Question for Kyle: Do you see the enterprise exploiting GPL loopholes often?
I work at a FAANG, and there’s pretty much a hard ban on any copyleft code being a dependency outside of stuff installed via distro packages. The lawyers are tough about it; the advice is always to get an enterprise license (or of course, make your own cool BSD+patents library to ‘open source’ as marketing).
I hear similar things from friends at other FAANG companies.
Do you see/hear of this more from startups based around a specific technology, containerizing copyleft code and calling it exempt? Any examples you can share?
I have the same experience at FAANG as well as startups. We have to be careful not to include GPL software as dependencies, except in cases with special exceptions such as OpenJDK.
I suspect that a large proportion of the abuses of open source licenses are unintentional and happen because developers don't understand the licenses.
You ask a very good question. I'm afraid the very strong rules about confidentiality that apply to me as a California attorney prevent me from answering as I'd like.
I can say that I think your experience is typical of large software firms. Most still ban AGPLv3, if not all GPLs or all copyleft licenses, by policy.
Even when there are exploitable loopholes, they're typically narrow enough to require very close collaboration between legal and engineering, in the context of a very specific project, especially the first time. It's possible to exploit those loopholes, but not possible to prescribe how to do so by general policy. That used to be true of private changes to GPLv2 and GPLv3 code. We've seen exercises of those intentional gaps in copyleft operationalized as policy in firms that rely on them daily.
Why? Android didn't have any copyleft code besides the Linux kernel, which doesn't extend to the userland. The rest of the components were Bionic (BSD), Dalvik (Apache) and Harmony (Apache).
They now use OpenJDK, but that was after getting sued.
The overwhelming thing I get from reading this article is that the author fundamentally misunderstands the point behind software freedom. While many people (even RMS) characterise it as a moral struggle, the situation is far more nuanced than "doing it that way is bad and doing it this way is good". It's much more that there are outcomes that are desirable and outcomes that are not. Some people believe that the undesirable outcomes are immoral, but I think it is disingenuous to characterise it simply as a moral issue without discussing the various set of outcomes.
When we buy some physical object, like a screw driver, nobody tells us what we can use the screw driver for. It doesn't come with a license agreement forbidding you from opening paint cans with it. It doesn't say, "This screw driver is licensed for your projects only. If you want to using it at your friends house, you'll have to buy another screw driver". It doesn't say, "You can't attach this screw driver to an electric drill, thereby fashioning an electric drill". It doesn't say, "You can't sell or even give away this screw driver to someone else. You can't sharpen the blade. You can't attach the handle more securely. You certainly can't show someone else how to sharpen the blade, or attach the handle more securely. You can't forge a copy of this screw driver and give it to your friend. And you especially can't forge a copy of this screw driver and sell it!".
In contrast, this is exactly the kind of thing we are told we must accept for software. Of course, it isn't just software. This TV has no user serviceable parts. We've jury-rigged this ink container so that it is a DMCA violation to refill it (that was a WTF moment in customer abuse if there ever was one). It's illegal to fix your tractor. You can't adjust the fuel/air ratios for your car (and especially you can't sell a device that does it for the average person!!!) The list goes on. We're just lucky that 35 years ago or so, somebody realised what was happening and thought critically about it with respect to software.
I totally understand that many companies want creative licenses that allow them to more easily control the market place. I understand that they wish to allow some of the 4 freedoms, but wish to curtail others. They feel that they can't make a viable business plan without these controls. They don't want to aid others in competing in their market. I'm not unsympathetic to that point of view. I'm still not going to purchase their software/service if I have any other choice. Especially as a programmer, I value the 4 freedoms. I exercise those freedoms. I'm willing to pay for those freedoms. Perhaps not very many people agree with that, but I'll tell you that there are a hell of a lot more these days than there were 35 odd years ago.
