How to pick an open source license (part 2)

How to pick an open source license (part 2)

Summary: In my last installment, I introduced a simple decision tree that could help you decide which (if any) of the many open source licenses you should use for your project. In this part I'll go through some of the most common licenses and see where they fall from this tree. I'll also try to address some of the issues that people pointed out in the comments to my last posting.

SHARE:
TOPICS: Legal
25

[Updated 22jun06 to clarify a few things based on reader comments -ebb]. In my last installment I introduced a simple decision tree that could help you decide which (if any) of the many open source licenses you should use for your project. Each decision point generally asked a yes or no question about what is important to you. For example, if you want someone who uses [and distributes] your code to be forced to make any bug fixes and modifications available under the same licenseIt's this situation that earned GPL the nickname of "The Greedy Programmer's License". then you want to use a license with an explicit "reciprocity" clause that requires that.

In this part I'll go through some of the most common licenses and see where they fall from this tree. I'll also try to address some of the issues that people pointed out in the comments to my last posting. The same disclaimer applies: This isn't legal advice, and I'm not a lawyer, and I'm probably over-simplifying some of the points, but I hope you find it helpful.

In the comments there was some confusion about what I meant when somebody "uses" your code. The most common case that I have in mind is that you write some code that somebody else wants to incorporate in a program that they intend to distribute (e.g., let other people download and run). [Depending on the license, the rules may be different if they're only using your code in-house without distributing it. I'm only addressing the distribution case. -22jun/ebb]

Opensource.org lists over 50 licenses to choose from. For goodness sakes, please don't invent another one. I'm only going to cover a few so if I leave out your favorite license then please add it in the talkback section using the same format.  

Public domain 

Description: This isn't really a license at all, but rather a renouncing of any rights you might have under copyright law. The idea is simple to understand but gets a little hairy legally. Some say it's not possible to renounce these rights, some say it depends on the country, some say that once renounced you can un-renounce them later, and some say it's perfectly fine.  After reading about it some more, my advice is to punt and and use a BSD/MIT license instead.

Code is protected by copyright? No

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? No 

Provides explicit patent license? No

BSD/MIT

Description: The BSD and MIT licenses are two of the oldest and most liberal licenses available. They basically put no restrictions on how the software can be used. These licenses are used by a wide variety of projects including FreeBSD.

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? No

Provides explicit patent license? No

ASLv2 (Apache)

Description: The Apache license is only slightly more restrictive than the BSD/MIT licenses. The main thing it adds is some clauses about patent licensing and termination. You should carefully read all the patent clauses in the licenses that have them because they all have subtle differences. All the Apache.org projects use ASL but it's also in wide use outside Apache (for example Google uses it for GWT).

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? No

Provides explicit patent license? Yes

GPL (v2)

Description: This is a very common license that allows people to freely use your software as long as they don't charge for it and use the same license for parts of the program that they wrote themselves. The copyright holder is not subject to these restrictions. Widely used, but largely misunderstood. The canonical examples are Linux and MySQL.

Code is protected by copyright? Yes

Code can be used in closed source projects? No* (except by copyright holder)

[*Note: If GPL code is only used in-house, then the answer is Yes. But if someone uses the GPL code in a derived work, and distributes the work, then the answer is No. I'm assuming distribution for this article. -22jun/ebb]

Program that uses (incorporates) the software can be sold commercially? No** (except by copyright holder)

[**Note: If you take "sold" to mean charge for distributing, charge for bundling and packaging, charge for reproducing, charge for support, and charge for indemnification, then the answer is Yes. This is the Linux distributor model. However if by "sold" you mean "paid a fee for a license to use" then the answer is No. Working at a commercial software developer that does charge such fees, the latter definition is most natural to me, so it's the meaning I'm using for this article. -22jun/ebb]

Source to bug fixes and modifications must be released? Yes [if distributed, see above]

Provides explicit patent license? No (but v3 is supposed to address this)

 

LGPL

Description: A derivative of GPL, LGPL includes an exception that is intended to allow code that is released under other licenses to co-exist with and call the LGPL code. However this exception is a bit fuzzy legally as it's currently written, so some businesses shun it. The author of the license encourages people not to use it. Personally I think LGPL is a much better choice than GPL for most software, but that a more modern license like EPL is often even better.

