Skip to main content

Section 5.3 Existing OSS Communities

Subsection 5.3.1 Contributing to Existing Projects

If you’re contributing to or extending an existing project, it almost always makes the most sense to continue using that project’s license. Depending on the original project’s license, using the same license might be a requirement, not just the easiest thing to do. (See the “same license” condition of some licenses.) To find a project’s license, look for a file called LICENSE or COPYING, and skim the project’s README. If you can’t find a license, ask the maintainers.
Some open source communities have strong preferences for particular licenses. If you want to participate in one of these communities, it will be easier to use their preferred license, even if you’re starting a brand new project with no existing dependencies. Some examples of such communities include:
  • Apache
    requires Apache License 2.0
  • Cloud Native Computing Foundation
    requires Apache License 2.0
  • Firefox
    has an entire guide for helping you choose the right license. For code, they recommend their own license, the Mozilla Public License MPL 2.0
    or Apache License 2.0
    and the guide offers guidance on choosing which.
  • GNU
    recommends GNU GPLv3
    for most programs
  • npm packages
    overwhelmingly use the MIT
    or the very similar ISC
  • OpenBSD
    prefers the ISC License
  • Rust
    crates are overwhelmingly licensed under both MIT
    and Apache License 2.0
  • WordPress
    plugins and themes must be GNU GPLv2
    (or later)
Communities come in all shapes and sizes, and more than one community might be pertinent. For example,you must keep in mind the rules of your company if you work for one. The examples above are very well established. If the community you’re building a project for doesn’t have set-in-stone licensing traditions, or you don’t see your project as part of any particular community, that’s fine. Then you will need to make your own choice of a license because not posting any license at all means you implicitly retain all rights and give no permissions to use, share, modify, or improve the software.

Subsection 5.3.2 Changing Licenses

As an open source software project matures, sometimes the maintainers of the project decide to change open source licenses. This section highlights a case study of one project’s change of license and their reasons for that change.
Some people who are new to working in open source software communities may naively think that the best licenses are those that are the most permissive. Unfortunately, there are pitfalls to the most permissive licenses when anyone can utilize the software for any purpose.
Plausible Analytics
is an open source software web analytics project that provides an alternative to Google Analytics, which is more privacy-friendly. Plausible decided to change licenses from the very permissive MIT License
to the AGPL license
, a GNU copyleft license designed to protect rights when the software is being utilized over a network. Simply stated, the AGPLv3 is basically the GPLv3, but with an additional licensing term that requires that users who interact over a network with modified versions of the program can receive the source code for that program.
In their blog, Plausible explained that they made the change their license to protect against corporations that took their code and then used it to create and sell proprietary software that directly competed with their project. They had also been approached by some large corporations that wanted Plausible to help them so they could sell a version of Plausible Analytics to their own clients without wanting to contribute anything back to the Plausible project. For more details, see Open source licensing and why we’re changing Plausible to the AGPL license
The kind of situation Plausible found themselves in underscores the importance of licensing, and also the importance of the terms of that license.

Checkpoint 5.3.1.

    What license did Plausible Analytics change to from the MIT License, and what was the main reason for this change?
  • GNU GPLv3, to protect against corporations using the software to create proprietary software for sale.
  • Correct! They made the change to their license to protect against corporations that took their code and then used it to create and sell proprietary software that directly competed with their project.
  • Apache License 2.0, to make it more compatible with other open source projects.
  • The section mentions that Plausible Analytics changed to a GNU copyleft license, not the Apache License 2.0, for specific reasons related to how the software is used over a network.
  • Mozilla Public License MPL 2.0, to ensure greater privacy protection for users.
  • The reason for the license change was not related to privacy protection but rather to address specific issues with how corporations were using their software.
  • ISC License, to simplify the licensing terms and make it more permissive.
  • The section states that Plausible Analytics moved to a copyleft license to protect against specific use cases involving corporations, which is different from choosing a more permissive license like the ISC License.
You have attempted of activities on this page.