There is no need for the FSF to compromise. In fact, there is no reason that they should. The only point for the existence of the FSF is to promote the 4 freedoms. The outcomes for the consumer are much better off with those freedoms intact. If some companies what to make weird hybrid licenses, then they are allowed to do it. If it is marginally better than the really abusive crap that you sometimes get, then that's a plus. It's not a plus that the FSF exists to pursue, though. The "Free As Long As It Doesn't Impact Our Bottom Line Software Foundation" doesn't really roll off the tongue anyway. "We'll only stop you from making full use of the software if doing so impacts our ability to dominate the market. We promise" is just not something that needs protecting or promoting.
While parts of this post is tongue in cheek, I hope it makes the situation more clear. Businesses have genuine hardships when trying to create free software businesses. It would be great if the FSF did more work to try to find solutions to help those businesses within the confines of free software, they aren't going to be doing anything useful by compromising on the 4 freedoms. Free software is a movement on behave of the consumer. It would be like CAMRA abandoning real ale as long as it was profitable for the breweries -- it just doesn't make any sense.
I also didn't like the suggestion that FSF should compromise. Every year I find myself more sympathetic to their point of view.
It's funny, really. A decade ago, I hated GPL, would avoid GPL dependencies and favour LGPL and MIT for both projects I used and projects I wrote. But today, I'm increasingly liking GPL/AGPL. The past decade made me realize how exploitative the market is, and how it slowly but surely robs individuals out of capabilities. RMS may talk about "Service as a Software Substitute", but in general, we get services to substitute for individuality, self-reliance and basic human capabilities. You mention TVs, printers and tractors. It took me a while to internalize what those examples mean, but I finally did, and find myself looking increasingly like a free software activist.
You say, "Perhaps not very many people agree with that, but I'll tell you that there are a hell of a lot more these days than there were 35 odd years ago.". Well, now you can count me as one.
> the situation is far more nuanced than "doing it that way is bad and doing it this way is good"
I don't think the author said anything that simplistic. What parts are you specifically referring to?
Also:
> ..the author fundamentally misunderstands the point behind software freedom.
The author is a coder/lawyer and maintainer of a bunch of software licenses, legal documents, and related code (see github/licensezero). He could certainly be wrong about something, but the idea that he just doesn't get the issues involved is pretty hard to buy.
I'm a student of software freedom, not a preacher, not a teacher, and not by any stretch a philosopher.
There are things the FSF has written and done that I fail to understand, try as I may. For example, I don't understand their position on "private changes", especially within very large organizations. And I don't understand their position on the proper scope and strength of copyleft rules. I'm missing something.
I've written some of my thoughts and questions here:
It’s important to remember that for most of the commercial software, you are not technically the owner because licenses will stipulate that you are merely renting it. So screwdriver analogy technically don’t apply. It’s more like renting a car and company can tell you arbitrarily what you can do or don’t with it.
Another important thing to realize, if we had a magical replicator which duplicated a screw driver precisely with negligible cost, then screw driver industry will end up with exact same licensing models and there’s will be a version of RMS preaching for free screw drivers.
The fundamental issue is not with software or people doing it but the economy. Developing large scale software takes time, capital, risk and lots of people who needs to pay their bills. If one insists that all software must be free then all development needs to occur as free time hobby activity. Licensing and laws evolve to allow for doing things at scale and as dedicated profession and as all evolutions you only approximate the ideal with lots of baggage.
The laws of economy requires that participants must play the zero sum game and therefore parts of software deemed as competitive advantage would have to be kept secret or uncopiable by creating law. The solution for scaling and dreams of things being free are incompatible with each other. This is the hard lesson to learn, very much like Gödel’s realization.
> If one insists that all software must be free then all development needs to occur as free time hobby activity.
I don't agree with this[1]. R&D in a competitive environment can probably me modeled by the prisoners dilemma, where full cooperation is the most rewarding play but is not an equilibrium. Free software attempts to solve this by changing the rules and allowing only cooperation, thus ensuring everyone the highest reward (eg medium investment and high-quality IP). This could be seen as beneficial by commercial actors as it doesn't question commercial value per se, only commercial value of intellectual property.
