stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
git.stella-ops.org/docs/29_LEGAL_FAQ_QUOTA.md

130 lines
5.2 KiB
Markdown
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#29 · Legal FAQ — *333 Scan/Day FreeTier Quota*
> **Status:** Published applies to all opensource (AGPL3.0orlater) builds
> **Audience:** project contributors, downstream packagers, OSS users, lawyers
> **Scope:** clarifies how the dailyquota mechanism interacts with copyright
> licences, fairuse, forking rights and the AGPLnetworkuse clause.
> **Not a contract:** this FAQ is **informational** and does not replace the
> actual licence text (GNU AGPL3.0) shipped with every source tarball.
---
## 1·Is the *333 scans per UTC day* limit a **licence** restriction?
**No.**
The quota is an **operational usage limit** enforced by runtime code
(`StellaOps.Quota` plugin).
The source code itself remains available under the
[GNU  Affero General Public Licencev3](https://www.gnu.org/licenses/agpl3.0.html).
Any person may:
1. **Receive the complete corresponding source** (AGPL §6).
2. **Modify** or **remove** the quota logic, and
3. **Run** those modified versions, **even over a network** (AGPL §13),
provided they also comply with the licence duties (e.g. **offer**
their own modified source to users who interact with the modified
program over a network).
---
## 2·Why doesnt the quota violate AGPL §0 or §13?
* **§0** (Freedom to run the program)  You can run unmodified or
modified copies of StellaOps for any purpose and in any quantity
inside your own infrastructure. The quota only limits *how many scan
operations the official binaries will accept*; it does **not** forbid
you from creating binaries without that limit.
* **§13** (Remotenetwork interaction)  If you provide StellaOps as a
service and keep the quota, users interact with an unmodified AGPL
work, so no extra obligations arise.
If you **remove** or **change** the quota, that counts as a
modification; under §13 you must **make your modified source code
available** to those remote users.
---
## 3·May I **fork** the project and delete the quota altogether?
Yes the AGPL expressly permits this.
However, three practical notes apply:
| Aspect | Obligation / Consequence |
|--------|-------------------------|
| **Source availability** | You *must* provide the full modified source (including build scripts) under AGPLcompatible terms. |
| **Trademarks** | The name **“StellaOps”**, the starlogo and the “333” banner are trademarked. Remove them or obtain prior written consent before redistributing a modified build. |
| **Update Kit tokens** | Official OfflineUpdateKit (OUK) tarballs embed signed ClientID JWTs that expect the quota codepath. If you strip that path, you will also need to maintain your own OUK feed or rebuild the tarballs. |
---
## 4·What about **educational labs** or “Hack Week” events that need more than 333 scans?
You have three options:
1. **Request a shortlived *Workshop Token***  project maintainers can
issue a signed JWT that temporarily raises the limit (subject to
availability).
2. **Spin up additional tokens**  each API token carries its own 333
scans/day budget; e.g. a class of 40 students can share ten tokens.
3. **Compile without quota**  ideal for private, nonpublic courses;
remember to keep the modified source accessible to participants.
None of these options require a commercial licence fee.
---
## 5·Does the quota create a **fieldofuse restriction** (GPL FAQ concern)?
No. The limit is *quantitative* (how many scans per unit of time), not a
prohibition on *where* or *for what* purpose you run the software.
Therefore it does **not** impose an additional fieldofuse restriction
and remains compatible with AGPL§7.
---
## 6·How does the **Offline Update Kit** interact with licence tokens?
* Every OUK tarball ships a **signed ClientID JWT** with 30day
validity.
* The token is stored at `/keys/client.jwt` on the backend container and
refreshed on each OUK upload.
* If you fork the codebase and remove the quota, you must either
(a) ignore the token entirely, or
(b) generate and sign your own tokens the signing key is **not**
included in the public repo for security reasons.
---
## 7·Can forks override the limit?
Yes. Forks could provide ClientID tokens with `maxScansPerDay = 0`
(unlimited). The same runtime code path is used; no proprietary
mechanism exists inside the opensource core.
---
## 8·Why 333 not 100, 500 or 1000?
* 333 ≈ the 95thpercentile daily build count of **small/mediumsized
selfhosted GitLab instances** we surveyed in 2024.
* It leaves *headroom* for bursty days while nudging larger teams
towards Plus/Pro the main revenue driver that funds continued
development of the opensource core.
See *02_WHY.md §5* for the full productmanagement rationale.
---
## 9·Who can I contact for **licensing support**?
* Email: **legal@stellaops.org**
---
## 10·Change Log
| Version | Date | Comment |
|---------|------|---------|
| **v1.0** | 18Jul2025 | First public revision aligns with quota rev2.0. |
Reference in New Issue View Git Blame Copy Permalink