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes (maybe)

Program that uses (incorporates) the software can be sold commercially? Yes (maybe)

Source to bug fixes and modifications must be released? Yes [if distributed; see notes under GPL]

Provides explicit patent license? No

MPL/CDDL

Description: MPL is used by Mozilla, Firefox, and many other projects. CDDL is based on MPL with a few minor tweaks to make it more applicable outside of Mozilla. CDDL is used by many Sun products such as Solaris. It's expected that Java will be open sourced either under the CDDL or (L)GPL. Note that the patent clauses are not palatable to some businesses, so you may want to consider EPL instead.

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? Yes [if distributed]

Provides explicit patent license? Yes

 

CPL/EPL

Description: CPL was derived from the old IBM Public License and was also influenced by MPL. CPL was originally used by Eclipse, but that project switched to EPL. CPL is also used by some Microsoft open source projects on SourceForge. EPL is a newer version of CPL with some improvements in its patent language to make it more acceptable to businesses. For example if there's a patent dispute it will only affect the part of the software covered by the patent and not the whole thing.

Code is protected by copyright? Yes

Code can be used in closed source projects? Yes 

Program that uses (incorporates) the software can be sold commercially? Yes 

Source to bug fixes and modifications must be released? Yes [if distributed]

Provides explicit patent license? Yes

Dual license

Description: This isn't really a license, it just means making your software available under two or more different licenses. This is useful in two circumstances:

  1. The license you originally picked isn't compatible with the license somebody else uses and they want to use your code (or vice-versa). This is how you get things like "GPL/LGPL/MPL/EPL" licenses (a quad-license). Then there's no question that your code can be used in programs that use any of the licenses you mention.
  2. You want to make your software available without charge in other free programs, but if somebody is going to make money off of it then you want a share. The typical example is MySQL. It's licensed under GPL, but if a different company wants to embed it in their commercial program then they have to get a different, commercial license. The copyright holder, of course, can use their own software however they like. It's this situation that earned GPL the nickname of "The Greedy Programmer's License". See also this slashdot thread. Of course, one could argue other licenses like BSD, MIT, and Apache, are "greedy vendors' licenses". That's one reason I like the pragmatic, middle-of-the-road licenses like EPL.
Note: Normally, only the copyright holder can re-license the software (for example to issue commercial licenses). So if multiple people contribute to your project, you may need to get them to sign some kind of contributor's agreement that spells out who owns the copyright and what kinds of activities are allowed. For this you definitely need a lawyer.

Final notes

Several people noted the "anti-GPL slant" of the previous article. I admit I'm not too fond of the GPL. If people pick GPL on purpose, with full knowledge of its restrictions and philosophy, that's fine. I just see too many people pick it when they don't really need to. As one responder to my original article wrote:

If you think using GPL'ed software in commercial software is "smooth sailing" you don't understand the license. There are safe situations, but in everything except the very straightforward cases, you have to understand more about contract and copyright law that most developers do to know what is safe and what isn't.

Pick what you want, but pick it for the right reasons. And consult a lawyer if you need to cover your assets. 

Topic: Legal

Ed Burnette

About Ed Burnette

Ed Burnette is a software industry veteran with more than 25 years of experience as a programmer, author, and speaker. He has written numerous technical articles and books, most recently "Hello, Android: Introducing Google's Mobile Development Platform" from the Pragmatic Programmers.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

25 comments
Log in or register to join the discussion
  • Hands down, CDDL is best. (NT)

    .
    No_Ax_to_Grind
    • Care to elaborate?

      nt
      Ed Burnette
    • Depends

      Choose the license best for what you want to do. There is no "best" for all situations. It all depends on what your needs (or the needs of your business) are.
      CobraA1
  • Got the GPL wrong... again.

    It's frustrating when people with a definite bias attempt to write ostensibly objective reviews. At the least, if you know you have a bias you should go out of your way to ensure that the things you say about the objects of your bias are in fact true. Unfortunately, there are a number of inaccuracies regarding the GPL in this article.

    At least twice it's stated that you are not allowed to charge money for GPL'd software. This is a very common fallacy about the GPL: anyone making an effort to research the subject must surely have come across this canard and seen it debunked. There is absolutely nothing in the GPL that forbids anyone from charging any amount of money they like for GPL'd software. And that's just as it should be, since the GPL is not about money at all (free-as-in-beer): it is ONLY about freedom (free-as-in-speech). Of course, realistically speaking there is a severe limit to how much one can charge for GPL'd software, because you are required to provide the source code and all the rights conferred upon you by the GPL, to the people who purchase the software from you. Which means you might be able to sell the first copy for $100,000, but the purchaser can turn right around and post the entire thing on her website and there's nothing you can do about it. Nevertheless, the statement that you cannot charge for GPL'd software is manifestly false (there are now and have been for a long time, companies charging for GPL'd software!)