The problem i see is not scaling, it's time constraint: if you want something quick, the only way to force it is to make it yourself, eg high investment. If the result contains some IP you have little incentives to make it free. So i would refine your statement as: new and emerging free software must be developed either in free time or slowly. Which is pretty much natural when you think about it: transitioning between "IP has value" to "IP has no value" will be hard and slow. But the more things are free, the more it will be easy to make things free. The only real obstacle to that model are monopolistic actors capable of huge investment (eg make something non-free in a free world), but it's no news that monopolistic actors are bad for the commons and should be broken up for tons of different reasons.
[1] Actually since FS can be seen as part of a vision which challenges our current work-based society, it actually could occur all in "free time". But this is to distinguish from hobby activity: the first is productive while the second is not.
Even though Free Software Licensing might not be for everyone, we're all lucky to have people as stubborn and uncompromising as RMS to be the figureheads of the Free Software Movement.
Indeed, there is no need for the FSF to compromise, but rather keep shifting the conversation focus towards the user's freedom, show companies the way that they can achieve their goals without malicious restrictions towards their users.
My personal position, which I tried not to voice in the post, is that the FSF has compromised too much. In particular, I think their position on private changes, their unwillingness to cross the line exemplified by situations like libgcc, and their unwillingness to deploy legal developments strengthening copyleft in their licenses all cripple them, strategically.
The closest I've come to a post on the subject is here:
There is no user's freedom, just programmer's freedom. The whole concept was created when software users were almost all programmers. If suddenly it become legal to perform neurosurgery yourselves would you call that user's freedom?
I would certainly want to be able to inspect the code of a pacemaker and modify it if I decided it was necessary. Performing neurosurgery on my self is not possible regardless of legality. However, if I was having neurosurgery and I was educated enough to understand, then I would definitely want to see what the surgeon was planning to do.
I'm not a very good coder, but I can hire someone to make whatever changes I need in a piece of free software. That's something I've seriously considered in the past, although it's never been quite important enough to me.
I have no idea how to change the spark plug on my car, but the fact that it's possible means that I can I can either pay someone else to, ask a friend to or learn how to do it myself. User freedom is transferable.
But the outcome for consumers isn't better at all. What's happening, despite Linux being GPLv2, is that its used for a giant spy net (Android) and financed via ads. Moreover, the concentration of computing in the hands of very few cloud providers has been only made possible due to almost all software being free/open such that it has become a commodity, and what little revenue there is, isn't going into maintenance.
Also, your screwdriver analogy isn't fitting, as a screwdriver is a physical product that you must buy, whereas for software its only ISPs, web hosters, and cloud providers that can earn a living by providing a service on top.
The recent questions about F/OSS licensing are about sustainable models for software development, and are not answered by dogmatically referencing "the four freedoms".
the concentration of computing in the hands of very few cloud providers has been only made possible due to almost all software being free/open such that it has become a commodity
On what do you base this claim? The desktop OS market became concentrated in the hands of essentially one provider, and neither it nor most of the software that ran on it was free/open.
The cloud market is arguably more competitive, and becoming more so; the core of the revenue might be going to four or five big providers - which is already more than the above - but as a client you have much more to choose from.
That the desktop market became a monopoly without F/OSS doesn't mean cloud isn't becoming one based on F/OSS. Cloud thrives on abundance of F/OSS where the only money being made is for glue code and services, none of which arrives at the original developers or maintainers.
My question is why couldn't Microsoft, Google and such have built their cloud services from proprietary code (their own and bought), much like Microsoft built their desktop OS and office and proceeded to dominate that market.
I don't see the evidence behind the claim that it "has been only made possible due to almost all software being free/open". MS certainly had the money, and it didn't come from FOSS. If anything, I could see small players like DigitalOcean or OVH struggling to afford the fees for the code they needed, leading to an even greater reduction of competition.
I'm not sure what it is you're looking for. If you're drafting a new free software license you will need to consider how you provide the four freedoms in addition to what your model for development is. What you dismiss as dogma is decidedly the whole point of writing a free software license.
