I thought I’d take some time to talk about licensing.
Licensing is something that F/OSS programmers talk about a lot. There’s two major categories of licenses:
- The GPL, aka Copyleft. You must distribute source with your application, and users get full rights to the source code, including any additions you may make.
- Permissive licenses, X/MIT, BSD, etc. These let you do pretty much everything.
There’s also the LGPL, which vaguely applies GPL-like terms to the original code, but is not "viral". LGPL originally meant "Library GPL" but was renamed to "Lesser GPL" because people automatically used it for libraries without considering what the license actually enforced.
How much do these licenses matter? How should a person choose between these options?
First, the LGPL. It has specific phrasing that makes some sense for C code, to distinguish between extending the library itself and using the library. It doesn’t make much sense for other runtime environments. Some people have tried to clarify its meaning in other environments, but I’m not sure if a clarification like that means much. The ambiguity seems like the worst of all worlds. People who are afraid of the GPL won’t use the software anyway. People who act in bad faith can satisfy the terms of the license through trickery. You don’t get any practical protection over a permissive license, and you get most of the stigma of the GPL. The GPL has some success stories, places where source was actually released due to the terms of the license. I don’t know of any similar success stories for the LGPL. If you don’t want to use the GPL, just use a permissive license.
Then the question: GPL or permissive licensing?
For some time I’ve chosen a permissive license for my code. But I’m not really advocating that, and every so often I throw out a little GPL code. Underneath this is something of a disinterest in licensing. I don’t think it means much. If specifics of your license matters then something has gone wrong. People are leeching code, and/or the community isn’t providing enough benefit to encourage participation. I don’t believe that software has much intrinsic worth, and treating it like property doesn’t make that much sense to me. Licensing treats software as property, which is why I see the relevance of licensing as a kind of disfunction. But there is the outside chance that it’s really just a big project, or that the project is being participated in by rivals. But nothing I work with is like this, and it’s pretty uncommon generally, and anyway those projects all have their licensing pretty much figured out.
The GPL does seem to serve a constructive purpose when rivals have to cooperate in some fashion. It makes a kind of demilitarized zone where everyone has to work for the collective good. But even this is a sign that you can’t trust the participants. This is somewhat reasonable, because you can’t actually trust large corporations with faceless programmers working on the code. But even that’s a kind of disfunction, because you can at least kind of trust large corporations with programmer employees who have a public face. The individual programmers are going to be very uncomfortable participating in any kind of Machiavellian conspiracy. Good open source projects are a coming together of individuals. Institutions are not effective participants. There are however scaling issues with individual participation: particularly that only a minority of developers are actually inclined to participate in this way. An institution can pay someone to work on something they don’t care very deeply about, and that person can still do useful work. But they won’t be part of the community.
Outside of this mediation of rivalries I’m not really sure what the GPL provides. It protects users, because the terms of the GPL ensure that users get code. It doesn’t actually ensure that code is made public, though it does give developer employees leverage to make their work public. There’s some urban legends about the viral aspect of the GPL, but that’s really just bullshit. Code doesn’t magically get relicensed just because there’s a little GPL in the mix. The GPL police won’t show up at your door and confiscate your computers. The only people who make those claims are GPL-haters like Microsoft. Who should you trust: the FSF or Microsoft? If you answered "Microsoft" then you need to get your head screwed on straight.
Unfortunately there is a stigma about the GPL, and there are competent developers that avoid all GPL software. I find this frustrating, especially since I don’t actually care about licensing, and so this adds a point of contention that I don’t really care to pay attention to. Some people in this situation then become GPL haters, because they feel like it’s all GPL’s fault. But the GPL didn’t create the licensing situation — proprietary software started this. Direct your hate where it belongs. The GPL ain’t it.
If my libraries were GPL I doubt I could leverage that to make other people open source their code. But I know I would alienate some people, and as a result I choose a permissive license because it’s just strategically advantageous.
Applications I think are different strategically. You don’t just swap an application in and out like you might a library. If you choose to use an application, then often the licensing is a secondary choice. The licensing ultimately only really applies to extensions. Libraries also have a different pattern of acceptance. Stubborn GPL haters can in effect veto a library in many projects (this is because stubborn GPL haters are viral). But in an application their influence is much smaller. Developers concerns like architecture and choice of libraries are not what drives an application. An application is driven by its functionality. If you have a useful application then licensing tends to be a secondary concern. The licensing tends to define the community in some sense as well, and as a result there’s a kind of opt-in consensus. And I think the GPL in these cases really does create an environment of collaboration around extensions. It has a real benefit.
