If you want to build an open source product or service, or indeed open source an existing product, it’s worth being aware of the key licenses, and in general what they do. In this post, I share how I see them.
Before we go further – I’m not a lawyer. This is my rough understanding, as someone who writes code, makes product decisions, and has followed the industry for the last ten years or so.
Please consult an actual lawyer before making a decision, obvs.
Intellectual property – licensing versus trademarks
Intellectual property comes in many, many flavours, depending on where in the world you are, but generally speaking, when thinking about software projects, it’s helpful to think of copyright and ownership of code, as separate from discussions of design and trademarks.
It’s useful to think of them separately, as they’re about different questions – ownership of code is being allowed to make copies of a program, and use it in your own software, or make you pay for access to it.
Design and trademarks, as I understand them are more about stopping people passing off work as theirs, or using a name or design in a way that might confuse others with something made by you or your organisation.
Because they solve different problems, it’s useful to think of both if you’ore thikning about open up a project or the code within it
Examples of trademarks in use
You’ll often see an organisation licensing code itself under a relatively permissive license, but retaining control of a brand, by asserting ownership of a trademark, and only allowing distribution if you follow specific guidelines.
You can see this with Mozilla Firefox, or WordPress, or The Django project.
With Mozilla’s Firefox, if you wanted to distribute the software and bundle a different search engine, you couldn’t call it Mozilla Firefox, for a long time. For this reason, for a number of years, see Firefox in the Debian Linux operating system, branded as IceWeasel. This explainer article here outlines why.
You see the same with WordPress. You can happily copy wordpress code, and use to host a website, but you need to follow certain guidelines to use the word “WordPress” in your marketing or external comms. You can see guidance directly from the WordPress Foundation here.
You also see the same with the Django Project. If you want to put on an event and use the name “Django”, you need to follow the guidance on how you can use the name. This doesn’t stop you using the code to build totally new products.
With me so far? Trademark might helps you control how people talk about a project or product, but that’s not the same as controlling how people are allowed to copy the code in a project.
For that, it’s more common to talk about licensing, and licenses. I’ll outline a few of the popular licenses you might see online:
Examples of licensing in use
MIT/ FreeBSD / Apache
These are very permissive licenses used by software like Django, and Ruby on Rails, and Redis (although not all the code from Redis Labs is licensed this way)
You can include software with these licenses into larger products, that you can sell as a something people pay to download, or pay to use.
Other people can do this too – so, so if you licensed your code under the MIT license, it would be legal for say… Google or Microsoft to copy the code and provide a service, making their improvements and not share anything back.
An easy example of this would be how the big cloud providers have been able offer Redis as as a hosted service for ages, with needing to pay any money back to Redis Labs, the primary stewards of the software.
You might use these licenses when you want to increase the likelihood of people using your code, and building products on top of it. The risk you run is that they do not share back their changes, or they capture most of the value instead of you.
GPL – General Public License
If you worry about the above, you might choose the General Public License.
With this someone can run a hosted service, without sharing back their improvements. If you want multiple providers competing to offer your product, but you want to provide an incentive to do this (i.e keep the operational improvements so they can compete on providing a known, compatible product in a better way) , the GPL works here.
The GPL for example lets people use WordPress and Drupal as hosted services, or indeed include them in services that build on them, without needing to pay a license fees or share back their changes to the original authors of the code.
For example, this lets WP Engine, or Pantheon, provide a specialised, managed hosting service without needing to share their code for the hosting platform back with you.
What the GPL stops you doing is sell a proprietary, shrink-wrapped product based on the code, and then stop others from distributing it, by claiming copyright over the code.
This might feel a bit academic, but WordPress themes are useful example of here.
It’s not hard to find WordPress themes that are licensed with the GPL, and making these themes available for download, where you are expected to pay something.
You can still get the code freely if you search for it, or look on some torrent site, but if you’re looking for a theme, it’s often the support with implementation that you want, as much as the code itself, and trying to get in touch with the original creator and asking for help with a theme you picked up from a torrent is likely to not to go too well.
It’s a bit counter intuitive at first, but this piece from wordpress host Linsta, is really helpful.
Some companies don’t touch GPL licensed code at all. Apple doesn’t let GPL code in the Apple store for example, largely because Apple’s user license for the Apple store, stops you being allowed to copy an app you download and distribute to others, which violates the GPL.
The most common GPL license you’ll typically see now is the GPL v3, but WordPress still uses the v2 version of the license.
AGPL – the Afferro General Public License
You can think of the Afferro General Public License as like the GPL, in that you can’t distribute a proprietary product based on GPL code and stop others copying it themselves, but more so.
It goes further, by closing what’s sometimes referred to as the hosting loophole, so by making the code available over the network, you need to make the source available too. For example, you probably couldn’t run a hosted like Pantheon, or WP Engine, if WordPress was licensed with the AGPL, without making available all the secret sauce you use to run the platform really well
The MongoDB server license used to be licensed under the AGPL – and although I’m not a lawyer, I can see a scenario where this license would be one of the reasons that Amazon took a relatively long time to release DocumentDB, their hosted Mongo-DB compatible service, when they’ve been able to provide hosted Redis, hosted Elasticsearch and hosted MySQL or Postgres services much earlier. Rather than using the code directly, they’ve had to make something compatible with MongoDB, but without using any of that AGPL licensed code.
Like the GPL, some large companies have blanket bans on software using the AGPL. Google is an example.Using this license can mean that if you want to work with them, you’ll need a different licensed option for your project.
A number of projects, like the Neo4J graph database were dual licensed for this reason – you could use it for free if you share back under the terms of the AGPL, but if you want to build something and not share, you’d need to pay for a commercial license.
You can see other examples here in the Searx open source search engine, or Viewflow, business process modelling software. You can use it freely available under the AGPL, but if you want a to make a proprietary product you’d need Viewflow Pro, a commercial licensed version of the same.
What people use instead of the AGPL
Some organisations that used to rely on the AGPL to stop another provider rebadging their software and selling it as a hosted service, are increasingly licensing code under a different, permissive licenses, but applying extra licenses on opt of them.
You can see this in the Commons Clause in the case of Neo4j, or the Server Side License with MongoDB. Update: Neo4J dropped the commons clause. They just have GPL for the community version and a commercial license for the Enterprise version of their app.
There’s a few sites that can help here, to provide some plain English pointers on licensing your software.
One is Choose a Licence from Github. The other from FOSSA, does a similar job, is TLDR Legal, which gives readable summaries of many, many licenses.
Simon Wardley’s thinking and commentary around how open source licensing can affect a product or service has been extremely useful for me too. This thread here on twitter is illuminating:
This piece from Simon Wardley outlines specific reasons to choose the GPL as a tool to establish ecosystem around a new product or service, as well as the trade-offs involved.
This post from Stratechery does a good job of spelling out the implications of the AGPL license in the context of the interplay between MongoDB and AWS.
This thread on twitter on the shortcomings of the AGPL for stopping 3d parties using it without contributing back