I won't comment on specific privacy issues or on decreasing margins, but it would appear that Linux (at least) is riding the wave of consolidation, not the other way around. The increasing pervasiveness of service models just means the market has reached maturation.
I’ve been thinking about Stallman and Free Software recently, and there’s another point that doesn’t seem to get much air time. Ever since the Snowden revelations, we’ve been woke to the fact that “they” are collecting an enormous amount of infortmation about us. We’ve also learned since then that “they” include both state and non-state actors. Correct me if I’m wrong, but if you use a machine with even one small piece of non-free software, then you always have a “black box” running on your computer, with no idea what it’s doing. “They” could be using that black box to run their instructions on your computer. And there is nothing you can do about it. You are required to trust the company you bought it from that it isn’t doing something you don’t like.
To head off an objection, I realize that the fraction of the worlds population that can read code is minuscule. And so, just like I have to trust my mechanic with my car, I’d have to pay someone else to review the code and trust their report. So trust would still be necessary, even if every bit of software running on your computer was free. But, I’d have a much greater ability to decide who I trust.
I don’t really see a way around my basic point: if you have non-free software running on your computer, it could be doing anything. Why should we accept that as the status quo? It’s one of the most compelling reasons I’ve seen for advocating and using Free Software.
While black boxes are certainly a concern access privileging can contain. If something which reads text can phone home something is fundamentally wrong from a design standpoint.
Which I suppose is one unsung bonus of apt-get. It seperates the update query mechanism from the program so it can't phone home to get any more data than "yep that is someone getting the latest dev build".
Your last point is not quite correct. Closed source software could be doing anything but in order for you to verify what the software is doing you only need it to be open source - not free. Software can be non free but still open source.
If you look at the Open Source Definition[0] you'll see that no, it's not sufficient that you can read the code. That would not be Open Source, it would be something else (Source Available?)
Practically speaking (given the linked definition), software that is Open Source is also Free Software.
You could make your argument much clearer if you chose an example at least vaguely similar to software, such as books, rather than something completely unlike software such as a screwdriver. Deliberately choosing something that shares very few characteristics in common with software, when other very common and well understood better examples exist could give the impression you're concealing something. Protecting authored works with a copyright to prevent unauthorized copying is well understood and commonplace and has good economic and social reasons backing it up.
Furthermore even some screwdrivers or similar devices, and many more complex devices are absolutely protected by IP in the form of patents, so even the argument you make is simply untrue in many common everyday cases.
Free libre software licensing has a lot to recommend it, I've published thousands of lines of code under GPLv2. The FSF is a powerful and virtuous advocate of it. However it's not right for everyone in all cases, including me.
But software - the best kind of software - is really more similar to a screwdriver than a book. A book is just data, and more useful as an example in discussions about IP/piracy. Software is a tool. My copy of `dd` is my screwdriver. My copy of Emacs is my combine harvester. Software freedoms are connected to the idea that you should be able to own your tools, and use them as you see fit.
I've already pointed out, tools _are_ covered by IP in the from of patents, including some screwdrivers, so arguing we should treat software like we treat tools is walking right into a horrible trap.
How can you suggest piracy has nothing to do with licensing? OMG! Piracy (non high-seas type) by _definition_ is the violation of a license. It's almost as though you don't understand fundamentally what liecenses and IP are as concepts.
Book and the information in them are tools and are exactly like software. We follow recipes in cook books, we follow DIY guides, we type code from books into computers and run it, we enjoy literary and visual printed entertainment. Programs are texts in the general sense, that's literally what they are.
> I've already pointed out, tools _are_ covered by IP in the from of patents, including some screwdrivers, so arguing we should treat software like we treat tools is walking right into a horrible trap.
It's not as much walking into a trap as it is showing that the way physical goods are covered by IP laws is starting to get ridiculous as well. Software just makes this painfully visible.
> OMG! Piracy (non high-seas type) by _definition_ is the violation of a license.
Maybe in case of videogames it is, but I'd say it's arguable. Books, movies & music don't generally come with license agreements. Piracy is first and foremost a copyright violation.
