Welcome to 2024!
Looks like there are all sorts of changes on the way this year, this article about Open Source licenses stood out recently;
Not sure how many people are interested in licensing, but since I started publishing software it’s become a bit of a thing for me. For many years (back in the 90’s) I worked with / within the “GPL”, which I considered at the time time to be “the” Open Source license, without being too worried about the implications.
When GPLv2 came out and became the standard Open Source licence, again I didn’t really think too much about it. Then there was GPLv3.
If anyone has read the version 3 of the GPL there are some real changes as compared to version 2. Personally it’s not something I want anything to do with.
Whereas GPLv1/2 seemed to be fairly permissive and were all about what you were allowed to do with software they covered, version 3 seems to be restrictive and all about what you are not allowed to do.
This step-change seems to have also upset many others and it’s worth noting that Linux itself is still licensed under GPLv2, despite version 3 becoming available in 2007 (!)
Outrage
The initial intent of an Open Source license, from my perspective, was to allow people interested in developing free software to do so and make it available to other people, for free!
Part of this process allows other people to use this free software in their own software, whether it too is destined to be free or indeed commercial. The process is designed to spawn more free software and potential commercial entities with an interest in investing in and developing free software.
For the most part, it seems to have been relatively successful.
But wait!
This has resulted in companies making money off the back of the work of free software developers! Outrageous (some people are saying) , developers of free software should be protected and if there’s money involved, they should get some!
Well, if you treat Open Source as a business model, I can understand how it’s possible to arrive at this conclusion. My understanding however is that Open Source did not start life as a business model.
MIT
When I became aware of v3 and it’s implications, I started looking into the GPL in more depth and the implications of licensing software under the GPL. As a result I now only use software and libraries licensed under GPLv1, GPLv2 or MIT compatible licenses. When I publish software, as a rule I only do so under an MIT license. (which is an effective “do whatever you want with it” license)
Licensing under v3 seems to be the kiss of death with regards to getting people to adopt free software in the first place, I don’t understand why anyone would want to write “free software” then apply a license to it that would discourage others from using it. Seems pointless, why not just apply a commercial license and be done with it.
Supply Chain
The extended issue here is “what if” one of the libraries I’m using is incompatible with my application and it’s license? Potentially a big problem, if you include a GPLv3 library in your application, you may not be able to use some of the other libraries you would like to, nor publish your application under the license you want to.
As a result, when building software one should try to examine each library included in the application to ensure it’s compatible with what it is you are trying to accomplish and your intended target license. Bit of a nightmare, especially when you may have many dependencies and third party libraries. Typically a Javascript application will have thousands of such dependencies.
This is the result of people messing around with restrictive licenses and still trying to insist that the software is free.
Fortunately this had been codified to an extent, in Javascript you can so something like;
npx generate-license-file --input package.json --output \
dist/client-third-party-licenses.txt --overwrite
To generate an overview license file that includes all the licences of all the libraries you have included in your package.json file, which hopefully contains all the libraries you are using. In Python there is something similar, I use something like this;
poetry export -f requirements.txt --without-hashes > requirements.txt
python -m third_party_license_file_generator \
-r requirements.txt \
-o dist/server-third-party-licenses.txt \
-p ~/.pyenv/shims/python3 \
-l license_override_file.yml
Depending your the flags you apply, they will attempt to warn you if any of the libraries in use are not sufficiently permissive. (i.e. if you have something undesirable like GPLv3 in there)
But this is always a “best endeavours” activity. As with everything these days, more rules, higher bar to entry, it’s only going to result in fewer players, less software and lower quality of software.
After all, if you spend 25% of your coding time on licensing, the code can’t be as good! It’s not as if developers are suddenly going to have more time.
Thoughts?
1 post - 1 participant