    The second major error in the article is the use of the term "commercial software", or software that costs money, when what the author really meant was "proprietary software", or software where source is not provided and the user is not allowed to make or share copies. These two things are quite orthogonal.

    Of course, the author is absolutely correct when he says that it's quite tricky to combine GPL'd software and proprietary software... that's the entire point of the GPL, after all! In other words, this is a feature not a bug. Consider that if you think you need to hire a lawyer to work with the GPL, you're probably doing something against the wishes of those who created the software.

    Finally, the author implies that if only people understood the GPL better, they'd run screaming into the bushes rather than license their software with it. Personally, I've not seen many cases at all of people choosing the GPL inadvisedly because they didn't realize what they were doing, then wanting to change it later. I'd be interested to know where all these mis-licensed applications and frustrated software authors are! I suspect the vast majority of the software developers who choose the GPL understand it far better than the author.

    There IS, however, one critical problem with the GPL which the author doesn't even touch on: the GPLv2 is 'way too picky about which licenses it is friendly with. This makes it very difficult to combine with other open source licenses. Very open licenses such as MIT are fine, but almost anything else conflicts with the GPL. I have definitely known open source projects to get into messes where they want to combine GPL'd software with software covered under other open source licenses and haven't been able to do it. It seems that this area is one that is getting a lot of scrutiny in GPLv3, currently under review. Hopefully this will become less of an issue in the future.
    modernityminus
    • I knew someone would jump on the 'paying' issue....

      ...and you are right but I have some comments...


      [i]"Consider that if you think you need to hire a lawyer to work with the GPL, you're probably doing something against the wishes of those who created the software."[/i]

      I disagree here. If you are working in a large coporate setting and millions of dollars are st stake it would make perfect sense to consult a lawyer when working with GPL code, or for that matter *any* code that you will be attaching a license to and distributing. Some businesses go as far as barring their programmers from even *looking* at GPL'd code be they are so scared ****less about being "infected" by the GPL.

      [i]"I have definitely known open source projects to get into messes where they want to combine GPL'd software with software covered under other open source licenses and haven't been able to do it. It seems that this area is one that is getting a lot of scrutiny in GPLv3, currently under review. Hopefully this will become less of an issue in the future."[/i]

      Knowing RMS, I hightly doubt if this will get better. In fact, I would suprise me one bit if it got even worse. You are being pragmatic. I hardly consider RMS a pragmatic thinker when it comes to software licensing.
      toadlife
      • I don't quite agree

        [i]"I disagree here. If you are working in a large coporate setting and millions of dollars are st stake it would make perfect sense to consult a lawyer when working with GPL code, or for that matter *any* code that you will be attaching a license to and distributing."[/i]

        I don't disagree that it makes sense to be safe, but most people who use the GPL expect code that makes use of theirs to ALSO be released under the GPL. If you do that you're perfectly fine and there's no need to consult a lawyer. If you don't want to release your code under the GPL then absolutely you need to talk to an attorney... and this was precisely my point.

        [i]"Some businesses go as far as barring their programmers from even *looking* at GPL'd code be they are so scared ****less about being "infected" by the GPL."[/i]

        I seriously doubt that this, either, bothers those who choose the GPL as a license. The companies that make these sorts of restrictions are typically completely wedded to a culture of "intellectual property" that most developers who choose the GPL explicitly find anathema. If those companies are less able to compete with more nimble, "freer minded" companies due to their avaristic and suspicious mind-set, well... I doubt many tears would be shed in the F/OSS camp.

        [i]"Knowing RMS, I hightly doubt if this will get better. In fact, I would suprise me one bit if it got even worse. You are being pragmatic. I hardly consider RMS a pragmatic thinker when it comes to software licensing."[/i]

        Perhaps, but in this case there's no doubt. Read just about any review of the GPLv3 and you'll see they note it has new language specifically designed to allow additional restrictions involving trademark use and use of contributors' names, etc. These were unquestionably added to increase the "portability" of the GPL so it could be combined with more F/OSS licenses than is possible with GPLv2.
        modernityminus
        • Let me guess....

