I ask this because I think of the recent switch of Ubuntu to the Rust recode of the GNU core utils, which use an MIT license. There are many Rust recodes of GPL software that re-license it as a pushover MIT or Apache licenses. I worry these relicensing efforts this will significantly harm the FOSS ecosystem. Is this reason to start worrying or is it not that bad?
IMO, if the FOSS world makes something public, with extensive liberties, then the only thing that should be asked in return is that people preserve these liberties, like the GPL successfully enforces. These pushover licenses preserve nothing.
Most Open Source software is written by corporations. The Open Source licenses are an advantage to them.
The biggest source of GPL software is probably Red Hat (IBM). They maintain most of what people think of when they think of GNU software and they wrote many of the newer GPL projects that everybody uses (like systemd).
The trend has been towards permissive licenses for a long time. The have led to more Open Source software, not less.
Look at Clang vs GCC. Clang attracts a greater diversity of corporate contribution and generates greater Open Source diversity. Zig and Rust appeared on LLVM for a reason.
What we should be worried about is the cloud. It allows big companies to outsell the little companies writing Open Source software. Neither permissive nor copyleft licenses prevent this.
One side community wants total GPL take over and one side they don’t support total GPLv3 licenced Operating system like
I gotta say I’m a bit concerned about this whole corporate takeover thing goin on in FOSS land. If companies start slapdin’ MIT or Apache licenses on GPL software that’s supposed to be all about freedom and whatnot, it does seem like a bit of a cop-out and it could have some pretty serious consequences for the community.
Permissive license offer greater freedom to users of the code that already exists. The only benefit of copyleft is that it lets you demand future code that you did not write and that the authors do not want to Open Source. It is about restricting their freedom, not enhancing yours.
Permissive licenses provide all of the “4 freedoms” that the Free Software Foundation talks about. You cannot really talk about the differences between cooyleft and permissive as a “freedom” because they are not.
The name “permissive” kind of gives it away that permissive licenses offer more freedoms about what you can do with the code you were given.
Given the current world we live in I do not want anything that I create or contribute to itself contributed to an exploitative corporation’s bottom line (at best) without my consent or their assuredly begrudging reciprocation. This should not be controversial. The GPL accomplishes this. Nothing more lax or permissive does or will. You are not a cool or chill guy because you don’t care what someone does with the code you write. You are handing all of those who would sack you the keys to the castle, ushering them inside. That is not abstaining, it’s letting your opponents win. No thanks.
Your opponents. You do not get to decide who my allies and opponents are.
I agree with everything you are saying “for you”. It sounds like the GPL is the perfect choice for code that you wrote (assuming you wrote any).
But stop telling me what to think and do. Or, at least stop using the word “freedom” while you peddle your authoritarianism.
My philosophy is single. Those that wrote the code should get to choose the license. Many people prefer the collaboration that permissive licences allow. I do not oppose that.
without my consent or their assuredly begrudging reciprocation. This should not be controversial. The GPL accomplishes this
In legal theory. In corporate practice, MIT and similar “pushover” licensed software, especially FOSS libraries, is more readily adopted by corporate users - and through this adoption it is exercised, tested, bug reported - sometimes the corporate trolls even crawl out from under their rocks and publish bug fixes and extensions for it. By comparison, GPL stuff is radioactive, therefore less used.
Then we can talk about how successful you are likely to be in enforcing GPT on any large entity, particularly those in foreign countries.
If it’s radioactive, that’s because of a fundamental assumptive imbalance in the contract between the author, the community, the users, the stakeholders, and the parasitic lawyers and their overlords.
If they don’t like it, pay/license and/or contribute.
In the corporate world, they have a lot to lose. So, they have lawyers - expensive lawyers - who, in theory, protect them from expensive lawsuits. One of the easiest ways to stay out of lawsuits over GPL and friends is to not use GPL software, so… that’s why it’s radioactive. Just having the parasitic lawyers review possible exposure is hellishly expensive, better to re-develop in-house than pay lawyers or even begin to think about the implications of entering into an agreement with a bunch of radical FOSS types.
