back to article Copy-left behind: Permissive MIT, Apache open-source licenses on the up as developers snub GNU's GPL

Permissive open-source software licenses continue to gain popularity at the expense of copyleft licenses, according to a forthcoming report from WhiteSource, a biz that makes software licensing management tools. Permissive licenses include the MIT and Apache 2.0 licenses and are known as such because the permit licensors to do …

  1. ysth

    copyleft does *not* prohibit making free code proprietary, just distributing it once you've done so.

    1. diodesign (Written by Reg staff) Silver badge

      Hair splitting

      Yeah, all right, but you get the gist of what we meant. It's in the context of releasing, aka distributing, software. I've taken that sentence out so people can't misread it.

      C.

    2. Anonymous Coward
      Anonymous Coward

      Copy-left dosen't by itself, but the newer GPL versions kinda do

      The changes made after GPLv2 and LGPLv2 are outside the core copy-left principal and do interfere with free use of the code within and organization. The AGPL was specifically targeting just such use, by making 'use' and 'distribution' the same thing in many cases.

  2. JavaJester
    WTF?

    Vaccine License is the First Brick of the Yellow Brick Road to Hell

    The OSI should go nowhere near something like the Vaccine License. What's next? A license that requires users to call authorities for people in the country illegally? Perhaps licensing that requires supporting "religious freedom" discriminatory stances? Perhaps licensing that requires the opposite? Imagine the fun of using contradictory licenses simultaneously and facing punative consequences as a result. Imagine a dystopian world where installing a program imposes such obligations to the users. This sounds like great material for a Black Mirror episode, but a terrible idea for the real world.

    1. bombastic bob Silver badge
      Black Helicopters

      Re: Vaccine License is the First Brick of the Yellow Brick Road to Hell

      uh, WHAT?

      you forgot to use THIS icon (see icon)

    2. Carpet Deal 'em
      Happy

      Re: Vaccine License is the First Brick of the Yellow Brick Road to Hell

      Luckily, none of those license provisions are enforceable.

    3. Michael Wojcik Silver badge

      Re: Vaccine License is the First Brick of the Yellow Brick Road to Hell

      Yes, unenforceable provisions of obscure licenses for free stuff that you can simply decline to use is definitely something we need worry about, just as soon as every other problem is fixed.

  3. Anonymous Coward
    Anonymous Coward

    Project size

    I'd be interested to know if project size was considered, and whether this would make any difference if factored in.

    The way I tend to work is that I'll license smaller projects and things that don't have any potential for commercial exploitation under a permissive license (I tend to use BSD 3-clause), but for larger or more important projects I'll tend to use GPL.

    If others do the same then you'll have a million small projects using permissive license and a handful of large projects using GPL. That could affect the numbers in a study like this if the size of the project isn't being taken into account.

    1. jelabarre59 Silver badge

      Re: Project size

      I think it really comes down to your intent for the code/application/etc. How you want to see it used would determine the sort of license you put on it.

      It's much like the Creative Commons licenses. If I am posting CC works, some I might post as CC-BY, while others would be CC-BY-NC (with the option of being "dual licensed", such as some violin building books my father had written).

  4. Pascal Monett Silver badge

    Just one question

    "we have witnessed several companies in the past 18 months making license changes to block the cloud providers from continuing this trend"

    And how exactly is that going to do anything to block Azure or AWS from taking any open-source code, fiddling with it until it does what they want, and stashing the result where nobody can see it ?

    It's not like those several companies are going to be granted investigative powers and check what state that now-proprietary code is in.

    1. Anonymous Coward
      Anonymous Coward

      Re: Just one question

      > And how exactly is that going to do anything to block Azure or AWS from taking any open-source code, fiddling with it until it does what they want, and stashing the result where nobody can see it ?

      That's what the AGPL is for.

      > It's not like those several companies are going to be granted investigative powers and check what state that now-proprietary code is in.

