License proliferation
License proliferation is the phenomenon of an abundance of already existing and the continued creation of new software licenses for software and software packages in the FOSS ecosystem. License proliferation affects the whole FOSS ecosystem negatively by the burden of increasingly complex license selection, license interaction, and license compatibility considerations.[1]
Impact[edit]
Often when a software developer would like to merge portions of different software programs they are unable to do so because the licenses are incompatible. When software under two different licenses can be merged into a larger software work, the licenses are said to be compatible. As the number of licenses increases, the probability that a Free and open-source software (FOSS) developer will want to merge software that are available under incompatible licenses increases. There is also a greater cost to companies that wish to evaluate every FOSS license for software packages that they use.[2] Strictly speaking, no one is in favor of license proliferation. Rather, the issue stems from the tendency for organizations to write new licenses in order to address real or perceived needs for their software releases.
License compatibility[edit]
License proliferation is especially a problem when licenses have only limited or complicated license compatibility relationships with other licenses. Therefore, some consider compatibility with the widely used GNU General Public License (GPL) an important characteristic, for instance David A. Wheeler[3][4] as also the Free Software Foundation (FSF), who maintains a list of the licenses that are compatible with the GPL.[5] On the other hand, some recommend Permissive licenses, instead of copyleft licenses,[6] due to the better compatibility with more licenses.[7][8] The Apache Foundation for instance criticizes the fact that while the Apache License is compatible with the copyleft GPLv3, the GPLv3 is not compatible with the permissive Apache license — Apache software can be included in GPLv3 software but not vice versa.[9] As another relevant example, the GPLv2 is by itself not compatible with the GPLv3.[10] The 2007 released GPLv3 was criticized by several authors for adding another incompatible license in the FOSS ecosystem.[11][12][13][14][15][16][17]
Vanity licenses[edit]
A vanity licenses is a license that is written by a company or person for no other reason than to write their own license ("NIH syndrome").[18] If a new license is created that has no obvious improvement or difference over another more common FOSS license it can often be criticized as a vanity license. As of 2008, many people create a custom new license for their newly released program, without knowing the requirements for a FOSS license and without realizing that using a nonstandard license can make that program almost useless to others.[19]
Solution approaches[edit]
GitHub's stance[edit]
In July 2013, GitHub started a license selection wizard called choosealicense.[20] GitHub's choosealicense frontpage offers as a quick selection only three licenses: the MIT License, the Apache License and the GNU General Public License. Some additional licenses are offered on subpages and via links.[21] Following in 2015, approx. 77% of all licensed projects on GitHub were licensed under at least one of these three licenses.[22]
Google's stance[edit]
From 2006 Google Code only accepted projects licensed under the following seven licenses:[23]
- Apache License 2.0
- New BSD License
- MIT License
- GNU General Public License 2.0
- GNU Lesser General Public License 2.1
- Mozilla Public License 1.1
- Artistic License/GPL dual-licensed (often used by the Perl community)
One year later, around 2008, the GNU General Public License 3.0 was added and strongly recommended together with the permissive Apache license,[24] notably excluded was the AGPLv3 to reduce license proliferation.[25]
In 2010, Google removed these restrictions, and announced that it would allow projects to use any OSI-approved license (see #OSI's stance below),[26] but with the limitation that public domain projects are only allowed as single case decision.
OSI's stance[edit]
Open Source Initiative (OSI) maintains a list of approved licenses.[27] Early in its history, the OSI contributed to license proliferation by approving vanity and non-reusable licenses. In 2004 an OSI License Proliferation Project was started[28] has prepared a License Proliferation Report in 2007.[29] The report defined classes of licenses:
- Licenses that are popular and widely used or with strong communities
- International licenses
- Special purpose licenses
- Other/Miscellaneous licenses
- Licenses that are redundant with more popular licenses
- Non-reusable licenses
- Superseded licenses
- Licenses that have been voluntarily retired
- Uncategorized Licenses
The group of "popular" licenses include nine licenses: Apache License 2.0, New BSD license, GPLv2, LGPLv2, MIT license, Mozilla Public License 1.1, Common Development and Distribution License, Common Public License, Eclipse Public License.
FSF's stance[edit]
Richard Stallman, former president of FSF, and Bradley M. Kuhn, former Executive Director, have argued against license proliferation since 2000, when they instituted the FSF license list, which urges developers to license their software under GPL compatible free software license(s), though multiple GPL-incompatible free software licenses are listed with a comment stating that there is no problem using and/or working on a piece of software already under the licenses in question while also urging readers of the list not to use those licenses on software they write.[30]
Ciarán O'Riordan of FSF Europe argues that the main thing that the FSF can do to prevent license proliferation is to reduce the reasons for making new licenses in the first place, in an editorial entitled How GPLv3 tackles license proliferation.[31] Generally the FSF Europe consistently recommends the use of the GNU GPL as much as possible, and when that is not possible, to use GPL-compatible licenses.
