Over a million developers have joined DZone.

Are You At Risk? Abrupt OS License Changes

· Java Zone

Easily build powerful user management, authentication, and authorization into your web and mobile applications. Download this Forrester report on the new landscape of Customer Identity and Access Management, brought to you in partnership with Stormpath.

What do you do if you build your project with an open-source library, but that library then changes its license to one you cannot easily work with? For example, you choose a library licensed under the terms of the LGPL, but later the provider announces that the new version is licensed under the more restrictive GPL? (or is it less restrictive!) Would you:

  • do nothing and just continue using the original version?
  • replace the library with an alternate solution?
  • fork the original and seek help maintaining it under the LGPL?
  • accept the GPL and whatever that implies for your project?
  • approach the library author to negotiate an exception?

These are real-world issues and questions that probably occur more often than most of us realize. For example, the popular open source Javascript library, Ext-JS, has recently switched from a “nearly LGPL” license to the GPL v3. On the surface, the license change seems to align Ext with a dual-licensing model popular among commercial open source offerings, but some Ext users feel left in the lurch.

The original developer, Jack Slocum, explains how Ext started as a labor of love but had to become commercial in order to continue. It's certainly a plausible story, but where does it leave the users who adopted Ext and helped make it popular under the more permissive license terms? Do they now have to ante up for commerical licenses, stop using new versions, or fork the project?

It's a dilemma, and it may be one you have faced or will face in the future. What would you do?

Building Identity Management, including authentication and authorization? Try Stormpath! Our REST API and robust Java SDK support can eliminate your security risk and can be implemented in minutes. Sign up, and never build auth again!


The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}