      That's what the discovery stage of a lawsuit is for.

    2. DropBear

      Re: Just one question

      In theory, you're right. In practice, all you need is proof that a cloud service is exhibiting the same specific bug or is vulnerable to the exact same exploit (which you didn't necessarily attack it with yourself) and lawsuit can start a-flying...

  5. LDS Silver badge

    "not release versions or derivatives of the licensed"

    The problem of GPL is "derivatives" as it means all the code you wrote when linking to something GPL - not only changes you made to the GPL code (they needed the LGPL exactly to avoid it). That's not freedom - that's indentured servitude.

    Good more and more people don't believe any longer in Stallman religion.

    1. Warm Braw Silver badge

      Re: "not release versions or derivatives of the licensed"

      The problem is that, in the end, only a court can decide whether a particular piece of code is a "derived work" and for that reason, the licence likely doesn't mean what either the licensor or the licensee thinks it might mean and it will prove costly to find out.

      The advantage of permissive licences is that you're unlikely to find yourself in court for alleged transgressions. Given that the majority of these licences come from companies with very deep pockets, that's quite reassuring for the rest of us.

    2. Charlie Clark Silver badge

      Re: "not release versions or derivatives of the licensed"

      Yeah, GPL is mainly about ideology but also an invitation for lawyers. I have several contracts that explicitly forbid GPL code for customer projects because of this.

      This doesn't mean that there isn't a threat posed by Amazon, Google, Microsoft, RedHat, et al. potentially extinguishing some open source development because there the only ones that can make money and, hence, pay developers, but the fiddling with the licence won't change this.

    3. Rich 2 Silver badge

      Re: "not release versions or derivatives of the licensed"

      I agree. I don't have a problem with the idea that if I take some GPL code, modify it, and then re-publish it, it must remain GPL. This is largely no different from what you would expect if the code was BSD (or similarly) licensed.

      The issue I have is that just linking some GPL code to some, otherwise completely unrelated, code, makes that code GPL (if I want to distribute it). This is just plain wrong and I don't know of any other license where this would happen. The GPL does not respect other licenses; it tramples all over them.

      Good example: I write a Linux driver. If I want to link this into Linux and distribute the result, my driver would have to be GPL. Even though the only bit of Linux I am using is the APIs. The irony, of course, is all the fuss being made at the moment regarding Google and Oracle and Java APIs. I'm sure the GPL people are rooting for Google on the latest court case, but the GPL does "an Oracle" (sort-of. well, ok, not quite, but hopefully you get the idea) by forcing their license on you just for using an API that happens to be GPL licensed.

      Similarly, there is BSD (and similar) code out there that has been modified, linked to some GPL stuff, and the result re-pubished as GPL. And the GPL people will say "but the BSD license allows this". It might do, but that doesn't make it right; at best it's rude. At worse, it's hugely aragant

    4. nnnn20430

      Re: "not release versions or derivatives of the licensed"

      Because it's not freedom, unless you have the freedom to enslave others?

      The point is that you cannot use GPL'd code to restrict others freedom,

      and yes, that means you are in fact, not free to take others freedom, it's basically the paradox of tolerance.

      The usage of GPL'd code, in code with a license which grants less rights, would effectively take away the freedoms granted by the GPL, as everyone who uses GPL'd code, should have the right to study, change, and distribute it, on anything they can run it on, and no single person can take that away.

  6. Anonymous Coward
    Anonymous Coward

    Just been reading Private Eye and there is a cartoon where a chap goes with his daughter into a pet shop to buy a cat, the pet shop owner says "just sign this contract mate, it says we're entitled to 10% of any income he makes from viral meme work"

    Welcome to modern licencing.

    1. Chris G Silver badge

      Unless it's a rescue, anyone who buys a cat or dog from a pet shop deserves to be screwed.

      1. Anonymous Coward
        Anonymous Coward

        >Unless it's a rescue, anyone who buys a cat or dog from a pet shop deserves to be screwed.

