> I default to using the MIT license as it is simple and permissive
What's good about being "permissive"?
I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?
AGPLv3 still allows forking, still allows making profit (if your business model is sane). But it is at least backed by some prominent figures and organizations, and there are precedents where companies were forced to comply.
I’ve released some utility libraries under permissive libraries. I like it when they get used. Even when it’s part of a large company’s closed-source app. Many people don’t like that, and that’s perfectly fine, that’s why there are different choices available.
What I’ll never understand is people who release their project with a permissive license and then get upset when a big company distributes their own version of the project in accordance with the license. If you don’t want that sort of appropriation then you need to pick a license that doesn’t allow it.
So if they had left that line in, everything would be cool?
To me, licenses like MIT or BSD pretty much imply "do whatever you want with this" I know it's not exactly that but if you really care to keep some control over what others do with the code, you need a more restrictive license (and even then people are still going to copy it, especially in the LLM era).
You can "do whatever you want with this code", but there's a catch: you have to give credit to the original author. You might not care about the credit, but lots of people care.
You can't just cherrypick the things you like about a license. All of the conditions of the license apply.
You're thinking about what people can do with the code, like copying, editing, and distributing. This is not it. We're talking about giving credit to the original author, as per the license.
> So if they had left that line in, everything would be cool?
It certainly would be better.
Forks tend not to have -perfect- relationships and tend to cause a bit of mutual annoyance. But attribution is important-- it's the most basic step.
When this maintainer is asked how the projects are related, it'd sure be nice if both projects are telling the same story, instead of one illegally lying about it.
Well, it’s the difference between plagiarism and attribution. If your goal isn’t money but a bare minimum recognition for what was your work vs someone else taking credit for it, yes it’s enough.
A lot of open source software operates on the same principles of academic research. Most academic research is considered freely available, and other researchers can generally use your work as they please, so long as they cite the original author.
In this context, not "citing the original author" in the copyright statement, labeling the repository as a "fork" on GitHub, clearly crediting the original author in a way that clearly describes the fact that a significant portion of their code is used in the new project isn't just a violation of the license, it's plagiarism.
Yes, it would be cool, and it's the usual way to do these things. You can license code under a more restrictive license, and clarify licensing by adding an extra section to the main license, adding the license to a subdirectory, or adding license headers to the individual files.
Whether the MIT license is the right one to choose is probably a different debate.
Microsoft credited the original author and project in the README, which is far more visible than a hidden copyright line somewhere in the terms and conditions. If attribution was what he wanted he should be really happy about he outcome, but clearly that's not what this is about. He is simply pissed that Microsoft used his project.
If they had been factual I the credit I'd agree. When it's actually a fork, why not just say so. "This project is a fork (or based off) Spegel. Thanks to the authors etc" Maybe with a rationale why they forked it. You know, just common decency...
Maybe not a fork, but the author writes "It looks as if large parts of the project were copied directly from Spegel without any mention of the original source".
If I owe you $100 by contract, I can't just pay you with 1 ton of steel slab delivered to your garage and argue that this is worth more and therefore you should write the debt off.
Ignoring that Microsoft isn't following the MIT licensing requirements, this is my same approach with using the MIT license. I create open source software for the benefit of everyone, for profit or not for profit. The only thing I do wish in return is acknowledgement. That's why in this case, I'd reach out to Microsoft to fix that issue, and nothing more.
> I create open source software for the benefit of everyone, for profit or not for profit.
I have the same reasoning as to why I pick the AGPLv3 license as the default for my new projects. I want any benefits from my code to continue to benefit everyone, even if someone is profiting off of it.
The person I was responding to began with "Ignoring that Microsoft isn't following the MIT licensing requirements", and it is clear in his comment that he's not referring to the OP's issue, but the issue in general.
In other words, he's saying that even if it had been some other license, he wants attribution.
That's silly. If you want attribution, say it up front (which could simply mean picking the MIT license).
Because the “payment” that you get for its permissive use is the attribution (which can be personal gratification or it can professionally boost your profile/opportunities). MSFT robbed them of that.
Yeah, as far as I can gather the only thing MS did wrong here is not explicitly crediting the project they forked the code from, and I don't get the impression the author would find adding that one sentence to the docs to be adequate redress. I don't get why you would take personal offense at a big company forking your code so they can mold it to their purposes - the license allows that. Now whether that's the right way for a "friend of the OSS community" to behave is a different question entirely, but anyone who ever bought that horseshit from them has had their head in the sand.
I released a fun personal project under GPLv3 and the first filed issue was someone saying I should change the license to something friendlier to business interests.
Hell no. If they want to profit off my work, pay me. This is something I'm doing for fun, on my own terms. It’s Free for anyone to use as they want, so long as they keep it Free, too.
Less permissive copyleft licenses like GPL and AGPL go a long way toward preventing that. It’s important to choose them over weaker licenses if you don't want companies using your work without giving back. If you do that, you don't have to do other unusual things to protect your users’ rights.
