A Question of Licenses
Which open-source license should I use for my software?
Okay, I'll admit it, I wrote this question myself because I've been asked it so many times I wanted to see it answered in print. As an attorney for open-source companies and projects, I am often requested to select a license (or to bless my client's selection) from among the OSI-approved, open-source licenses. (All the licenses described here are listed on the OSI web site at www.opensource.org).
The question puts the cart before the horse. What drives the license selection process is the client's business strategy, and not the other way around.
Do you intend to make money from licensing the software or from providing ancillary services like installation and training? There's nothing illegal about using a proprietary software license if that's what your business model dictates. Of course, as an advocate of open source, I'd try to convince you that there are many advantages to nonproprietary business models—but the client is the one to make the final decision.
What degree of freedom are you willing to grant to your licensees to modify your software? There are open-source licenses (e.g., BSD-type) that impose virtually no restrictions on licensees; they can modify the licensed software and create proprietary versions without restriction. There are other open-source licenses (e.g., GPL-type, more typically known as “free software” licenses) that require the licensee's modifications to be licensed back under that same license; this “inheritance” characteristic is an advantage if you want your licensees to have to reciprocate if they benefit from your contribution to the community. There are still other open-source licenses (e.g., MPL-type) that impose an intermediate level of freedom; modifications to individual files containing licensed code must be licensed back, but new files that merely work with the licensed code need not be.
Are you willing to grant warranties that the software will be “merchantable” or “fit for a particular purpose”? If your software is royalty-free, you probably can't afford a warranty. On the other hand, you may want to charge for your open-source software and use the profits to provide a warranty and other forms of service.
Is your software so well known that the main asset you need to protect is your trademark rather than your code? An excellent example of this is Apache. Their license allows you to do almost anything you want with the Apache code, but you'll have to change the name. If you have a trademark to protect, make sure your license contains appropriate terms relating to that.
Have you considered the possibility of dual licensing? The owner of a copyright in a software program always has the option to use multiple licenses. For example, you may want to license your software under the GPL and simultaneously provide a proprietary version for those of your customers who are afraid of the GPL's inheritance features; that unreasonable fear can be treated as a revenue opportunity.
Have you considered using different licenses for different parts of your software? Client software might be distributed under an MPL-like license, but server software might be distributed under a proprietary license. That way, you could make money from the bigger customers that will pay to license your server software and simultaneously build a large customer base with free client software.
Are you trying to protect the code itself or the standards that are implemented using that software? A license like SISSL allows anyone to develop modifications of licensed software as long as the licensee complies with all requirements set out by a standards body; a licensee who elects not to comply with the specification must publish a royalty-free reference implementation of the modifications so that the standard cannot be abducted by another company.
If there are patents that relate to your software, you will have to consider licensing your patents along with your code. You may also want to retaliate against any licensee who takes your free software and then turns around and sues you for patent infringement. Various licenses on the OSI-approved license list take different approaches to this problem. Some include a strong retaliation clause, others a weaker version that may be less threatening to customers with a large patent portfolio.
This is not an exhaustive list of considerations. You and your attorney should understand your business situation thoroughly before you decide on a license. Even after you answer these questions, you will still need to decide whether to invest in the attorney resources to create your own license or to have your attorney modify an existing license to meet your needs. If you choose to create your own license, your attorney will be able to tailor your license to your unique business requirements. On the other hand, modifications to an existing license may be sufficient. Consult an attorney familiar with your business to advise you.
Remember that your business objectives guide the choice of license. Anyone who ignores your business needs and whose first words to you are “use this license” is the wrong horse to push your cart.
Legal advice must be provided in the course of an attorney-client relationship specifically with reference to all the facts of a particular situation and to the law in your jurisdiction. Even though an attorney wrote this article, the information in this article must not be relied upon as a substitute for obtaining specific legal advice from a licensed attorney.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- The US Government and Open-Source Software
- The Humble Hacker?
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide