Lost on Open Source Licenses in Los Angeles
Dear Sloan,
I was told that an open source license for one of my OSS components that I am using in a work project is “too restrictive” and that I have to find a component with a “more permissive” license. I have no idea what that means! Can you help me, Sloan?
Thanks,
Lost on Open Source Licenses in Los Angeles
Hey Lost on Licenses,
What I can do is give you some context around what open source licenses are, and more information about the two general types of licenses that you’ll find out there. Before we dive in, I am not a lawyer and this is not legal advice. Make sure to consult your legal team for any questions about open source (OS) licenses.
Broad Types of Open Source Licenses
Open source software (OSS) may not cost you any money, but there are terms that you have to follow when you use OSS. The license describes the terms you must follow to use the software in your own projects.
There are two broad OS license types you should know about–Permissive and Copyleft.
Permissive licenses
Permissive licenses are those that allow you to use the licensed OSS without many restrictions. An example of a permissive license is the BSD (Berkeley Software Distribution) license (and its variants). Let’s say you use OSS with a 2-Clause BSD license in one of your projects. This license dictates that you can use and redistribute software containing the covered OSS, as long as you retain the original copyright notice, conditions, and disclaimer. You don’t have to release any of your source code under this license. This is in strong contrast to the other broad type of license– copyleft.
Copyleft licenses
Copyleft licenses require that any derivative work containing the licensed OSS is made available under the same license. Derivative work, in this case, meaning software that contains the component(s) when that software is deployed. This means that if your software contains OSS with a copyleft license, you will need to release your source code. I doubt your company wants to make your code available as OSS, so it makes sense that they want you to use a permissive license. This is why the license for the OSS you wanted to use was described as “restrictive.” I’ll share a story about what could happen if you use a more restrictive copyleft license without realizing what it means.
Risk and Open Source Licenses
After Cisco acquired Linksys, it was discovered that the WRT54G router firmware contained OSS from the Free Software Foundation (FSF) covered by a GPL license, a type of copyleft license. Linksys and Cisco didn’t meet the license terms in part because they did not make the source code publicly available. Following a copyright infringement lawsuit filed by the FSF, Cisco ultimately had to release the source code for the firmware. I am sure that you don’t want something like that to happen to your company!
If you want to learn more about OS licenses, you can check out our guide on Component Licenses FAQ or our 30-minute eLearning course on Open Source Software Licenses – What You Need To Know. Let us know in the comments below if you have thoughts or more questions.
Sloan
~ Making Cyber a Safer Space