In the context of this thread (where the commenter is suggesting the author release a binary with a different license), your comment is meaningless.
The author of the GPL code can release binary-only blobs released under something other than the GPL. Suggesting that the copyright holder cannot relicense their code how they want is absurd.
Saying the "GPL does not allow binary blobs" implies that the author is not allowed to release binary blogs, which is not true in the slightest.
Assuming that win.com is able to be stand alone and doesn't require win.bat, then yes, Bill can license both of these components separately, one under the GPL and another proprietary.
The Free Software Foundation (FSF) describes this copyleft aspect of the GPL in terms of "derivative works" associated with GPL-licensed software. When two components are related to each other in a derivative way, then the GPL says that the derivative must likewise be licensed accordingly.
So in this example, does win.bat simply execute commands to get win.com started? Is win.bat a glorified shell script wrapper? If so, then win.com would NOT be derived from win.bat. The cart follows the horse. But instead, if win.bat exposed some symbols or other binary API features that win.com was coupled to and depended on, then you could rightly argue that the win.com would be a derivative of win.bat.
More practical of an example, if a database is licensed under the GPL, clients that connect to the database using the socket interface do not constitute a derived work. Or components in a micro-service architecture do not necessarily need be licensed all under the GPL when a single component is.
Pluggable architectures are possible with the GPL. And of course, your interpretation of what exactly that means is subjective and requires case law to help understand.
[edit]
And to reinforce what the parent of yours is saying, the author in the original example can do whatever they want with the software, since they own the copyright for both the GPL and proprietary components.
The GPL is simply a license for non-copyright holders. It allows others to be able to use a piece of proprietary software without having to establish any additional authority with the owner. e.g. it's the means to convey how others can use the software and does not constrain the owners/authors of the software. Other licensing options may be available, if the copyright holder allows.
That's incorrect. As the original author of the work, you can release the project under whatever license you choose. Doing so may make it impossible for someone else to meaningfully comply with it, but that's their problem, not yours. It doesn't stop you from choosing the GPL, even if it's a bizarre option for that particular project.
You are perfectly fine to include your own binary blobs with your own GPL licensed source, you are not violating the gpl as the binary blobs was never under GPL.
It's bizarre to me how, despite people criticizing the GPL and GNU as too ideological, the people you refer to - the permissive people - somehow seem even MORE ideological. The GPL to me seems pragmatic - sure technically a minimal license like WTFPL (ignore all its legal issues for now) is some kind of minimalist idea of pure objective freedom. But the GPL has some key "restrictions" that aren't really restrictions and produce an ecosystem that WORKS. Meanwhile the permissive ecosystem is just waiting to be scooped up by bigcos at their whim.
well, it's worth noting that since microsoft is also releasing the source code, the same thing could have happened with GPL. Though I suspect the author would be even less happy if they had done all the same stuff (minus removing the copyright notice, even) and then not released the source, so that's not me arguing against the GPL
I also think in practice microsoft would have been less likely to actually take the code, and probably would just have reimplemented the ideas in it if it was GPL
Just wanted to highlight your last point so that it's clear. Microsoft reimplementing the authors project was exactly what they wanted! To see a different implementation. A different "take".
Have to agree with this. There's an endless list of open source maintainers who publish an MIT-licensed project then are surprised when it is treated as an MIT-licensed project. If you want rights, assert them. No one else is looking out for you. Especially not Microsoft.
In this case, there's an open source maintainer who was fine with a MIT license, and even helping onboard people from a big tech firm, only to realize that even attribution was too much to ask.
Since the terms of the license were violated, there's not much to learn about which license was chosen. The only lesson to learn is that big tech will steal everything that isn't nailed to the ground, and then some.
(A)GPLv3 does not prevent their projects from being used.
That's the point!
GPL family of licenses would've made a difference in this aspect for libraries (because afair if you link to GPL code, you must be GPL). But for an app? You can use it, fork it, modify it...
Just make sure you make your changes available under the same license. Seems very fair to me.
> (A)GPLv3 does not prevent their projects from being used.
In practice, it does in many cases. Many companies have a blanket policy of avoiding these licences. But I agree that they make more sense for apps than libraries.
Not in their products. Internal use is fine, but where it gets dicey from a legal point of view is when you distribute GPLv3 binaries as an integrated part of your product.
Linux in Android is GPLv2 not GPLv3. The v2-v3 difference is a big deal to some.
Linux developers made an intentional decision to stick with GPLv2 and to remove the "or later version" option, so you can't include it into GPLv3 projects as you can with most other GPLv2 software.
GPLv3 avoidance is why Apple ships ancient versions of Rsync, Bash and Make on its current OSes instead of the current versions, and replaced Samba with its own inferior SMB service.
This is a huge difference. The GPL and its flavor are explicitly not about use. They place zero restrictions on use. Unlike, say, just about all proprietary software.
