 Thank you. My name is Carlo Piana. I'm a lawyer in Italy. I've been involved in free and open-source software matters since the early years of this century. Maybe some of you know me from my work with the Free Software Foundation Europe and the European Little Network and many other initiatives. I have I am founding partner of Array in IT law firm dedicated to information technology law and especially free and open-source software licensing and compliance. Today we are presenting a case which we regard being the first GPL case in Italy heating courtroom. That is interesting because also it involves the public administration Distributing software and this public administration not only enough is the national anti-corruption authority. It's a happy ending story, fortunately. We brought them to compliance. We agreed on compliance after nearly two years of discussions though. I'm going to be held by my friends and colleagues. Fabio Pietro Santi, president of Herman Center, the producer, the manufacturer of Global Ix. It's also the client. And my colleagues Giovanni Battista Gallus and Alberto Piennon both are partners of Array 2. Without any further ado, I will hand over to Fabio. Fabio, please introduce yourself, Herman Center and Global Ix. Thank you. Thank you, Carlo. So the Herman Center for Transparency and Digital Human Rights, it's the NGO that in 2012 started up the Global Ix Whistleblowing software. That's a free software project working towards the protection of Whistleblower and that started just after the WikiLeaks Collateral Murder fax as a way to find out how NGOs, journalists and also public agencies and corporations can provide better protection to Whistleblower. This software is an AGPL license and it's being used by a variety of users within the different NGO and the journalistic sector, in particular within the anti-corruption NGO. And in that context that we started working with the Transparency International, the key NGO existing in more than 110 different countries and with the anti-corruption bodies that are public agencies looking at the fight of corruption. In that sense, we found ourself in reading a public consultation by the Italian National Anti-Corruption Authority while we were already working and supporting the Transparency International Italy chapter by improving the Global Ix free software in order to look at that direction of anti-corruption activism. And we were very direct in answering the public consultation with our insight and advice. This led us to start an informal cooperation that became a formal cooperation without any economic basis, entirely done on a pro bono basis, in developing a set of features that was useful for ANAC, the Italian National Anti-Corruption Agency, and possibly for all the Italian public agencies that had to deploy a Whistleblowing system in the fight of corruption because in Italy the law required public agencies to provide a secure reporting channel for the fight of corruption. So we spent months of dedicated development and interaction with the anti-corruption agency, making improvements following needs that we spotted from the underlying meeting that we had with them to understand how can we make Global Ix to further evolve in serving the anti-corruption world, not just in the NGO Activistic sector, but also in the regulatory body that looked forward the support of public agencies and corporations. In that ANAC had a very good vision. They were very well prepared technicians there and with our CTO and lead developer Giovanni Pelerano, we went undergoing more than 20, 24 different features set and improvement to the software with alteration between their manager and board and their technician and different legal officers and achieved a set of functional release of the software. The codename of the software was Open Whistleblowing. And interesting enough that we heard informally that someone inside the public agency, that large and powerful central public agency, didn't like the word leaks part of Global Ix because remember in WikiLeaks and the internal decision was to use a codename Open Whistleblowing. Fair enough, we are working to make the world a better place to stay so it's fine to have this kind of codename. So we worked with them until we decided together, they decided that it was the time to publish the modification that we did to the software. Most of them was already being committed upstream into the main global software now being used by thousands and thousands of public agencies in the world, not just in Italy. But some of them was, you know, some hard patch that you put into the code and this was put, uploaded, committed into the GitHub profile of Anarch slash Anticorruzione on GitHub under the codename of Open Whistleblowing and we did it. So what happened next? It happened next that, well, there was a tender to move it forward rather than developing in a community oriented way and with an iterative evolutionary approach to the software, like going iterative with a beta approach. And, you know, public tender became very nasty and very complicated. And basically we found that most of our pro bono work was ended in the hands of the winner of a very bureaucratic public tender where as an NGO it's also quite difficult to provide the very same requirement. In the tender it has been written to support a deprecated version of the Microsoft SQL server. So it was against our vision also to look at the direction of supporting deprecated software into global links that are secured by default and very well