> Book and the information in them are tools and are exactly like software. We follow recipes in cook books, we follow DIY guides, we type code from books into computers and run it, we enjoy literary and visual printed entertainment.
You're confusing form with function. Software may be like books in its form - strings of numbers encoded on a physical substrate, to be read by a machine - but is totally unlike books in its function. `cp` isn't a book, it's a digital equivalent of a photocopier. Photoshop isn't cooking recipe, it's a digital equivalent of a 1950-era photo studio. Most software functions as tools that transform digital stuff into other digital stuff, but when you connect appropriate hardware, software becomes a tool affecting physical world.
> Programs are texts in the general sense, that's literally what they are.
If you want to go there... in this sense, screwdrivers are text too, because OpenSCAD drawings describing them are text, and G-codes driving CNC machines are text too.
>Piracy is first and foremost a copyright violation.
Copyrights and patents are licenses. The first statute establishing copyright was called the 'Licensing of the Press Act 1662'. '...ownership in copyright includes exclusive licenses of rights'.
>...in this sense, screwdrivers are text too
No they really aren't, they're objects which is why the laws around their ownership and transfer are fundamentally different, the design though is intellectual property and is a text. It's information. In your original post you said a screwdriver can be freely copied - no it can't, not if it's patented and many of them actually are. This basic error comes from a fundamental miss-understanding about the nature of these things. If you look closely at why you came to that incorrect conclusion you might start to get to grips with this.
Information and physical objects are not similar in the way you think they are.
This post refers to the Commons Clause and SSPL as patching "loopholes". Here's the reality:
- The Commons Clause bans large categories of uses, including providing "consulting/support services", or selling any "product or service whose value derives, entirely or substantially, from the functionality of the Software".
- The SSPL requires users who want to "offer[] a service that accomplishes for users the primary purpose of the Software or modified version" to license all relevant "monitoring software, backup software, storage software and hosting software" under the terms of the SSPL – which is likely impossible if that software is, say, licensed under the GPL.
The Commons Clause is not meant to prohibit the listed activities entirely, but require people who want to do them to get a commercial license from the original developer. However, this fundamentally leaves the ability to fork the software at the mercy of that developer. If the developer refused to provide commercial licenses for the forked version, or just disappeared, the community could theoretically maintain the fork under the Commons Clause-adorned license, but they'd be stuck with software that nobody could provide "consulting/support services" for.
You can argue that the definition of "open source" ought to be broader than what the OSI or FSF would permit; maybe "freedom zero" isn't essential, maybe broader-reaching copyleft rules are acceptable. Maybe. But the ability to fork is fundamental. "Open source" you can't fork doesn't even remotely deserve to be called that. That's not innovation in license terms; that's just taking proprietary software and calling it something else.
As for the SSPL... I'm not sure whether the impractical/impossible redistribution requirements are meant to effectively achieve the same outcome as the Commons Clause – forcing users to get a commercial license – or if it was just poorly drafted. At best, it seems like the idea that people might actually take advantage of the license as written, and make derived works without paying in return for open sourcing the whole thing, as more of an afterthought compared to the commercial license route. Perhaps MongoDB will come up with an updated version of the license that addresses some of the concerns, but that remains to be seen. The broadness and vagueness of "monitoring software, backup software, storage software and hosting software" makes it a bit hard to see the license as a good faith offer, but I could be wrong.
Note: This comment was originally written in response to TAforObvReasons, whose comment was deleted while I wrote this (no idea why, there were some good points), so I moved it up one level.
I think the license people are looking for is not "source available for non-commercial use" but a license that makes it possible for others to fork and experiment with modifications (or simply fix some bugs), and if those modifications turn out to be useful, they can be merged right back into the original product. You're allowed to make a better mousetrap, so long as everyone else also gets to improve on your design.
The GPL makes selling improved software a bad business model, because the first sale turns any customer into a potential competitor. But you can still sell future improvements, if you have the credibility (e.g. as the creator of the software).
