Ah, the open source licensing issue.

In my office, I manage a team of programmers who develop iPad apps for clients. We use HTML5, CSS3, jQuery, a customized version of jQuery Mobile, PhoneGap and an Objective-C PhoneGap plugin which consists of a lot of small libraries put together and tweaked.

The issue we face — since the Internet has become a boon for programmers, with such open source collaboration websites such as GitHub — is that licensing is either a) poorly described or explained by the project, or b) the programmers who use, fork, or rewrite open source code may not understand the implication of their actions.

At one company I worked for, we had a programmer that modified GPL code all the time and rewrote the copyright headers stating it was “Copyright John Smith.” Had I been older and had high cholesterol, I would have had a heart attack.

Yes, I work for companies that only write closed-source software, but I love and use all sorts of open-source software, and contribute back when I can. I told him he had to fork the vanilla source and rewrite his changes again, properly documenting his changes as he went, and keeping the attribution at the top of each source file. Unfortunately, I told my boss we now had to maintain this fork as an open source package because we’re selling commercial software that contains modified GPL code and he refused.

I don’t work their anymore and I don’t think they got the message that what they were doing was illegal and unfaithful to the original developers.

At my current employer, in our intranet, I wrote documentation on licensing. I wrote out this table describing the differences between licenses that we have come across. I know there are thousands more licenses and thousands more columns I could add explaining the differences — e.g. the GPLv2 and GPLv3 are identical according to this chart. Please understand the use for simplification.

 License Link with code using a different license? Must host source code of derived work? Copyright must be maintained [Attribution]? Promotion of authors and contributors allowed? Modifications must use same license [CopyLeft]?
Apache v2.0 Yes No Yes Yes No
GPL v2.0 No Yes Yes Yes Yes
GPL v3.0 No Yes Yes Yes Yes
MIT (Expat) Yes No Yes Yes No
New BSD License Yes No Yes No No

The issue with my current employer, as all employers I’ve had in the web development field, is that they refuse to put resources in to maintaining open source software. Legally, you have to do this any time you modify GPL code and package it in a piece of software — whether open source or closed source, proprietary or free.

Thus unfortunately, I stated to my employees that they must gain explicit permission to use GPL code, as I know my employer will not maintain it. It’s not the fault of the GPL or the programmers that chose the GPL for this, but the business practices of some companies. We actually had an employee leave over the fact that we don’t maintain open source code because we refuse to use GPL code. He was right to do so and I completely understand his position.

It’s not that GPL is poison, but corporations need, by and large, more education on how to use, write and re-write software, especially using existing libraries on the web. Until then, we have to use Apache, MIT, BSD and public domain licenses, while maintaining proper attribution.

What are your thoughts?

  • Bryan

    It may actually be legally worse than downloading an illegal copy of Windows. You are clearly making a profit from the software, this means you get put into the worse lot of copyright infringers.

    Perhaps explaining it that way might help.

  • Jörn Horstmann

    Even using BSD licensed libraries requires some thoughts, as redistributions in binary form have to include the copyright notice and disclaimer. In a desktop application this could probably be satisfied by having the license in a separate file in the installation, but how do you handle this in an app where the user does not have access to files? Would it be required to include all used libraries and licenses in a menu option inside the app?

  • doctormo

    Actually with the GPL you don’t need to maintain the code… that would place an unreasonable amount of economic burden on anyone who distributed the code. For instance, I install Ubuntu on lots of computers and I get paid for doing so… it would be super unreasonable to expect me as a business to maintain all the GPL code in Ubuntu. Now if I make modifications to Ubuntu, the key educational part to this whole problem is getting those changes put upstream. They don’t have to merged, you don’t have to even try to get them merged. Just push them to github, launchpad, savannah account and wash your hands of it.

    There are liability issues of course, your company may want to have some kind of stake in the code, or may want to reduce their delta costs by doing due diligence with upstream.

    But they’re all things the business _may_ want to do, not ever forced to do.

    I’ll accept your point on mixing licenses, although most permissive licenses can be encapsulated with GPL when needed and most authors will relicense works permissive when asked/paid to.

  • http://blog.surgut.co.uk Dima

    Don’t argue with your boss, just change to a different one or jobs.