Watch the replay of our CI/CD Express Conference 2023 →

    19 Oct 2023 · Culture

    Understanding Open Source Licensing

    16 min read
    Contents

    Open source licensing is a key aspect of software development that is often overlooked. It is the legal framework that governs how open-source software can be used, modified, and distributed. Understanding open-source licenses is essential for anyone involved in creating, using, or managing open source software. In this article, we’ll be discuss all you need to understand open source licensing.

    For Developers

    1. Legal Protection: Understanding the license of an open-source project can protect developers from potential legal issues. For instance, some licenses require that modifications must also be open source. If a developer is unaware of this and makes their modification proprietary, they could face legal consequences.
    2. Collaboration and Contribution: If a developer wants to contribute to an open-source project, they need to understand the project’s license. The license can dictate how their contributions will be used and distributed.
    3. Career Development: Knowledge of open-source licenses is a valuable skill in the tech industry. Many companies use open-source software, and being able to navigate the legal landscape can make a developer more attractive to potential employers.

    For Businesses

    1. Risk Management: Businesses that use open-source software must comply with the terms of its license to avoid legal risks. This could include obligations to disclose source code or include specific notices in their products. Understanding these requirements is crucial for risk management.
    2. Cost Efficiency: Open-source software is often free to use, making it a cost-effective solution. However, the ‘cost’ of open source isn’t always zero. Some licenses may require businesses to contribute back to the community, which could involve costs in terms of time and resources.
    3. Strategic Decision Making: Understanding open source licenses can inform a business’s strategic decisions. For example, a business might choose to use software with a permissive license if they want to keep their modifications proprietary.
    4. Reputation Management: Businesses that fail to comply with open-source licenses can face reputational damage. The open-source community values transparency and collaboration, and businesses that violate these principles can face backlash.

    Open Source License Basics

    In the context of open-source software, a license is a legal agreement that specifies how the software can be used, modified, and distributed. There are two main types of open-source licenses: permissive and copyleft.

    • Permissive licenses: Permissive licenses, as the name suggests, are less restrictive and allow the software to be used in any manner, including in proprietary software. Examples include the MIT and Apache licenses.
    • Copyleft licenses: Copyleft licenses require that any modifications or derivative works also be distributed under the same license. The GNU General Public License (GPL) is a well-known example of a copyleft license.

    There are many open-source licenses, each with its own set of rules and restrictions. Some of the most popular ones include the MIT License, GNU GPL, and Apache License.

    MIT License

    The MIT License is one of the most permissive and allows for almost unrestricted use, including for commercial purposes. It is a very flexible license that doesn’t restrict what you can do with the code. There is no copyleft included, so you can include code licensed under the MIT license in your proprietary software and not redistribute any of your changes. This makes projects licensed under the MIT license a treasure trove for a lot of companies. You get free work that will probably be maintained by someone else that you can include in your proprietary project and not redistribute any of your changes, provided of course that you do include a copy of the MIT license in your project.

    GNU General Public License (GPL)

    The GPL is a copyleft license that requires any derivative works to also be licensed under the GPL. This ensures that modifications to the software remain open and accessible. The GPL and all its versions and variants represented [about 21% of all FOSS licenses] used in 2021. The GPL version 3, compared to version 2, is more comprehensive and more in line with how modern code is written and distributed. It adds three main clauses: a compatibility clause that makes it easier to mix different licenses on the same project, a digital rights management clause that was made to prevent the use of GPL software in products that would infringe on users’ privacy, and a patent clause that ensures that every user of patented code is protected in the same way. The GPL is a copyleft license that requires any derivative works to also be licensed under the GPL. This ensures that modifications to the software remain open and accessible. The GPL and all its versions and variants represented about 21% of all FOSS licenses used in 2021. The GPL version 3, compared to version 2, is more comprehensive and more in line with how modern code is written and distributed. It adds three main clauses:

    1. A compatibility clause that makes it easier to mix different licenses on the same project.
    2. A digital rights management clause that was made to prevent the use of GPL software in products that would infringe on users’ privacy.
    3. A patent clause that ensures that every user of patented code is protected in the same way.