It sucks, but it’s also how it is. Some corporations (like Intel) do heavily support and contribute to FOSS, when they feel like it.
Yeah this happens when the wrong kind of professional reviews exposure, which happens a lot.
Lawyers reviewing the licence terms will absolutely flag stuff that’s realistically a non-issue.
People that do threat risk assessment, (insurance type of thing) can view FOSS and other open standards as a reduction in risk across the board, and when these kind of professionals are tendering the creation of systems they specify open APIs and access to stuff. (At least in the projects that I’ve worked on, security systems in Toronto.)
This isn’t a hard rule, kinda a spectrum.
The whole legal/courts system is pretty dysfunctional at the low end of the economic spectrum (like: license fees that a group of 10s of developers might charge…) We have a shared well with our neighbor, put there by the previous owner of both properties. When he tried to sell to a previous potential buyer, they tried to hammer out a legal agreement around the shared well, and it just wasn’t feasible. The cost of anything approaching a legal agreement about sharing maintenance of the well cost more than putting in two new wells.
Let’s see how this goes then revisit the question.
The switch to permissive licensing is terrible for end-user software freedom given that corporations like Apple and Sony have leeched off of FreeBSD in the past to make their proprietary locked-down OSes that took over the market. Not sure what would happen if RedoxOS became usable in production, but if it turns out to function better than Linux enough to motivate corporations to shift their focus to it, open source versions for servers would probably still exist, but hardware compatibility on end-user devices would be at higher risk than before as vendors switch their support and stop open sourcing stuff. Or they keep focusing on Linux for server stuff due to the GPL license and the fact that their infrastructure is already on it.
GPL is the only thing standing between us and Embrace-Extend-Extinguish.
There’s a reason that “Stallman was right” is a meme in the FOSS world.
Do you think IBM wouldn’t make Red Hat completely proprietary if they had the chance? They already tried to use their customer licensing to restrict source access!
It only takes one successful proprietary product to gain mind-share and market-share and become a new de-facto standard, and then all of the original FOSS has to play catch-up and stay compatible to stay relevant.
See Jabber/XMPP for an example.
Do you think IBM wouldn’t make Red Hat completely proprietary if they had the chance?
No. I don’t. For quite a few reasons.
1 - Red Hat has released new software (quite a lot actually) that they wrote, as GPL since the IBM purchase (rather directly refuting your thought experiment)
2 - A huge amount of Red Hat Enterprise Linux is permissively licensed. They have the chance every day to make this proprietary. They don’t. Again, answering your question.
3 - Red Hat is one of the most profitable parts of IBM.
4 - IBM has left the Product and Engineering teams independent. Because of #3 obviously.
5 - I use facts when forming my opinions
Red Hat is the most commercially successful Open Source company and perhaps the biggest proponent and prolific author of GPL software. They founded (created on purpose) one of the most successful community Linux distributions (Fedora)—a distribution with annoying dedication to free software (eg. codecs). Many of the “leaders” and “contributors” to Fedora are Red Hat employees. Red Hat of course does not make Fedora proprietary since having it be “community” led is a core part of their strategy.
Finally, you do not have to fear a Red Hat take over. Because it already happened.
Half the software (source code) you think of as GNU sits on servers Red Hat manages and controls. This is where that software is developed (not in Savannah—which is just a mirror). I am talking about GCC, Glibc, core utils. Etc.
Do you use systemd, pipewire, Wayland, Mesa, Podman, Cockpit, or Flatpak? Where did all this software come from? From the Free Software Foundation? University students? No, these are all part of the “Linux platform” as defined by Red Hat and they have swept us all along with them as they create it. You can probably add GNOME and GTK to the list at this point.
Has Debian moved to all these technologies? Why? Because of the FSF? No. Because of Red Hat.
Personally, I am ok with it. My core distro uses A LOT of software brought to me by Red Hat and I am thankful for it. But I avoid a lot of Red Hat software like GCC, Glibc, and systemd. But the replacements I use are also mostly corporately funded (Clang, MUSL, and dinit).