          [i]"Perhaps, but in this case there's no doubt. Read just about any review of the GPLv3 and you'll see they note it has new language specifically designed to allow additional restrictions involving trademark use and use of contributors' names, etc. These were unquestionably added to increase the "portability" of the GPL so it could be combined with more F/OSS licenses than is possible with GPLv2."[/i]

          And going with RMS's "all software must be under the GPL" philosophy, I'm sure the changes made will be for the express purpose of bringing more code [b]into[/b] GPL projects, right? ;)
          toadlife
      • RMS != pragmatic

        Kind of by definition (and by choice). Technically speaking, he says GPL isn't even an "open source" license.
        Ed Burnette
    • In practice you cannot charge for GPL'd software

      Contrary to popular belief I don't just make this stuff up. GPL section 2b says:

      "You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License."

      And section 11 says:

      "BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM,..."

      Elsewhere it says you can charge a nominal fee for "physically performing source distribution", and it doesn't disallow you for charging for support, but that's it.

      See also the faq:
      http://www.gnu.org/licenses/gpl-faq.html#TOCDoesTheGPLAllowRequireFee
      "The GPL is a free software license, and therefore it permits people to use and even redistribute the software without being required to pay anyone a fee for doing so."
      Ed Burnette
      • Yes, you can.

        The terms you quoted and the FAQ you linked are talking about something quite different than me selling you some software: they are saying that I cannot require you to pay me when you redistribute the GPL'd software to a third party (just as I pointed out in my original reply). It has absolutely nothing whatever to do with whether or how much I can require you to pay me before I distribute the software to [i]you[/i].

        If you look at the FAQ just two questions before the one you quoted, you'll see the EXACT QUESTION you are asking, with its answer (http://www.gnu.org/licenses/gpl-faq.html#DoesTheGPLAllowMoney):

        [i][b]Does the GPL allow me to sell copies of the program for money?[/b]
        Yes, the GPL allows everyone to do this. The right to sell copies is part of the definition of free software. Except in one special situation, there is no limit on what price you can charge. (The one exception is the required written offer to provide source code that must accompany binary-only release.)[/i]

        You can also read RMS's manifesto on [i]Selling Free Software[/i] (http://www.gnu.org/philosophy/selling.html) where he makes this even more clear (this is linked in the FAQ as well).
        modernityminus
        • Charge to distribute != fee for use

          You're confusing a charge for distributing software (like what Red Hat does) with a sale or license of the software (like what BEA, Oracle, SAP, IBM, etc. do).

          GPL does let you charge for distributing the software. However you cannot charge a fee for using the software itself. It's a subtle but important difference.

          Contrast this with, say, Apache or EPL. I can take a piece of Apache or Eclipse code, combine it with another piece of code which is not open source, and sell/license the whole program for a fee. You could argue that's a bad practice if you want (I'd disagree with you) but it's a fundamental difference between GPL and most other software licenses.
          Ed Burnette
          • Sell != fee for use

            Your definition of commercial software is what's at issue here. Your definition appears to be that use of the software (not its aquisition) requires a fee to be paid. This is not what the word "sell" means in any industry except the software industry. If I sell you a book, the doctrine of first sale and copyright law say that I can't extract a fee from you for its use, but you can't distribute copies. For example, you can give your copy away to whomever you like. The GPL just license people to distribute copies of what they bought, as long as that distribution is under the terms of the GPL.

            But in the softare industry, sell has come to mean "prevent anyone from using without paying." The model is in some ways more like renting a movie. You should be clearer in your article that what you mean by "can be used in commercial software" is that the license allows you to restrict use to people who directly pay you.
            dobbsb29
          • Correct

            Yes, technically software is not "sold" like oranges are "sold". It's licensed for use, either forever or for a set time like a year and then renewed. The movie analogy is good. You can either "buy" a movie (= license to view indefinitely) or "rent" a movie (= license to view it for a week or so).

            I use the term "buy" as in the common vernacular. If I said "I'm going down to Office Depot to buy a copy of MS Office", you would understand what I'm doing - paying a fee to license its use, a fee that lets me run MS Office on my computer. Since MS Office is commercial software, not GPL'd, it's *not* ok for me to give copies of Office to 100 of my friends. It would be ok to do that for, say, Open Office.

            So by "Program that uses the software can be sold commercially?", I mean that someone can combine your software into a larger derived work which can be distributed and licensed for a fee, and the larger derived work can be licensed in any way that the person producing the work deems appropriate.

            If your software is GPL'd then they can't do that, but for most of the other licenses they can. There are many reasons why you'd want to allow that and many reasons why you wouldn't, but that's your decision as the copyright holder to determine.

            Is that more clear?
            Ed Burnette
          • Hmm, I have a question then

            Why [i]are[/i] we using the "movie" model for software? Why are we not using the "oranges" model?
            CobraA1
          • Re: why not oranges

            > Why are we not using the "oranges" model?