        The virtue signalling is strong in you young Skywalker.

        1. phuzz Silver badge

          It's always amused me that the act of accusing someone of 'virtue signalling' is itself, signalling a (perceived) virtue.

          It's practically the whole point of conversation.

          1. Anonymous Coward
            Anonymous Coward

            >It's always amused me that the act of accusing someone of 'virtue signalling' is itself, signalling a (perceived) virtue.

            I don't have any, I've led a very bad life.

        2. Chris G Silver badge

          @AC. I am probably older than your dad, sonny.

          What little virtue I have , is driven by experience.

          1. Anonymous Coward
            Anonymous Coward

            >@AC. I am probably older than your dad, sonny.

            Never judge an AC by it's cover.

            Yours, Mr C. Babbage.

      2. Kubla Cant Silver badge

        Unless it's a rescue, anyone who buys a cat or dog from a pet shop deserves to be screwed.

        Indisputably. But it would be tricky to make it clear within the limited scope of a cartoon that the man was buying from a reputable breeder or a rescue centre.

        There's a long history of cartoons showing castaways on desert islands that are nothing but a small mound with a palm tree in the middle sticking out of the sea. I think people should be warned that most desert islands aren't like that, and that you couldn't survive long on such an island.

  7. BinkyTheMagicPaperclip

    'It is becoming fairly rare to find a company whose software is not predominantly open-source software'

    Really? Really really ? Nice bubble you live in..

    I do use open source software here, generally for text processing. Everything else is closed source from the Windows desktop apps, the backend (mostly Windows) servers, the development environment (some open source web frameworks, remainder in house or third party commercial libraries). This is not unusual.

    I like open source, use it where I can at work, and a lot at home. However, competitive advantage is also needed, I like having a salary.

    1. Bronek Kozicki

      Do you know the DevOps mantra "you wrote it, you run it"? The money comes from running the software, not from writing it. This means we can afford not only to use open source, but also to contribute upstream and to publish our own projects, typically under APACHE2.0 license.

      Of course Windows shops are in the worse situation because there is not really that much good quality open source available on this platform - which is why the huge majority of software engineers I know migrated to Linux (but that's not relevant here), or at least to platform-agnostic projects. So yeah, it is becoming pretty rare to find a company whose software is not predominantly open-source, at least as long as server side is concerned.

      1. Anonymous Coward
        Anonymous Coward

        We didn't migrate to Open Source, we migrated to Open Standards - important difference. It means we can use a mix of commercial desktops (MacOS) and associated commercial software as well as Linux, yet the whole back end is Linux and talks open standards - apart from whatever they've done to webdav, everything pretty much works between Linux and MacOS.

        It also means we're VERY aware of the fact that Outlook even until now has zero support for caldav and carddav, but in a somewhat ironic twist, carddav is not natively supported by Thunderbird either. MacOS' "contacts" and "calendar", however, are perfectly fine with the above.

      2. BinkyTheMagicPaperclip

        In the case of work here, yes we make money by running the software and services, not as much by writing it (there are some on-premises installations but they're limited in number, and there are sometimes highly bespoke customisations which have been highly lucrative).

        However, if the code was given away other firms could out compete and innovate using our internally developed code, so no thank you, we're not giving it away.

        Technically I suppose we could have decided to have zero installations on customer sites, base the entire software stack on open source technologies, and license it as GPL knowing that customisations wouldn't have to be released. At the time the software was written originally, Windows development tools were far faster and more effective, and third party components more generally available - this saved time and gathered business.

        There is a load of quality open source available under Windows, because a great deal of effort has been expended porting it from Unix, plus other Windows based open source/free but closed source software. The advantage Unix tends to bring is a more integrated packaging environment.

