Copy-left behind: Permissive MIT, Apache open-source licenses on the up as developers snub GNU's GPL

Share all our code modifications with others? Think again, hippie


Permissive open-source software licenses continue to gain popularity at the expense of copyleft licenses, according to a forthcoming report from WhiteSource, a biz that makes software licensing management tools.

Permissive licenses include the MIT and Apache 2.0 licenses and are known as such because the permit licensors to do more or less what they want with the covered software, with minimal caveats, and without imposing obligations like sharing code revisions.

Copyleft licenses like GPLv2, GPLv3, and LGPLv2.1 convey similar freedom, while, to put it simply, requiring that licensors not release versions or derivatives of the licensed code that restrict said freedom.

Based on its analysis of some four million open-source packages and 130 million open-source files in over 200 different programming languages, WhiteSource found that "use of permissive open-source licenses continues to rise, while usage of copyleft licenses, and the GPL-family in particular, continues to decrease."

In 2019, 33 per cent of the software in the WhiteSource data set relied on copyleft licenses while 67 per cent of the software favored a permissive open-source license, three percentage points more than in 2018.

Rewind to 2012 and copyleft licenses could be found with 59 per cent of projects while permissive licenses accompanied just 41 per cent.

Chart of permissive and copyleft license adoption

Chart used by permission from WhiteSource

This appears to be consistent with the trend against copyleft that GitHub observed in 2015.

In an email to The Register, David Habusha, VP of product at WhiteSource, said that the copyleft license was created by the Free Software Foundation in 1985 "to ensure the evil corporations of that time would not be able to use open-source software and then restrict its redistribution."

But times have changed, he argues. "It is no longer an 'us' vs. 'them' scenario, meaning the open-source community vs. commercial corporations," he said.

The top ten open-source projects today are managed by Facebook, Google, and Microsoft, Habusha explained, noting that 60 per cent to 80 per cent of every modern application's software stack consists of open-source code.

Nowadays, the scenario is often framed as "small vs. large," with startups that want to build a business around a specific open-source project looking to software licenses as a defense against competition – even though that's contrary to the freedom that such licenses were designed to preserve.

"Companies behind popular open-source projects like ElasticSearch, Redis Lab, Docker and many more have blamed the big three cloud providers for monetizing their open-source projects without giving back to the open-source community," said Habusha.

"Although one can argue with these accusations, we have witnessed several companies in the past 18 months making license changes to block the cloud providers from continuing this trend."

But, Habusha observed, these reworked licenses haven't been well received. Redis Lab's Commons Clause, which restricted cloud providers from monetizing certain Redis code, met resistance from the open-source community and the company ended up shifting to the Redis Source Available License, he said.

But wait

Paul Berg, an open-source licensing consultant who worked previously for both Amazon and Microsoft, suggested copyleft licenses shouldn't be counted out. And he contends that permissive licenses make a stronger statistical showing because they can be incorporated into both open-source and proprietary ventures, whereas copyleft licenses remain incompatible with entities focused on proprietary code.

"The 'trend' of a reduced interest in copyleft licenses has been a talking point for as long as there have been copyleft licenses," he said in an email to The Register.

"It has always been true that for integration with proprietary licensing, more permissive licenses like Apache, MIT and BSD are more popular, which is expected since those licenses do not impose many restrictions or obligations when interfacing with proprietary software, and particularly when the authors of that software do not wish to release rights to redistribute."

Someone drowning in paperwork

Bruce Perens quits Open Source Initiative amid row over new data-sharing crypto license: 'We've gone the wrong way with licensing'

READ MORE

"On the other side of the spectrum though, particularly in the area of cloud computing, we are seeing a resurgence of interest in extremely strong copyleft licensing, such as the AGPL, which is even less permissive than the GPL, because it has stronger guarantees that consumers of that software will remain members of the community rather than simply extend and repackage the software for their own sole benefit."

The more salient trend, Berg argues, is simply the growing ubiquity of open source, including the full spectrum of licenses.

"It is becoming fairly rare to find a company whose software is not predominantly open-source software," he said. "Relying on the proprietary IP rights granted by your own authorship implies that you believe your contributions to be of such high value that the cost of maintaining a private fork of your non-shared contributions outstrips the ease of integration of the developments of all of your competitors and users who are collaborating in an open community."

That may be true for some companies, said Berg, but it's not the norm. ®


Biting the hand that feeds IT © 1998–2020