Notices by Jernej Simončič � (jernej__s@infosec.exchange), page 2

@Migueldeicaza /[,\(\s]?#1(s)(\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?)(\s+-?\d+(?{}\.\d+)?\s+-?\d+(?{}\.\d+)?)+(\)?=|\s|$)/

@christian @Suiseiseki You have to do it within the program itself (according to the strict AGPL interpretation, you have to offer the source code as the very first thing when any user accesses the program running on your server). And no, NextCloud does not do this, and neither does any other AGPL program I've come across – it's a mess.

marcan had a great twitter thread on this (with a bunch of examples), but it's unfortunately gone.

@christian @Suiseiseki That's the problem with AGPL – it hasn't been tried in a court.

@Suiseiseki The point of AGPL is that any end-user of the software has the right to the source code of the program they're using, even if it's running on a remote server. It doesn't matter that the patching here was done by the distro – since you're running the program, you're the one that has to provide the exact source of the running program, otherwise that'd be a loophole anybody could use to avoid complying with AGPL.

And while marcan's post was about dspam, where it's questionable if its use even counts as end-users having interacted with it, there are a lot of web apps, where the end-user interaction is obvious (eg. NextCloud).

@christian @Suiseiseki The problem is that if you put NextCloud (or any other AGPL-license program) on the internet, you yourself have to provide the source code of your running instance to anybody who accesses it. How do you achieve that?

@amshepherd @mirabilos @starshine It's an EULA. @marcan wrote a nice explanation here: https://news.ycombinator.com/item?id=24764481