        1. Bronek Kozicki

          Each to their own, I guess. I agree that Windows development tools were, at a time, faster to use compared to what you could have on Linux (subject to habits, taste etc.). However, many open source projects which are indispensable in the modern microservices CI/CD environment do require Linux, even if only on a VM (think your typical orchestration setup)

          The other aspect of open source is that, fundamentally, any software is a burden and a liability - it is prone to "go wrong", "get stale" and even "rot" (these are all technical terms). It is in favour of any organization to share the burden with others, and open source does exactly that. Software can be also an asset, of course, but only when it does what it needs to be doing - which, in the projects I like best, is subject to configuration and not to code. And configuration, or even a higher layer of code, is never considered "derived work" and can be proprietary.

          1. Bronek Kozicki

            ... well, except for AGPL.

          2. BinkyTheMagicPaperclip

            Sure, code rot due to evolving environments, and technical debt exist. However open source is most useful when the software is in fairly wide usage and studied and coded by a large number of eyeballs.

            When the software is somewhat niche, the only people likely to use the code are your direct competitors. Alternatively, nobody might bother at all - take the case of OpenSSL which was (is) open source, but is considered part of base plumbing, and no-one wished to touch it because it's difficult.

            Obviously the trick is to open source as much as possible (i.e. replacing the third party components we used with open source alternatives would save us hundreds of pounds each year) whilst keeping your niche intellectual property closed source.

    2. Michael Wojcik Silver badge

      Ah, nothing like a battle of warring anecdotes. "My unsupported and statistically insignificant observation is X!" "Oh yeah? Well my unconfirmed study of sample size 1 says Y!"

      Compelling stuff, gents.

  8. Cuddles Silver badge

    Times have changed

    ""to ensure the evil corporations of that time would not be able to use open-source software and then restrict its redistribution."

    The top ten open-source projects today are managed by Facebook, Google, and Microsoft"

    It's lucky that none of them are evil.

    1. Pirate Dave Silver badge
      Pirate

      Re: Times have changed

      Yeah, today must be Irony Friday at El Reg...

  9. Cederic Silver badge

    'twas always thus

    The Apache Foundation's projects have always been popular because they deliver capabilities businesses need and do so without causing licence anxiety. Most business code isn't fixing the underlying source of the tools and frameworks it uses, it's implementing features specific to that business. Development teams lack the time and resources to do everything the business needs and wants, let alone start translating their work into something sufficiently generic for use at other organisations.

    That doesn't mean GPL projects aren't welcome and indeed, Linux is pretty much ubiquitous now. But people install a Linux distro, configure it, and then deploy other systems on top of it. Very few companies try and extend or add to Linux.

    The cloud vendors are keen that their customers use proprietary technologies on their clouds, but cynically I think that's primarily to drive lock-in. You can still spin up a fully open sourced stack on the major providers and treat it as you would hosting it on premise or in a more traditional third party data centre.

    1. Anonymous Coward
      Anonymous Coward

      Re: 'twas always thus

      There is another dimension here. MIT, BSD and Apache licensing is closer to the LGPLv2, which used to be a pretty common choice for projects that didn't want restrict use to just GPL'd projects.

      When they messed with the LGPL they destroyed it's utility to many projects that didn't want to limit the scope of their project to permanent GPL only restrictions. As a result new projects have been moving to the other permissive licenses.

      Despite the bun fight that happened when the AGPL/LGPLv2.1 launched, a bunch of projects stayed on the LGPLv2, some even began publishing under dual license terms. That is a pain for the contributors, doubly so when activist "contributors" start refusing to make code commits under a permissive license to force the whole project to go AGPL.

      By strong-arming the community to use the most restrictive versions of the GPL, the FSF and activist developers made the GPL, even the LGPL, look like a risky and unstable choice, when safe and stable choices were available. So big surprise we see the share of GPL code tanking. The latest terms seem geared to benefit commercial operations that want to dress up as open source and cry foul when someone interferes with their business model by using the "free and open" code they published.

