Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Quick Overview of Open Source Licenses

DZone's Guide to

Quick Overview of Open Source Licenses

·
Free Resource

Introduction

The Internet is a vast ocean of content that includes tutorials, articles and blogs published by people all over the world. One of the most common activities performed by developers is to 'search' for reference documents and source code samples. Additionally, specialized source code search engines place source code repositories and open source projects within easy reach of development teams, making it a simple task for developers to copy a piece of source code into their development environments.

Though this practice of referring to and using code snippets from the Internet helps reuse, increases quality and reduces the time and hence the cost needed to develop software, it can prove to be tricky situation for business. If appropriate care is not taken or if appropriate due diligence is not carried out before such usage, it can lead to legal issues that may have an adverse impact on business. Companies across the world have had to face the issue of OSS getting included in their development stack, leading to litigation, bad publicity and in the worst case, projects losing their business value and getting scrapped.

This article covers in brief, the philosophy behind Open Source Software (OSS) before covering the terms and conditions of some popular open source licenses. We believe this will help you make an informed decision of including or excluding the Open Source package in your application development stack.

Notable Cases of Violation

Before we go into the details of the licenses, we present some noteworthy OSS license violations.

  • Microsoft inadvertently used GPL code in one of its tools in the Windows 7 ecosystem. The source code of the tool was based on the source code of an open-source tool. After the violation was pointed out, Microsoft had to release the tool under GPL terms and conditions.
  • Boxee, makers of a device to watch movies, TV shows and Internet video, has included GPL V3 code in their product, but have not released the source code and is in violation of GPL terms and conditions. Due to usage of GPL source code, Boxee need to release their device source code using GPL license.
  • D-Link Corporation, maker of DSM-G600, a network attached storage (NAS), used the Linux operating system in violation of the GPL terms and conditions and need to make available their source code as per GPL license.
  • TomTom, maker of car-based navigation systems, were in violation of GPL terms and conditions and need to make available their source code as per GPL license.

What Qualifies as Open Source?

Given the popularity of the term 'Open Source', due to some very popular applications like Apache Web Server, Linux, Open Office and GIMP, to name a few, it is important to understand what the term means. 'Open Source' does not simply mean availability of and access to source code. To qualify as 'Open Source' the distribution terms have to abide by the following terms and conditions, though minor modifications are allowed as per individual license.

  • Free Distribution - The license should not restrict from selling or from giving away the source code as part of another application. The license should also not demand a royalty or any other fee for the source code.
  • Availability of Source Code - Source code of the application/product/library should be available using well-known methods of distribution, if not provided with the product. Obfuscated source code in not allowed.
  • Derived Works - Modifications to the source code and creation of derived work should be allowed. Such modifications/derivations should follow the same license as the original software.
  • Original Source Code - License must allow distribution of software built from source code, though derived work can have a different name, version number and license.
  • Discrimination - No discrimination is allowed against persons or groups.
  • Usage Restrictions - License should not restrict usage of the software to specific areas.
  • Product Specific - License should not be product specific.
  • Redistribution - License should be valid even when the software is redistributed.
  • Restricting Other Software - License should not place restrictions on other software distributed with this software, as a bundle.
  • Technology Neutral - License has to be independent of technology.

Defining 'Free'

A lot of people and organizations show keen interest in OSS primarily because much of it is freely available and in most cases, is also free of cost. It is interesting to note that the term 'free' as associated with OSS means something very different than as understood by most organizations which use or would like to use OSS.

The concept of 'free software' has an interesting story behind it, which cannot be covered in detail in this article. To cut a long story short, Richard Stallman was inspired to create the concept of 'free software' due to the problems he faced in getting access to the source code of a printer driver.

Though many software packages are termed as 'Open Source', the term does not mean the same for all packages. Additionally, the term 'Open Source' does not mean 'free for all'. In the OSS world, a few phrases, namely 'free as in free beer' and 'free as in freedom' are frequently referred to. The phrase 'free as in free beer' implies cost and means that the software is available for use, free of cost. The phrase 'free as in freedom' means that the user of the software has complete access to the source code of the OSS package and is free to use it as per the terms and conditions of the OSS license. Thus, software that follows only the 'free as in free beer' philosophy should be called 'Freeware' and not 'Open Source'.