open source component integrated piece of free technology. And so in the end, what happened next? I mean, Gerard Battista Gallo can explain better than me. Thank you very much, Fabio. So my role is to describe what happened and how we managed to obtain compliance with AGPL and we leave to Carlo and Alberto the details of the most important legal issues. So, as far as we know, this is the first case of, first time that any GPL compliance case has been brought before an Italian court and one of the very first cases involving compliance from a public and asked from a public administration. And so I think it's quite interesting, even if we reached a settlement, so not a decision. So what happened? Global leaks, which was developed, the protocol type was uploaded on GitHub in 2016 and together with AGPL, V3Liant, Science and Plus, the reason for legal notice is under Article 7B, powered by Global Leaks. So additional terms under Article 7, 7B. And Hermes had an agreement with ANAT, the Italian Anti-Corruption Authority, as already pointed out, mentioned by Fabio. And so, first one to this agreement, Hermes gave ANAT control of the GitHub account and then the C decided to issue a public tender for the development and maintenance of this prototype. And after quite a while, in 2019, so a few years after they published in the Project Repository a derived version, which was called Open Wisdom Blowing. And there were, however, several issues because the AGPL license was gone and it was replaced with the EUPL, European Union Public License 1.2. And also the reasonable legal notice was removed. There was only the author's note and some of the corresponding source, as defined in Article 1 and 6 of the license, was not completely available. And also Open Wisdom Blowing was adopted by several public administrations and, of course, it was adopted in the incompatibly licensed flavour, so to speak. So what happened next? Carlo Piana, our friends, started writing to ANAT several times, trying to keep his composure, his well-known composure, to be as calm as possible and never asking for damages, but only to asking for compliance on behalf of the Hermes Centre. And, however, the answers of ANAT were not so exactly friendly and, of course, they stated they were not infringing anything, but the compliance was not obtained because they stated they were not, they were absolutely respecting, abiding the license and the change of license was perfectly legal and so the violation was ongoing. And so Hermes could abide itself of the close 8, the close of Article 8 of the AGPL, which provides for the termination upon violation, but also provides that if the violator cures the violation within 30 days of the notification, then the license is permanently reinstated. But in this case, ANAT, in the proposition of Hermes, was still in breach, didn't cure the violation, so Article 8 was clearly triggered and the termination was clearly triggered. And Carlo tried to explain this also once again, writing to ANAT, but they still stated they were perfectly compliant. However, after a certain time, they published a commit after the license was terminated, relicensing, open wisdom blowing as AGPL V3, but there was still no compliance with regard to the reasonable legal notice and also with regard to the corresponding source. However, after a while, after the proceeding, I will mention in a while, had started, they also published part of the corresponding source, especially of the client, not in a minified version as they did before. But of course, in the Hermes position, the license was already terminated and only Hermes was only the copyright holder, so Hermes could reinstate the license. So at any rate, still there was no compliance on the other issues. So there was no alternative and Hermes started legal proceedings before the tribunal of Milan. Carlo and Alberto will deal in depth with the issues of licensing compatibility, termination and minified code. I will keep just on telling the tale, which is, I think, very interesting. Hermes, what did he do? He asked for a preliminary injunction under the Italian copyright law and the judge was asked to assess the non-compliance and grant on injunction. On what term? The injunction was to cease and desist for any use accessible to the public or any publication of the derived work until the condition imposed by a GPL V3 license and with additional terms were met and also with the subject to the reinstatement of the license by Hermes. And it was asked also for a penalty for every day of non-compliance. And it was also asked to, or the runner, to publish the court decision not only in the way provided by the Italian copyright law but also in the web portal of the authority and in the GitHub repository and also to notify the decision to all public administration which asked for reuse of the derivative work. And in this case, in the legal proceedings, the authority, unsurprising enough denied to be non-compliant and strongly stated that relicensing under the UPL was perfectly legal, it also stated that the additional terms were not applicable and the corresponding source obligation were met. And as I already stated, the corresponding source was published but after the proceedings were started. And it is very interesting to point out that there was no objection or even any discussion about the legal validity or the binding nature of the AGPL provisions. So it was just a matter of interpretation of this provision and if there was compliance or not. It seemed that the parties