      I am glad that the permissive license projects are thriving, and the open source community has come into it's own. I contribute code to these projects to give back to an ecosystem that has been a huge resource to me over the years. I give these parts of my work for free, with the hope it will benefit others and save someone re-inventing the wheel. I'm proud to see that spirit grow in the world.

      I miss the old LGPL terms, because they made it east to support the idea of Copy-Left without excluding other options, and allowing projects to separate parts of a project to allow more permissive licensing to support code re-use and interoperability. That helped keep new projects choosing the GPL family as the defacto choice. Now, having driven so many projects and developers out, other choices are forming a new center. Because of the large number of foundational projects under GPL, it isn't going anywhere, but it isn't on the vanguard anymore, and it may not need to be.

  10. Long John Silver
    Pirate

    Angels dancing on the head of a pin?

    Discussion of software licensing inhabits a realm once the preserve of theologians. As evinced from the article and the resulting comments, people expend considerable intellectual resource picking through intricacies and consequences of licensing options. Doubtless, within their own terms, many of the points raised are subtle, indeed erudite. Yet, whether this has much lasting bearing on life in the 'real' world, as distinct from a metaphysical construct, is moot. That is the state of play among people obliged to take cognisance of licensing complexities in their daily work. When matters come to a head and require input from lawyers and adjudication by courts the game becomes promoted to the professional league of metaphysics. Whatever criticism may be directed at lawyers it clear that the highest echelon of legal minds is of comparable distinction to similar echelons in other professions, possibly a little sharper with respect to verbal reasoning. These elite players are in, to them, a fascinating, game and rewards more than match those of bone-headed Premier League footballers, this without risk of damaged tendons.

    Lower tiers in the legal profession have an important role too. Their advocacy skills ('silver tongues') may often match or beat those of their professional betters but lesser grip on complicated reasoning ensures that constant 'noise' is added to debate over 'intellectual property'. This serves as grist to a productive money generating activity. Adding politicians and lobbyists to the mix ensures ever more complexity and chance of internal contradiction. Consider how infrequently legislators seek simplification (which encompasses restricting reach) as means of plotting a path through accrued complexity rather than repeated attempts to dot every 'i' and cross very 't' which inevitably ratchets up complexity which in turn leads to the next iteration of legislation.

    Unlike matters of law such as defining murder, this broadly within the comprehension of ordinary folk, the concept of 'intellectual property' over centuries, with accelerating pace in recent decades, has by virtue of speciousness unrecognised at its inception, spawned increasing numbers of anomalies, contradictions, and restrictions. Culture has been comprehensively fenced in. Worse still, anyone tilling the soil of innovation must keep wary eye lest inadvertently the almost perpetual 'rights' of another are through 'derivation' from their work infringed such that the holder of rights cannot draw full monopoly benefit according to the rules of rentier economy. Just as fenced in countryside was broken into by a movement of 'mass trespass' so shall the domains of parasites upon culture.

    It's ironical that the least long-term important component of culture, i.e. 'popular entertainment', is driving culture across the board into the ground: least important but appealing to the most people, most easily fenced-in, and greatest money-spinner. As so often these days, the lowest common denominator drives expectations of the rest.

    Copyright legislation and enforcement is chasing its tail in attempts to batten-down glaring anomalies and challenges from technological advance. It spirals ever faster and confidently may be expected to suffer the fate of the oozlum bird.

    -----

    Released under the Creative Commons Attribution 4.0 international license.

  11. steelpillow Silver badge

    What's not said

    Quite surprised not to see the Linux kernel among the top ten. The other interesting point about it is that Linus stuck with GPL2 because 3 is too restrictive for him.

    Also quite surprised to see no breakdown in terms of say infrastructure (OS, cloud), services and apps. I am sure that the optimal license regime for each of these differs and their relative growth will have affected the numbers reported.

    1. Venerable and Fragrant Wind of Change

      Re: What's not said

      GPL2 is a work of genius (whether you agree with it or not).