    Apache License

    The Apache License is a permissive license that also includes a patent license from the contributors of the software. This provides additional legal protection for users of the software. The Apache License grants you all the freedoms of downloading, using, modifying, distributing, and selling software using the license, whether it’s for personal, internal, or commercial use. These rights include copyrights and patents, so anyone who contributed to the project grants everyone else a right to all patents they might have on that specific code.

    Apache License & Patents

    Let’s dive deeper into patents here and see the connection between the Apache licence and it’s patents.

    A patent is a legal document granted by a government agency, that gives the holder exclusive rights to an invention, product, or process for a set period of time. This means that anyone who wants to use the invention must get permission from the patent holder and may have to pay a fee.

    Here are some key points about patents:

    1. Subject Matter: Patents can be granted for any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof. This includes things like new technologies, machines, certain types of software, and chemical compounds.
    2. Requirements: For an invention to be patentable, it must be:
      • Novel: The invention must be new and not known by others before the inventor claims it.
      • Non-obvious: The invention must not be an obvious improvement or combination of existing technologies or knowledge.
      • Useful: The invention must have a practical utility or function.
    3. Application Process: To obtain a patent, one must submit a patent application to the relevant patent office. This application includes a detailed description of the invention (called the “specification”) and claims that define the scope of the invention’s protection.
    4. Examination: Once submitted, the patent application is reviewed by a patent examiner. The examiner checks if the invention meets all the requirements for patentability. If the application is approved, a patent is granted.
    5. Enforcement: Holding a patent doesn’t automatically prevent others from using or selling the invention. Instead, it gives the patentee the right to take legal action against those who infringe on the patent. If someone uses the patented invention without permission, the patentee can sue for damages.
    6. Expiration: Patents are not permanent. They typically last for 20 years from the filing date. After this period, the patented invention enters the public domain, and anyone can use, make, or sell it without infringing on the patent.
    7. Territorial Nature: Patents are territorial, meaning they only offer protection in the country or region where they are granted. If an inventor wants protection in multiple countries, they must apply for patents in each of those countries.

    The Apache License 2.0 includes specific provisions related to patents. These provisions are designed to prevent patent litigation and ensure that contributions do not come with hidden patent risks for users of the software.

    1. Patent Grant: When a contributor provides code to a project under the Apache License 2.0, they grant a patent license to anyone who receives the code. This patent license allows recipients to “make, have made, use, offer to sell, sell, import, and otherwise transfer the Work.” In simpler terms, if a contributor has a patent on a feature or method they contribute, they grant a license to everyone to use that patented feature or method.
    2. Defensive Termination: The Apache License 2.0 includes a protective measure known as a “defensive termination” clause. This clause states that if a licensee (someone using the software) initiates a patent infringement lawsuit against a contributor over their contribution to the project, then the patent license granted to that licensee for the contributed work is terminated. This clause acts as a deterrent against patent lawsuits; if you sue for patent infringement, you lose the right to use the patented technology in the software.
    3. Protection for Users: The combination of the patent grant and the defensive termination clause ensures that users of Apache-licensed software can use, modify, and distribute the software without fear of being sued for patent infringement by contributors to the software.
    4. Contributions: Unless explicitly stated otherwise, any contributions made by a licensee to a licensor will be under the terms of the Apache License without any additional terms and conditions. However, this doesn’t prevent separate agreements between the contributor and the project regarding the contributions, which might include specific patent-related terms.