It only governs distribution and especially prevents distributors from locking their users in, and from placing restrictions on their users' use of the software.
Depends on your definition of "user"/"use" and "distribution" really.
If the service provider is the "user," and performing actions with it on behalf of the ultimate user is "use," and not "distribution," then you are technically correct. It restricts the service provider from forcing their customers to be dependent on the them and/or restricting the end users' use of the service, like the GPL does for proprietary software the user runs on their machine.
I personally disagree that running something on behalf of a user makes you the end user, but there's always the GPL if you think that.
From my past experience, it goes something like this.
If software is GPLv2, it's penalized relative to more permissive options when it comes to picking one. In practice it means that it's avoided unless it's "too big to avoid", or because the very nature of what you're doing requires it - this is the case for e.g. Linux and R.
If software is GPLv3, it's considered radioactive and is avoided at all costs, even if it means rewriting large amounts of code from scratch.
Notably, macOS ships mainly BSD-derived userland utils and for the rare GNU software, it's GPLv2 stuff (hence zsh as the default shell, while shipping bash 3.whatever for compatibility).
And guess what application developers install immediately after getting their MacBooks?
The GPL licensed git.
If I'm forced to use MacOS, I'm fine installing git, GNU make or whatever I want for myself. But I don't see any downsides in Apple being unable to distribute those applications together with their OS.
> And guess what application developers install immediately after getting their MacBooks? The GPL licensed git.
Why would they do that? I didn't, because macOS ships with version 2.39.5 as /usr/bin/git. You're free to upgrade to a newer version, of course, but the included one is recent enough for most uses.
Does macOS include git? Oh. My bad. I concluded from the previous comment that Apple doesn't ship bash because it's GPL and hence doesn't ship anything GPL.
And my point was: this is fine. Even if it was true.
But as this is not the case, I see even fewer arguments against GPL licenses.
Apple shies away from GPLv3 code. They ship a ton of GPLv2 code, though. And as you mentioned, even if they didn't, it just takes a moment to install Homebrew and get whatever else you want. Apple doesn't stop me from installing a new Emacs.
Sure, Apple won't stop you. But the defaults matter. If you're writing a shell script and you want it to run on MacOS, you need to target the ancient version it's actually shipping, or you have to tell your whole team to install a later version. If your servers are running Linux then you'll be dealing with platform inconsistencies all day long. Ask me how I know.
This is even more damning because it means the maintainers want their MIT-licensed projects to be used by for-profit companies, but bellyache when certain big-tech companies fulfill the maintainer's vision.
GPLv3 with interpreted code is a legal nightmare you do not want. Compiled is manageable.
Then again I've seen companies publishing stuff on GitHub, when asked about the license; slapping GPLv3 on it but also forcing you to take a license with them for commercial use. Yea no, thanks. You just made a poison pill somehow even more lethal.
> (A)GPLv3 does not prevent their projects from being used.
It really does. It stops it being used by people who need or want to use other licences. I believe it stops it being used on iOS and (probably) Android apps. The GPL world and the permissive licence worlds are walled off from each other in significant ways for lots of reasons.
Source: I maintain an app where I didn't choose and can't change the licence. And I come across code I can't touch almost every week.
> I believe it stops it being used on iOS and (probably) Android apps. The GPL world and the permissive licence worlds are walled off from each other in significant ways for lots of reasons.
I fully agree that (A)GPLv3 code effectively stops code from being used by many large companies (every place I’ve worked in the last decade has a near blanket policy on refusing to use code licensed that way except in very specific and exigent circumstances), but it isn’t necessarily true that app developers can’t use (or can’t choose to license) (A)GPL code in their iOS apps, provided they abide by the terms of the license.
Most developers won’t — or can’t — but the advent of dynamic linking of libraries in iOS, as well as the EU-mandated third-party app stores (which aren’t available outside the EU, but still), make the situation a lot more grey from the black and white stands the FSF attempted to take in the early 2010s. And to my knowledge there have been no legal challenges about the use of GPL code in iOS apps, so the issue is essentially unsettled.
That said, in most of the cases where I have seen iOS apps use GPL code, the full app source was available (and that may or may not fulfill the redistribution requirements but I’m not a lawyer and I’m not going to cosplay as one).
On Android, where full Google Play alternatives like F-Droid are available, plenty of GPLv3 apps exist, even if they aren’t available on Google Play.
But yes, when it comes to incorporating GPL code into a non-GPL app, that is much more difficult in the realm of mobile than it is for other types of applications.
> but the advent of dynamic linking of libraries in iOS
I'm not sure you can dynamically link to GPL in this case (LGPL maybe )? And I recall that there's also issues around signed bundles used on the various stores.
But the fact that we're not sure and the fact that we're having this conversation rather proves my point. People who aren't fully in the GPL world usually have to steer clear of GPL code entirely. This goes double for hobbyists and small orgs who can't afford a legal team.
> even if they aren’t available on Google Play.