            I don't know, but if I had to take a guess I'd say it's because once you actually "own" something you would be able to control what you do with it, like share it with your friends, stick your own name on it, deface it, take it apart, resell it, etc.. By only licensing it the author can retain more control.
            Ed Burnette
          • Re:Sell != fee for use

            Mr. Burnette is clearly trying to scare people away from the GPL. First, a web search shows his past attempts. Second, his excuse for sloppy language do not cut it. For example, he says that he avoids "distribute" because of the legal complexities of its use. Well anyone who has looked at legal language has seen ordinary words defined very specifically; it's hardly rocket science. "Use" clearly has more potential meanings than "distribute" (just look them up!), and therefore "use" has more potential for complex interpretations.

            So he tries to qualify and disclaim a lot up front in order to then try to get away with subsequent loose language, so that people are at best confused and perhaps disuaded from seeking an accurate and fair introduction.

            These slanted articles make one wonder about who pulls the zdnet editorial strings.
            b3timmons
          • Re: Sell != fee for use

            A third and amusing indication of Mr. Burnette's intentions is his little coinage:

            [i]It's this situation that earned GPL the nickname of "The Greedy Programmer's License".[/i]

            A web search on that phrase reveals that it was only earned in Mr. Burnette's mind. Yet he tries to make it into something beyond that by saying "...that earned GPL".

            I think Mr. Burnette would have better luck finding [i]real[/i] anti-GPL arguments rather than playing juvenile word games.
            b3timmons
      • You can sell value, not bits and bytes...

        Please take this opinion with a grain of salt, I'm very biased toward software libre ideology. Also, maybe the software I develope is not too common (Try to sell a Notepad-like text editor... no matter the license it is like selling ice to Eskimos).

        I develop software for a living (well, around 50% of my money comes from this) and most software I write is GPL. I have distributed openly some apps only. I have distributed most apps to only a few customers (because they are not ready for prime time, have not been globalized [are still in Spanish] or they objective is too narrow [too specific, would not benefit many people]).

        I think the core services you can offer with a GPL software are customization, technical support and guarantees.

        For a solo developer, customization is a good way to earn money with GPL software. I do this all the time.

        For a team, offering technical support is a good choice too. I do this too, but only for local customers [in my city or nearby cities], because I'm alone.

        And of course, the guarantees, specially uptime and on-time fixes guarantees. I have to solve the problems following a Level of Service Agreement, but the money is good. At first I thought most customer would not like to pay for this, but... IT people is usually more willing to pay for this and (surprise for me) small bussiness managers. I think they already know what is to be left in the cold with a "supported" propietary software (custom or shrink-wrapped) which in reality is not very well supported.

        For web applications you can also offer custom hosting solutions. I have never done this but I think it can be done.

        I usually choose the GPL (or LGPL) because I believe in its social value. And a second reason is I really believe I'm giving my customers a less risky solution than a proprietary software.

        I have wondered "what if somebody else start providing these services using my code?". Well, be my guests, but I think that if you can do it better than me, then you can actually write your own software. And, I'm the chief, my projects will follow the roadmap I want. If somebody use my code and creates a different roadmap and succeed (with the market), then it means the market have talked and required that version that I could not provide.


        At the end of the day, if you want to get paid for bits and bytes then better use a proprietary license. That's like getting paid per hour. But if you want to get paid for the value you give to the customer, then you have to offer that... value, and bits and bytes is not enough. Not anymore.


        Regards,

        MV
        MV_z
  • These articles are too sloppy to be trusted

    From the article:

    [i]The same disclaimer applies: This isn't legal advice, and I'm not a lawyer, and I'm probably over-simplifying some of the points, but I hope you find it helpful.[/i]

    If you are going to summarize, can you at least be factual? The other talkbacks already point out errors, as have posts on other web sites such as on lwn.net.

    An even more insidious problem:

    [i]In the comments there was some confusion about what I meant when somebody "uses" your code. The most common case that I have in mind is that you write some code that somebody else wants to incorporate in a program that they intend to distribute (e.g., let other people download and run).[/i]

    Why not just write "distribute" instead of "use" then? I am sure you can write much better than that! This material is intended for casual readers, so precision must make up for missing details. Don't you agree?
    b3timmons
    • They are introductory and nothing more than that

      It appears that you do need to proofread the articles against someone who knows programming but knows little about software licenses (a student perhaps?). "uses" is too general.

      Though, if anyone is using these articles as their only basis for choosing a license, he or she really needs to get their head checked. The articles are just an introduction and nothing more than that.
      kazarmy