How to pick an open source license (part 2)

Summary:In my last installment, I introduced a simple decision tree that could help you decide which (if any) of the many open source licenses you should use for your project. In this part I'll go through some of the most common licenses and see where they fall from this tree. I'll also try to address some of the issues that people pointed out in the comments to my last posting.

[Updated 22jun06 to clarify a few things based on reader comments -ebb]. In my last installment I introduced a simple decision tree that could help you decide which (if any) of the many open source licenses you should use for your project. Each decision point generally asked a yes or no question about what is important to you. For example, if you want someone who uses [and distributes] your code to be forced to make any bug fixes and modifications available under the same licenseIt's this situation that earned GPL the nickname of "The Greedy Programmer's License". then you want to use a license with an explicit "reciprocity" clause that requires that.

In this part I'll go through some of the most common licenses and see where they fall from this tree. I'll also try to address some of the issues that people pointed out in the comments to my last posting. The same disclaimer applies: This isn't legal advice, and I'm not a lawyer, and I'm probably over-simplifying some of the points, but I hope you find it helpful.

In the comments there was some confusion about what I meant when somebody "uses" your code. The most common case that I have in mind is that you write some code that somebody else wants to incorporate in a program that they intend to distribute (e.g., let other people download and run). [Depending on the license, the rules may be different if they're only using your code in-house without distributing it. I'm only addressing the distribution case. -22jun/ebb]

Opensource.org lists over 50 licenses to choose from. For goodness sakes, please don't invent another one. I'm only going to cover a few so if I leave out your favorite license then please add it in the talkback section using the same format.  

Public domain 

Description: This isn't really a license at all, but rather a renouncing of any rights you might have under copyright law. The idea is simple to understand but gets a little hairy legally. Some say it's not possible to renounce these rights, some say it depends on the country, some say that once renounced you can un-renounce them later, and some say it's perfectly fine.  After reading about it some more, my advice is to punt and and use a BSD/MIT license instead.

Code is protected by copyright? No

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? No 

Provides explicit patent license? No

BSD/MIT

Description: The BSD and MIT licenses are two of the oldest and most liberal licenses available. They basically put no restrictions on how the software can be used. These licenses are used by a wide variety of projects including FreeBSD.

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? No

Provides explicit patent license? No

ASLv2 (Apache)

Description: The Apache license is only slightly more restrictive than the BSD/MIT licenses. The main thing it adds is some clauses about patent licensing and termination. You should carefully read all the patent clauses in the licenses that have them because they all have subtle differences. All the Apache.org projects use ASL but it's also in wide use outside Apache (for example Google uses it for GWT).

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? No

Provides explicit patent license? Yes

GPL (v2)

Description: This is a very common license that allows people to freely use your software as long as they don't charge for it and use the same license for parts of the program that they wrote themselves. The copyright holder is not subject to these restrictions. Widely used, but largely misunderstood. The canonical examples are Linux and MySQL.

Code is protected by copyright? Yes

Code can be used in closed source projects? No* (except by copyright holder)

[*Note: If GPL code is only used in-house, then the answer is Yes. But if someone uses the GPL code in a derived work, and distributes the work, then the answer is No. I'm assuming distribution for this article. -22jun/ebb]

Program that uses (incorporates) the software can be sold commercially? No** (except by copyright holder)

[**Note: If you take "sold" to mean charge for distributing, charge for bundling and packaging, charge for reproducing, charge for support, and charge for indemnification, then the answer is Yes. This is the Linux distributor model. However if by "sold" you mean "paid a fee for a license to use" then the answer is No. Working at a commercial software developer that does charge such fees, the latter definition is most natural to me, so it's the meaning I'm using for this article. -22jun/ebb]

Source to bug fixes and modifications must be released? Yes [if distributed, see above]

Provides explicit patent license? No (but v3 is supposed to address this)

 

LGPL

Description: A derivative of GPL, LGPL includes an exception that is intended to allow code that is released under other licenses to co-exist with and call the LGPL code. However this exception is a bit fuzzy legally as it's currently written, so some businesses shun it. The author of the license encourages people not to use it. Personally I think LGPL is a much better choice than GPL for most software, but that a more modern license like EPL is often even better.

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes (maybe)

Program that uses (incorporates) the software can be sold commercially? Yes (maybe)

Source to bug fixes and modifications must be released? Yes [if distributed; see notes under GPL]

Provides explicit patent license? No

MPL/CDDL

Description: MPL is used by Mozilla, Firefox, and many other projects. CDDL is based on MPL with a few minor tweaks to make it more applicable outside of Mozilla. CDDL is used by many Sun products such as Solaris. It's expected that Java will be open sourced either under the CDDL or (L)GPL. Note that the patent clauses are not palatable to some businesses, so you may want to consider EPL instead.

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? Yes [if distributed]

Provides explicit patent license? Yes

 

CPL/EPL

Description: CPL was derived from the old IBM Public License and was also influenced by MPL. CPL was originally used by Eclipse, but that project switched to EPL. CPL is also used by some Microsoft open source projects on SourceForge. EPL is a newer version of CPL with some improvements in its patent language to make it more acceptable to businesses. For example if there's a patent dispute it will only affect the part of the software covered by the patent and not the whole thing.

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? Yes [if distributed]

Provides explicit patent license? Yes

Dual license

Description: This isn't really a license, it just means making your software available under two or more different licenses. This is useful in two circumstances:

  1. The license you originally picked isn't compatible with the license somebody else uses and they want to use your code (or vice-versa). This is how you get things like "GPL/LGPL/MPL/EPL" licenses (a quad-license). Then there's no question that your code can be used in programs that use any of the licenses you mention.
  2. You want to make your software available without charge in other free programs, but if somebody is going to make money off of it then you want a share. The typical example is MySQL. It's licensed under GPL, but if a different company wants to embed it in their commercial program then they have to get a different, commercial license. The copyright holder, of course, can use their own software however they like. It's this situation that earned GPL the nickname of "The Greedy Programmer's License". See also this slashdot thread. Of course, one could argue other licenses like BSD, MIT, and Apache, are "greedy vendors' licenses". That's one reason I like the pragmatic, middle-of-the-road licenses like EPL.
Note: Normally, only the copyright holder can re-license the software (for example to issue commercial licenses). So if multiple people contribute to your project, you may need to get them to sign some kind of contributor's agreement that spells out who owns the copyright and what kinds of activities are allowed. For this you definitely need a lawyer.

Final notes

Several people noted the "anti-GPL slant" of the previous article. I admit I'm not too fond of the GPL. If people pick GPL on purpose, with full knowledge of its restrictions and philosophy, that's fine. I just see too many people pick it when they don't really need to. As one responder to my original article wrote:

If you think using GPL'ed software in commercial software is "smooth sailing" you don't understand the license. There are safe situations, but in everything except the very straightforward cases, you have to understand more about contract and copyright law that most developers do to know what is safe and what isn't.

Pick what you want, but pick it for the right reasons. And consult a lawyer if you need to cover your assets. 

Topics: Legal

About

Ed Burnette has been hooked on computers ever since he laid eyes on a TRS-80 in the local Radio Shack. Since graduating from NC State University he has programmed everything from serial device drivers and debuggers to web servers. After a delightful break working on commercial video games, Ed reluctantly returned to business software. He... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.