Awareness and Software Audit

While it is simple to say that development teams need to be vigilant and guard against inadvertent usage and creep-in of OSS code into their development stack, implementing the same is a difficult task.

Though by and large, service companies develop software for their customers, the software companies have to ensure that their practices do not lead to legal issues for customers. If customers face legal issues due to the presence and improper usage of OSS packages, customers will typically ask the software company to bear the cost of litigation and damages. To avoid problems, development teams need to educate team members regarding the terms and conditions of OSS packages as well as their usage. In addition to user education, an audit of the source code should also be performed on regular basis. Performing an audit will ensure that OSS packages, if present in the development stack, have been in included such that the development stack is in compliance with the OSS licenses used.

From Non-Compliance to Compliance

Non-compliance of the terms and conditions of an Open Source license can have serious impact on business. Though the impact and remedy for each infringement will be determined by the infringement itself as well as the terms and conditions of the OSS package, we have listed some common remedies.

  • Replace the infringed OSS package by another OSS package that has compatible or liberal terms and conditions
  • Remove the infringing source code / object code / library and redevelop the required functionality from scratch
  • Obtain a suitable license so that continued usage of OSS package is permitted
  • Comply with the OSS license and make available all artifacts as per the OSS license

OSS Licenses

Due to the popularity of OSS, many people, organizations and businesses have adopted OSS licensing to release their software, though while doing so, many have defined their own licensing terms and conditions. Clarity on the terms and conditions of the OSS licenses is needed, as each license defines the way in which the OSS package can be used. In other words, each license grants the user certain rights and defines how the package can be used. The terms and conditions can prevent usage of the OSS package in the development project or alter the way the development project is executed.

The Open Source Initiative site lists around fifty open source licenses. Of these, some of the popular licenses are GPL v2, GPL v3, LGPL, Apache v2, BSD, MIT, Mozilla Public License and Eclipse Public License.

A Few Terms

To help understand what is possible and not possible with each of the licenses, we have covered a few of the popular licenses, in the following sections. Please note that we have not articulated each and every term and condition specified in each of the licenses, but have selected a couple of high-impact terms and conditions. While describing the terms and conditions, we have defined a few words as follows

  • OSS Package (OSS) - Open Source software library or package that is being used or linked to or being considered for inclusion in the development project
  • Custom Product (CP) - The software/package/product we are developing and are planning to use the OSS in. Until explicitly mentioned, it is understood that the custom product development is commercial in nature
  • Developer - Team that creates CP by writing custom code and may use OSS is some well-defined manner
  • Customer - Users of CP
  • The MIT License (MIT)

    This license is amongst the simplest and shortest. The license grants permission to use the software without limitations, as long as the copyright notice is preserved in the source code and the software is provided 'AS IS' without warranty.

    Description Permission
    OSS CAN be used as part of CP Yes
    Developer CAN make copies of OSS Yes
    OSS CAN be modified for usage in CP Yes
    Changes to OSS, MUST be contributed back to OSS distribution No
    OSS CAN be distributed as part of CP Yes
    Copies of OSS CAN be sold Yes
    OSS distribution HAS to be accompanied by the license agreement Yes
    CP CAN be released under a different license as compared to OSS Yes
    OSS CAN be sub-licensed Yes
    CP CANNOT claim endorsement from OSS No Endorsement
    OSS authors ARE protected from code not working correctly Protected
    OSS HAS to be made available in source format along with CP No
    CP CAN restrict rights granted to the user by OSS, as part of distribution Customer should get same rights to OSS as provided by original license
    Patent grant Not Covered Explicitly

    BSD License (BSD 4-Clause License)

    BSD licenses are a family of permissive free software licenses. The original license was used for the Berkeley Software Distribution (BSD), a Unix-like operating system after which it is named. The original owners of BSD were the Regents of the University of California because BSD was first written at the University of California, Berkeley. The first version of the license was revised, and the resulting licenses are more properly called modified BSD licenses.

    Being a permissive free software license, the license places minimal restrictions on how the software can be redistributed.