    BSD License

    The BSD license is a low restriction type of license. It was created by the Berkeley Source Distribution project, known as BSD, originally in 1969. There are multiple variants, but most grant the same freedoms to download, use, modify, redistribute the software as long as the copyright notice and the license are included. The BSD license doesn’t force any modification to be distributed under the terms of the BSD license. While both the MIT and BSD licenses are permissive free software licenses, which means they allow software to be freely used, modified, and distributed, there are some differences between the two:

    1. Number of Clauses:
    • MIT License: Typically consists of a single clause that outlines the rights granted to users, along with a warranty disclaimer.
    • BSD License: Comes in several versions, with the most popular being the 2-Clause, 3-Clause, and 4-Clause licenses. Each version has a different number of conditions that users must adhere to.
    1. Advertising Clause:
    • MIT License: Does not have an advertising clause.
    • BSD 4-Clause License: Contains an advertising clause that requires all advertising materials mentioning features or use of the software to display an acknowledgment. This clause was seen as problematic, especially for large-scale software distribution, and led to the creation of the 3-Clause BSD License, which omits this requirement.
    1. Endorsement Clause:
    • MIT License: Does not have a specific non-endorsement clause.
    • BSD 3-Clause License: Contains a clause that prohibits the use of the names of the license’s authors or contributors to endorse or promote products derived from the software without specific prior written permission.
    1. Wording and Explicitness:
    • MIT License: The MIT License is more concise and does not explicitly mention the conditions in as much detail as the BSD licenses. Some argue that the MIT License implicitly grants rights that the BSD licenses grant explicitly.
    • BSD License: The BSD licenses, especially the 2-Clause and 3-Clause versions, explicitly state the conditions for redistribution in binary and source forms.
    1. Patent Rights:
    • MIT License: While the MIT License does not explicitly mention patent rights, the broad rights granted (“use, copy, modify, merge, publish, distribute, sublicense, and/or sell”) are generally interpreted to include an implicit patent grant.
    • BSD License: Like the MIT License, the BSD licenses do not explicitly mention patent rights, but the rights granted are interpreted to include an implicit patent grant.

    Creative Commons Licenses

    While not typically used for software, Creative Commons licenses are often used for other types of open content, such as documentation and artwork. They offer a range of options from very permissive to more restrictive. The Creative Commons lets people use your copyrighted work without having to contact you to know if and how they can make use of what you created. There are six types of that license which define what you can do and how you can use the work. They are:

    1. Attribution (BY): This license lets others distribute, remix, adapt, and build upon your work, even commercially, as long as they credit you for the original creation. It is the most accommodating of licenses offered.
    2. Attribution-ShareAlike (BY-SA): This license lets others remix, adapt, and build upon your work even for commercial purposes, as long as they credit you and license their new creations under the identical terms. This license is often compared to “copyleft” free and open-source software licenses.
    3. Attribution-NoDerivatives (BY-ND): This license allows for redistribution, commercial and non-commercial, as long as it is passed along unchanged and in whole, with credit to you.
    4. Attribution-NonCommercial (BY-NC): This license lets others remix, adapt, and build upon your work non-commercially, and although their new works must also acknowledge you and be non-commercial, they don’t have to license their derivative works on the same terms.
    5. Attribution-NonCommercial-ShareAlike (BY-NC-SA): This license lets others remix, adapt, and build upon your work non-commercially, as long as they credit you and license their new creations under the identical terms.
    6. Attribution-NonCommercial-NoDerivatives (BY-NC-ND): This is the most restrictive of the six main licenses, only allowing others to download your works and share them with others as long as they credit you, but they can’t change them in any way or use them commercially.

    Choosing an Open Source License

    When selecting an open source license for a project, there are several factors to consider. These include the goals for the project, the intended audience, and any legal requirements or restrictions. It’s also important to consider the implications of the license on the project’s community and contributors. Selecting an open-source license for a project is a crucial decision that can impact the project’s future development, use, and community. Here are some factors to consider:

