Copy-left behind: Permissive MIT, Apache open-source licenses on the up as developers snub GNU's GPL

Share all our code modifications with others? Think again, hippie

Permissive open-source software licenses continue to gain popularity at the expense of copyleft licenses, according to a forthcoming report from WhiteSource, a biz that makes software licensing management tools.

Permissive licenses include the MIT and Apache 2.0 licenses and are known as such because the permit licensors to do more or less what they want with the covered software, with minimal caveats, and without imposing obligations like sharing code revisions.

Copyleft licenses like GPLv2, GPLv3, and LGPLv2.1 convey similar freedom, while, to put it simply, requiring that licensors not release versions or derivatives of the licensed code that restrict said freedom.

Based on its analysis of some four million open-source packages and 130 million open-source files in over 200 different programming languages, WhiteSource found that "use of permissive open-source licenses continues to rise, while usage of copyleft licenses, and the GPL-family in particular, continues to decrease."

In 2019, 33 per cent of the software in the WhiteSource data set relied on copyleft licenses while 67 per cent of the software favored a permissive open-source license, three percentage points more than in 2018.

Rewind to 2012 and copyleft licenses could be found with 59 per cent of projects while permissive licenses accompanied just 41 per cent.

Chart of permissive and copyleft license adoption

Chart used by permission from WhiteSource

This appears to be consistent with the trend against copyleft that GitHub observed in 2015.

In an email to The Register, David Habusha, VP of product at WhiteSource, said that the copyleft license was created by the Free Software Foundation in 1985 "to ensure the evil corporations of that time would not be able to use open-source software and then restrict its redistribution."

But times have changed, he argues. "It is no longer an 'us' vs. 'them' scenario, meaning the open-source community vs. commercial corporations," he said.

The top ten open-source projects today are managed by Facebook, Google, and Microsoft, Habusha explained, noting that 60 per cent to 80 per cent of every modern application's software stack consists of open-source code.

Nowadays, the scenario is often framed as "small vs. large," with startups that want to build a business around a specific open-source project looking to software licenses as a defense against competition – even though that's contrary to the freedom that such licenses were designed to preserve.

"Companies behind popular open-source projects like ElasticSearch, Redis Lab, Docker and many more have blamed the big three cloud providers for monetizing their open-source projects without giving back to the open-source community," said Habusha.

"Although one can argue with these accusations, we have witnessed several companies in the past 18 months making license changes to block the cloud providers from continuing this trend."

But, Habusha observed, these reworked licenses haven't been well received. Redis Lab's Commons Clause, which restricted cloud providers from monetizing certain Redis code, met resistance from the open-source community and the company ended up shifting to the Redis Source Available License, he said.

But wait

Paul Berg, an open-source licensing consultant who worked previously for both Amazon and Microsoft, suggested copyleft licenses shouldn't be counted out. And he contends that permissive licenses make a stronger statistical showing because they can be incorporated into both open-source and proprietary ventures, whereas copyleft licenses remain incompatible with entities focused on proprietary code.

"The 'trend' of a reduced interest in copyleft licenses has been a talking point for as long as there have been copyleft licenses," he said in an email to The Register.

"It has always been true that for integration with proprietary licensing, more permissive licenses like Apache, MIT and BSD are more popular, which is expected since those licenses do not impose many restrictions or obligations when interfacing with proprietary software, and particularly when the authors of that software do not wish to release rights to redistribute."

Someone drowning in paperwork

Bruce Perens quits Open Source Initiative amid row over new data-sharing crypto license: 'We've gone the wrong way with licensing'


"On the other side of the spectrum though, particularly in the area of cloud computing, we are seeing a resurgence of interest in extremely strong copyleft licensing, such as the AGPL, which is even less permissive than the GPL, because it has stronger guarantees that consumers of that software will remain members of the community rather than simply extend and repackage the software for their own sole benefit."

The more salient trend, Berg argues, is simply the growing ubiquity of open source, including the full spectrum of licenses.

"It is becoming fairly rare to find a company whose software is not predominantly open-source software," he said. "Relying on the proprietary IP rights granted by your own authorship implies that you believe your contributions to be of such high value that the cost of maintaining a private fork of your non-shared contributions outstrips the ease of integration of the developments of all of your competitors and users who are collaborating in an open community."

That may be true for some companies, said Berg, but it's not the norm. ®

Other stories you might like

  • Robotics and 5G to spur growth of SoC industry – report
    Big OEMs hogging production and COVID causing supply issues

    The system-on-chip (SoC) side of the semiconductor industry is poised for growth between now and 2026, when it's predicted to be worth $6.85 billion, according to an analyst's report. 

    Chances are good that there's an SoC-powered device within arm's reach of you: the tiny integrated circuits contain everything needed for a basic computer, leading to their proliferation in mobile, IoT and smart devices. 

    The report predicting the growth comes from advisory biz Technavio, which looked at a long list of companies in the SoC market. Vendors it analyzed include Apple, Broadcom, Intel, Nvidia, TSMC, Toshiba, and more. The company predicts that much of the growth between now and 2026 will stem primarily from robotics and 5G. 

    Continue reading
  • Deepfake attacks can easily trick live facial recognition systems online
    Plus: Next PyTorch release will support Apple GPUs so devs can train neural networks on their own laptops

    In brief Miscreants can easily steal someone else's identity by tricking live facial recognition software using deepfakes, according to a new report.

    Sensity AI, a startup focused on tackling identity fraud, carried out a series of pretend attacks. Engineers scanned the image of someone from an ID card, and mapped their likeness onto another person's face. Sensity then tested whether they could breach live facial recognition systems by tricking them into believing the pretend attacker is a real user.

    So-called "liveness tests" try to authenticate identities in real-time, relying on images or video streams from cameras like face recognition used to unlock mobile phones, for example. Nine out of ten vendors failed Sensity's live deepfake attacks.

    Continue reading
  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading

Biting the hand that feeds IT © 1998–2022