    Description Permission
    OSS CAN be used as part of CP Yes
    OSS CAN be modified for usage in CP Yes
    Changes to OSS, MUST be contributed back to OSS distribution No
    OSS CAN be distributed as part of CP Yes
    CP CAN be released under a different license as compared to OSS Yes
    OSS CAN be sub-licensed Yes
    CP CAN claim endorsement from OSS No Endorsement
    OSS authors ARE protected from code not working correctly Protected
    OSS HAS to be made available in source format along with CP No
    Advertising material MUST display explicit acknowledgement Yes
    CP CAN restrict rights granted to the user by OSS, as part of distribution Not Explicitly Mentioned
    Patent grant Not Covered Explicitly

    New BSD License/Modified BSD License (BSD 3-Clause License)

    This license is a modified version of the original BSD license, where the 'advertising' clause has been dropped, as it was frequently misused, making it a 3-Clause license.

    This version of the license allows unlimited redistribution for any purpose as long as the copyright notices and the license's disclaimers of warranty are maintained. The license also contains a clause restricting use of the names of contributors for endorsement of a derived work without specific permission.

    Description Permission
    OSS CAN be used as part of CP Yes
    OSS CAN be modified for usage in CP Yes
    Changes to OSS, MUST be contributed back to OSS distribution No
    OSS CAN be distributed as part of CP Yes
    CP CAN be released under a different license as compared to OSS Yes
    OSS CAN be sub-licensed Yes
    CP CANNOT claim endorsement from OSS No Endorsement
    OSS authors ARE protected from code not working correctly Protected
    OSS HAS to be made available in source format along with CP No
    Advertising material MUST display explicit acknowledgement Clause Removed
    CP CAN restrict rights granted to the user by OSS, as part of distribution Not Explicitly Mentioned
    Patent grant Not Covered Explicitly

    Simplified BSD / FreeBSD License (BSD 2-Clause License)

    The 3-clause license has also been refined further, where one more clause, namely that related to non-endorsement, has been dropped, making it a 2-Clause license.

    Description Permissions
    OSS CAN be used as part of CP Yes
    OSS CAN be modified for usage in CP Yes
    Changes to OSS, MUST be contributed back to OSS distribution No
    OSS CAN be distributed as part of CP Yes
    CP CAN be released under a different license as compared to OSS Yes
    OSS CAN be sub-licensed Yes
    CP CANNOT claim endorsement from OSS Clause Removed
    OSS authors ARE protected from code not working correctly Protected
    OSS HAS to be made available in source format along with CP No
    Advertising material MUST display explicit acknowledgement Clause Removed
    CP CAN restrict rights granted to the user by OSS Not Explicitly Mentioned
    Patent grant Not Covered Explicitly

    Apache License V2.0

    This software license has been put in place and promoted by 'The Apache Software Foundation', hosts and supporters of popular Open Source packages like 'Apache HTTP Server', 'Apache Hadoop' and 'Apache Ant', to name a few. The license is quite simple and allows usage of OSS in commercial development. It also has an important clause that prevents developers from revoking the rights once granted.

    Description Permission
    OSS CAN be used as part of CP Yes
    OSS CAN be modified for usage in CP Allowed, as long as changes are not attributed to 'Apache'
    Changes to OSS, MUST be contributed back to OSS distribution No
    OSS CAN be distributed as part of CP Allowed only with proper attribution
    CP CAN be released under a different license as compared to OSS Yes
    OSS CAN be sub-licensed No
    CP CANNOT claim endorsement from OSS No Endorsement
    OSS authors ARE protected from code not working correctly Protected
    OSS HAS to be made available in source format along with CP No
    CP CAN restrict rights granted to the user by OSS Not allowed
    Patent grant Not Covered Explicitly
    Scope of rights Perpetual, world-wide, granted for no fee or royalty, non-exclusive
    Rights can be revoked at a later stage Once granted, rights cannot be revoked

    GNU General Public License (GNU GPL/GPL) V2

    The GNU General Public License is one of the most widely used free software licenses. It was originally written by Richard Stallman for the GNU Project.