    1. Project Goals: What do you want others to be able to do with your project? If you want to encourage commercial use and wide distribution, a permissive license like the MIT or Apache license might be suitable. If you want to ensure that derivative works are also open source, a copyleft license like the GPL would be a better choice.
    2. Community: Consider the norms and expectations of your project’s community. Some communities have standard licenses that they prefer, and using a different license could discourage participation.
    3. Compatibility: If your project is intended to be used with other open-source projects, you’ll need to choose a license that is compatible with those projects’ licenses. For example, if you want your project to be used with GPL-licensed software, you’ll need to use a GPL-compatible license.
    4. Contributions: If you want to accept contributions from others, consider how your license choice will affect contributors. Some people may not be willing or able to contribute to projects with certain licenses.
    5. Legal Protection: Some licenses offer more legal protection than others. For example, the Apache license includes a grant of patent rights, which can protect you from patent lawsuits.
    6. Simplicity and Understandability: Some licenses are easier to understand than others. A simple, clear license can make it easier for others to use and contribute to your project.
    7. Corporate Use: If you want your project to be used by businesses, you might prefer a permissive license. Some businesses are wary of using copyleft-licensed software because of the obligations these licenses impose.

    Remember, it’s always a good idea to consult with a legal expert when choosing a license for your project. The right license for your project will depend on your specific goals and circumstances.

    License Compliance and Best Practices

    Using open source software responsibly involves adhering to the terms of the licenses. This includes providing appropriate attribution, distributing the source code for modifications, and respecting the rights of the original authors. It’s also important to regularly review and update the project’s licensing information to ensure it remains accurate and up-to-date. Compliance with open source licenses is crucial to avoid legal issues and maintain a good standing within the open source community. Here are some best practices for license compliance:

    1. Understand the License: Before using, modifying, or distributing open source software, make sure you understand the terms of its license. This might involve consulting with a legal expert. Remember that different licenses have different requirements and restrictions.
    2. Provide Attribution: Most open source licenses require you to give credit to the original authors. This usually involves including a copy of the license and a notice of copyright. Make sure to follow the specific attribution requirements of the license.
    3. Distribute Source Code: If the license is a copyleft license, like the GPL, you are required to distribute the source code of the software, including any modifications you make. This allows others to benefit from your changes.
    4. Respect Trademarks: Using open source software does not necessarily give you the right to use the trademarks of the project or its contributors. Be careful not to infringe on these trademarks in your use or promotion of the software.
    5. Regularly Review Compliance: Compliance isn’t a one-time task. As your project evolves and you incorporate new open source software, you should regularly review your compliance with all applicable licenses.
    6. Use Compliance Tools: There are tools available that can help you manage your open source license compliance. These tools can automatically detect the licenses of the software you’re using and alert you to potential compliance issues. Some examples are:
    • FOSSA: FOSSA is an open-source license compliance and security management tool. It helps organizations identify and manage open-source licenses in their codebase, ensuring compliance with legal requirements. FOSSA also provides vulnerability scanning, offering insights into potential security risks associated with open-source dependencies.
    • SPDX: SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance
    1. Establish Open Source Policies: If you’re a business, it’s a good idea to establish clear policies for the use of open source software. This can include training for employees, procedures for approving the use of new software, and regular audits of your open source use.

    Conclusion

    Open-source licensing is a complex but essential part of software development. By understanding the different types of licenses and their implications, developers and businesses can make informed decisions about using and contributing to open-source software. Whether you’re a developer, a business owner, or just a user, understanding open source licenses is an important part of being a responsible member of the open source community, and I hope this article was able to bring more light about open source licenses.

    One thought on “Understanding Open Source Licensing

    1. There are many different types of open source licenses, each with its own unique terms and conditions. It is important to choose a license that is right for your project and that meets the needs of your contributors.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    mm
    Writen by:
    Uma is a software developer who is familiar with a variety of different web technologies and frameworks. He is also keen on finding ways to explain things as simply as possible.
    mm
    Reviewed by:
    I picked up most of my skills during the years I worked at IBM. Was a DBA, developer, and cloud engineer for a time. After that, I went into freelancing, where I found the passion for writing. Now, I'm a full-time writer at Semaphore.