stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
git.stella-ops.org/docs/29_LEGAL_FAQ_QUOTA.md

5.2 KiB
Raw Permalink Blame History

#29 · Legal FAQ — 333 Scan/Day FreeTier Quota

Status: Published applies to all opensource (AGPL3.0orlater) builds
Audience: project contributors, downstream packagers, OSS users, lawyers
Scope: clarifies how the dailyquota mechanism interacts with copyright licences, fairuse, forking rights and the AGPLnetworkuse clause.
Not a contract: this FAQ is informational and does not replace the actual licence text (GNU AGPL3.0) shipped with every source tarball.

1·Is the 333 scans per UTC day limit a licence restriction?

No.
The quota is an operational usage limit enforced by runtime code (StellaOps.Quota plugin).
The source code itself remains available under the GNU  Affero General Public Licencev3.
Any person may:

  1. Receive the complete corresponding source (AGPL §6).
  2. Modify or remove the quota logic, and
  3. Run those modified versions, even over a network (AGPL §13),

provided they also comply with the licence duties (e.g. offer their own modified source to users who interact with the modified program over a network).

2·Why doesnt the quota violate AGPL §0 or §13?

  • §0 (Freedom to run the program)  You can run unmodified or modified copies of StellaOps for any purpose and in any quantity inside your own infrastructure. The quota only limits how many scan operations the official binaries will accept; it does not forbid you from creating binaries without that limit.

  • §13 (Remotenetwork interaction)  If you provide StellaOps as a service and keep the quota, users interact with an unmodified AGPL work, so no extra obligations arise.
    If you remove or change the quota, that counts as a modification; under §13 you must make your modified source code available to those remote users.

3·May I fork the project and delete the quota altogether?

Yes the AGPL expressly permits this.
However, three practical notes apply:

Aspect Obligation / Consequence
Source availability You must provide the full modified source (including build scripts) under AGPLcompatible terms.
Trademarks The name “StellaOps”, the starlogo and the “333” banner are trademarked. Remove them or obtain prior written consent before redistributing a modified build.
Update Kit tokens Official OfflineUpdateKit (OUK) tarballs embed signed ClientID JWTs that expect the quota codepath. If you strip that path, you will also need to maintain your own OUK feed or rebuild the tarballs.

4·What about educational labs or “Hack Week” events that need more than 333 scans?

You have three options:

  1. Request a shortlived Workshop Token  project maintainers can issue a signed JWT that temporarily raises the limit (subject to availability).
  2. Spin up additional tokens  each API token carries its own 333 scans/day budget; e.g. a class of 40 students can share ten tokens.
  3. Compile without quota  ideal for private, nonpublic courses; remember to keep the modified source accessible to participants.

None of these options require a commercial licence fee.

5·Does the quota create a fieldofuse restriction (GPL FAQ concern)?

No. The limit is quantitative (how many scans per unit of time), not a prohibition on where or for what purpose you run the software. Therefore it does not impose an additional fieldofuse restriction and remains compatible with AGPL§7.

6·How does the Offline Update Kit interact with licence tokens?

  • Every OUK tarball ships a signed ClientID JWT with 30day validity.
  • The token is stored at /keys/client.jwt on the backend container and refreshed on each OUK upload.
  • If you fork the codebase and remove the quota, you must either
    (a) ignore the token entirely, or
    (b) generate and sign your own tokens the signing key is not included in the public repo for security reasons.

7·Can forks override the limit?

Yes. Forks could provide ClientID tokens with maxScansPerDay = 0 (unlimited). The same runtime code path is used; no proprietary mechanism exists inside the opensource core.

8·Why 333 not 100, 500 or 1000?

  • 333 ≈ the 95thpercentile daily build count of small/mediumsized selfhosted GitLab instances we surveyed in 2024.
  • It leaves headroom for bursty days while nudging larger teams towards Plus/Pro the main revenue driver that funds continued development of the opensource core.

See 02_WHY.md §5 for the full productmanagement rationale.

9·Who can I contact for licensing support?

  • Email: legal@stellaops.org

10·Change Log

Version Date Comment
v1.0 18Jul2025 First public revision aligns with quota rev2.0.