    The GPL is the first copyleft license for general use and states that derived works can only be distributed under the same license terms. GPL grants the recipients of a computer program the rights of the free software definition and uses copyleft to ensure the freedoms are preserved, even when the work is changed or added to. The concept of explicit preservation of freedoms as espoused by GPL is quite different that the terms and conditions granted by other licenses like the MIT license and BSD licenses.

    Description Permission
    OSS CAN be used as part of CP No
    OSS CAN be modified for usage in CP Yes, as long as changes are contributed back to OSS
    Changes to OSS, MUST be contributed back to OSS distribution Yes
    OSS CAN be distributed as part of CP Allowed only with proper attribution
    CP CAN be released under a different license as compared to OSS Same license
    OSS CAN be sub-licensed No
    CP CAN claim endorsement from OSS No Endorsement
    OSS authors ARE protected from code not working correctly Protected
    OSS HAS to be made available in source format along with CP Yes
    CP CAN restrict rights granted to the user by OSS Not explicitly mentioned. CP can restrict OSS rights
    Patent grant Not Covered Explicitly

    Lesser GNU General Pubic License (LGPL) V2

    The Lesser GNU General Public License (LGPL) V2 is built on GPL V2. LGPL differs from GPL in that libraries created using LGPL can be linked into commercial software products, as long as OSS is used as a library and not in source code form. The software that links to the LGPL package is not considered 'derivate work'. An older name for LGPL is Library GNU General Public License.

    Table
    Description Permission
    OSS CAN be used as part of CP Yes, if OSS is used as a library
    OSS CAN be modified for usage in CP Yes, as long as changes are contributed back to OSS
    Changes to OSS, MUST be contributed back to OSS distribution Yes
    OSS CAN be distributed as part of CP Allowed only with proper attribution
    CP CAN be released under a different license as compared to OSS Yes
    OSS CAN be sub-licensed No
    CP CAN claim endorsement from OSS No Endorsement
    OSS authors ARE protected from code not working correctly Protected
    OSS HAS  to be made available in source format along with CP Yes
    CP can restrict rights granted to the user by OSS Not explicitly mentioned. CP can restrict OSS rights
    Patent grant Not Covered Explicitly
    GNU General Public License (GNU GPL/GPL) V3

    GPL V3 is an extension of GPL V2. Some of the major differences between GPL V2 and GPL V3 are

    • Usage of terminology that is not tied to US legal concepts
    • Addresses patents and their usage explicitly
    • Addresses consumer products that restrict the ability to modify the software
    • Addresses Digital Rights Management (DRM), though it is called Digital Restrictions Management in GPL V3
    • Addresses compatibility with other Open Source licenses
    • Addresses license violations and the remedy
    Description Permission
    OSS CAN be used as part of CP No
    OSS CAN be modified for usage in CP Yes, as long as changes are contributed back to OSS
    Changes to OSS, MUST be contributed back to OSS distribution Yes
    OSS CAN be distributed as part of CP Allowed only with proper attribution
    CP CAN be released under a different license as compared to OSS Not allowed. License has to be GPL
    OSS CAN be sub-licensed No
    CP CAN claim endorsement from OSS No Endorsement
    OSS authors ARE protected from code not working correctly Yes
    OSS HAS to be made available in source format along with CP Yes
    CP can restrict rights granted to the user by OSS Explicitly denied
    Patent grant If OSS contains patented work, a patent license is automatically granted to anyone using any version of the OSS. The patent license is non-exclusive, royalty-free, world-wide and covers all patent works controlled or sub-licensed. OSS users are also protected from patent litigation.

    Lesser GNU General Pubic License (LGPL) V3

    Similar to the revision of GPL from V2 to V3, LGPL has also been revised from V2 to V3 and continues to be based on GPL.