were very, really a world apart but then Carlo had a trick up his sleeve and he made a settlement proposal that they absolutely couldn't refuse. And so to put it briefly and not exactly in legalese, he's proposed, okay, you get the license right, you publish the corresponding source, just go one step further, add the additional terms and we will reinstate the license and everybody will be happy at the end. And at this point, after some back and forth also before the judge in Milan, the authority agreed and the settlement was done out of court and we issued the elements and the authority issued a joint press release and so really everybody was happy. So what is the most important lesson to be learned? Well, I leave it to Carlo and Alberto to sum it up and I thank you all and I hope to see you soon in the very next future. Thank you Giovanni. Lesson learned. The first lesson I personally learned from this ordeal is that we lack education. We must produce better information, more accessible information and we spare, we have to spare effort to bring ordinary people to sufficient level of knowledge. We have won the battle of having free software mainstream dominant in certain places but that has not been followed by sufficient degree of education and we have learned it the hard way here because we approach the authority and they said no, we are not infringing any of your copyright. We insist on explaining, making reference to documents and say oh look you might know that this is open source now it's copy left meaning that there are no conditions for reusing the software which is strikingly the opposite of what we'll learn and something we have not heard in the last 20 years perhaps. So going forward and trying to explain again my position as a somewhat expert of this matter, writing books, writing articles, being an editor review, general counsel of the foundation, teaching things at the university, at master course and university degree. They came up with something more elaborate like oh EUPL is compatible with the EUPL because there is a blog telling that excuse me, actually there was a blog reporting that EUPL is compatible but without mentioning in which direction. So inbound, outbound, both no explanation actually the official documentation of the EUPL that is quite well explained how to combine EUPL code with AGPL but there was in English and possibly behind a linguistic barrier. So that is the lack of easily consumable maybe translated documentation of the basic concept that we are teaching and we have practising in any day in a complex exercise it's important. And indeed in any compliance efforts we are making, we are offering basic crash course, one oh one course on IP, software, copyright and copy left concepts so that we have a basic understanding even for technical people and actually this dev room, the legal dev room in a technical and community event as Faustum goes in the right direction and I praise those bringing the idea of a legal dev room. Second lesson, there is a still misconception on what source code is. We said you are not distributing the source code of the interface and I said no, look this is source code, you can read it, source code and well that is a misconception derived from a lack of knowledge of what minification is. The file was minified and I will leave to my colleague Alberto who is going to dig deeper in this aspect. Alberto please have your presentation. Thank you very much Carlo and hello everyone. I appreciate that most of you may be already familiar with the concept of JavaScript minification so please forgive me in advance if some parts will sound a common place to some of you. It's just to get also a non-technical audience to understand. So basically our claim about the JavaScript part of open whistleblowing was based on the fact that unlike the original repository source code offered for download by the defendant was the JavaScript front end of open whistleblowing like served minified in some parts everything concatenating into a single huge file. The defendant contended that this was still a source code distribution and that it was compliant with the AGPR requirements. Obviously we claimed that this was not the case. How the notion of source code is by the defendant compared with the legal definition of source code provided by the AGPR. Well AGPR as we all know defines it as the preferred form for making modifications to the code itself. Following this definition a single huge minified JavaScript file cannot be regarded as source code. Why? Well the first fundamental notion here is that JavaScript is an interpreted programming language. Interpreted means that JavaScript doesn't need to be previously translated into machine language in order to be executed but as the word says it is translated into machine language by the computer equivalent of a real-time interpreter and immediately executed by the machine itself. This is very different from the distinction between object versus source code in compiled programming languages like C, Java and others. Where human readable source code needs to be previously compiled and therefore translating into machine language in order to be understood and actually executed by the machine itself. As we all know with compiled languages a software program may be distributed in two different forms source code for or machine code for. The latter may be also called depending on the context object code or executable code. On the other hand technically speaking with interpreted languages we normally