As much as it's regretful this is a huge issue for most people who want to make apps that other people can use.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version.
This is a "some companies might not want to have to litigate that". Whether or not there would be a problem is an open question. Legal likely advised not touching GPL version 3 out of an abundance of caution.
Eben Moglen speaking at the GPLv3 launch, January 16th 2006
...
We recognise that for parties who have extensive portfolios that are extensively cross-licensed, what we are saying here for the first time creates questions concerning their cross-licenses in relation to their distribution.
We recognise also that to say that you must "act to shield" is not explicit enough. We recognise that this is a very hard problem and though we have worked long at it we have no unique solution to offer you, even as a beginning for conversation.
...
I am not a lawyer, but what I understand from that is, if Apple authorizes use of bash under GPLv3, and then Apple decides it has a patent on something and bash is infringing on that patent, Apple can't go sue their customers for patent infringement because they are using bash. I'm 99% sure that's the intent of the clause. Lawyers are famously pessimistic and so I can see why they wouldn't want to test that, but seriously, what. are. the. chances.
Like seriously, maybe Oracle comes and sues Apple for patent infringement, and Apples only defense is to counter sue Oracle for using bash on their Macbooks?? They lost that defense when they stopped distributing bash, why not just distribute it under GPLv3 anyway?
As I understand it, it's more difficult than that... though I'm not a lawyer.
Let's say {some company} and Apple have a cross patent licensing for some set of patents.
Apple releases some softer under GPLv3. {Some company} sues someone else for a patent in bash. Since Apple licenses that patent and distributes bash, Apple is now obligated ("must act to shield") the distribution of bash that includes that patent.
If you distribute a covered work knowingly relying on a patent license, you must act to shield downstream users against the possible patent infringement claims from which your license protects you.
That wording of "knowingly relying on a patient license" and "must act to shield downstream users" are things that lawyers don't want to touch with a 10 foot pole. Would it mean that Apple would be required to defend the company that its patent partner is suing? Not a spot that lawyers want to be in. Furthermore, if you distribute GPLv3 software, it may mean that doing the cross patent licensing is more perilous... again, not a situation that lawyers or large companies want to be in.
There's Apple's bash distribution. If this was the GPLv3 version of bash and apple distributed a version that {some company} decided was infringing, and {some company} sued you - "I got it from Apple. Apple Legal, help me."
That's a helpful explanation, thank you. As a consumer of free software, that sounds great! I agree that it sounds pretty messy for big companies and all their patent deals. Sucks to be them, I guess
All the replies to this spreading anti-GPL FUD are doing Microsoft's work for them. The idea that the GPL is "viral" and will latch onto any code it gets near is an Orwellian turn of phrase invented by Microsoft from what, 30 years ago? And it has worked because people are scared of the GPL! It's gonna get you! Don't even get close to it!
Nevermind that Red Hat built a billion dollar business on top of GPL licensed code. Never mind the millions of embedded systems being sold with GPL code in them. Nevermind Google, Facebook, Netflix, etc., etc. all eating Microsoft's lunch a thousand times over using GPL code. Businesses better stay away! It's dangerous!
I won't use GPL libraries in my code. I'm quite confident I'm not the only one.
If there was no other choice, I may consider something LGPL or with the linking exception, but not until I had exhausted a search for something more permissive. To this day, I've never used GPL in any of my code, open source or closed. I've been writing code for 35 years daily.
Strange comment given the obvious differences in GPL vs. non-GPL regardless your personal opinion. GPL code means if I decide to distribute my project in the future, I will have to distribute my source code. That isn't a risk I'm willing to take. Some of my projects are open source, but I want to retain the option of doing what I want with my code, so I don't use GPL licensed code.
> I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
My JS canvas library is licensed using MIT. From my personal perspective, I wouldn't have any problem with some $MegaCorp coming along and forking it, and even claiming it as their own creation. But ... why? Because one of the main drivers for my development of the library over the past few years is to proof-of-concept the idea that 2D Canvas API based infographics and interactives can be made - with the help of a JS library - performant, responsive and (most importantly!) as accessible to every end user as reasonably possible. My ideal outcome would be to embarrass other JS canvas library maintainers into taking canvas responsiveness and accessibility seriously. If that needs a $MegaCorp to come along and fork the library to bring my dream closer to reality then I ain't gonna stand in their way!
Of course I'd still continue to develop my version of the library - it's become my passion and obsession and there's always improvements to be made, new ideas to be explored.
EEE assumes open source software is only going to be created if it is widely used. As soon as that isn't true, it is irrelevant.
It was effective against companies that relied on interoperability and profited when people used their software projects. On the other hand, if someone wants to add features that my project can't support, it changes nothing about my life or work.
When the goal is "make the best software possible", the $MegaCorp would only compete by making software that is better that what is available in the open source ecosystem. That doesn't take anything away from anyone else. It is a Pareto improvement: people can pay and have even better software, or not pay and use the still-good free option.
