Reads, Takes and Links

A quick summary of my understanding of software licensing and IP, when it comes to building digital products

If you want to build an open source product or service, or indeed open source an existing product, it’s worth being aware of the key licenses, and in general what they do. In this post, I share how I see them.

Before we go further – I’m not a lawyer. This is my rough understanding, as someone who writes code, makes product decisions, and has followed the industry for the last ten years or so.

Please consult an actual lawyer before making a decision, obvs.

Intellectual property – licensing versus trademarks

Intellectual property comes in many, many flavours, depending on where in the world you are, but generally speaking, when thinking about software projects, it’s helpful to think of copyright and ownership of code, as separate from discussions of design and trademarks.

It’s useful to think of them separately, as they’re about different questions – ownership of code is being allowed to make copies of a program, and use it in your own software, or make you pay for access to it.

Design and trademarks, as I understand them are more about stopping people passing off work as theirs, or using a name or design in a way that might confuse others with something made by you or your organisation.

Because they solve different problems, it’s useful to think of both if you’re thinking about opening up a project or the code within it.

Examples of trademarks in use

You’ll often see an organisation licensing code itself under a relatively permissive license, but retaining control of a brand. They assert ownership of a trademark, and only allow distribution if you follow specific guidelines.

Examples

You can see this with Mozilla Firefox, or WordPress, or the Django project.

With Mozilla’s Firefox, if you wanted to distribute the software and bundle a different search engine, you couldn’t call it Mozilla Firefox for a long time. For this reason, for a number of years, Firefox when packaged in the Debian Linux operating system, was branded as IceWeasel. This explainer article here outlines why.

You see the same with WordPress. You can happily copy WordPress code, and use to host a website, but you need to follow certain guidelines to use the word “WordPress” in your marketing or external comms. You can see guidance directly from the WordPress Foundation here.

You also see the same with the Django Project. If you want to put on an event and use the name “Django”, you need to follow the guidance on how you can use the name. This doesn’t stop you using the code to build totally new products though.

With me so far? Trademark might helps you control how people talk about a project or product, but that’s not the same as controlling how people are allowed to copy the code in a project.

For that, it’s more common to talk about licensing, and licenses. I’ll outline a few of the popular licenses you might see online:

Examples of licensing in use

MIT/ FreeBSD / Apache

These are very permissive licenses used by software like Django, and Ruby on Rails, and Redis (although not all the code from Redis Labs is licensed this way)

You can include software with these licenses into larger products, that you can sell as a something people pay to download, or pay to use.

Other people can do this too – so if you licensed your code under the MIT license, it would be legal for say… Google or Microsoft to copy the code and provide a service, making their own improvements and not sharing anything back to the original project.

An concrete example of this would be how the big cloud providers have been able offer Redis as as a hosted service for ages, with needing to pay any money back to Redis Labs, the primary stewards of the software.

You might use these licenses when you want to increase the likelihood of people using your code, and building products on top of it. The risk you run is that they do not share back their changes, or they capture most of the value instead of you.

GPL – General Public License

If you worry about the above, you might choose the General Public License.

With this someone can run a hosted service, without sharing back their improvements. If you want multiple providers competing to offer your product, but you want to provide an incentive to do this (i.e keep the operational improvements so they can compete on providing a known, compatible product in a better way) , the GPL works here.

The GPL for example lets people offer WordPress and Drupal as hosted services, or indeed include them in entirely new services that build on top of them, without needing to pay a license fee or share back their changes to the original authors of the code.

Concrete examples of this this are WP Engine, or Pantheon, who provide specialised, managed hosting services without needing to share their code for the hosting platform back to anyone else.

What does the GPL stop you doing?

The GPL stops you selling a proprietary, shrink-wrapped product based on the code, and then stopping others from distributing it, by claiming copyright over the code.

This might feel a bit academic, but WordPress themes are useful example of here.

It’s not hard to find WordPress themes that are licensed with the GPL, and making these themes available for download, where you are expected to pay to get them, or use them.

You can still get the code freely if you search for it, or look on some torrent site, but if you’re looking for a theme, it’s often the support with implementation that you want, as much as the code itself.

If you tried to get in touch with the original creator of a theme who was trying to sell access to it as their main way of making money, and you asked them for free support making it work on your website… you’re not likely to be seen as priority to help versus someone who paid to download and use it.

This piece from wordpress host Linsta, is also helpful.

Some companies don’t touch GPL licensed code at all. Apple doesn’t let GPL code in the Apple store for example, largely because Apple’s user license for the Apple store stops you being allowed to copy an app you download and distribute to others. This restriction violates the GPL, so it’s seen as incompatible.

The most common GPL license you’ll typically see now is the GPL v3, but WordPress still uses the v2 version of the license.

AGPL – the Afferro General Public License

You can think of the Afferro General Public License as like the GPL, in that you can’t distribute a proprietary product based on GPL code and stop others copying it themselves, but more so.

It goes further, by closing what’s sometimes referred to as the hosting loophole. If you are making the code available over the network, you need to make the source available too.

For example, you probably couldn’t run a hosted service like Pantheon, or WP Engine if WordPress was licensed with the AGPL – this is because they depend holding back all the secret sauce they use to run their platform really well, and the AGPL would force them to publish it. From their point of view, this would typically make it harder for them to maintain a competitive advantage, as everyone would have access to the same “secret sauce” they use.

As an example, the MongoDB server used to be licensed under the AGPL. Although I’m not a lawyer, I can see a scenario where this license would be one of the reasons that Amazon took a relatively long time to release DocumentDB, their hosted Mongo-DB compatible service, when they’ve been able to provide hosted Redis, hosted Elasticsearch and hosted MySQL or Postgres services much earlier.

Rather than using the code directly, they’ve had to make something compatible with MongoDB, but without using any of that AGPL licensed code.

Like the GPL, some large companies have blanket bans on software using the AGPL. Google is an example. Using this license can mean that if you want to work with them, you’ll need the option of offering a project under a second, different license.

A number of projects, like the Neo4J graph database were dual licensed for this reason – you could use it for free as long as you agree to share back under the terms of the AGPL, but if you want to build something and not share, you’d need to pay for a commercial license.

You can see other examples here in the Searx open source search engine, or Viewflow, business process modelling software. Viewflow for example can be used freely under the AGPL, but if you want a to make a proprietary product you’d need Viewflow Pro, a commercial licensed version of the same project.

What people use instead of the AGPL

Some organisations that used to rely on the AGPL to stop another provider rebadging their software and selling it as a hosted service, are increasingly licensing code under a different, permissive licenses, but applying extra licenses on opt of them.

You can see this in the Commons Clause in the case of Neo4j, or the Server Side License with MongoDB. Update: Neo4J dropped the commons clause. They just have GPL for the community version and a commercial license for the Enterprise version of their app.

Further reading

There’s a few sites that can help here, to provide some plain English pointers on licensing your software.

One is Choose a Licence from Github. The other from FOSSA, does a similar job, is TLDR Legal, which gives readable summaries of many, many licenses.

Simon Wardley’s thinking and commentary around how open source licensing can affect a product or service has been extremely useful for me too. This thread here on twitter is illuminating:

This piece from Simon Wardley outlines specific reasons to choose the GPL as a tool to establish ecosystem around a new product or service, as well as the trade-offs involved.

This post from Stratechery does a good job of spelling out the implications of the AGPL license in the context of the interplay between MongoDB and AWS.

This thread on twitter on the shortcomings of the AGPL for stopping 3d parties using it without contributing back



Posted

in

by

chris

Tags:

,