distribute only source code. There is no such thing as object code distribution in interpreted languages and this is the case also JavaScript. Well actually some modern JavaScript interpreters do compile code before executing it but such compilation is intended just for browser specific internal use and not for distribution so the conclusion doesn't change. Summing up technically speaking the defender was right. Whenever you do with JavaScript you always end up with source code. It's materially impossible to distribute JavaScript object code because it simply does not exist in that form. But does this hold also in the legal field? To answer we need to make a step forward. While JavaScript cannot be distributed in compiled form it can be minified. What does that mean? I will make you the same example that we made to the judge at the trial hearing. What you see on the screen now is a simple code snippet written in JavaScript. It's a simple function that returns user data given their ID number. What this code does is straightforward to anyone who reads it because the function and variable means just tell it. Get user data, user ID, user and so on. It's almost like plain English and if there's any doubt left the comment that you see in the code qualifies it. But let's assume that this code for some reason is too long and takes too much to download and execute. Since function and variable names are arbitrary we can just substitute them with single letters and since comments are not executed and are simply ignored by the machine we can just treat them out. The result may look more or less like what you are seeing now on the screen. So this essentially is what minified JavaScript is all about. To save space and to speed up code download comments and white space are strict out and function and variable names are replaced with random letters so the code gets much shorter and lighter to download. The problem is that now the code looks totally incomprehensible. For a machine the two codes are functionally equivalent. But for a human the first one is something that one can understand and possibly modify. But the second one is something that could be understood and modified just in theory but in practice it would be as difficult as solving a very complicated puzzle. Most software developers would even try. So is that still source code? Technically speaking yes since it still needs to be interpreted in order to be executed on a machine. Is that object code technically speaking no since there is no such thing as object code in JavaScript. But legally speaking things are different. All GPL licenses namely GPL, AGPL, LGPL at section one provide that I quote the source code for a work means the preferred form for the work for making modifications to it. Object code means any known source for a work. So given these definitions the answers to the above questions completely change. Is JavaScript minified code still source code in GPL and AGPL partners? No because it's definitely not the preferred form for making modifications. Is that object code yes because it does not fall into the above definition of source code. So the final question is am I violating the GPL if I distribute GPL JavaScript code only in minified form and I do not even offer to provide the original no minified code. Yes I'm violating it because I'm not complying with the obligation to provide the full source code. It's just as simple as that but it's something that is often overlooked by developers and not only in this specific case. The distribution of JavaScript code only minified form is something that we often see in our open source compliance practice. But when the license GPL this is simply something that one is not allowed to do. And this is so not only because it was our defense in this case but because it is a clear cut statement of the GPL that cannot be subject to different importations and probably will hold true also for other license that do not expressly define source code. Actually in our case also the defendant had to admit that in the end. And we finally obtained a true source code of open whistleblower in front end no minified divided in smaller source files. Now just let me pass you back to Carlo on the conclusion of the case and thank you for your attention. Oh thank you Alberto that was really informative. And the final point I want to touch upon briefly is on the additional conditions that global leaks as attached to the AGPL. So the AGPL was not Panilla. We won the authority restore the AGPL despite it was terminated but that is another story. They use the exact version taken from the free software foundation website. Here there was a contention by the state attorney. Not on the fact that the actual disclaimer that we wanted to put a reasonable notice that we wanted to have restore was or not compliant with section 70 of the AGPL. But they contended that the version they have for from did not contain the mention that we required. Actually we were lucky because on the one hand we kept a copy of the repository that they have for actually they didn't they haven't for the repository they took the code and put into a single large commit with everything already done. But we had the original version with the commit history. And on the top of that we have been able there was no chance to show because we had a settlement but we were able to trace the history of the repository and the dates when the repository was added because software heritage had made a snapshot of that repository and we were able to retrieve it from a third party, a reliable third party. But this is also a problem that we would have faced in case we hadn't been able to just prove the timeline. Of course the log and the git repository have a date but there is no date stamp. So it's difficult to prove that a certain modification occurred at a certain time. Of course you can trace the history but the history can be altered. There are many articles out there and suggestions as to how to prove how a product evolved. Of course the project is public. You have many witnesses and people copying the same, cloning the same repository over and over but actually having one single true source of authority as to the timeline. That is also a good idea especially in case you decide to switch to another license as in practice globally as that. So it was a long story perhaps. The case was lucky enough to be brought to a happy end as I said through a settlement. What ends good is good. Eventually we had a very good relationship with the authority after we showed that we were not there for money or for prestige and they stuck to the agreement to the letter. It was a costly exercise in terms of time. My personal time, Alberto joined Batista and other people like Marco Cicina. I want to mention him. He was not in the case but he was helpful trying to establish connection and to relay the right messages to the right people and also costly on the monetary side. My time was partly for Bono and there was cost connected to the application but at the end of the day it is possible to go after even big guys for a small project like the state actually for a branch of the state. So to speak and win and bring home a good result. So I want to thank you for your attention. I want to thank Fostin Organizer and the Dev Room Organizer for having us. It was the first time we could speak publicly about this topic. And thank you to my co-host Alberto Cicina. We remain available for any further queries, questions, curiosity. We are sticking here for some minutes longer. Please don't hesitate. See you next time. Bye. So one of you has the audio still going. Please mute it. All right. Thank you so much for doing that summary and that presentation. I think that was a real, I think it was really useful to the audience. We had some great questions coming in. Somebody on this panel needs to mute their audio from the broadcast room. But okay. So the first question, are you all the legal team that worked on this? Is that all of you? That's a good question. Actually I made some obscure comment or question on the chat. Actually we completely forgot to mention that there was a lady, a lawyer, a very fine lawyer helping us with the, unfortunately the leg work without the spotlight on that she was very helpful and she has done the actual filings and stuff like that. So I forgot to mention her and I wanted to give her credit. She was on the records as a lawyer and she is also an AC lawyer and so I wanted to mention her too. But then Marco was on the records but he has, he's with, he's a fellow at Herman's Center and he's also been, he's also given suggestions. It was considerate. It was suggesting to be, to suggest he asked to be quiet, patient then everything will be good at the end. So we have a bunch of good questions that the audience came in with. The first one, I'm just going to go by how they are upvoted since they're the audience has a chance to weigh in on what's asked. So the top question is from Bikun and it was, do the speakers think that the AGPLV-3 section 5A require disclosure of the commit history, for example, the Git repository? This is not the first time this question has been asked in this context. I don't think so. I think the question is how do you think so? I think that could be helpful and it's a way to show this, but consider if the same source code or circulated as a parable and there is no way to using this as the way to make the comments and make the notice would mean that everybody would have to also do the same. That would be quite cumbersome. Instead, I think the notices should go in the source code now aside or complementing the distribution of the source code because that could be even involuntary. Conversely, if you made notices in the source code, you make sure that everybody would just have to download the source code and redistribute it and upload it unnecessarily on the same or for or clone of the same repository. Yes, if I may add something on this also, the thing is that legally required to state your copyright, but not always the authors of the commits are the copyright holders. If they work for a cooperation, the copyright is owned by the company, so it's not exactly the same information. Does anybody else want to add anything? Okay, so the next question is if you could all change the definition of source code in AGBLV3, what would you do or do you think the current definition is perfect? I cannot see any major flaws. I think defining it by its purpose, it's the best thing because as long as you go down in redefining better defining it, I think you will wish to leave something obvious outside and not coping up with evolution. Of course, that was made with C-like languages. And not interpreted languages, but I think it's still quite a good one, at least if you are conversing with technology with software development. The problem we have here is that there was some bad face on somebody and some misunderstanding on other people not knowing that. Being able to read somehow the code wasn't the requirement, but having if they had