      GPL3 is a work of committee (ditto).

  12. Starace
    Flame

    Poison

    I know that anything I've looked at recently tends to treat a GPL license as a poison pill. The lawyers look at it and see risk even for innocuous use cases.

    It's a shame but that's the reality of it.

    1. Zolko Bronze badge

      Re: Poison

      If the lawyers don't like it then it's probably very good for the rest of us: that means they can't litigate around it, bad business for them, and good for us (devs and users).

      1. lightweight

        Re: Poison

        Yup, this is the key. Businesses that can't make money from GPL'd software don't deserve our sympathy (note, I sold my pure-play GPL-only software dev company 5 years ago after 14 years in business, so I *know* it's possible).

  13. Oh Homer
    Linux

    Perspective

    I get the feeling that this analysis might be a case of "there's damned lies, then there's statistics", a bit like claiming that cassette tape is making a huge comeback, when in fact it's only huge compared to its own recent history, which belies its single digit market share of the market as a whole.

    I think we need some perspective. Open source has gone from zero to omnipresent, which means there's now vastly more open source software out there. Stuff that was GPL is still GPL, it's still part of that - what was it? - 59% ecosystem. It's just that a lot of new stuff has now been added to that ecosystem, coming from places that previously wouldn't touch open source, but which have found it a pragmatic necessity in a predominantly open source world.

    This is not a loss for Free Software fundamentalism, it's a testament to the influence it's had on the world of software, transforming the landscape into a world that's now orders of magnitude more open.

    So what if most of the new stuff isn't GPL? It's coming from places that had never even heard of open source not that long ago, whose entire portfolio was proprietary. That stuff was never destined to become GPL anyway. It's just been forced to become slightly less proprietary, then even less, and so on.

    Mission accomplished, frankly.

    1. Michael Wojcik Silver badge

      Re: Perspective

      This is not a loss for Free Software fundamentalism, it's a testament to the influence it's had on the world of software, transforming the landscape into a world that's now orders of magnitude more open.

      I'm dubious about this narrative. Shipping source was the rule, not the exception, in first couple decades of commercial digital computing. The move to closed-source software was arguably driven by a couple of factors: the rise of commercial pure-software companies, and the IBM consent agreement which led to "unbundling" and the forced conversion of its mainframe software into a profit center.

      Even prior to the rise of the free/open software movements, source code was still exchanged widely, at both small scale (the txtfile community, for example) and large (AT&T UNIX). When Stallman founded the FSF, I don't recall it being greeted as a surprising concept; the controversy was around the ideology, not the notion of open source, or even open-source commercial software.

      Personally, I suspect we'd have a significant open-source presence even if the FSF and the free-software movement (and its variants) had never happened. Certainly the FSF and GPL had a tremendous effect on the evolution of FOSS and its current state, and almost certainly on the volume of FOSS and the success of FOSS-based commercial firms such as Red Had. But I think it would have been significant even without them.

  14. Christian Berger

    I don't think it's against "Copyleft"

    It's just that more and more little toy projects get shared on github. There the idea is that someone wrote some code which isn't worth thinking about copyright, so they simply slap on some BSD license as they don't care what is being done with that code.

    It's more a sign of a rise of casual code sharing on github than a fight against copyleft.

  15. lightweight

    I think that the quiet co-option of FOSS communities by the Frightful Five (and those corporations aspiring to join them) has included a concerted, broad campaign to undermine Copyleft. When I first started doing FOSS back in the 90s, "open source" implicitly *included* Copyleft licenses... more recently, as we've seen the mega corporates barging their way into the space, we've increasingly seen them shifting the definition of "open source" to mean open source code *except* for Copyleft code. Given the disproportionate dominance of the tech media by those mega-corps (all of who have built their fortunes by exploiting users of their proprietary software) I'm cynical enough to think that this shift is not accidental.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021