As @diggan wrote[0] elsewhere in the thread, the issue is not that MIT is permissive but that Microsoft did not honor the requirements of the license (despite it being permissive!):
> Does it matter what license you use if they actively ignore the terms in the license you did chose? MIT requires attribution, but they didn't. Why would any other terms be different? You surely could have put "You must license your project the same as the one you forked from" and they still would have ignored it, not sure what the difference would have been.
Even if this is the case I might not want my library or application to be copyleft. Or even if I do - I might not want everyone else in perpetuity who uses my code to have to use a copyleft licence.
This goes back to the fact that not everyone can choose to use a GPL licence and in a world of compromise and collaboration, that can be a blocker.
it is good if you do not plan to go for violators anyway
I made some photos and published them on Wikimedia Commons (say, of random bicycle infrastructure).
I am fine with people using them without attribution, I expect that their use overall furthers my goals rather than damages it and if I would release it on CC-BY-SA 4.0 or similar I would not go to court over missing attribution.
Therefore I selected CC0, no reason to make things more complicated only to people following license.
I selected AGPL/GPL for some software where I would be happy to burn pile of money in case of license violation, up to and including litigating it in court for 10 years.
I initially had the same reaction to the MIT license; but it sort of looks like the GPL (or AGPL) wouldn't have really prevented this behavior. Microsoft (it sounds like) is making the code available; they've just extended and renamed the project. They could have done exactly the same thing (fork, rename, release under the same license), with the same effects he's complaining about (free-loading the consulting time, confusing the community) if he'd made it AGPL.
I mean, consider an alternate timeline. It's clear MS had their own, strong vision for the project, that overlapped with but wasn't identical to his. Is it actually that much more considerate to show up with two dozen new developers suddenly flooding a single-maintainer project with pull requests, some of which completely restructure the code and re-orient it towards a new vision that the original maintainer might not want?
Either the maintainer is now doing loads of unpaid labor for MS, and is the bottleneck; or he ends up having to step back and let the new MS developers bulldoze the project and take it over anyway.
I think the better approach would have been to give the author a choice of what happens.
i.e. they could have emailed the author to ask:
1. "Would you rather us fork your project (new name), or would you rather donate your project to us under its original name, as well as give us the ability to rename it (which we will)"
2. "Would you like a $300 microsoft store gift card as thanks for writing some code we're planning to use?"
3. "Would you be open to providing a paid ($600 microsoft gift card) 1-hour consulting meeting to ramp our engineers up on your codebase? We won't actually listen since our engineers can in fact read, but we'll pay you"
4. "Also, just in case you don't know who microsoft is, we do have a careers page over here, and our team doesn't have headcount but other teams do <link>"
It sounds like microsoft didn't do any of that, which as you say is well within their right, but emailing to ask is polite.
My god, a gift card? What am I going to do, buy FoxPro and a month of Xbox Live? Honestly I'd prefer to get no email at all than that miserable offer. If the project is only worth a couple of hundred dollars to them they're probably better off not bothering.
I agree that Microsoft seems identify more with parasites, but they're no strangers to symbiotic relationships with viruses.
In fact they do distribute and contribute to lots of GPL software, including Linux. I can't be sure their involvement benefits anyone other than themselves, but theybdo at least participate.
One should choose a license that fits them. The problem with GPL licenses is they are viral and non-permissive. As a developer, as soon as I see the GPL I just click away to another repo no matter how good the lib is. I don't want people doing that to my projects, so I use Apache/MIT or whatever the permissive license that is most prominent for the language I'm using.
One could argue that GPL is very permissive. If you need to use it in a proprietary way in your own company for internal purposes, no problem; if you release software that others use, you have to release the code as well. I dont want to be using black boxes in this day and age.
As a user of code I feel it is more permissive to me to see the code. As a licenser of code I want what is best for me and for others as a user and future developer. Others are free to do anything as long as they dont remove the license and the modified code if they release a software.
If one wanted a different linguistic of pseudo philosophical spin, one could argue that a society would be more permissive than ours in a similar sense that MIT is more permissive than GNU, if it allowed free killing of random people for no reason. Nobody wants to live in such a society and it would not develop as fast as our society. I want to live in a society that permits collaboration, editing, and modification of software I use under the guarantee of the license.
> As a user of code I feel it is more permissive to me to see the code. As a licenser of code I want what is best for me and for others as a user and future developer.
That is a fair point. I admit I'm speaking purely from a selfish dev perspective. I am glad there are other licenses available, and that people are free to choose what fits them. I myself simply won't use GPL code, however, for the reasons I've specified.
Hi! Do you work for Microsoft? There is nothing "non-permissive" about the GPL. You can use the code however you want. "Viral" is a perjorative description that Microsoft pioneered the use of to describe the GPL. The GPL is not a virus that latches onto any code it gets near, without anyone's permission. You should not use that term.