looked at the requirement of the AGBL, that would have been much more simple and straightforward, I think. I just wanted to add just a little comment to say that the case and also what Alberto stated is a testimony that this definition is the definition of source code. It's a very short one. It's very good also because clearly says what source code is and especially says what the non-source code is the object code. So this kind of definition doesn't leave any room for any different interpretation which may confuse when it comes to languages as JavaScript. That's not related to this, but somebody has already pointed out that I still forgot to mention this lady lawyer helping us. Her name is Elisabetta Fabio. It's not the same. Fabio is the family name, not like Fabio Petrosantius the first name, but she's again Elisabetta Fabio. She used to work with me and she will still cooperate. Does anybody want to add anything about the definition in AGBL D3? Is there some place that we can read all about this? Are you going to do a blog post where you talk about the whole story in details? I think the Herb Center has some of the story, at the end of the video, we started exchanging the documents. We consider to discuss it in a better detail what happened. Of course we cannot exchange, we cannot reveal the actual communication. Neither we allowed to share the actual documents. In case it ended with a public discussion, that would have been public, but the other documents are not public. It cannot be disclosed. With that, having time and finding the good key, it would be a good idea for us to say something about it and having this presentation is the best, the closest thing we could think of without writing something. I think that it would be a very interesting exercise to publish a joint handout of the case with anti-corruption authority. Also, in order to foster compliance and in order to avoid similar mistakes in the future, it would be very, very interesting in the spirit of collaboration with public authorities. Fabio wants to add something on it. Yeah, so as all the friends in this talk that we did the journey with this AGPL litigation, my personal activist soul were always kicking to push publicly and transparency and transparently any kind of document that we were able to publish was the authority counterpart because a non-software expert can make you smile a lot. But I understand that for a greater good, it was best to find an arrangement. In such a case, I would like to say that our activist spirit that's also about embarrassing was put to a narrow level for the true greater good achievement. The first one was that we are aligned with the social purpose of anti-corruption authority in the fight of corruption. So we are allies, we are not enemies and that was a mistake because of a lack of knowledge related to software copyright and the specific aspects of open source software licenses. And the second, it's also about the fact that in Italy we have a very decent law on news and it's that the public code, public money concept it's by law applied in Italy but is not yet being applied every day by public agencies and so creating a lot of noise about an error, a mistake by a central public agency in doing something good. That's about publishing the modification of free software would that be counterproductive in our common action in making public agencies push their software with free license. So I wanted to underline that because we realize that the case has been big and there was also a big opportunity to make a lot of noise but we decided to work under the line to achieve such a greater good. So my I'm curious about whether the rules are the same as in Germany. I see Braille is asking the same question but from our experience I know a little bit about Germany because of the VMware case so I was wondering is it the laws that require the filings to be private? Is that mandated that any of the filings be non-published until there's a final decision and then once there's a final decision all the documents? No, no, actually you can you're not supposed to be publishing also the documents. Sometimes that would be interesting to in general terms, I mean especially the final findings where you sum up all the case and make all the the most thorough explanation of your case and stuff but that's not really in the law. There is a general understanding and by bar rules and data protection also that is something that you're not supposed to do only the decision which in turn would bring much of the information required and the interesting stuff because the judge is somewhat in a position to be reporting correctly the position of the parties there is no transparency at all for everything that has gone through the case. Actually I am working for a legal publisher and they will be keen on also publishing the final things because sometimes they are very well written by very high-level lawyers even Supreme Court they are not available to anybody at all levels including Supreme Court. That's a pity. And also in this case there was only a request for a preliminary injunction so there was no final decision which would have been published the final decision would be made it would have been published not for the preliminary injunction but for the final judgment if it ever would have ended in this case everything was quite private and would be like that. So the next question is from someone with the handle of Donix and the question is how do you afford to take this pro bono and how long did it take? I