Others[edit]
In 2005 Intel has voluntarily retracted their Intel Open Source License from the OSI list of open source licenses and has also ceased to use or recommend this license to reduce license proliferation.[32]
The 451group created in June 2009 a proliferation report called The Myth of Open Source License Proliferation.[33] A 2009 paper from the University of Washington School of Law titled Open Source License Proliferation: Helpful Diversity or Hopeless Confusion? called for three things as a solution: "A Wizzier Wizzard" (for license selection), "Best Practices and Legacy Licenses", "More Legal Services For Hackers".[34] The OpenSource Software Collaboration Counseling (OSSCC) recommends, based on the originally nine recommended OSI licenses, five licenses: the Apache License 2.0, New BSD License, CDDL, MIT license, and to some degree the MPL, as they support collaboration, grant patent use and offer patent protection. Notably missing is the GPL as "this license cannot be used inside other works under a different license."[35]
See also[edit]
References[edit]
- ^ OSI and License Proliferation on fossbazar.com by Martin Michlmayr "Too many different licenses makes it difficult for licensors to choose: it's difficult to choose a good license for a project because there are so many. Some licenses do not play well together: some open source licenses do not inter-operate well with other open source licenses, making it hard to incorporate code from other projects. Too many licenses makes it difficult to understand what you are agreeing to in a multi-license distribution: since a FOSS application typically contains code with different licenses and people use many applications which each contain one or several licenses, it's difficult to see what your obligations are." (on August 21st, 2008)
- ^ Cite error: The named reference
proliferation impact
was invoked but never defined (see the help page). - ^ The Free-Libre / Open Source Software (FLOSS) License Slide by David A. Wheeler on September 27, 2007
- ^ "Make Your Open Source Software GPL-Compatible. Or Else". www.dwheeler.com.
- ^ license list Archived 2000-08-15 at the Wayback Machine of gnu.org
- ^ Laurent, Philippe (2008-09-24). "The GPLv3 and compatibility issues" (PDF). European Open source Lawyers Event 2008. University of Namur – Belgium. p. 7. Archived from the original (pdf) on 2016-03-04. Retrieved 2015-05-30.
Copyleft is the main source of compatibility problems
- ^ Hanwell, Marcus D. (28 Jan 2014). "Should I use a permissive license? Copyleft? Or something in the middle?". opensource.com. Retrieved 2015-05-30.
Permissive licensing simplifies things One reason the business world, and more and more developers [...], favor permissive licenses is in the simplicity of reuse. The license usually only pertains to the source code that is licensed and makes no attempt to infer any conditions upon any other component, and because of this there is no need to define what constitutes a derived work. I have also never seen a license compatibility chart for permissive licenses; it seems that they are all compatible.
- ^ "Licence Compatibility and Interoperability". Open-Source Software - Develop, share, and reuse open source software for public administrations. joinup.ec.europa.eu. Archived from the original on 2015-06-17. Retrieved 2015-05-30.
The licences for distributing free or open source software (FOSS) are divided in two families: permissive and copyleft. Permissive licences (BSD, MIT, X11, Apache, Zope) are generally compatible and interoperable with most other licences, tolerating to merge, combine or improve the covered code and to re-distribute it under many licences (including non-free or “proprietary”).
- ^ Apache foundation (2015-05-30). "GPL compatibility". Retrieved 2015-05-30.
Apache 2 software can therefore be included in GPLv3 projects, because the GPLv3 license accepts our software into GPLv3 works. However, GPLv3 software cannot be included in Apache projects. The licenses are incompatible in one direction only, and it is a result of ASF's licensing philosophy and the GPLv3 authors' interpretation of copyright law.
- ^ "Frequently Asked Questions about the GNU Licenses – Is GPLv3 compatible with GPLv2?". gnu.org. Retrieved 2014-06-03.
No. Some of the requirements in GPLv3, such as the requirement to provide Installation Information, do not exist in GPLv2. As a result, the licenses are not compatible: if you tried to combine code released under both these licenses, you would violate section 6 of GPLv2. However, if code is released under GPL “version 2 or later,” that is compatible with GPLv3 because GPLv3 is one of the options it permits.
- ^ Landley, Rob. "CELF 2013 Toybox talk". landley.net. Retrieved 2013-08-21.
GPLv3 broke "the" GPL into incompatible forks that can't share code.
- ^ Asay, Clark D. "Michigan Telecommunications and Technology Law Review Volume 14 - Issue 22008 The General Public License Version 3.0: Making or Breaking the Foss Movement". law.umich.edu.
In the end, GPLv3 constitutes license proliferation.
- ^ Nikolai Bezroukov (2000). "Comparative merits of GPL, BSD and Artistic licences (Critique of Viral Nature of GPL v.2 - or In Defense of Dual Licensing Idea)". Archived from the original on 2001-12-22.
Viral property stimulates proliferation of licenses and contributes to the "GPL-enforced nightmare" -- a situation when many other licenses are logically incompatible with the GPL and make life unnecessary difficult for developers working in the Linux environment (KDE is a good example here, Python is a less known example). I think that this petty efforts to interpret GPL as a "holy text" are non-productive discussion that does not bring us anywhere. And they directly contributed to the proliferation of different "free software" licenses.
