stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
b04557a92333a134669d42e604457d085cbb4234
git.stella-ops.org/docs/29_LEGAL_FAQ_QUOTA.md
master b04557a923 Initial commit
2025-08-30 21:05:34 +00:00

3.1 KiB
Executable File
Raw Blame History

LegalFAQ — FreeTier Quota & AGPLCompliance

Operational behaviour (limits, counters, delays) is documented in
33_333_QUOTA_OVERVIEW.md.
This page covers only the legal aspects of offering StellaOps as a service or embedding it into another product while the freetier limits are in place.

1·Does enforcing a quota violate the AGPL?

No.
AGPL3.0 does not forbid implementing usage controls in the program itself. Recipients retain the freedoms to run, study, modify and share the software. The StellaOps quota:

  • Is enforced solely at the service layer (Redis counters) — the source code implementing the quota is published under AGPL3.0orlater.
  • Never disables functionality; it introduces time delays only after the free allocation is exhausted.
  • Can be bypassed entirely by rebuilding from source and removing the enforcement middleware — the licence explicitly allows such modifications.

Therefore the quota complies with §§ 0 & 2 of the AGPL.

2·Can I redistribute StellaOps with the quota removed?

Yes, provided you:

  1. Publish the full corresponding source code of your modified version
    (AGPL§13 & §5c), and
  2. Clearly indicate the changes (AGPL§5a).

You may retain or relax the limits, or introduce your own tiering, as long as the complete modified source is offered to every user of the service.

3·Embedding in a proprietary appliance

You may ship StellaOps inside a hardware or virtual appliance only if the entire combined work is distributed under AGPL3.0orlater and you supply the full source code for both the scanner and your integration glue.

Shipping an AGPL component while keeping the rest closedsource violates §13 (“remote network interaction”).

4·SaaS redistribution

Operating a public SaaS that offers StellaOps scans to third parties triggers the networkuse clause. You must:

  • Provide the complete, buildable source of your running version — including quota patches or UI branding.
  • Present the offer conspicuously (e.g. a “Source Code” footer link).

Failure to do so breaches §13 and can terminate your licence under §8.

5·Is email collection for the JWT legal?

  • Purpose limitation (GDPR Art. 51 b): address is used only to deliver the JWT or optional release notes.
  • Data minimisation (Art. 51 c): no name, IP or marketing preferences are required; a blank email body suffices.
  • Storage limitation (Art. 51 e): addresses are deleted or hashed after ≤7days unless the sender opts into updates.

Hence the token workflow adheres to GDPR principles.

6·Changelog

Version Date Notes
2.0 20250716 Removed runtime quota details; linked to new authoritative overview.
 1.0 20241220 Initial legal FAQ.