This seems to be true empirically as well. GPL’d libraries don’t tend to get very popular. People will do crazy-big projects just because of licensing issues. GPL’d Applications seem to do quite well, with examples like WordPress, Plone, The Gimp, and even the Linux kernel, which is closer in structure to an application than a library.
I haven’t studied the GPL v3 very closely, but it seems useful to me. Software-as-a-service has the potential to make the GPL irrelevant (especially for the kind of code I write), and could put the GPL in the same category as the LGPL where it retains its stigma without offering any practical advantages. Version 3 makes the permission/GPL choice seem useful, but so far I’ve never made any truly conscious choice between version 2 and 3.
If you are thinking about choosing a license, or thinking about choosing software based on the licensing, maybe these thoughts will be helpful in your own thinking. And please don’t GPL-hate in the comments, I’m not interested and if you feel the need then go write your own post.
Update: I wrote a second article to expand on some thoughts: The GPL and Principles
Automatically generated list of related posts:
- The GPL and Principles For the most part by the time I finished writing...
I’m serious about GPL rants: I find them terribly tedious and I will delete comments.
Yesterday I happened to relicense some code from GPL to BSD, in response to a colleague who wondered whether my potential clients might have issues with some restrictions in the GPL. I realized that I didn’t quite understand GPL enough to know whether that was a problem, so I switched the trunk (I left the older branch as GPL).
I understand that there are legal issues and legal issues are complicated, but to me the biggest problem with the GPL was that in 20 minutes of reading up I couldn’t find the answer to my friend’s question. Permissive licensing lets me get on with my life.
I think the [Ogre 3D Rending Engine](http://www.ogre3d.org) is a LGPL success story. Many people contribute back, and no one is screwing the author in the engines usage.
Thanks so much for this post. This is exactly the information I was looking for in [my post](http://mail.zope.org/pipermail/zope/2007-December/172687.html) to the zope and plone lists not too long ago. All I got was a flame war. Thanks much for actually answering the question. :)
Is there any viable alternative to the LGPL for runtimes like Python? I like that it prevents someone from totally hijacking my work*, but I agree that it and the GPL are very C-specific (which is sensible and good for the kind of code the FSF ordinarily writes).
Joseph: there’s definitely lots of libraries that do fine with the LGPL. But I don’t think they would do any differently under a permissive license. There are some GPL success stories, like gcc Objective C support, where the GPL actually got someone to open source something that they wouldn’t have open sourced otherwise. I don’t know of any cases like that with the LGPL.
Dan: I think a permissive license in practice works fine. There’s just not much incentive to hijack people’s work.
If you take the software as a service to the extreme, you end up with a thin client that can still run GPLv3 code. This might be quite effective because then you own your local machine and all the code on it [that implements the client]; perhaps the FSF could declare victory at this point. You would still need the GPL to protect this new state of affairs.
“Code doesn’t magically get relicensed just because there’s a little GPL in the mix. The GPL police won’t show up at your door and confiscate your computers.”
I have a little bit of an issue with this part of your article: I respect the GPL, so I will never use software licensed under it in circumstances where I (or my employer) possibly can’t or don’t want to fulfill it’s license terms – no matter if anybody will show up to complain or get us to court or something.
It’s just a matter of “respecting the terms of whoever wrote the stuff”. I live in a country where practically no case of pirated comercial software is ever prosecuted or found out. Doesn’t make me use pirated software myself. I hate M$ and most comercial crapware as much as the next guy, but if they chose to distribute it on those terms, I prefer to stay away.
Please note that I’m not a GPL hater, I contribute to Zwiki, which is GPL licensed, without any hesitation about the license. For my own stuff though I prefer BSD (actually ZPL) licenses, just like Liza wrote, “Permissive licensing lets me get on with my life.” If someone decides to use my stuff and sell it as a comercial product, I hope they will have a hard time to compete against my free version.
And of course, as the author of the software you could always choose not to make it copyrighted, but to release it in the public domain…
Ids: That is true for the US and probably many other states but for example in Germany that is not possible. Germany laws don’t allow you do send things of to the public domain (as in kinda letting go your author’s rights). You will always keep the rights as the author. Of course you can decide not to enforce any restrictions and whatnot, ut you cannot just give your stuff to the public legally. It’s just a tiny legal detail but the tiny legal details are what often makes things difficult when looking at licenses.
