Ask HN: What license should I choose for my software?

11 points by kamrani ↗ HN
I've been building a platform that is going to make DevOps work on any cloud 10x easier and faster, meaning you either won't need to deal with DevOps at all or you will do only the tiny part which is really specific to you.

I've managed to build a lot of the features I wanted and now I want to make it open-source/code available.

My question is what license is the best? Can I start with CC and move to MIT later?

https://github.com/utopiops/utopiops

23 comments

[ 3.0 ms ] story [ 63.0 ms ] thread
Do you want the widest possible usage of it, including companies taking it and reselling it? Then MIT might work.

Do you want it to only be used and not sold? Probably AGPL or something.

Do you want to sell it also? Then AGPL with a separate commercial license for those who want to pay.

I think the last one then.

I want to be able to sell it (exclusively), and anyone should be able to use the open-source version for free if they want (there is a SaaS offering for whoever wants it).

I don’t think that is “open source” then, more like you have a source-available freemium model? People can see the source code, and use it for free, but that’s all?

If someone makes their own changes can they distribute them? Can they charge money for them? Or is the idea that people can contribute code, but only back to you, which you can sell?

I’ll be curious to hear what you settle on.

The AGPL doesn't prevent competitors selling the software, complying with it is reasonably easy even for a SaaS company.
Then I think it's not what I want.
Its beginning to sound like you don't want an open source license, but a proprietary one instead.
I just want to make sure people can use it for free if they want but I don't want to give the right to sell.
> Can I start with CC and move to MIT later?

If it's all your own code, you can give it to whoever you want under whatever license suits you at the time.

If you're open sourcing it to try and encourage contributions from other people though, you need to think about whether you are going to need to get a contributor agreement to assign IP/copyright to you (or some legal entity crated around the software) if you ever want to do that down the track.

Another thing to consider is what the impact of Amazon packaging up or forking your project and selling it "as a service" without contributing anything back to the project? Do you need to investigate one of the no longer "open source" licences like Mongo/Redis have done to restrict them from doing that?

In my opinion (and knowing nothing about your project or goals) depending on your philosophy, you either go "full software freedom purity" and GPL it (which will mean places like Google will avoid it like the plague), or you go maximal freedom wit5h MIT/BSD. (Or possibly even dual licence like Perl which lets you choose between either Artistic Lic else or GPL)

That's exactly what I'm trying to do.

My concern is that a large enterprise like Amazon jumps in and in a few months I see exactly the scenario you describe.

I'll add a contributor agreement right away and it seems a dual license is the way.

I wrote a blog post about this year ago that might be a fun read for you: https://www.mooreds.com/wordpress/archives/3438

I don't think it'd be a few months, unless your software is fantastically, wildly, mind-blowingly successful (or very very very unique). But if you are massively successful in a few years and the license is right, the cloud providers will probably come for you.

Thanks it's a good read.
If you're concerned about Amazon et al, you probably want to be _super_ careful right now, and dual license is probably that _last_ thing you want.

The people fighting off Amazon are experimenting with non OSI approved licenses which in OSI's terms are not "open source". Elastic and Mongo's "Server Side Public License" and Redis's "Redis Source Available License" were created to stop the hyper cloud PaaS/IaaS companies from "jumping in" without being required to contribute back in some way. The additional restrictions these licenses place make them incompatible with OSI's definition of "open source".

If you release your software with a permissive or dual license (with a permissive option), then Amazon could just fork from that and go ahead and do what they want with your project under those permissive terms, like they do with ElasticSearch - AWS's ElasticSearch is a fork of the last old (7.10) version of ElasticSearch Apache 2.0 license instead of the latest (8.1,3) version of ElasticSearch.

IANAIPL but this has always seemed strange to me. Copying and creating derivative works are separate from use, especially in light of 17 U.S.C. § 117(a)(1).

So rather than carve out a huge exception to the conditions on creating derivative works, and then trying to re-implement some of those conditions by placing conditions on use... why not just pare down the exceptions wrt derivative works?

Less abstractly: AGPL says you only have to license modifications if you distribute derivative works to the public, but you also have conditions on use. That makes it non-free. Why not simply say you have to license all modifications if you make a derivative work, unless the derivative is solely for personal/internal use without control or interaction by individuals outside your household or organization?

It seems to me that would achieve effectively the same end, but in a more straightforward manner and by hinging the mechanics on derivative-making rather than on use.

I think I have to use something exactly like the license Sentry is using then. It's just one license and it should be fine I guess if it had protected them.

Also, I'm not concerned about Amazon exactly but it can be any other entity with enough resources to offer my product to their existing user base and definitely with massive marketing budget, etc.

If your software is valuable enough, Amazon will just reimplement it from scratch. Often Amazon entering the market for your software will grow the size of the market, taking most of the growth for themselves, but also increasing the amount of customers you get.
Not always really. Code commit/build/deploy still are some of the worst products in AWS and they're far behind Gitlab which is OSS.

Btw, I'm not really concerned about Amazon particularly, it's a general question about someone taking advantage of few years of work without putting in any effort.

AGPL will protect you, your users in the future and prevent companies like Amazon from profiting from your hard work and give nothing back to the community.

See what happened to elastic search:

https://www.techtarget.com/searchcloudcomputing/opinion/Elas...

Thanks, sounds like what I need. Not sure if with AGPL still I have to use a dual license approach.

Also it's very true about what happened to elastic search or was about to happen to Sentry.

You could share with AGPL and sell the other license for companies that require another one. That was MySQL business model for several years before Oracle brought them.
For standalone tools that people use in their workflows without linking them to their own code (A)GPL is mostly fine. If it's something that should be used as a library I'd use a more permissive license like BSD-3 or Apache 2.0, as otherwise you'll have adoption problems especially for larger enterprises that use proper open-source license management tools (as those will flag GPL licenses as high risk).

That said think of licensing as one part of your open-source strategy. From my experience licenses won't keep your competitors from copying your code or circumventing your license terms. The best thing is still to keep your most business-critical code closed-source.

Fair points. It's not a library and it's actually going to be provided as a SaaS product and as you mentioned I think it's best not to share the critical parts of code. At least that's what I'm doing.