Do you think IBM wouldn’t make Red Hat completely proprietary if they had the chance?
Adding to this, Google would make Android fully proprietary in a heartbeat if they could, given they’re already closing down more and more portions of the AOSP and trying to lock down app development and distribution as well.
And conceivably all it would take to turn Android fully proprietary ala Windows, is to hard-fork AOSP to keep the Lineage/Graphene/etc. users happy, and then rewrite main Android as closed-source.
Although, it’s kinda ironic that Windows, a fully closed environment, is less restrictive in terms of app dev and distribution, than Android, a supposedly semi-open environment, is. Like, MS isn’t mandating signed exes or trying to fully lock Windows into the MS Store, yet, while Google is trying to mandate signed APKs and also trying to lock Android into the Play Store.
And before anyone says, ‘But SmartScreen,’ unless that option is specifically disabled, you can just run unsigned exes by clicking ‘Run anyway’ still, Android doesn’t have a ‘Run anyway’ equivalent option AFAIK.
Adding to this, Google created Android, wrote all the source code, and released it as Open Source.
By definition, Google cannot take anything here. It is only a question of what they give way in the future.
What Google wants is for people to use Google services. So they are making that less and less optional. There is no way for them to mandate this in Open Source and so they are shrinking the size of AOSP.
Online “services” are the greatest threat to software freedom. What kind of license is used has little to do with it.
Since this is a “GPL saves the world” thread, how would the GPL change anything? Android is mostly permissively licensed. But let’s assume that it is all GPL. Since we are talking about code Google wrote, nothing changes at all.
And the Linux kernel is already GPL licensed. Does that mean I can run whatever I want on my phone?
No. The threats to freedom in the Android space have literally nothing to do with permissive vs copyleft.
So far Google services aren’t being mandated on the desktop like they increasingly are on phones, yet, at least.
WEI threatened to push that once already, plus Google trying, again, this time with an actual chance of success given the Win10 EOL combined with the dumpster fire that Win11 is for the SKUs that normal people can legally access, to push Android to desktops in addition to mobile devices, certainly doesn’t help matters either, and if Google gets away with locking down Android successfully, that’ll probably embolden them to try to lock down the web at large with WEI again too.
Although, it’s kinda ironic that Windows, a fully closed environment, is less restrictive in terms of app dev and distribution, […]
I think the reason for this is mainly historic.
Like, MS isn’t mandating signed exes or trying to fully lock Windows into the MS Store
I’m pretty sure this is changing too. Like the start menu deprioritizing the application menus vs the “app list”
See Jabber/XMPP for an example.
There was a (short) time when I could chat with my friends on google hangouts (or whatever that was called back then) and facebook messaging via my own xmpp server. It was pretty cool and somehow felt like that’s the way things should be. Like email today (even if every big player is trying to destroy that too).
Maybe in some version of the future we’ll get that back.
https://matrix.org/category/dma/
There is work in progress to address this compelled by EU legislation.
You’re on the fediverse where that is a possibility.
It’s not really a same thing. I can’t reach my mother or neighbor over fediverse since they don’t know nor care what that is. But they use whatsapp, facebook and other stuff which are in their own walled gardens and there’s no option to communicate to those gardens with anything I self host.
And trying to convince everyone to switch is not a battle I’m actively fighting for multiple reasons. Of course I mention signal, fediverse and everything to anyone who’s willing to listen, but those encounters are pretty rare.
The problem you are describing in this comment is a social problem, not a technological one. In the previous comment I answered, a technological problem was described, and I offered a technological solution.
I am on the fedi, I do not proselytize to anybody that’s not on the fedi, nor do I interact outside of it. I am not fighting a battle, nor do I need to change people. There’s tons of people on the fedi that I can interact with. If people like where they are, they can continue to enjoy that, and I don’t have to bother them. I call my parents using the phone.
