> What I get from the license is that you have to share the code with the users of your program, not anyone else.
You're correct, but it's sort of a meaningless distinction because those users are entirely within their rights under the GPL to share that code on with anyone they want, which is why we don't really see the model of "secret GPL" you describe, in the wild.
I'd argue that this is exactly what you see in the wild. And it's why the AGPL license was created.
GPL code has to be shared with users who receive binaries. SAAS happily didn't shop binaries, so quite legally didn't ship source code.
AGPL redefines this in terms of "user" not "binary". That refinement completely exists to cater for unexpected use cases. No doubt new licenses (AIGPL?) will be needed to address this issue.
The whole need for Open Source protection played out with the (Apache licensed) Elastic Search. Switching to a ELv2 and SSPL license was controversial and in some ways "not open source", certainly not "free" because it limits what a user can do with the software.
So the distinction is far from meaningless and in some ways rendered GPL obsolete.
You're correct, but it's sort of a meaningless distinction because those users are entirely within their rights under the GPL to share that code on with anyone they want, which is why we don't really see the model of "secret GPL" you describe, in the wild.