Hello,
I am contacting you to inquire about the procedure for reporting a French private company that is using the SuiteCRM solution without complying with the terms of the AGPLv3 license.
It appears that this company has been developing and marketing application solutions based on the SuiteCRM source code for several years throughout France without ever publishing its source code to the community.
Thank you in advance for your feedback on any actions that could be taken.
XeroX63
I’m curious on this one specifically, as I’m developing plugins myself for SuiteCRM. It’s my understanding I have no obligation to publish the code anywhere unless I’m actually modifying the SuiteCRM source code (which typically plugins do not). I would be obligated to supply the source code to any one I give or sell it to (which you do anyway so they can install it). However, I don’t need to publicly post the source code to any work I create that relates to SuiteCRM. Am I correct?
I’m curious what specifically are they doing that’s in contrevention of AGPLv3?
Curious as well - do you have more specifics?
So it seems - it would be interesting to get a lawyers perspective, in case there are any here?
Hello Pstevens and Marteau Bastian,
To answer your questions, it seems to me that the GNU AGPLv3 license is very different from a classic Open Source license. Indeed, the Free Software Foundation website ( The GNU General Public License v3.0 - GNU Project - Free Software Foundation ) states that all source code must be made available, and unless I’m mistaken, I believe this is even more true when the service is offered as SaaS.
I have no doubt that many developers disregard this obligation, but in this case, we’re talking about a company that employs dozens of people and has been marketing a complete software suite for years without ever complying with this requirement.
However, I would be interested in an expert opinion (from a lawyer or the SalesAgility team).
Right from the FAQ’s:
Does the GPL require that source code of modified versions be posted to the public? (#GPLRequireSourcePostedPublic)
The GPL does not require you to release your modified version, or any part of it. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.
But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the program’s users, under the GPL.
Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.
… I guess it depends on the definition of “release to the public”. If you sell it and contract PRIVATELY with a client to give them access to the software you have modified, you are not “releasing it to the public”. I’m not a lawyer, but that’s how I read it.
I think this is further clarified here…
If I know someone has a copy of a GPL-covered program, can I demand they give me a copy? (#CanIDemandACopy)
No. The GPL gives a person permission to make and redistribute copies of the program if and when that person chooses to do so. That person also has the right not to choose to redistribute the program.
…and here
What does “written offer valid for any third party” mean in GPLv2? Does that mean everyone in the world can get the source to any GPLed program no matter what? (#WhatDoesWrittenOfferValid)
If you choose to provide source through a written offer, then anybody who requests the source from you is entitled to receive it.
If you commercially distribute binaries not accompanied with source code, the GPL says you must provide a written offer to distribute the source code later. When users non-commercially redistribute the binaries they received from you, they must pass along a copy of this written offer. This means that people who did not get the binaries directly from you can still receive copies of the source code, along with the written offer.
The reason we require the offer to be valid for any third party is so that people who receive the binaries indirectly in that way can order the source code from you.
… so I think it’s saying “not the world” but everyone who you provide it through a written offer (ie: contract)…. gets the code, which, is standard practise. What you can’t do is encrypt the code in such a way the end user can’t access it.