It’s kinda-sorta social problem, but originally not the way you intend. It used to be possible to self host XMPP and chat with people regardless of the platform since both Google and Facebook (it wasn’t Meta at the time) adopted the protocol. But then they changed their policy and created the walled gardens they have now and thus it’s a social and/or political problem.
They fully followed the playbook of Embrace-Extend-Extinguish which [email protected] mentioned few messages up the thread and pretty much devastated XMPP out of existence. Sure, there’s still handful of users and project itself isn’t dead, but before their policy change I saw quite a lot of servers around which are now either dead or forgotten.
On a previous comment I didn’t mean to describe that as a technological problem but a problem related to big corporations embracing FOSS projects/protocols and killing them by introducing their own walled garden variant of it.
See Google Chrome too.
That’s good point.
Another thing that is dangerous are CLAs or “contributor license agreements”, like Google uses. Technically, it is GPL, but Google might demand to hold all the copyright, so as the copyright holder it can change the license at a whim.
Also like Ente uses: https://github.com/ente-io/ente/pull/7945#issuecomment-3538457041
A little bit.
A lot of the Rust remakes are being made by morons who have no problem using weak licenses that favor corporations.
We should hold them accountable and avoid using/contributing to their projects until they switch to a free license.
like the GPL successfully enforces
I’m not aware of the GPL being legally tested to where you can claim that; there are a lot of open questions, and it has failed to protect works from AI companies, for example.
I’m not aware of the GPL being legally tested
https://fsfe.org/activities/avm-gpl-violation/avm-gpl-violation.en.html
In context of the many failures, I don’t think this establishes anything.
GPL has certainly failed time and time again, openly in the case of FFmpeg and their clones all over Eastern Europe and elsewhere. FFmpeg made a lot of noise and resorted to “public shaming” mostly because the courts weren’t working for them. And they have a very visible product… so many GPL licensed things are lurking inside proprietary products where they’ll never be seen.
It’s like putting a license on COVID to prevent it from spreading… it just doesn’t work in the real world.
The original intention of public licenses was never to prevent code from spreading in any circumstance. Rather, that’s the “innovation” of copy-left. We just wanted a way to share our code without putting the people who used it into legal hot water. We didn’t want to control or manipulate people, using our code to extort a particular behavior out of them. We just wanted to share our code. I think copy-left makes sense in certain situations but I don’t think it should be the default option of a person wanting to contribute to culture.
We didn’t want to control or manipulate people, using our code to extort a particular behavior out of them.
The FOSS community, and even the community of developers on single large FOSS projects, is large and diverse… The royal “We” doesn’t really apply at all, even in the case of Linus and the kernel - sure, he’s a clear leader, but he’s hardly in control of the larger community and their wants.
I think the current state of open source licensing is much as it should be… MIT has its place, as does GPL, and if we’re going to pretend that intellectual property is about protecting creators, then it’s the creators who should get to choose.
In the world I live in, intellectual property is a barrier to entry that’s primarily used by organizations with a lot of power (money) to prevent others from disturbing their plans of making more money. MIT seems most appropriate for individual creators to assure that that world doesn’t come crashing into their bedroom with CDOs and lawsuits. GPL is “cute” - but I think most practitioners of GPL licensing don’t have any clue how far out of their depth they are if they should ever seek actual enforcement of their self-declared license terms. That’s not to say GPL is toothless. It gives small players a tool to amplify the trouble they can make for those who would violate their license (primarily mode of violation being by use of the code so licensed.) But, other than making minor trouble for the bigger players, thus discouraging the bigger players from entangling with them, GPL isn’t going to “make” the bigger players do much of anything other than stay away.
GPL does shape the community, it has its effects, I just get tired of hearing about the specific immediate legal language of it, because that’s far from the actual effects it has.
Coreutils has little commercial value to take can create a proprietary fork of. There is little value that can be added to it to make it worthwhile. The same is for sudo - which has had a permissive licence from the start. In all that time no one has cared enough to fork it for profit.
Not saying that is true of every project. But at the same time even GPL software has issues with large companies profiting off it and not contributing back. Since unless you are distributing binaries the GPL does not force you to do anything really. See mongodb and their move to even more restrictive licences.
The GPL is not the only thing that stops companies from taking open software. Nor does it fully protect against that.
Not does everything need to be GPL. It makes sense for some projects and less sense for others. Especially libraries as that basically forces no company from using them for anything. Which is also not what you want from a library.
Compare Ubuntu and MacOS. MacOS ships ancient version of Bash because its GPL2 which allows for coexistence with proprietary software on sold machines.
So if Ubuntu gets rid of GNU coreutils and sudo what else stays GPL3 on a barebones system? You can swap Bash with Zsh like Apple did. And just like that you got yourself a corpo friendly distro to ship proprietary software. Just like Android, and look where that got us.
sudo is not GPL3. It is not even GPL2. It is an old license that is just as permissive as the MIT license. It has never had any big problems with that being the case. I don’t think that coreutils being GPL has really done anything to force companies to contribute back to it. It is mostly fixed in its function and does not really have much room for companies taking and modifying it to a point where others will favor the closed version over the open on. And what it provides is fairly trivial functions overall that if someone did want to take part of it then it is not terribly hard to rewrite it from scratch.
GNU Coreutils is not the only implementation of those POSIX features - just the most popular one. FreeBSD has its own, there is busybox, the rust ports and loads of other rewrites of the same functionality to various degrees. None of that really matters though as they dont really add much if any value to what coreutils provides as there is just not that much more value to add to these utilities now.
And it is not like the GPL license of coreutils affects other binaries on the system. So if you dont need to modify it and it does not infect other things there is little point in trying to take it over or use an alternative.
MacOS does not use a later version because they cannot. But also they don’t care enough to even try to maintain their own.
GPL is important on other larger/more complex bits of software. But on coreutils/sudo IMO it does not matter nearly as much as people think it does.
GPLv2 vs GPLv3 matters. At least to corpos. You can’t just brush this away when they have a clear position on this.
I was not trying to brush away the differences for GPL 2 vs 3. My point was just that I don’t think a more permissive license on Coreutils would have caused every company to want to steal the code, get everyone using it and force out the GPLed version. But a more restrictive license (say one that infects other binaries on the system) would have meant fewer companies using it and thus fewer distros and everyone else using it.
But for other projects the balance is different and a more permissive license would cause issues. There are some projects that even the GPLv2 or even v3 is too permissive for.
Yeah, Ubuntu actually isn’t the first distro without GNU coreutils. Beyond Android and Busybox, there’s also stuff like Talos, which is something like … Kubernetes/Linux.
IME something like Kubernetes/Linux running “distroless” containers have a huge potential to displace traditional GNU/Linux in the server market, and I wouldn’t be surprised if someone manages to build a desktop out of it, either.
Okay then; what licence can we use to force any entity using a library to make their project open-source?
EDIT: clarification
what licence can we use to force any entity using a library to make their project open-source
GPL requires this, since linking with a library is considered a derivative work even if the library is dynamically loaded.
This is why the LGPL exists, which makes the library copyleft but does not extend the derivative work classification to programs linking with the library.
The FSF says this is the case but the actual legal situation is less clear, especially in the EU. Linking does not necessarily constitute a derivative work. Even decompilation of a (proprietary) library in order to link to it might be acceptable depending on the circumstance.
This isn’t something that can be fixed with a license, it’s a direct result of EU copyright law. Historically companies have tended to err on the side of the FSF interpretation, but it is on somewhat shaky grounds.
That’s the orthodoxy but noone ever bothers to actually back it up. If I write an encyclopedia and refer extensively to external sources it’s not a derivative work, and that seems to be the closest obvious example.
None. The closest you can get is the AGPLv3.
If you go further, it will no longer be open source. This is the case for the Server Side Public License (SSPL) for example. It requires the entire system configuration to be released under the same license*. This sounds “open source friendly” but it’s actually just a proprietary license because it’s not realistically possible to legally comply with it. You cannot run standard hardware without proprietary firmware, which means you cannot run SSPLed software on it legally.
