HomeCopyleft

Copyleft License

Free as in "please read the entire license before shipping anything"

This is Industrial Waste.

You can have it, but YOU are responsible for any problems it may cause.

Please don't leave it in a pond, the koi deserve better.

FAQ:

  • Q: Can I use this?
  • A: Yes, but you really shouldn't.

(credit: @duallain | @nilium | @cite-reader on hangops)

The Taxonomy

GPL v2 says: share your modifications. GPL v3 says: share your modifications, and also here are additional provisions about patents and hardware restrictions that were not in v2 and that your legal team will want to discuss. LGPL says: you can link against this library without the copyleft applying to your code, which sounds like a reasonable compromise until you spend an afternoon trying to determine whether your specific linking situation qualifies. AGPL says: if you run this as a service, that counts as distribution, and you must provide source to your users. Legal teams see AGPL in a dependency and file an emergency ticket. The ticket sits for three weeks because everyone has the same ticket and nobody knows what to do.

Every project interprets these licenses slightly differently. The interpretation that matters is not yours or your legal team's — it is the interpretation of the court in the jurisdiction where the dispute happens to be filed, which you cannot know in advance. This is the koi pond. The koi did not ask to be in a pond contaminated with ambiguous intellectual property obligations. They deserve better.

The License Audit

At some point in every company's growth, someone in legal discovers that the engineering team has been pulling in open source dependencies without tracking their licenses. This person will want a full audit. The audit will reveal that the application has 847 transitive dependencies, that 12 are GPL-licensed, that 3 are AGPL-licensed, and that 2 of those have been in a production service for four years. There will be a meeting. Then another meeting. Then a decision to "remediate," which means finding an alternative or getting a legal opinion on whether the current usage qualifies as distribution. The alternative will take two sprints. The legal opinion will cost more than two sprints. Everyone will agree the real fix is better license tracking going forward. Going forward is not the same as right now.

The Open Core Pivot

The venture-backed open source company eventually discovers that "open source" and "sustainable business" have a tension. The resolution is open core: the core is open, the enterprise features are not. The community builds the core. The company sells the features. The community starts wondering what they are building the core for. The company hires developer relations people to manage this concern. The developer relations people are sincerely earnest and cannot explain the license change that converted the community's contributions into proprietary enterprise functionality. The community forks the project. The company issues a blog post about how committed they are to open source. This has happened more than a dozen times in the past five years and will happen again before this page is updated.

The license says you can use this in commercial products as long as you include the license text, provide source for modifications, don't use contributor names for endorsement, and grant a patent license to all users. Legal has been discussing whether the last clause applies to us for about six weeks. They'll get back to us.
— The dependency review, unresolved
← All Disasters