Skip to content

March 21, 2012

10

Comparison of Open Source Licenses

by e1ven

As I’ve been working on my little Forum Project over the last few months, I’ve run across a number of code snippets that I’d love to use.

Often they’re little things, posted to blogs explaining how to format a URL or whatnot, but I can’t legally use any of them.

Under the Berne Convention, every single bit of text or code you create is automatically copyrighted.
You don’t need to put a © or date on it, and no one can use it without your expressed permission.

I’ve written to each of the authors, and received releases, but one common thread I’ve heard is that people aren’t sure what license is right for them.

I’m certainly not an expert, but I wanted to put together a quick comparison of different licenses, and the implications.
I’ve included links for each to read them yourself. Please read through the license before applying it to your project. I’m just a Sysadmin, not a legal advisor.

One thing to note is that if you wrote the code, releasing it under a certain license never limits what You can do with it going forward.
You’re welcome to release the code under the GPL, then keep all your updates closed-source and for-pay, and never release them under any open source license.
So long as you’re the one who wrote all the code, releasing under an Open Source license just explains what Other people can do with the code.

For example, For a long time, Mozilla released the Firefox code under the MPL, AND the GPL, AND LGPL, letting people choose whatever license they wanted for the codebase.
Oracle releases MySQL under the GPL, but will also sell you a commercial version under other terms.
As long as all the code in the project is yours, you’re free to do whatever you want.
The only warning is that when things are open, other people often want to help write code- You’ll want to make sure they either assign the copyright to you (letting you do whatever you want, as if you wrote it).

There are few elements with different licenses differ about:

Attribution- Different licenses ask that you recognize the author in different ways. Some let you take credit for the code, others ask for a line in the About section, and others want placement on all advertisements for any product that uses any of it’s code.
Some licenses include a clause that makes it clear that you shouldn’t use the name of the original company when talking about your own product. This is referred to as an “Anti-endorsement” clause.
Copyleft- Licenses that use Copyleft are sometimes called “Viral” licenses; If you include any code that uses that license in your code, then your entire program has to be released under a compatible license.
Their goal is to stop companies from taking your code, building on it, then keeping all the changes to themselves.
If they use your code, they have to release theirs.

  • A “Strong” copyleft license says that only programs which are under the same license are able to use this code.
  • A “Weak” copyleft license says that all changes to this particular code must be released, but other software can be built using this as a library, and that can software can be under a different license.

Patent Protection- Traditionally, software licenses, including Open Source Software licenses don’t deal with patents at all. This has lead to difficulties wherein a company might release their software as Open Source, but years later explain they have a patent on the underlying ideas. Even though you’re allowed to use their software under Copyright law, they can still come after you under Patent law. Some licenses include a patent license, to avoid this situation.
Web Application- Another shift we’ve seen is companies move from distributing software, to running offering hosted versions of that software on their websites. Some copyleft software licenses ask that Web Applications release their code, where others only apply if you actually distribute the software to someone else.
Permissive- Sometimes people will talk about how “Permissive” a license is. The more Permissive a license is, the more you are allowed to do with that software without the license coming into play. These range from Very permissive licenses, such as the MIT/X license, to more restricted licenses such as the EULA that commercial software packages have.

One important thing to note is that OSS licenses are almost universally licenses on Distribution, NOT on use.
Unlike a EULA, you do not need to agree to the license in order to use the software.

The license only comes into play if you are distributing it, either directly (GPL/LGPL/etc) or by exposing it as a webapp (AGPL)

License Attribution Required Anti-Endorsement Copyleft Applies to web apps Patent Protection Notes
Gnu GPL 2 Include in Source code None Strong No Indirect The great Grand-daddy of OSS licenses, The GPL2 covers the Linux Kernel, and is widely considered the progenitor of Copyleft licenses.
Gnu GPL 3 Include in Source code Various options available per project Strong No Direct In 2007, the FSF updated the GPL to version 3 to add explicit patent protection, and a provision to prevent “tivoization”,
which is when software is free, but only used on locked down hardware.
Many GPL2 licenses include a line allowing them to be dual-licensed under the GPL3.
AGPL1 Include in Source code None Strong Yes Indirect The AGPL1 is a version of the GPLv2 modified to say that websites that run webapps using the code need to distribute changes, just as if they had shipped it.

AGPL3
Include in Source code Various options available per project Strong Yes Direct The AGPL3 is a version of the GPLv3 modified to say that websites that run webapps using the code need to distribute changes, just as if they had shipped it.

LGPL2
Include in Source code None Weak No Indirect The LGPL2 is a version of the GPLv2 designed for libraries, or other small sections of code.
This requires that any chances to that component are contributed back, but software which uses the library does not need to be open.

LGPL3
Include in Source code Various options available per project Weak No Direct The LGPL3 is a version of the GPLv3 designed for libraries, or other small sections of code.
This requires that any chances to that component are contributed back, but software which uses the library does not need to be open.

MIT/Expat License
Include in Source code None No No None The MIT license (or Expat license) is a common and straight-forward permissive license.

MIT/X11 License
Include in Source code Anti-Endorsement No No None The X11 variant of the MIT license includes a provision to prevent people that use the code from saying they’re endorsed by the team that originally wrote the code.

2-Clause BSD
Include in Source code No None No None The 2 clause BSD license is permissive license similar to MIT/Expat license.
There is some confusion when people refer to “The BSD license” because there have been 3 versions of BSD licenses.
Because of this, people should always cite the number of clauses in the BSD license, or use something more straightforward.

3-Clause BSD
Include in Source code Anti-Endorsement No No None The 3 clause BSD license is permissive license similar to MIT/X license.
It adds a similar anti-endorsement clause to the 2-clause BSD license as MIT/X does to MIT/Expat.

4-Clause BSD
Include in all Advertising. Anti-Endorsement No No None The 4 clause BSD license (Or “original BSD license”) is a BSD variant which adds a clause to the 3-clause BSD.
Any time there is an advertisement for software which includes any code under this license, the original code needs to be mentioned. Most people are best avoiding this license entirely.

Apache License 1.0
Include in all Advertising. Prohibitions against using the Apache name No No None The Apache License 1 is a standard permissive license with an advertising clause.

Apache License 2
Include in Source code Trademark Protection No No Direct The Apache License 2 is a standard permissive license with explicit patent grants.

MPL2
Include in Source code Trademark Protection Weak No Direct When Mozilla originally released their code, they created a ‘Business Friendly’ license. They’ve recently revised it to be explicitly compatible with the GPL family.

CDDL
Include in Source code Trademark Protection Weak No Direct The CDDL is a version of the MPL1.1 that was modified by Sun to try to clarify language, in ways which were incompatible.

What a mess!
What’s even more “Fun” is trying to combine them.
Some of the licenses are compatible with one another, and others aren’t.
Still others are compatible, but only if you stand on your head and chant in latin.
I’ve included my personal understanding of how they combine below. As always, consult a lawyer, and let me know if I missed something.

I wrote this table from the perspective of, assuming I have existing codebase A, am I allowed to import code B?

Current code:

New Code:

GPLv2 GPLv3 AGPLv1 AGPLv3 LGPLv2 LGPLv3 MIT/Expat MIT/X11 2-Clause BSD 3-Clause BSD 4-Clause BSD Apache MPL2 CDDL
GPLv2 Yes [1] [1] [1] Result is GPLv2 [1] Result is GPLv2 Result is GPLv2 Result is GPLv2 Result is GPLv2 No No [2] No
GPLv3 [1] Yes [1] Yes [1] Result is GPLv3 Result is GPLv3 Result is GPLv3 Result is GPLv3 Result is GPLv3 No Result is GPLv3 [2] No
AGPLv1 [1] [1] Yes [1] Result is AGPLv1 [1] Result is AGPLv1 Result is AGPLv1 Result is AGPLv1 Result is AGPLv1 No No No No
AGPLv3 [1] Yes, result is AGPLv3 [1] Yes [1] Result is AGPLv3 Result is AGPLv3 Result is AGPLv3 Result is AGPLv3 Result is AGPLv3 No Result is AGPLv3 [2] No
LGPLv2 Yes, result is GPLv2 [1] [1] [1] Yes [1] Result is LGPLv2 Result is LGPLv2 Result is LGPLv2 Result is LGPLv2 No No [2] No
LGPLv3 [1] Yes [1] Yes [1] Yes Result is LGPLv3 Result is LGPLv3 Result is LGPLv3 Result is LGPLv3 No Result is LGPLv3 [2] No
MIT/Expat Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
MIT/X11 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
2-Clause BSD Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Tes
3-Clause BSD Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
4-Clause BSD No No No No No No Result is 4-clause BSD Result is 4-clause BSD Result is 4-clause BSD Result is 4-clause BSD Yes Result is Apache + Advertising Clause Result is MPL with Advertising Clause Result is CDDL with Advertising Clause
Apache2 No Yes No Yes No Yes Result is Apache2 Result is Apache2 Result is Apache2 Result is Apache2 Result is Apache2 + Advertising Clause Yes Yes Yes
MPL2 [2] [2] No [2] [2] [2] Result is MPL Result is MPL Result is MPL Result is MPL Result is MPL with Advertising Clause Yes Yes No
CDDL No No No No No No Result is CDDL Result is CDDL Result is CDDL Result is CDDL Result is CDDL with Advertising Clause Result is CDDL No Yes