> The GPL is not a virus that latches onto any code it gets near
Honestly, that is EXACTLY how I feel about it. If I use GPL code in my code then my code must also be GPL (if I distribute). The term seems to fit to me.
Viruses are things that latch onto other things without their permission. If you choose to build off of GPL code then yes, you must preserve the GPL license. There's an important difference.
It's actually the same as any other copyrighted code (and in the US, all code is automatically copyrighted and restricted). You cannot just take code and use it in your project. GPL code is nothing special.
It is very easy to accidently use a GPL library without knowing it, especially if it is a dependency of a dependency and you aren't using a license scanner.
It’s very easy to do all sorts of incorrect stuff if you totally ignore your responsibilities.
If you're not redistributing the GPL library, then it doesn't matter. If you are, then there are all sorts of other licenses which come with the same (or greater) headaches.
This is the reason why I am so confused by the strain of open source thought which says that large companies exploit OSS maintainers and ought to pay them.
Maintainers often pick permissive licenses specifically because they want companies to use the code. They want their project to grow and be adopted, and they reason that GPL would stifle adoption.
I don't really like the tactic of making your code as convenient as possible for anyone to grab off the shelf when they want to use it, and then later turning around and saying they should pay you. Why not do the payment part up front (by GPL-licensing the code and then selling dual licenses to interested companies)? Because then you wouldn't have any takers. Better to wait until people have integrated it into their systems before informing them that they ought to pay you.
The author didn't seem to request payment in monetary form but expected some kind of contributions back which would have helped both sides. It would probably be difficult to include some guarantees about upstream contributions into the license but interesting takeaway.
With GPL you don't have to actively work to upstream your patches, but in practice you can't withhold your patches from upstream. If you add a feature, they get to have it too.
Unlike permissively licensed software, where you can add proprietary features.
Depends how savvy your users are, and what your users lose if they do send your patches upstream. For example, GRSec or RedHat both drop you as a customer (so no security updates) if you republish their patches publicly. Or a paid iPhone app's users probably wouldn't know what source code is, let alone where/how/bother to republish it for the benefit of other users.
I don’t mind sharing my software with others, even folks who want to make a profit. Of course, that’s easy for me to say since I’ve only released a few small projects open source. But when I do, I make my projects fully public domain. I’m not interested in feeling any sense of obligation to those who try the software out, so I free them from any obligation to me as well.
That said, I fully support larger projects being GPL, which I think is a more reasonable license for projects that involve dozens or hundreds of contributors and are depended on by millions around the world. But the role of the MIT and Apache style licenses has always felt a little more confusing.
This makes no sense, you want to make sure software gets updated in the future, however small. Permissive licensing allows companies to hide improvements and this in the long term erodes the original. Individuals on the other hand are not bound by legal teams and can work with GPL and similar.
The idea behind permissive licensing like this is that you don't particularly care about "eroding the original": you don't see its ineffable status in relation to others' work as something that must forever be maintained.
I've also leaned toward CC0-style licensing for some of my smaller projects, that are shared for explanatory or artistic purposes. The reasoning is that GPL-style licenses give the code its own 'weight' as a unit, that keeps others from lifing good ideas from the code and incorporating them into their own projects as they wish, at any point in the next ~135 years. (The barriers aren't just the stereotypical "how dare they make me share my code!" but also the realities of license compatibility, having to make sure never to lose any version of the source, and so on.)
I agree with GP that this isn't necessarily the best idea for large projects that exist for their own sake and that companies might find great profit in copying. But it's not like all projects fit that description.
But they wouldn't be under any obligation to you. They would be under obligation to whoever they distribute their modifications of your code. That's it.
It's very simple, the reason people favor a more permissive license is generally the same reason they open source their code: You want other people to use your project.
Obviously, a more permissive license is going to let people do whatever they want with "your" code, as it doesn't really belong to you anymore. If you want tight control then it's a bad choice, but a more permissive license is almost always going to mean your project is more widely used, for better or worse.
I always choose permissive licenses for personal project, and I often avoid depending on other projects that aren't permissive. If I want to know that, if I need to, I can grab the code and change something. And I want others to be able to remix what I make as needed.
The more limitations added on a license, the less open it is.
> And I want others to be able to remix what I make as needed. The more limitations added on a license, the less open it is.
It's unintuitive, but permissive licenses are not the best way to acheive this. GPL's "limitations" are designed to maintain the right and abilty to remix code for the end user. So if say Microsoft forks your library and its fork becomes more popular, they can't make it proprietary after capturing the market and effectively stop people from remixing what you made.
> So if say Microsoft forks your library and its fork becomes more popular, they can't make it proprietary after capturing the market and effectively stop people from remixing what you made.
Neither can they stop people from such remixing if the project used a permissive license. The GP's project will still be there, still freely available for anyone to use however they see fit. Nobody is stopped from using it in any way.
The GPs project will become less relevant as the Microsoft fork becomes more popular, when it is fully irrelevant due to incompatible changes they can rugpull and everyone will have to pay them.