mean it has not been so expensive in terms of time it was quite expensive it required a lot of hours but eventually as a part of our contribution back to society for making a decently good return on our profession it took in the time span between we started and until we reached an assessment was more than 18 months it was like 10 months before actually deciding to go to court 20 to 12 months and then unfortunately COVID was we were supposed to have a hearing on March 2020 but that goes a journey by three months because everything was shut down and that was really all court also to discuss because we couldn't go to court we had to do remotely and the judge available to have any live discussion we were supposed to having a very short discussion only we could that's quite interesting because we have not been we have not been allowed to find a full rebuttal to reply of the other party so we were just supposed to say on what you want and that's it and that was the we had to say ok we propose to end this via a second because we were close of course and there was no chance to reply in very detail in terms of hours frankly I didn't take any kind of it I would be perhaps in the 1800 I don't know so the next question is do courts generally do courts generally accept software heritage as a source for evidence? generally it's I cannot state it because it never happened to me to be forced to that but sometimes I have filed like other sources so it's not legally valid I mean it's not binding but the judge can take any source of evidence as an evidence so the rule is the free unfettered decision of the judge so that's that there is no formal rule for what is evidence what is not there are rules but on witness evidence there are rules on what is legal evidence but in general everything can be evidence if it comes from a third party like a newspaper like a log or somebody who does that and it's not related to you it's even more valid, effective and convincing that's the key to be convincing and not related to one of the parties so this is another question we had in the channel were there any discussions of installation issues in the discussion with the violator? no what what can be the angle here? maybe Carlo it's about referring to the installation scripts or the packaging scripts because if you remember we had also some support files that were not present that's possibly one of the item related to installation but it's worth saying that the open whistle blow the name of the fork with this AGPL violation was packaged for use with a red up system with the RPM packaging and while the global leaks is made up for that packaging with the under debian and the Ubuntu and so on and what we found out is that the packaging scripts and the packaging scripts were not present and it's worth saying maybe that will be that will be one option related to the installation it's worth saying that five days after the anti-corruption authority released the AGPL version of their software and made a public announcement in the violation itself we released a 15 page technical document saying which were the technical and the technical consideration among the true edition of the software without any comments on quality but based on technical factual analysis in order to let the technical community make also their own evaluation because we had the moment and it's currently the same situation but now everything has been cleared that there were those two software the one recommended by the anti-corruption authority and the one based on the global leaks one made by the Hermes Center that was three years ahead in development so a public agency which of the two software installation and what we need is to produce technical documentation to let people evaluate and judge on a technical basis so here's another question from an audience member named Borger and the question is the license states that the original source code must be supplied when asked but are there any rules and I would say with an Italian focus to how it should be provided public repository on GitHub may seem obvious but could it also be provided okay in our case there was no question on how because everything was provided actually in everything which was provided was provided on the GitHub repository they were far missing but there was no question of unwillingness to supply the source code complete source code they felt short of their obligation and they provided something different but no question about it in paper that would be quite impractical and that would not in my understanding meet the requirement of the preferred form the preferred form is a file that you can modify not something that you have to scan or otherwise if it's a hello word perhaps but anything more than that I would not say that is the preferred word to modify and by modifying modifying with other people is changing with other people I think it's an interesting question but the answer is definitely no Well if we may just add that in this case we are speaking about AGPL so it means that anyone interacting through a network with a software application must be able to obtain the source code and the license so that means being made publicly reachable by who can interact over the network with the software that implicitly say put it digitally somewhere online so I've got another question I'm going to ask before I do that I want to thank the panelists for joining us and I'm going to ask the question and we're going to move over to the private room and anyone who wants to join the private room