The AGPL does exactly the same thing, but for software you access over a network connection. The LGPL is for software you access by linking to a library.
Now that there's a new category of software you access over the network on a platform with customized support infrastructure, the SSPL was intended to provide the same effect of "every user is a potential competitor".
I remember the original BSD licence, regents of the university and all the hassle it was renewing it to get the 4.2 tapes. Same signatory had to re-sign. What? we're a university: he moved on.. tough. no sign, no licence.
Beautiful piece of paper. I seem to recall they invested time and effort re-creating the university logo in T/Roff. The one we had was the first US legal paper I'd seen. I think it even had embossing for the crest.
I know you meant the BSD 4 clause hold harmless, but there was another meaning of BSD licence, before this
So, ideally Mongo and Redis Labs and everyone using AGPL would unite and get FSF to embrace a new stronger user freedom protecting license. Strong user freedom works well for companies that want to protect themselves from megacorps. It's too bad that megacorps gained so much influence over FSF and it's not true to its ideals anymore.
I think the ontology of Free Software License users is a fascinating topic that sees too little light.
This post highlights the following categories:
* BSD-school -- Copyright/IP shouldn't exist, people may do what they wish with code, share it or not, but credit should be given at least... Honestly, kinda libertarian. BSD, ISC, WTFPL, and similar
* BSD-school (radical) -- Copyright law shouldn't exist, and even a requirement to give credit where due is too much. Software anarchists. WTFPL, Unlicense, etc
* Businesses (permissive) -- PaaS and other companies that wish to drink from the stream of existing code, but not worry about making changes and not releasing them. Apache-2.0, second-choice of BSD, ISC, etc
* Free Software Activists -- The GNU school, everything is about user freedom to modify any software they use. AGPL, GPLv3, etc
* Businesses (Upstarts? Free-software weaponizers?) -- They use free software to lure in idealistic hackers, while also using it as a tool to negotiate with Businesses (permissive) to make money. Dual license SSPL/GPL+something permissive,
I think that's roughly the list discussed in the post. I would like to further add a few categories to this list from my perspective:
* Free Software Activists (with outreach) -- GNU school of thought, but with a desire to do outreach; they believe in user freedom, but would rather their code be used copyleft than not used, thus settle for the LGPL. LGPL
* Open-source Advocate -- Developers who believe in open source as a means of collaboration and improvement of software, not as an ideal related to IP law. This interpretation stems largely from people working at Businesses (permissive) which use this sort of open source as a PR tool or attempt at free labour. Apache-2, BSD, etc
* Business (PR/Image) -- A company that publishes open source software to attract developers in any of the previous camps, to create PR, and/or to crowd-source free labour. Distinct from Business (permissive) because (permissive) is about taking and using software, not releasing it, but there is likely overlap. Apache-2, BSD, etc.
I'd like to hear any thoughts others might have on whether there are more ontologies, whether any of these are inaccurate, or whether any of these are poorly categorized.
I've studied philosophy for many years and still ontology seems like much too much a philosophy jargon word to use on HN. (You write as if everyone will understand you.) Well, maybe programmers generally use/know it, sorry if so.
It started in philosophy, but it has spread to the CS field. I doubt most developers I work with would understand the word, but it's relatively common if you work in certain areas (the Semantic Web, for example, has https://en.wikipedia.org/wiki/Web_Ontology_Language)
Not really about the article - but an idea I have been pondering for some time now. How about a software business that would sell licenses for signed copies but distribute everything unsigned under GPL?
My problem of the OSS ecosystem right now is under maintained dependencies that just because they compile and work, means most programs by non-billion dollar firms have a minefield of insecure code inside them.
Signature wouldn't mean anything if there was no warranty. In which case warranty is what they sell and the signature is just a minor technical detail. And selling warranty on software is already a thing.
There is only one small ppint missing when ypu talk of business not caring if community yells.
What if these upstarts needs the community contribution to go through the first hump to adoption. And this break in trust between community and upstart stop people from contributing?
Or if devs begin to walk away for personal disagreements with their company license.