The GPL has served as a wonderful tool due mainly to the fact that it was born in a time when the FLOSS community was both A) more idealistic and B) active mostly in building the foundations of todays Open Source software (Most notably GNU/Linux, GCC and the libraries we’ve all been using ever since). The viral nature of the GPL was the principle disciplinarian in keeping free software free and has resulted in a wonderful and diverse toolset and foundation without which our community would be much the poorer today.
Having said that; the world needs a new antivirus.
The GPL was born of an idealism and zeal of a brand that few other than Stallman still hold. FLOSS has evolved into a rich, varied and diverse world where community development and commercial interests have proven to coexist peacefully and with a good degree of cross-pollination. For every Microsoft or SCO there’s a Sun, an IBM or a Redhat; large (often monolithic) corporations that are passed the proving stage in their dedication to Open Source (even if for their own financial interests). The GPL now serves more as a hindrance to greater adoption of Open Source due to (rightfully) GPL-allergic developers and to some degree enterprises. I was of the strong opinion that GPLv3 should have forked in two directions, one more restrictive and one more permissive but that proved to be beyond the FSF’s self-imposed mandate. Fair enough.
Nowadays I’m in favor of the Apache license because it causes a very different kind of virality. Rather than the license going viral it is actually the code that does so because developers can feel free to reuse it for almost any use while I get to retain the ownership. Seems win/win to me but others may disagree and go the X/BSD/MIT/Mozilla route and still get many of the same benefits.
I am one of those who never really reads the license. Not so far ago I started writing stuff and eventually releasing bits of it, and all of sudden I needed (?) to apply some license to it. Since I am a fanatical linux user, I went with GPL. For no other reason. But then, it’s mostly hobby stuff, and I’m happy enough if someone out there finds it useful. After reading this, I might reconsider releasing my stuff under GPL and might take it over to the BSD end. Power (and code) to the people.
A few weeks ago, I stumbled across this from the Software Freedom Law center : A Legal Issues Primer for Open Source and Free Software Projects.
I kinda like the spirit of the GPL (including its viral nature – it has a definite purpose), and I applied it to my first few hobby projects. But it’s just too long and scary. People don’t even read the average EULA, let alone 11 pages (in the case of GPL v2). Besides, my recent projects have been very small, and I think it’s ridiculous to have a license text longer than the actual source code.
What to use, then? Well, at 20 lines, the MIT license has much better chances to actually get read and understood by people, and can be easily included in full at the top of every source file. The BSD license has similar qualities – it’s a matter of taste as far as I can tell – and for one project I even adopted the [Mu license](http://c2.com/cgi/wiki?MuLicense):
> If you are asking what license this software is released under, you are asking the wrong question.
which, I think, makes for a great moral statement, though it’s probably worthless as legal protection. Or precisely because of that?
All in all, I’m for a laid back attitude regarding “intellectual property”.
GPL is fine for python programs, the restrictions are pretty much non-existent for a a couple of reasons. 1. Python applications and libraries are generally source code anyways. 2. Code is evaluated at runtime vs. compiled into a binary.
Making your source available is the norm in python world, and you can freely mix licenses due to the fact that the files are kept separate.
However for C/C++ programs the situation is quite different. If you include headers of any GPL’ed libraries, the preprocessor effectively writes gpl’ed code into the top of your source code. Therefore, you have to license your code as GPL, which is why LGPL exists. My big problem with this is simply, I want to have the choice of my own license with an app and have a big issue with being forced to use someone elses license.
You mentioned that the GPL may become irrelevant because of software-as-a-service. Be sure to check out the Affero GPL (AGPL), a copyleft license specifically designed to address that issue.
betabug: I’m not saying you should just ignore the GPL’s requirements. But in the same way, people shouldn’t be so afraid of the GPL. It’s not going to sneak into your code and steal all your secrets.
As an example, someone expressed concern that maybe a build tool I was working on might be GPL, and then they wouldn’t want to use it. This wasn’t based on any rational reason, as there’s nothing particularly proprietary about how people use build tools. And build tools should be open source simply out of respect to the people deploying the software, who might need to debug your code.
If you build a proprietary application with a GPL’d tool, that doesn’t extend the GPL to your application, and no one is trying to assert that kind of control over other people’s code. At least no open source developers — this does come up from time to time in proprietary development, but as I said, if you are looking for someone to distrust it’s the proprietary environments that deserve it.
