OStatic

All open-source licenses are not created equal. Understanding the different licenses is essential before you start to use, and modify, open-source code.

All open-source licenses have certain common elements: They promise that the source code may be used by anyone, for any purposes. They promise that the software may be changed by anyone, in any way that they like. And they promise that people who use the software never have to pay the authors or distributors.

Why are there so many licenses? And how do they differ?

Computer scientist Andrew Tanenbaum once quipped that "The nice thing about standards is that there are so many of them to choose from." He was referring, of course, to the fact that the computer industry has created so many standards that anyone can claim to be "standards compliant," removing much of the meaning.

The same is true, to some degree or another, in the world of open source, and specifically when it comes to open-source licenses. When the term "open source" was coined, there were only a handful of licenses that fit the definition. There are now more than 20 licenses that can legitimately claim to be "open source." As a "proliferation report" stated in 2006, the number of licenses has made it difficult for software publishers to choose licenses, for users to understand the licenses, and for programmers to determine which pieces of software will "play well together."

All open-source licenses have certain common elements: They promise that the source code may be used by anyone, for any purposes. They promise that the software may be changed by anyone, in any way that they like. And they promise that people who use the software never have to pay the authors or distributors. In other words, an open-source software license guarantees that anyone can download, modify, and distribute the software without having to pay anyone. Because many people can -- and do! -- modify open-source software, licenses typically disclaim any warranty, saying that if something goes wrong, the original authors cannot be held responsible.

Why are there so many licenses? And how do they differ?

The basic answer is best understood by considering the differences between the three best-known open-source licenses: The GNU Public License (GPL), the Berkeley Standard Licenses (BSD), and the Mozilla Public License (MPL).

The GPL, sometimes known as a "copyleft," ensures that the source code will always remain open source. As the license itself says, you have the right to modify and redistribute GPL'ed software -- but anyone who receives your modified code has the same rights as you did. Moreover, the GPL is known as a "viral" license, in that it affects any software with which it is linked. Attaching a GPL'ed library to your proprietary product puts your entire product under the GPL. (For this reason, a separate, "lesser" license is often used on libraries, known as the LGPL. The LGPL keeps the library itself under the GPL, but does not affect software with which it is linked.) The Linux kernel is licensed under the GPL, as is the open-source version of the MySQL database. Version 3.0 of the GPL was recently released, but it remains to be seen just how many will "upgrade" to it.

The BSD license, by contrast, says that you can use the software for whatever purposes you see fit, with no restrictions. This means that if you want to take a copy of PostgreSQL (which is released under the BSD license), modify it, and turn it into a proprietary (i.e., closed-source) product, you're welcome to do so. The BSD license used to require that programs acknowledge their BSD roots, but that requirement was dropped a number of years ago.

GPL adherents traditionally say that the BSD license is flawed, because it opens the door to commercial exploitation of open-source software. After all, if IBM wants to incorporate portions of a GPL'ed program into a commercial product, it cannot do so without forcing the entire product to be GPL'ed, and thus released as an open-source product. BSD advocates, by contrast, say that the GPL's "viral" nature is a problem, taking away the user's right to use the open-source software in any way he or she might like, including commercially. Arguments over these two licenses have been going on for years, and each open-source project typically adopts one or the other. Both sides of the divide agree that when a BSD program is mixed with a GPL program, the GPL affects the combined code.

A third well-known license is the MPL, which can be thought of as the GPL (i.e., copyleft) -- but with the right to combine the MPL-licensed program with proprietary software. You can thus take Mozilla and turn it into a commercial program, mixing the proprietary and open-source elements. ActiveState is a company that has done just this, creating its Komodo developer tools on top of the Mozilla core infrastructure. Mixing GPL and MPL software is apparently tricky, and the Free Software Foundation discourages people from doing so.

There are many other open-source licenses, but these are the Big Three. Which license you choose for your own project will depend on what your goals are, as well as what software you want to mix with it. As a user, the license determines what you can do with the software, including whether you can turn it into something for commercial gain.

What else should the open-source community know about licenses?

• license
• gpl
• bsd
• mpl