Prusa lays out specific, enumerated violations: shipped Windows/macOS binaries whose public Git history doesn't match what users download, cloud-tied features (account login, print-farm orchestration, Bambu Handy) that interact over the network without offering the corresponding server-side source the AGPL §13 requires, and stripped or relocated copyright headers in derivative files. He argues Bambu has had years to comply and has instead handled compliance requests as reputation management rath
By submitting Prusa's thread to HN with the framing 'BambuStudio has been violating PrusaSlicer AGPL license since their fork,' Tomte endorses the violation framing rather than treating it as an open question. The 358-point score indicates the framing resonated with the HN audience.
The editorial notes that HN commenters are pulling diffs between PrusaSlicer master and BambuStudio's public tree and pointing to whole subsystems where the lineage is obvious but the attribution isn't. This frames the violations as not just a legal interpretation but a technically demonstrable mismatch between Bambu's public repo and its shipped binaries.
The editorial raises the 'perennial question of whether the AGPL has any teeth when the violator is a hardware company with a Shenzhen supply chain and customers who don't care.' This positions the dispute as a stress test of copyleft itself — the AGPL was written specifically to close the SaaS loophole Bambu's cloud features exploit, but jurisdictional and consumer-apathy realities may render the license unenforceable in practice.
On May 22, Josef Prusa — founder of Prusa Research and the maintainer of PrusaSlicer — posted a long-form thread on X laying out, point by point, how Bambu Lab's BambuStudio has been violating the AGPL-3.0 license of PrusaSlicer since the day Bambu first shipped it. Prusa's claim is not that BambuStudio is a fork — that's allowed and openly acknowledged — but that Bambu has, for years, shipped binaries whose corresponding source state, build instructions, and modifications have never been published in a form that satisfies AGPL §13 or §6.
The specifics Prusa enumerates: shipped Windows and macOS builds whose Git histories on the public BambuStudio repo don't match the binaries users actually download; cloud-tied features (account login, print-farm orchestration, Bambu Handy integration) that interact with the slicer over the network without offering users the corresponding source of the server-side components those features talk to — the exact loophole the AGPL's §13 was written to close; stripped or relocated copyright headers in derivative files; and a public-facing posture in which Bambu has, per Prusa, treated compliance requests as a PR problem rather than a legal obligation.
The HN thread that drove the story to the front page (358 points, climbing) is, as you'd expect, half technical and half philosophical. The technical half is people pulling diffs between PrusaSlicer master and BambuStudio's public tree and pointing to whole subsystems where the lineage is obvious but the attribution isn't. The philosophical half is the perennial question of whether the AGPL has any teeth when the violator is a hardware company with a Shenzhen supply chain and customers who don't care.
The AGPL exists because the GPL didn't anticipate SaaS. Under the plain GPL, you can take GPL code, modify it, run it on your server, expose it as a service, and never distribute the binary — which means you never trigger the source-disclosure requirement. The AGPL closes that loophole: §13 says that if users interact with your modified version over a network, they get the same rights to the source as if you'd shipped them a CD. Richard Stallman wrote it specifically with hosted services in mind, but the cleanest application has always been the awkward middle ground where Bambu lives — a desktop app that's *also* a cloud client.
For a decade, the 3D-printing slicer ecosystem has been a quietly important case study in copyleft. PrusaSlicer itself is a fork of Slic3r (Alessandro Ranellucci's original, MIT-then-AGPL). SuperSlicer is a fork of PrusaSlicer, and complies cleanly: public repo, matching binaries, preserved attribution. OrcaSlicer — which is itself a fork of BambuStudio — has been more compliant than its parent, which is the kind of detail that makes the Prusa complaint sting. Compliance is not technically hard. The bar is: publish the source that built your binary, keep the headers, and if you bolt on network services, publish those too.
What's notable about Prusa's post is that it's the first time he's gone fully public with the accusation. Prior conversations, by his telling, happened privately and went nowhere. This is the same pattern Harald Welte's gpl-violations.org documented across two decades of router and TV vendors: quiet ask, ignored; louder ask, ignored; public shaming, sometimes followed by compliance, sometimes followed by litigation. Welte's track record in German courts is the reason most embedded vendors now ship a `licenses.txt` and an offer for source. The Bambu situation is the same playbook, twenty years later, in a market — consumer 3D printing — that has matured fast enough that the legal scaffolding now applies but hasn't been tested.
The community reaction is split along a predictable axis. The licensing-purist camp wants a lawsuit, on the grounds that AGPL violations that go unpunished erode the license for everyone. The pragmatist camp points out that Bambu printers are popular, cheap, and good, and that scorched-earth enforcement risks chilling a vibrant market. Both are right, which is what makes this one of the more interesting copyleft fights in years. The third camp — small but loud on HN — argues that the AGPL was always unenforceable against well-capitalized foreign companies and that this proves it, which is the kind of take that's correct in the short term and dangerously wrong in the long term.
If you ship a product that's downstream of AGPL code — and the list of meaningful AGPL projects has grown a lot in the last three years, now including MongoDB-era forks, Grafana, Mastodon, and basically every interesting LLM tooling project hedging against cloud vendors — Prusa's complaint is a useful checklist. The three failure modes Prusa names are the three that get every AGPL violator: binaries that don't match published source, network-facing services whose backend isn't published, and stripped attribution headers. None of them are accidents. All of them are policy choices you make at build time.
If you're building AI agent tooling on top of AGPL frameworks (looking at you, every team that vendored a fork of an AGPL-licensed agent runtime last quarter), the network-use clause is the one that will get you. The moment your agent calls home to a service you operate, §13 attaches to whatever code is on the other end of that call if it's derived from the AGPL'd codebase. "It's just an internal microservice" is not a defense. "The frontend is open" is not a defense. The whole loop has to be open or the whole loop has to be clean-room.
For consumers of Bambu printers specifically: this doesn't break your printer, and it doesn't make BambuStudio unusable. But if you're an enterprise or a print farm operator subject to your own open-source compliance review, you should know that one of the tools in your toolchain is currently the subject of a public, named AGPL complaint by the original author. That's an audit-trail item, and your procurement people will care even if you don't.
The most likely outcome is the same as the last twenty years of GPL enforcement: a quiet compliance push, source published in stages, attribution restored, no lawsuit. The interesting question is whether Bambu publishes the *cloud-side* components — the part the AGPL actually compels and the part no hardware vendor wants to open. If they do, it'll be a milestone for §13 enforcement and a template for the next decade of agent-tool licensing fights. If they don't, expect Prusa or the SFC to escalate, and expect every legal team at every company shipping AGPL-derived AI tooling to suddenly take an interest in the outcome.
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.