Skip to main content

Section 5.3 Existing OSS Communities

Subsection 5.3.1 Contributing to Existing Projects

If you’re contributing to or extending an existing project, it almost always makes the most sense to continue using that project’s license. Depending on the original project’s license, using the same license might be a requirement, not just the easiest thing to do. (See the “same license” condition of some licenses.) To find a project’s license, look for a file called LICENSE or COPYING, and skim the project’s README. If you can’t find a license, ask the maintainers.
Some open source communities have strong preferences for particular licenses. If you want to participate in one of these communities, it will be easier to use their preferred license, even if you’re starting a brand new project with no existing dependencies. Some examples of such communities include:
  • Apache
     1 
    www.apache.org/licenses
    requires Apache License 2.0
     2 
    www.apache.org/licenses/LICENSE-2.0
  • Cloud Native Computing Foundation
     3 
    /github.com/cncf/foundation/blob/main/charter.md#11-ip-policy
    requires Apache License 2.0
     4 
    www.apache.org/licenses/LICENSE-2.0
    .
  • Firefox
     5 
    mozilla.org/en-US/foundation/licensing/
    has an entire guide for helping you choose the right license. For code, they recommend their own license, the Mozilla Public License MPL 2.0
     6 
    mozilla.org/en-US/MPL/2.0
    or Apache License 2.0
     7 
    www.apache.org/licenses/LICENSE-2.0
    and the guide offers guidance on choosing which.
  • GNU
     8 
    www.gnu.org/licenses/license-recommendations.html
    recommends GNU GPLv3
     9 
    www.gnu.org/licenses/gpl-3.0.en.html
    for most programs
  • npm packages
     10 
    libraries.io/search?platforms=npm
    overwhelmingly use the MIT
     11 
    en.wikipedia.org/wiki/MIT_License
    or the very similar ISC
     12 
    en.wikipedia.org/wiki/ISC_license
    licenses
  • OpenBSD
     13 
    openbsd.org/policy.html
    prefers the ISC License
     14 
    en.wikipedia.org/wiki/ISC_license
  • Rust
     15 
    rust-lang.github.io/api-guidelines/necessities.html#crate-and-its-dependencies-have-a-permissive-license-c-permissive
    crates are overwhelmingly licensed under both MIT
     16 
    en.wikipedia.org/wiki/MIT_License
    and Apache License 2.0
     17 
    www.apache.org/licenses/LICENSE-2.0
  • WordPress
     18 
    wordpress.org/about/license
    plugins and themes must be GNU GPLv2
     19 
    www.gnu.org/licenses/old-licenses/gpl-2.0.html
    (or later)
Communities come in all shapes and sizes, and more than one community might be pertinent. For example,you must keep in mind the rules of your company if you work for one. The examples above are very well established. If the community you’re building a project for doesn’t have set-in-stone licensing traditions, or you don’t see your project as part of any particular community, that’s fine. Then you will need to make your own choice of a license because not posting any license at all means you implicitly retain all rights and give no permissions to use, share, modify, or improve the software.

Subsection 5.3.2 Changing Licenses

As an open source software project matures, sometimes the maintainers of the project decide to change open source licenses. This section highlights a case study of one project’s change of license and their reasons for that change.
Some people who are new to working in open source software communities may naively think that the best licenses are those that are the most permissive. Unfortunately, there are pitfalls to the most permissive licenses when anyone can utilize the software for any purpose.
Plausible Analytics
 20 
plausible.io
is an open source software web analytics project that provides an alternative to Google Analytics, which is more privacy-friendly. Plausible decided to change licenses from the very permissive MIT License
 21 
mit-license.org/
to the AGPL license
 22 
www.fsf.org/bulletin/2021/fall/the-fundamentals-of-the-agplv3
, a GNU copyleft license designed to protect rights when the software is being utilized over a network. Simply stated, the AGPLv3 is basically the GPLv3, but with an additional licensing term that requires that users who interact over a network with modified versions of the program can receive the source code for that program.
In their blog, Plausible explained that they made the change their license to protect against corporations that took their code and then used it to create and sell proprietary software that directly competed with their project. They had also been approached by some large corporations that wanted Plausible to help them so they could sell a version of Plausible Analytics to their own clients without wanting to contribute anything back to the Plausible project. For more details, see Open source licensing and why we’re changing Plausible to the AGPL license
 23 
plausible.io/blog/open-source-licenses#risks-associated-with-permissive-open-source-licenses
.
The kind of situation Plausible found themselves in underscores the importance of licensing, and also the importance of the terms of that license.

Checkpoint 5.3.1.

    What license did Plausible Analytics change to from the MIT License, and what was the main reason for this change?
  • GNU GPLv3, to protect against corporations using the software to create proprietary software for sale.
  • Correct! They made the change to their license to protect against corporations that took their code and then used it to create and sell proprietary software that directly competed with their project.
  • Apache License 2.0, to make it more compatible with other open source projects.
  • The section mentions that Plausible Analytics changed to a GNU copyleft license, not the Apache License 2.0, for specific reasons related to how the software is used over a network.
  • Mozilla Public License MPL 2.0, to ensure greater privacy protection for users.
  • The reason for the license change was not related to privacy protection but rather to address specific issues with how corporations were using their software.
  • ISC License, to simplify the licensing terms and make it more permissive.
  • The section states that Plausible Analytics moved to a copyleft license to protect against specific use cases involving corporations, which is different from choosing a more permissive license like the ISC License.
You have attempted of activities on this page.