Another unfounded fear is that a little GPL code will have a viral effect on a proprietary codebase. This fear is also unfounded. If you accidentally include some GPL code in some section of your application you’ll have the opportunity to just remove it, reimplement it, no one is going to relicense your code without your permission because of that. I say this not as a lawyer, but because this is what happens in practice. There simply aren’t cases of the GPL being viral like this, except when GPL code forms a substantial portion of the codebase in question. In all cases GPL licensing issues have been resolved through negotiation, not through court cases.
People make a hard line about the GPL that is totally unjustified, and that’s what bothers me. Mostly I think it’s either based on ignorance or it’s part of a hidden ideological agenda. Or it’s stupid legal departments that want to assert their importance by being obstructionist. Well, that and a tendency of programmers to make specious logical arguments about the law, because programmers tend to think that the law is based on logic instead of reason.
Ian#6: Webkit can be considered an LGPL success story.
At first the only communication from Apple after they forked KHTML was in the form of tarball dumps. This was mostly ignored for a while, then (sometime around Acid2) the bad blood got aired in the KDE community and gained a bit of [blog publicity](http://www.kdedevelopers.org/node/1049).
After some discussion Apple was sort of willing to open up its bug tracker, then they took the plunge and today’s webkit seems an [open](http://www.atoker.com/blog/2008/02/26/developing-hybrid-web-gtk-applications/) and [healthy](http://blogs.gnome.org/epiphany/2008/04/01/the-future-of-epiphany/) project.
While the LGPL wasn’t enough to get this result, it certainly wouldn’t have happened without it, either.
Another issue for choosing a license may be the one of “how can I build a business on my self written applications?” For some of my projects I have chosen to go with “Dual Licensing”. That means that I use GPL for a public version and a proprietary license I sell for commercial users. In this case I have the feeling that the GPL protects the code to not be stolen by another person who tries to use my intellectual property for a very similar commercial projects. But on the other hand I have the feeling that with the GPL it is possible for other people to start a new free project if they like to and that is alright for me.
How do you think about these things? Sorry for the indiscreet question, but Ian how do you finance the work on your wonderful software projects?
Par: I think it’s important to think about what a realistic outcome will be. If you want to build a business you should think about what kind of business you are building. If it’s providing a desktop application, then I don’t know… but that’s not a very common business to go into these days. If it’s providing a web-based application, then a lot of the value you provide will be in terms of hosting, the reliability of your service, customer service, etc. Especially if you are providing a niche service, will the code itself be of much value to your customers? You probably don’t have to worry about another person like yourself coming along and using your code to take your business. I haven’t really seen that happen. The primary competition you’ll have is from your customer’s IT people. The GPL doesn’t really matter in that situation.
If you are thinking about providing consulting, then the primary way to build your business with software is to get the software popular. If the software is popular and respected, you might be able to get consulting gigs to extend it, or more likely it will be a way of building business associations and justifying a higher rate. You can also basically charge for “solutions”, where you charge based on the value of the work to the customer, not on the amount of work you put in. This is kind of what licensing fees are meant to do, but the customer probably doesn’t care about that. So long as you are charging a competitive rate and providing good value, the justification for your rate is less important. Consulting companies around Plone tend to work like this. It’s up to you to invest in your own infrastructure — and it’s an investment, as it’ll be a resource sink to start, and might pay off later if your software infrastructure really does help you do development.
There’s a small number of companies that make monkey with extensible GPL software where they sell a proprietary-compatible license. It never seems to work all that well, and for many domains I don’t see how it would work at all.
So… those are my general thoughts. I don’t think licensing factors in that much.
As to how I do it, I have the fortune to work for a non-profit, [The Open Planning Project](http://topp.openplans.org), who has as part of its mission the production of open source software. Before that I did most of my work basically as a hobbyist, without any particular mind to making it profitable.
You didn’t mention the Affero GPL, now an FSF license released shortly after GPLv3, which deals with the “Software As A Service” issue. I hope you’ll consider it and blog your thoughts :-)
A must read if considering GPL or LGPL
“There are many different reasons for contributing to open-source software, and these reasons should be respected to the largest extend possible.” -From Article linked below
[Link](http://www.oreillynet.com/pub/a/policy/2001/12/12/transition.html?page=1)
You mentioned that the GPL may become irrelevant because of software-as-a-service. Be sure to check out the Affero GPL (AGPL), a copyleft license specifically designed to address that issue.
I think the Ogre 3D Rending Engine is a LGPL success story. Many people contribute back, and no one is screwing the author in the engines usage.