- ^ Byfield, Bruce (22 November 2011). "7 Reasons Why Free Software Is Losing Influence: Page 2". Datamation.com. Retrieved 23 August 2013.
At the time, the decision seemed sensible in the face of a deadlock. But now, GPLv2 is used for 42.5% of free software, and GPLv3 for less than 6.5%, according to Black Duck Software.
- ^ James E.J. Bottomley, Mauro Carvalho Chehab, Thomas Gleixner, Christoph Hellwig, Dave Jones, Greg Kroah-Hartman, Tony Luck, Andrew Morton, Trond Myklebust, David Woodhouse (15 September 2006). "Kernel developers' position on GPLv3 - The Dangers and Problems with GPLv3". LWN.net. Retrieved 2015-03-11.
[...]since the FSF is proposing to shift all of its projects to GPLv3 and apply pressure to every other GPL licensed project to move, we foresee the release of GPLv3 portends the Balkanisation of the entire Open Source Universe upon which we rely.
CS1 maint: uses authors parameter (link) - ^ Ronacher, Armin (2013-07-23). "Licensing in a Post Copyright World". lucumr.pocoo.org. Retrieved 2015-11-18.
The License Compatibility Clusterfuck - When the GPL is involved the complexities of licensing becomes a non fun version of a riddle. So many things to consider and so many interactions to consider. And that GPL incompatibilities are still an issue that actively effects people is something many appear to forget. For instance one would think that the incompatibility of the GPLv2 with the Apache Software License 2.0 should be a thing of the past now that everything upgrades to GPLv3, but it turns out that enough people are either stuck with GPLv2 only or do not agree with the GPLv3 that some Apache Software licensed projects are required to migrate. For instance Twitter's Bootstrap is currently migrating from ASL2.0 to MIT precisely because some people still need GPLv2 compatibility. Among those projects that were affected were Drupal, WordPress, Joomla, the MoinMoin Wiki and others. And even that case shows that people don't care that much about licenses any more as Joomla 3 just bundled bootstrap even though they were not licenses in a compatible way (GPLv2 vs ASL 2.0). The other traditional case of things not being GPL compatible is the OpenSSL project which has a license that does not go well with the GPL. That license is also still incompatible with the GPLv3. The whole ordeal is particularly interesting as some not so nice parties have started doing license trolling through GPL licenses.
- ^ Are you sure you want to use the GPL? by Armin Ronacher (2009)
- ^ Sharing medical software: FOSS licensing in medicine on freesoftwaremagazine.com by Fred Trotter (2007-06-14)
- ^ "David A. Wheeler's Blog". www.dwheeler.com.
- ^ GitHub finally takes open source licenses seriously on Infoworld by Simon Phipps on July 2013
- ^ Choosing an open source license doesn’t need to be scary - Which of the following best describes your situation? on choosealicense.com (accessed 2015-11-29)
- ^ Open source license usage on GitHub.com on March 9, 2015 by Ben Balter on github.com "MIT 44.69%, [...]GPLv2 12.96%, Apache 11.19%, GPLv3 8.88%"
- ^ Ed Burnette (2006-11-02). "Google says no to license proliferation". Archived from the original on 2007-02-24. Retrieved 2010-09-11.
- ^ Greg Stein (2009-05-28). "Standing Against License Proliferation". Archived from the original on 2008-06-01. Retrieved 2010-09-11.
- ^ License Proliferation - Less is More, One is Best on January 27th, 2009 by Ernest M. Park "Chris DiBona from Google suffered the slings and arrows of the OSS community when he rejected the AGPLv3 license for Google Code repository, citing license proliferation as one of the reasons."
- ^ Chris DiBona (2010-09-10). "License Evolution and Hosting Projects on Code.Google.Com". Retrieved 2010-09-11.
- ^ OSI Approved Licenses on opensource.org
- ^ License Proliferation Project on opensource.com (2004)
- ^ License Proliferation Report Archived 2012-12-12 at the Wayback Machine on opensource.com (2007)
- ^ The earliest archived version of the license list reflects this position. Bradley M. Kuhn (2000-08-15). "Various Licenses and Comments about Them". Free Software Foundation. pp. 37–39. Archived from the original on 2000-08-15. Retrieved 2015-11-29.
- ^ How GPLv3 tackles license proliferation on linuxdevices.com
- ^ Marson, Ingrid (March 31, 2005). "Intel to stop using open-source license". cnet.com. CNet. Retrieved October 6, 2014.
- ^ The Myth of Open Source License Proliferation on the451group.com
- ^ Open Source License Proliferation: Helpful Diversity or Hopeless Confusion? on law.washington.edu by Robert W. Gomulkiewicz on 2009
- ^ License compatibility on osscc.net
External links[edit]
- Open source license proliferation, a broader view by Raymond Nimmer
- Larry Rosen argues that different licenses can be a good thing Larry Rosen
- Licensing howto by Eric S. Raymond
- License proliferation for Medical Software by Fred Trotter Advocates that for Health Software, only the Google seven should be used.
- How to choose a license for your own work Free Software Foundation