If you've received the output of an AGPL-3 program after requesting it through a network, you have interacted with that program through a network.

Why does it matter that it's gone through several API layers, a queue, an email system that takes 3 days or whatever? That's what a network is.

The demands of the license seem broad and clear.

That appies to slicer case.

But what about bills/statements etc.. - something that generates reports on the timer. That's not subject to license, right?

But what if there is a "paperless billing" checkbox on a webpage? Does this count as "requested through the network"?

What if there is a "long / short bill" button that customizes the report?

What if normally, bill is monthly; but checking checkbox for first time starts "backfill" process which generates PDFs right away?

Yeah the point of this long "incendiary" [sic] blog post seems to be "hang on to the output for a bit before passing it on to the user and you have success defeated AGPLv3" except I don't think a reasonable judge would agree with that at all. Also, the OP seems to think "receiving output from program" doesn't count as "interaction" and I don't agree with that.

That feels overly broad. Where is the boundary? Is it a network if you receive a USB drive after making a phone call to order something? Send a physical letter via pigeon?

Sorry, I elided the quote from the licence. It says "computer network" not just "network".

For completeness it should be noted that it doesn't cover all users interacting with the program. It only covers those who are "remotely" interacting with it.

I don't recall seeing any discussion of what counts as remote.

If the license makes it inconvenient for a bad actor to use the software and that results in a less competitive application, then the license is doing its job - someone else, who respects the license, will release a service that uses the software in the way it was intended to, and it’ll be a more appealing option.

I agree it has its loopholes - as all licenses have - but it is mostly doing its job.

Perhaps I’m misinformed, but my understanding of the AGPL was that if you have AGPL software running on a server, you can still connect to it from proprietary software that you don’t open-source; you simply need to open-source any changes you make to the AGPL software itself. So, in OP’s case, if he’s not making changes to iText’s code itself, he’s compliant simply by linking to the commit he’s running (and perhaps fork it in case the original is removed) - no need to open-source his calling code, or have a specific license for it. Batch mode is absolute overkill, unless you’ve customized iText in a way you don’t want to reveal.

Of course, if you’re providing a differentiated DBaaS etc. you likely will need to add proprietary modules or authentication inside the binary of the service itself, and AGPL would require you AGPL and distribute those changes. So it’s still a realistically stronger license than a normal GPL, but it’s not a bogeyman, I think?

(Not a lawyer, this is not legal advice.)

This same discussion has happened a bunch of times with regular non-A GPL3, ie "If my code just shells out to a GPL3 binary, my code doesn't need to be GPL3 right?" The usual answer is that it's subjective because it depends on how strongly coupled your code is to that particular binary - does your code work without that binary, is there some other implementation that it could work with, do you provide that binary or does the user provide it, etc. The third one doesn't apply for the AGPL network service case but the first two do.