Also note that I’ve simplified the result slightly, to reflect the practical effect. For example, I say that MIT/X11 + 4-Clause BSD Result = 4-clause BSD.
Realistically, the code is now combination of the two licenses, and you need to follow and include both code, but as far as effective restrictions, it now acts like 4-clause BSD.

[1]

In many cases, licenses contain a clause which allows you to upgrade to later versions of the same license.
For example, the default version of the GPLv2 includes a clause to allow users to “upgrade” to GPLv3.
If this cause was included, you can freely mix this code, with the resulting combination being covered by the newer license.
You should check to see that this clause is included. Some prominent software, such as the Linux Kernel, does not have it.

Other software may require BOTH sides to update to newer versions of the licenses
For instance, the AGPLv1 and GPLv2 are incompatible, but if both packages contain “Or later versions” clauses, they can be upgraded to AGPLv3 and GPLv3, which are compatible.

[2]

The MPL2 performs kind of a neat hat-trick
It indirectly allows compatibility with the GPL-series of licenses, by a bit of legal maneuvering.
The end result is that you can use combine them, but keep the MPL code MPL’d, and the GPL’d code GPL’d.

Read more from Uncategorized
10 Comments Post a comment
  1. mpronschinske
    Mar 22 2012

    I’m super impressed by the work you’ve done here.
    If you get a chance, I’d like to see how the Eclipse public license fits in here. I think I remember hearing that the EPL isn’t compatible with GPLv2.

    Reply
    • e1ven
      Mar 22 2012

      http://en.wikipedia.org/wiki/Eclipse_Public_License

      The EPL isn’t compatible with the GPL because of the patent retaliation clause. The GPL says you can’t add any additional restrictions..
      While this may be a “good” restriction, from the perspective of the GPL, it’s still an additional restriction.

      Other than that, I believe it acts very much like the LGPL.

      Reply
  2. Mar 22 2012

    Wow. Kudos on the hard work of putting this together.

    Reply
  3. phosuns
    Mar 22 2012

    This is huge! After just having gone through a due dillgence process having to answer stupid lawyer questions about code licenses and software distribution, this certainly helps!

    Reply
  4. Oh, nice! Really well describes the problems I had when mailing HTML+JS game developers about the license of their code (http://jancborchardt.wordpress.com/2011/05/19/freeing-web-games/ ). Most of them just said something along the lines of »the code is open for anyone anyway« – they want to share / don’t care but copyright is pretty much in the way.

    To not make it any more complicated, I always recommended AGPL and MIT as the two best choices. Sure, MIT doesn’t have extra protection that Apache2 might offer but it’s dead simple to read – and making your stuff accessible is the big point of licensing.

    And your tables would fit really well on http://en.wikipedia.org/wiki/Comparison_of_free_and_open_source_software_licenses

    Reply
  5. Mar 22 2012

    Very helpful, thankyou!

    Reply
  6. Mar 22 2012

    Great comparison. I wonder though how the Open Software License (OSL-3 http://www.opensource.org/licenses/osl-3.0.php) fits this picture.

    Reply
  7. Mar 24 2012

    Great job. Congratulations!!!

    Reply
  8. Impressive work indeed… Perhaps you could provide some room for the EUPL (the sole licence working in 22 language) which is – according to OSS-Watch – “variable” (or interoperable) copyleft.
    The problem is not licence proliferation (this is a simple fact, and no one can remedy) but the lack of interoperability between copyleft licences (even the GPLv3 is not legally compatible with the GPLv2).

    Reply
  9. Oct 20 2012

    Just found this via google. Very good resource thanks for putting the work in.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: