canonical's ambitions.
Now waiting on Adobe and its Flash Technologies to do likewise.
What on earth are you talking about? This has nothing to do with a desktop operating system. Furthermore, Canonical promised a year ago tomorrow to release the source code within a year. This pre-dates the announcement of Chrome OS by at least 11 months.
Re:What influenced this move? (Score:4, Insightful)
Re:What influenced this move? (Score:5, Funny)
Did Google's Chrome OS have something to do with this move
No, I think it was more that Microsoft contributed code the Kernel and they didn't want to be accused of having closed-sourced software when even Microsoft was opening up. Or maybe it was the vulnerabilities found in the Kernel, they decided if exploits could slip into the most-watched open source project they need to get more eyes on their code. It could have even been that because the world is supposed to end in 2012, but I think I would be drawing a correlation where there isn't one if I said that.
Re: (Score:3, Insightful)
People from slashdotters, to bloggers, to self appointed tech reviewers, to wall street lackwits try to read drama into everything that happens in the computing world. A new Firefox is the IE Killer, Chrome was the FF and IE killer, Android was the iPhone killer, etc ad nauseum. It's almost as if people DEMAND that one killer OS, and a handful of killer apps rule the world. God help us if that ever does happen. It would be pure hell trying to be "different". It would be like - like - well - it would be
What does this mean? (Score:2)
Is it the code to the Launchpad site itself? Like I could use a copy of it to manage and track bugs and development on my own projects? Or are they talking about some kind of framework / os that Launchpad runs on?
As far as I can tell from my limited browse of Launchpad, it seems like an alternative to Sourceforge no?
Re: (Score:2)
Is it the code to the Launchpad site itself? Like I could use a copy of it to manage and track bugs and development on my own projects? Or are they talking about some kind of framework / os that Launchpad runs on?
As far as I can tell from my limited browse of Launchpad, it seems like an alternative to Sourceforge no?
This is the full exact source code launchpad.net runs.
Re: (Score:2)
Yes.
There already were alternatives to sourceforge. Google GNU Savanna, for instance, which is running the same software (sourceforge runs a commercial fork of the original code iirc).