This is not that far stretch and it is what will cost these companies. The value of open source for business is that the community participate and developers were happy.
This licensing nonsense is clearly people trying to force their political opinions or business interests upon software consumption. To step aside from the political nonsense and business liability I prefer the most militant permissive license, CCO-1.0, in my own software.
I prefer AGPLv3 on my software because I've been burned by non-GPL software not respecting my wishes and I don't want any of my users to suffer the same fate. Calling it nonsense is short-sighted.
Bad analogy. Car manufacturers provide a legally mandated feature, but the manufacturer does not dictate usage and is not obligated to. The user can choose to not use the seatbelt, which is not going to change the design of the car.
So if software developing had a law that software must give the four essential user freedoms then it'd be okay to give but otherwise it's not okay? Please.
Then I provide the legally mandated requirements as an optional feature the user can choose to avoid. This way I am still not forcing my (or anybody else's) politics on my users.
This still doesn't answer the question of why I would want to force my politics on my users.
Proud student of an old and noble school of thought!
I wrote in my post:
> Permissive developers, riding a decade of adoption success and wary of copyleft to begin with, wonder now more than ever whether why they abide copyleft complexity and politics. Permissive points register all the more strongly, with copyleft developers too busy recriminating to answer them.
> The BSD school of hackerdom rejects intellectual property and its hassles. Ideally, BSD school hackers wouldn’t use licenses at all. [...]
Uh, no, that's not true. "The BSD school of hackerdom" doesn't reject intellectual property. What a ridiculous oversimplification.
Licensing terms are a business tool. The choice of license at any given point depends on what goals one has, and also what constraints one has. Assuming no constraints, I'd say that anything you feel you can monetize you should either keep proprietary, or use GPL for, while anything you cannot monetize should be licensed under BSD or MIT or similar. That's my take, and it's a common take for many of us who BSD license code or work on BSD licensed code.
Aside: how does one get compensated for BSD-licensing? Easy: a) other people's BSD-licensed sources, b) credit and reputation. Both are a big deal.
The BSD school I referred to is only related to BSD license terms, not defined by them. Many BSD school hackers use MIT or ISC or even Apache. I also mention FPL (0BSD), Unlicense, and especially WTFPL as distinctively BSD-school licenses.
The ideological wing that chooses those licenses, despite knowing businesses won’t accept them, wouldn’t choose GPL for personal work. It’s not a pragmatic position. It’s an activist one.
I think the attribution requirements of BSD-style licenses can be burdensome. If you use 50 permissively licensed open source libraries in your program, you could potentially have to ship 50 different copyright notices and license texts (all with slight differences in terms or wording) in any binary distribution. A lot of boilerplate and busywork. And then remember to take them out again if you don't use that library any more, or update them if the next version changes them a bit, etc.
This is why I see Unlicense, WTFPL, CC0, etc., as appealing.
If I was to develop something that other people ended up using, I'd like to be acknowledged, and I like to think people will do it – just out of common decency, not out of legal obligation. But, I don't really want to burden people with legal obligations to reproduce oodles of copyright notices and license texts.
(Disclaimer: These are just my personal opinions, not those of my employer. I'm really talking about 'what license should I choose as a hobbyist for a personal project?', not what licenses a corporation should choose as a business strategy.)
You might also like to look at the tools that have been written for front-end JavaScript bundlers, like Browserify and Webpack, that automatically assemble and concatenate license notices. That's not a complete solution for all projects, but it shows what tools can do with workable license metadata.
Are you able to explain why one needs a "no warranty" disclaimer on software you are giving away for free?
All consumer protection laws I've seen are predicated on a sale, and so I would not expect them to apply to gifts. A warranty is a contract term, an implied warranty is an implied contract term, but if someone distributes open source software without charge, there is no exchange, no consideration, no contract–so how can there be any warranties, express or implied?
You should get accountable legal advice for any specific project you may be involved in. This is not that.
Consider that at least common law countries don’t require payment to honor contracts. They require legal consideration, which can include mere promises in return. Have a look at Jacobsen v. Katzer and more recently Artifex v. Hancom. Both copyright and contract claims.
