The open-source license landscape is changing

There is an ongoing shift toward open-source licenses that are more permissive, reflecting an increased emphasis on building communities rather than protecting against free-riders.

There's no such thing as "the" open-source license. There are lots of them. Sixty-nine to be precise if one accepts the Open Source Initiative (OSI) as the definitive arbiter of what is open source and what is not.

Some are essentially legacy licenses; in general, the continued proliferation of licenses has abated in recent years but it's often more trouble than it's worth to fully retire licenses that are still in use by active software. Others won't be relevant to a specific type of copyrighted material, such as software programs. (Material under an open-source license is still copyrighted; indeed, copyright law is integral to the working of open-source licensing.)

However, when it comes to open-source software licenses specifically, there are two broad categories. One includes "copyleft" licenses, of which the General Public License (GPL) is the best known. The other includes "permissive" licenses, most notably the Apache, BSD, and MIT licenses.

Different licenses impose more, fewer, or different types of restrictions within that general framework. But those two categories capture the core philosophical distinction. A copyleft license requires that if changes are made to a program's code, and the changed program is distributed outside an organization, the source code containing the changes must likewise be distributed. Permissive licenses don't.

More companies formed around community-led projects with non-copyleft licenses than with strong copyleft licenses since 2007.Photo by 451 Group

With that as background, Matt Aslett of the 451 Group brings us some interesting numbers that suggest the relative popularity of these two license types is changing.

Aslett points to data from Black Duck Software, a firm focused on enabling open-source software adoption, suggesting use of the GPL family of licenses is declining as a percentage of overall open-source license use--though, in absolute numbers, it continues to grow. According to Aslett, Black Duck told him that, "The license usage data represents all the OSS projects we've spidered and have in our Knowledgebase which is now around 500,000." By contrast, the use of more permissive licenses is up in both relative and absolute terms.

451 Group's own data shows a similar pattern. Aslett writes: "Having updated the results to the end of 2010, our analysis now covers 321 vendors and shows that 2010 was the first year in which there were more companies formed around projects with non-copyleft licences than with strong copyleft licences." Ian Skerrett at the Eclipse Foundation makes a similar argument based on his considerable interactions with a wide range of open-source communities. He argues that: "As an experiment, name one popular community open source project created in the last 5 years that uses the AGPL or GPL? JQuery (MIT but also GPL v2), OpenStack(Apache), Hadoop (Apache), Hudson/Jenkins (MIT), nodejs (MIT) and Android (Apache). I claim all these project use a permissive license to get as many users and adopters, to encourage potential contributions."

It's not a trend that's without controversy. For example, Bradly M. Kuhn, former executive director of the Free Software Foundation (FSF), writes that: "Anyway, as you might suspect, I'm generally against the idea of relicensing from a copyleft to a non-copyleft license in most situations. In fact, I generally take the stance that you should go with the strictest copyleft possible unless there's a strong reason not to. This is well-argued in RMS' essay on the LGPL itself, and I won't repeat those arguments here. Frankly, if I were picking a license for and/or LibreOffice from start, I'd pick AGPLv3-or-later, because of the concern that it could be turned into a Google Docs-like web service."

(The Affero GPL (AGPL) is a variant of the GPL v3 license intended to address the fact that the delivery of software in the form of a service doesn't count as distribution in most copyleft licenses--and therefore doesn't trigger the requirement that software changes be provided back to the community. Strong copyleft advocates view this as a loophole to be plugged with licenses like the AGPL. The AGPL has not been widely adopted however.)

If we stipulate for purposes of argument that this trend toward permissive licenses is occurring, why is it occurring? And is it bad news for open source?

Anything but. It reflects less concern about preventing free-riders and more about growing communities. Skerrett puts it this way: "I claim all these projects use a permissive license to get as many users and adopters, to encourage potential contributions. They aren't worried about trying to force anyone. You can't force anyone to contribute to your project; you can only limit your community through a restrictive license."

Or to put it another way, open source is no longer widely viewed as a child that needs to be protected. As I wrote in 2008:

"Such a worldview implicitly assumes that copyleft is the only reason that open-source users contribute back their enhancements. Copyleft may or may not have played a major role in the rise of open source. Certainly, the GPL has long been the most common open-source license, used by Linux, GNU, and many others. However, the BSD license--which does not require that code changes be made available--is also widely used. It's an interesting historical debate whether the ultimate impact of Linux was far greater than the BSD operating system because of license differences, or because of other reasons--of which there were many. In any case, open source does not begin and end with the GPL and copyleft.

"And that's just looking at history. Today, open source is widely embraced by all manner of technology companies because they've found that, for many purposes, open source is a great way to engage with developer and user communities--and even with competitors. Therefore, the concern that, left to their own devices, companies will wholesale strip-mine open-source projects and "take it all private" seems anachronistic. That's not to say that everyone will always contribute as much code without copyleft as with it, but the suggestion that copyleft is all that's holding the whole open-source process together just doesn't square with the facts."