Ask HN: What open source licenses do you prefer (and why)?

7 points by SamWhited ↗ HN
I'd be curious to know what open source license individuals and companies prefer and why including both what licenses you release your own projects under, and what licenses you allow to be pulled in as dependencies, tools that get redistributed with your projects, etc.

Most companies I've been at prefer releasing software under the Apache 2.0 license and my limited understanding is that it's purely because of the explicit patent grant. They also all avoid GPL because they're worried that some developer will make a change, not tell anyone, and it won't get contributed back.

I've always personally preferred to use a BSD 2-Clause (or BSD 2-Clause+Patents) license on my own projects, but that's just habit because it's short and used by other projects I've contributed to and not something I particular know enough to care about.

11 comments

[ 1.5 ms ] story [ 282 ms ] thread
Hi,

First I want to make it clear that my preferred licenses are 'by default of better'. That mean, regarding the news (re licensing of famous open source projects) we clearly lack of License for real world use case (With cloud providers abusing open sources projects and being unfair to companies behind them.

- Apache 2.0 (or an 'official' CCL) for libraries or small projects because it's simplicity and protection

- AGPLv3.0 (or an 'official' SSPL) for large projects, or project I would like to sell as a service.

The ideal would be to 'make official' Confluent Community License (Apache 2.0 minus SaaS) and Server Side Public License (AGPLv3.0 minus SaaS) to protect the ecosystem and fund the open source actors.

I think those 'hybrid' licenses are a great move toward open source and free software sustainability and hope we will see some 'official' Licenses soon.

For my own personal projects I use the GPLv3+ because I want to protect the four freedoms[0] for users of my software. If I want something more permissive I would use the LGPLv3+ but I might start to move away from that and just use the GPL. For work, I have never been involved in deciding what dependencies we will use for projects, so not really sure what the companies have preferred.

[0] https://www.gnu.org/philosophy/free-sw.html

Zero-Clause BSD (0BSD) aka Free Public License 1.0.0

https://opensource.org/licenses/0BSD

-

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

-

I will never use a less permissive license. I think it's irresponsible to put any restriction (including attribution) on how all of current and future humans and machines can use information.

The problem is that by using this you probably are putting restrictions on people. Lots of places don't have a concept of public domain, so this license is unenforceable in many jurisdictions and your software defaults to being copyrighted with no license.

Disclaimer: not a lawyer, this is just what company lawyers have told me in the past.

I carefully picked a license that doesn't use public domain and is enforceable everywhere, unlike WTFPL, CC0 and Unlicense.
With my limited knowledge, I prefer GPLv3 for most of the stuff I write. This is mostly because I would expect anyone enhancing the code to give it back.

I would not release something that I write with Apache or BSD. These are "do whatever you want" licenses and might bite back. The whole Redis + Commons Clause debacle(if I can call it that) happened because Cloud providers wrap Redis in their services and charge for that without providing anything back to Redis. This is the "do whatever you want" part of these licenses.

I have doubt if anything that I make will be so successful, but in case it is, I would either want to earn by it by keeping it closed source, try some other way to earn by keeping it FOSS, but surely would not want only the big corporations to earn through it.

Last point to cover my ass. I understand that the Apache/BSD are pragmatic licenses and probably the main reasons why Open Source has turned even companies like MS to consider opening up their stuff. Only GPL wouldn't have done that. But somehow as a user I would prefer the latter.

Personal solo side projects that I'm just hacking on, I use MIT mostly because it seems simple. If someone wants to use or fork my software, I don't really care how or what they're doing with it.

None of my projects address significant enough space that I would figure they're being incorporated into anything of business value anyways.

If I have a GPL dependency, then I license it GPL. I would probably use GPL or Apache if I ever was working on a project that I actually thought would provide business value to someone or was going to grow any kind of community around it besides me.

I'd like attribution just because that seems nice, but I don't have the time or desire to figure out or enforce something like GPL.

Thanks! I tend to agree with this reasoning and it's why I chose BSD (which is basically the same thing except it has a bulleted list of its requirements, which I liked). Is there a version of MIT+Patents or ISC+Patents or similar I wonder?
I usually use http://unlicense.org. TBH I think if you’re giving code away and expecting people to be actually able to make use of it, it’s morally indefensible to be using anything other than a zero-condition giveaway license.

GPL is also acceptable for stand-alone programs if you want to enforce openness, but never for libraries.

As for what companies prefer, MIT, zlib, or BSD should be fine. Most companies won’t touch GPL with a ten-foot pole.

> GPL is also acceptable for stand-alone programs if you want to enforce openness, but never for libraries.

There's the option of using LGPL for libraries. That way, users of the library aren't required to be open source, but they are required to keep modifications of the library open source if distributed.

As mentioned in another thread, it is my not-a-lawyer understanding that unlicense and similar aren't enforceable in many jurisdictions, so you end up having it be unlicensed and unusable in many places.