There are other interpretations. I’m not aware of any US case law on warranty claims against open source contributors. I’d expect to see it first in jurisdictions with laws limiting broad disclaimers, like Germany.
I am not a lawyer, however I've normally seen the attribution included in the About / informational display of a program. It's entirely about giving credit that something was used and who contributed to that thing (entirely, credit where due).
IANAL either, but it isn't a mere requirement to give credit. A single sentence can be sufficient to give credit.
"Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution."
That appears to be asking for more than just a one line acknowledgement.
I would never include an advertising clause -- I think that's a very onerous term. The projects I work on that use BSD-style licensing do not have an advertising clause.
Yes, I'm talking about clause 2 of the original "4-clause" BSD license. Advertising is clause 3 of the original BSD license. The newer "modified"/"3-clause" license deletes the original clause 3, but clause 2 remains unchanged.
I think my comment makes it clear that I assumed (correctly) that you did not mean "only BSD", but all the similar licenses (e.g., MIT).
Your second paragraph above is unclear as to which licenses businesses won't accept, or why.
In my experience businesses do not accept:
- copyleft'ing in any code that could be integrated into proprietary code that might be distributed to customers
- advertising clauses (not all BSD licenses have these)
- or any clauses that are onerous in any way (the above two are onerous)
(I'm not addressing trademark or patent issues here, just copyright. Obviously code distributed under a friendly license but requiring non-free patent grants is generally out.)
I'm not sure what you mean by "personal work", but I get the feeling that you mean "not easy to monetize" or "impossible to monetize". Why would you use the GPL for such work? Why would anyone make significant changes to software that can't be monetized and not share alike even without being required to by a GPL-like license? I would absolutely prefer BSD (sans advertising clause) or MIT licensing for "personal work", and I would absolutely recommend it.
Many businesses blacklist FPL/0BSD, Unlicense, and especially WTFPL. Those that blacklist CC0 for software do so for patent-related reasons, and not, in my experience, because it's styled a public domain dedication. CC0 actually includes an extensive license, as fallback if dedication doesn't work.
When I wrote "personal work", I meant work for which the developer has control of licensing. Not code for an employer or client with their own licensing policy.
So, I'm curious why the downvotes. Is it GPL fans (even though I'm not against using the GPL)? Or something else? I want to know because this is an important subject to me.
TL;DR: a twenty minute discussion of the permissive vs copyleft dichotomy and why it puts a division between activist- and business-developers. Food for thought rather than answers or questions.
From the article:
Ask people affiliated with the Open Source Initiative about free software, and many will tell you that it isn’t really any different from open source. Free software just preached too much fire and brimstone, missed the rebrand, and lost mindshare.
Ask folks affiliated with the Free Software Foundation about open source, and many will jump to tell just how different it is. Open source strips free software of its values, pandering to the nonfree industry with promises of better, cheaper code, which doesn’t happen without unifying community spirit.
Did you get past the part about existing divisions, to the discussion of how hybrid terms like SSPL appeal exclusively to business use cases, without activist support?
TL;DR as I see it: there's permissive vs copyleft dichotomy in licenses. Both camps are made out of activists and commercial players - copyleft camp has FSF and upstarts, permissive camp has BSD hackers and corporations. The situation is changing, as the commercial players from both camps joined together trying to forge their own "open source" license type, leaving activists from both camps aside.
Seems a nice effort, but the "necessarily infringed" seems awkward (if there's a license, there's no infringement!). Has it been reviewed by an IP lawyer?
I work at a FAANG, and there’s pretty much a hard ban on any copyleft code being a dependency outside of stuff installed via distro packages. The lawyers are tough about it; the advice is always to get an enterprise license (or of course, make your own cool BSD+patents library to ‘open source’ as marketing).
I hear similar things from friends at other FAANG companies.
Do you see/hear of this more from startups based around a specific technology, containerizing copyleft code and calling it exempt? Any examples you can share?
P.S. Great blog!