    Description Permission
    OSS CAN be used as part of CP Yes, if OSS is used as a library
    OSS CAN be modified for usage in CP Yes, as long as changes are contributed back to OSS
    Changes to OSS, MUST be contributed back to OSS distribution Yes
    OSS CAN be distributed as part of CP Allowed only with proper attribution
    CP CAN be released under a different license as compared to OSS Yes
    OSS CAN be sub-licensed No
    CP CAN claim endorsement from OSS No Endorsement
    OSS authors ARE protected from code not working correctly Yes
    OSS HAS to be made available in source format along with CP Yes
    CP CAN restrict rights granted to the user by OSS Explicitly denied
    Patent grant If OSS contains patented work, a patent license is automatically granted to anyone using any version of the OSS. The patent license is non-exclusive, royalty-free, worldwide and covers all patent works controlled or sub-licensed. OSS users are also protected from patent litigation.

    Multi Licensing

    To add to the complication, many OSS packages are licensed using two or more licenses, though usage of two licenses is the most common practice. The usual motivations for multi-licensing are license compatibility and market segregation based business models. In most situations, dual licensing allows liberal usage of the OSS package when it is used in other Open Source applications, but places a restriction of requiring a paid license when the OSS package is use in a commercial application. Some notable examples of dual-licensing are MySQL from Oracle (previously Sun, originally MySQL AB), Qt from Nokia (originally Trolltech) and Berkeley DB (from Oracle).

    License Compatibility

    As a software product usually covers a large amount of functionality, it may happen that more than one OSS package is used as part of the development stack. If the OSS packages included follow different licensing policies, navigating through the terms and conditions of each becomes treacherous. To avoid surprises, development teams should ensure license compatibility between the OSS packages used. From amongst the various licenses covered in earlier sections, the GPL license follows a sufficiently different licensing policy. Hence we have indicated the compatibility of GPL with other licenses.

    MIT BSD New BSD Simplified BSD Apache V2 LGPL V2 LGPL V3
    GPL V2 Yes No Yes Yes No Yes Yes
    GPL V3 Yes No Yes Yes No Yes Yes

    Conclusion

    Thorough this article, we have presented the importance of being aware that usage of Open Source Software in delivery projects comes with certain terms and conditions. If the terms and conditions of the OSS packages are violated, it can have serious business implications. By educating the development team regarding usage of OSS packages and their terms and conditions and having a proper OSS usage policy in place, the chances of non-compliance can be reduced. To further reduce the chance of non-compliance, an audit of the application source code can be performed to identify areas where corrective action is needed.