If it can't be used commercially, then that's not an open-source license. If you choose to license your work that way, that's your choice, but you're not making something open-source.
From the post to which I replied: "If you want to use it commercially, pay for it.". I am replying to them talking about a license that prevent commercial use.
Ah, my mistake. It's an interesting idea for a license. "Free for non-commercial use" is an idea often used in closed source software, but not open source. If a software license like this doesn't already exist, it should, so that software developers can easily choose it.
For me personally, because I believe in freedom and permissive licenses grant more freedom than others do. I don't really care for licenses which attach unnecessary strings to what recipients can and cannot do with the software.
I think attitudes on license reflects on the whole a generational attitudes towards corporate use because the younger generation of software nerds grew up in epoch-boom-times.
During ZIRP-boom-times, having a successful popular open source project could be a ticket to kudos and a high paying job and a certain level of responsibility and satisfaction. BigCos spread the money around, and your job as a SWE ended up being gluing together a bunch of these open source pieces to solve corporate problems. And on the whole people felt like their corporate jobs were giving a fair deal, and a decent dividend for the open source work they were doing.
In that context why would you pick a license that your generous employer couldn't use?
The GPL and the free software movement is borne out of an earlier era, GenX and younger boomers who lived through seeing their hard work exploited and stolen from them. Or corporate entities that cut budgets, laid people off en masse, exploded in stock market crisis, etc and suddenly the good will was lost.
I think we'll see a bit of a resurgence in the GPL, as some people try to protect the work they've done.
(I do thnk the personality of Stallman himself has become a bit of a problem to be associated with)
My conspiracy theory: Stallman's "rough edges" were deliberately highlighted and blown out of proportion to discredit GPL and his overall ideology.
On one hand we have a guy, who just pointed out that the age of consent is a culture-dependent concept. On the other we have a guy who literally visited Epstein's island to fuck minors (as defined by his country of residence).
One is now considered "a bit of a problem". The other is a beloved public figure.
> The GPL and the free software movement is borne out of an earlier era, GenX and younger boomers who lived through seeing their hard work exploited and stolen from them.
There may be something to that, but speaking as a GenX'er myself, I release most of my OSS code using the Apache License. I really don't care if anybody - from a single student in a 3rd world country, to a Fortune 50 megacorp - uses the code, so long as they abide by the license.
I'm not going to say there's NO circumstance where that might ever change. But to date, that's been my approach and I don't particularly see it ever changing.
While working for companies, many devs have had the frustrating experience of finding a library that perfectly solves their problem, only to discover that it’s GPL3 or similar and thus strictly off limits due to company policy. Especially if repeated a few times that’s enough to inspire use of permissive licenses, to help avoid that frustration for their future selves (should they change employers) as well as other fellow corporate devs.
If you can't use a library because it's GPLv3, then the company would need to invest some time and money into reimplementing the features they want. Guess who gets more paid work?
Depends on the constraints. You might not get to build that proper reimplementation and instead get stuck with quickly duct taping together a rough approximation that never gets the requisite time and resources to make it good, whereafter it becomes a persistent thorn in your side until you change jobs.
It means that more people and companies can use your software. Plenty of orgs will avoid GPL and especially AGPL software out of an abundance of caution or because they legitimately need to link and customize the software for it to be useful for their business case, but do not want to release these (often very small & customer dependant) modifications.
I think for me, I’ve been a beneficiary of using MIT licenses (in minor ways, no large or famous projects) and so when I publish code I prefer sharing as MIT.
Maybe I should reconsider, but I never thought anyone would remove an MIT license. That sounds like plagiarism (though they did put a thank you in their repo)
Due to some quirks of software developer hiring practices, people write OSS not because they want to write OSS, but because they want the kudos of having written OSS. The downside is someone might use their OSS.
Because when people start an OS project, they want to help people and grow. MIT license is the best license if your goal is to help other people. It's the worst license for building a business, but that's usually not what people think about when starting a project
These days there is almost nothing good with permissive if your project gets used by mega corps specifically. They don’t want your opinions, your expertise, they don’t want to share anything back, they won’t pay you, and they will even avoid giving credit – the lowest of the low. And somehow we’re still worrying about inconveniencing megacorps as if that mattered, at all!
I would love a license that says if your company has a physical presence in 10+ countries, one of its executive owns a yacht, or even is publicly listed, you need to purchase a license from the owners. (As a bonus, if the company is primarily selling subscriptions, the license should be in subscription form in return). Free (GPL/MIT/whatever) for everyone else.
Even such a crude stupid license would be an improvement over today for many. Most importantly I think a large amount of code is already closed today, because of the risks. This results in worse technical solutions, eg SaaS instead of libs & docker images that are easy to fix yourself. I don’t understand the fear mongering about licenses that Amazon and Microsoft don’t like. At the absolute minimum, contribute the changes back.