*This only applies if you host the software as a service but the result is the same. It basically violates the freedom to use the work for any purpose.
I don’t think there is a good license for that. The ones MongoDB used turned the open source community against them. But that is not really my point. I just mean that some projects using MIT won’t suddenly mean every company will start stealing and closing that software. Some things like coreutils and sudo just don’t have the commercial value to make that worth the effort. So there is no real need to worry about these two projects IMO. Other projects are a different story altogether though. Each project needs to make its own decision on what licence best suits it. The GPL is not the one and only license that is worth using.
I would say AGPL is the “safest” license still approved by the OSI. Could you share your opinion?
There is no one size fits all safest option. Details matter and each project needs to read the licenses and decide on which suits their needs best.
MIT is probably the safest option for a company creating a library wrapping their service where there is no real value in others taking that code. Or for simpler libraries that are fairly easy to reproduce so the need to steal the code is low. Or you just don’t care what others do with the code.
GPL is probably safest for some hobbies that does not care about companies and just wants everyone that is using their project to not bake it into a product they distribute. But also means companies likely wont want to use your project if it is a library.
LGPL might be a good option for library code if you want other companies to use and contribute back to some complex library you are using that is hard to reproduce in isolation.
Other licenses are needed if you want to prevent other hosted services from using your project without contributing back.
Different licenses exist for different reasons and it all depends on what you want for your project.
Thanks for sharing your opinion and expanding.
In the past I used to think the same. Or rather, probably naïvely, I considered the GPL to be a bit of a nuisance, and preferred LGPL or MIT software.
Now I’ve changed my mind and started preferring AGPL for all my code. If a big company likes your MIT or LGPL code, they can legally steal it. If it’s GPL at least you get some safeguards, but they can still take it and put it on a server without the need to release the source code. That’s why I started to believe AGPL is the only “safe” license approved by the OSI, at least at the moment.
Of course I agree that MIT and GPL or LGPL make sense in some cases, but I would say in general they don’t protect users’ freedom anymore in today’s cloud-first world.
Yes.
Anyone who cares about user freedoms is not choosing a permissive licence.
The problem is developers only caring about themselves and other developers.
When I talk to devs I know who like FOSS, they are always focussed on their needs as a dev when it comes to licences. The real concern was, and always should be, for the software user’s freedoms.
God forbid developers earning something for their work
Developers should absolutely get paid for their work, but as @[email protected] said, that is is a different issue. There are plenty of companies that employ developers of FOSS code, both copyleft and permissive licence.
uutils developers aren’t earning any more than coreutils developers. This is an orthogonal discussion.
To quote Brian Lunduke, because the GPL is viral and functioning systems licensed under the GPL have been published, if a future Rust-based MIT version of Linux ever comes out, we can just “Fork it, then we’ll have our own Linux.”
To paraphrase Brian Lunduke: This software has gone woke! That software has gone woke! Boo woke software!
How does permissive licensing lead to corporate takeover? Companies can do proprietary forks of permissively licensed foss projects, but they can’t automatically take over the upstream.
Permissive licensing can create what is effectively “software tivoization” (the restriction or dirty interpretation of distribution and modification rights of software by the inclusion of differently-licensed components).
The Bitwarden case is a good example of how much damage can be done to a brand with merely the perception of restrictive licensing. obviously, bitwarden has clarified the mess, but not before it was being called ‘proprietary’ by the whole oss community.
So I don’t think op is referring to direct corporate takeover, but damage caused by corporate abuse of a fork.
I like non-copyleft licenses for one reason. Imagine if ffmpeg devs were like:
so many security vulnerabilities, your free labor is bad
thanks for pointing that out, it’s not longer free
Most devs (including me) want to have some control over what they made. Permissive licenses allow rugpulling project if someone is using it while making YOU do stuff. ffmpeg is a great example. You may not like it but that’s how it is.
I’m not sure I’m following. The owners of the code can re-license anytime they want, and even dual-license or license on a case-by-case basis. Would require a contributor license agreement to be practical though, and it looks like ffmpeg may not have one.