    References

    • GNU Project, http://www.gnu.org
    • Free Software Foundation (FSF), http://www.fsf.org
    • Electronic Frontier Foundation (EFF), http://www.eff.org
    • Comparison of free software licenses, http://en.wikipedia.org/wiki/Comparison_of_free_software_licenses
    • A Short Guide To Open-Source And Similar Licenses, http://www.smashingmagazine.com/2010/03/24/a-short-guide-to-open-source-and-similar-licenses/
    • Open Source licenses comparison table, http://khason.net/blog/open-source-licenses-comparison-table/
    • Various Licenses and Comments about Them, http://www.gnu.org/licenses/license-list.html
    • Comparison of Different Open Source Licenses - With Comparison Chart!, http://www.shafqatahmed.com/2008/10/comparison-of-d.html
    • Comparison of Most Popular Open Source Licenses, http://techknowledgyblog.squarespace.com/techknowledgy-blog/2010/4/15/comparison-of-most-popular-open-source-licenses.html
    • Free and Open Source License Comparison, http://blogs.oracle.com/davidleetodd/entry/free_and_open_source_license
    • Open Source License Comparison, http://www.openjason.com/2008/10/10/open-source-license-comparison/
    • Comparison of open source licenses, http://jan-krueger.net/doc/opensource-licenses.html
    • Practical Guide to GPL Compliance, http://www.softwarefreedom.org/resources/2008/compliance-guide.html
    • GPL Violations, gpl-violations.org
    • Creative Commons Licenses, http://creativecommons.org/about/licenses
    • Open Source Initiative, http://www.opensource.org/licenses/alphabetical
    • Open Source Licenses, http://developer.kde.org/documentation/licensing/licenses_summary.html
    • Understanding Open-Source Licensing, http://openacs.org/about/licensing/open-source-licensing
    • What are copyrights and patents?, http://www.howstuffworks.com/question492.htm
    • HOWTO: Pick an open source license (part 1), http://www.zdnet.com/blog/burnette/howto-pick-an-open-source-license-part-1/130
    • How to pick an open source license (part 2), http://www.zdnet.com/blog/burnette/how-to-pick-an-open-source-license-part-2/131
    • The Open Source Definition, http://www.opensource.org/docs/osd
    •  
    • Open Source licenses by name, http://www.opensource.org/licenses/alphabetical
    • Open Source licenses by category, http://www.opensource.org/licenses/category
    • GNU General Public License v2.0, http://www.gnu.org/licenses/gpl-2.0.html
    • A Quick Guide to GPLv3, http://www.gnu.org/licenses/quick-guide-gplv3.html
    • The GNU General Public License version 2, http://toolkit.vph-noe.eu/component/content/article/11
    • Difference Between GPLV2 and GPLV3, http://www.differencebetween.net/technology/software-technology/difference-between-gplv2-and-gplv3/
    • For Want of a Printer, http://oreilly.com/openbook/freedom/ch01.html
    • 2001: A Hacker's Odyssey, http://oreilly.com/openbook/freedom/ch02.html
    • The first software-sharing community, http://www.gnu.org/gnu/thegnuproject.html
    • Free as in Freedom, Sam Williams, O'Reilly Media
    • Understanding Open Source and Free Software Licensing, Andrew M. St. Laurent, O'Reilly Media
    • Open Source Licensing Software Freedom and Intellectual Property Law, Lawrence Rosen, http://rosenlaw.com/oslbook.htm
    • Microsoft re-issues Windows 7 tool as open-source, http://www.infoworld.com/d/windows/microsoft-re-issues-windows-7-tool-open-source-810?source=rss_infoworld_news
    • GPL Violations by D-Link and Boxee, http://infinityoverzero.com/bbox/
    • gpl-violations.org project prevails in court case on GPL violation by D-Link, http://gpl-violations.org/news/20060922-dlink-judgement_frankfurt.html
    • Open Logic, http://www.openlogic.com
    • Black Duck Software, http://www.blackduck.com
    • The Risks of Open Source Software, http://library.findlaw.com/2004/May/11/133415.html
    • Open source - is it a risk for your business?, http://www.silicon.com/technology/software/2006/08/31/open-source-is-it-a-risk-for-your-business-39161867/
    • Best Legal Practices for Open Source Software: Ten Tips For Managing Legal Risks for Businesses Using Open Source Software, http://www.llrx.com/features/opensource.htm

    Quick Reference

    Though covered in detail in earlier sections, this section presents all the licenses in one table, for quick reference.

    Description MIT BSD New BSD Simplified BSD Apache V2 GPL V2 LGPL V2 GPL V3 LGPL V3
    OSS CAN be used as part of CP Y Y Y Y Y N YC N YC
    Developer CAN make copies of OSS Y
    OSS CAN be modified for usage in CP Y Y Y Y YC YC YC YC YC
    Changes to OSS, MUST be contributed back to OSS distribution N N N N N Y Y Y Y
    OSS CAN be distributed as part of CP Y Y Y Y YC YC YC YC YC
    Copies of OSS CAN be sold Y N N N N N
    OSS distribution HAS to be accompanied by the license agreement Y Y Y Y Y Y
    CP CAN be released under a different license as compared to OSS Y Y Y Y Y N Y N Y
    OSS CAN be sub-licensed Y Y Y Y N N N N N
    CP CANNOT claim endorsement from OSS Y Y Y Y Y Y Y Y
    OSS authors ARE protected from code not working correctly Y Y Y Y Y Y Y Y Y
    OSS HAS to be made available in source format along with CP N N N N N Y Y Y Y
    Advertising material MUST display explicit acknowledgement Y
    CP CAN restrict rights granted to the user by OSS, as part of distribution N NE NE NE N NE NE N N
    Patent grant NC NE NE NE NE NE NE Y Y
    Scope of rights (Perpetual, world-wide, granted for no fee or royalty, non-exclusive) Y
    Rights can be revoked at a later stage N
    Legend >Description
    Y Allowed
    YC Allowed, but with conditions
    N Not Allowed
    NE Not Explicitly Mentioned
Topics:

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}