The great thing about permissive licenses is that it maximizes the utility of the code. I don’t care if someone makes a mountain of money by forking my permissively licensed code, that is in some sense the objective and I lose nothing by it.
This strain of rent-seeking behavior by some that open source their code but then believe they are entitled to compensation or forced contributions if the wrong people use it per license is distasteful and a bad look. It highlights the extent to which for many people the motivations behind their “open source” are not actually, you know, open source. For many, open source is about the utility of the source code and nothing more.
Licenses like AGPLv3 aren’t just about the utility of open source, they try to litigate concepts like fairness and justice at the same time, and open source isn’t a great venue for that.
> I don’t care if someone makes a mountain of money by forking my permissively licensed code, that is in some sense the objective and I lose nothing by it.
What if your code is used to actively make the world worse? Is that part of your goal? There's no shortage of corporations making mountains of money doing exactly that, after all.
I'm sorry, but you are way off base. Use is not restricted by GPL licenses. People have expressed desires to restrict use of GPL code (what if terrorists or pedophiles or Republicans use this code??) and Stallman and it's defenders have not allowed any restrictions of use.
GPL code does not exist in a vacuum. To be maximally useful, GPL code must coexist with source code subject to different legal, regulatory, and licensing regimes. GPL use is only “not restricted” if you completely ignore that compliance with GPL can unavoidably result in civil and criminal liability. Sure, those potential users are not required to avoid civil and criminal liability but that is not a serious argument.
Permissive licenses generally allow source code to coexist within almost any legal scenario into which source code may be placed. This is why I only use permissive licenses both for my own open source and for the open source I use.
I don't think you understand the difference between use and distribution, between running code and copying code.
All source code is automatically copyrighted and restricted (at least in the US) and you must follow copyright laws and license agreements for all source code that you copy and distribute. GPL licensed code is not special in this regard. How you use GPL software has zero restrictions.
I understand just fine. Placing any obligations on distribution, either mandating or prohibiting, is a de facto restriction on use in many contexts. There is a lot of source code that you might want to remix with GPL code that the user has no control over the legality of its distribution. That situation comes up often enough, sometimes in unplanned or unexpected ways, to strongly incentivize the blanket bans on GPL source code you commonly see.
No one has to like it but that is the reality. Pretending these aren’t real and valid concerns, often by people who have no power to change these things even if they want to, does a disservice to the health of the open source ecosystem.
It is why I stopped releasing GPL code and went purely permissive. I’ve seen the issues it causes people who just want to use the code many times. (Ironically, even for me with my own GPL code but at least I can relicense.)
I'm trying to understand you here, but I'm failing. I might need concrete examples of "use" and "distribution" being the same thing if you want to help me out.
Permissive licenses are about contributing to the trade as a whole, rather than individualism.
Some of us don't believe that the code we write is "ours" in any meaningful way, and don't think strangers using it have any obligation to us just because we typed it once long ago.
Personally, I am happy if my code is of use. If people are using it for evil I'll fight the evil, not try to withhold good things from the world to avoid that possible case. It is an approach that is rooted in sufficiency mindset, rather than capitalistic notions of false scarcity.
My project being forked doesn't cost me anything at all, but caring about it being forked or enforcing a license would cost me time and energy I have no desire to spend. Permissive licenses accurately communicate the levels of fucks I give, while keeping assholes from trying to sue me over having used my contributions to the collective wealth of the profession.
If I make the world better for everyone, of course a bunch of people who never did anything for me are going to be a part of "everyone", basically by definition. What is wild here is that Microsoft didn't follow the extremely minimal requirements of the permissive license.
> exploited for profit by someone who has never done you any good
Yes, that's the whole point of open source? Most contributions to the most popular libraries and frameworks (not necessarily end products) are from employees on their paid corporate time to begin with.
I agree this is the case for Linux kernel, for example.
But I don't know if it applies to entire ecosystem.
> Yes, that's the whole point of open source?
I think it's a gross oversimplification. For some reason there is not much code in public domain.
People do want different things in exchange for their work. Hence different licenses. Some want to receive credit for their work, some want to enrich the opensource ecosystem, make it more sustainable. Which brings me to my final point.
> are from employees on their paid corporate time to begin with
It's natural for companies to open their code under permissive licenses. Very often such code is just a first free sample of whatever they are selling: consulting services, a SaaS, etc.. So it makes sense to have an attitude "do whatever with the code, just please-please-please use it".
For an individual developer working on a one-man project the incentives structure can't be similar to one of a company. Hence my trouble understating why people pick MIT/Apache/BSD for their projects.
What's good about being "permissive"?
I keep hearing this argument, but I still don't understand, what's the incentive for authors of one-man projects to choose anything "permissive".
Do you enjoy your project getting forked, walled off and exploited for profit by someone who has never done you any good?
AGPLv3 still allows forking, still allows making profit (if your business model is sane). But it is at least backed by some prominent figures and organizations, and there are precedents where companies were forced to comply.