I ask this because I think of the recent switch of Ubuntu to the Rust recode of the GNU core utils, which use an MIT license. There are many Rust recodes of GPL software that re-license it as a pushover MIT or Apache licenses. I worry these relicensing efforts this will significantly harm the FOSS ecosystem. Is this reason to start worrying or is it not that bad?
IMO, if the FOSS world makes something public, with extensive liberties, then the only thing that should be asked in return is that people preserve these liberties, like the GPL successfully enforces. These pushover licenses preserve nothing.
The switch to permissive licensing is terrible for end-user software freedom given that corporations like Apple and Sony have leeched off of FreeBSD in the past to make their proprietary locked-down OSes that took over the market. Not sure what would happen if RedoxOS became usable in production, but if it turns out to function better than Linux enough to motivate corporations to shift their focus to it, open source versions for servers would probably still exist, but hardware compatibility on end-user devices would be at higher risk than before as vendors switch their support and stop open sourcing stuff. Or they keep focusing on Linux for server stuff due to the GPL license and the fact that their infrastructure is already on it.
Coreutils has little commercial value to take can create a proprietary fork of. There is little value that can be added to it to make it worthwhile. The same is for sudo - which has had a permissive licence from the start. In all that time no one has cared enough to fork it for profit.
Not saying that is true of every project. But at the same time even GPL software has issues with large companies profiting off it and not contributing back. Since unless you are distributing binaries the GPL does not force you to do anything really. See mongodb and their move to even more restrictive licences.
The GPL is not the only thing that stops companies from taking open software. Nor does it fully protect against that.
Not does everything need to be GPL. It makes sense for some projects and less sense for others. Especially libraries as that basically forces no company from using them for anything. Which is also not what you want from a library.
Okay then; what licence can we use to force any entity using a library to make their project open-source?
EDIT: clarification
None. The closest you can get is the AGPLv3.
If you go further, it will no longer be open source. This is the case for the Server Side Public License (SSPL) for example. It requires the entire system configuration to be released under the same license*. This sounds “open source friendly” but it’s actually just a proprietary license because it’s not realistically possible to legally comply with it. You cannot run standard hardware without proprietary firmware, which means you cannot run SSPLed software on it legally.
*This only applies if you host the software as a service but the result is the same. It basically violates the freedom to use the work for any purpose.
I don’t think there is a good license for that. The ones MongoDB used turned the open source community against them. But that is not really my point. I just mean that some projects using MIT won’t suddenly mean every company will start stealing and closing that software. Some things like coreutils and sudo just don’t have the commercial value to make that worth the effort. So there is no real need to worry about these two projects IMO. Other projects are a different story altogether though. Each project needs to make its own decision on what licence best suits it. The GPL is not the one and only license that is worth using.
I would say AGPL is the “safest” license still approved by the OSI. Could you share your opinion?
There is no one size fits all safest option. Details matter and each project needs to read the licenses and decide on which suits their needs best.
MIT is probably the safest option for a company creating a library wrapping their service where there is no real value in others taking that code. Or for simpler libraries that are fairly easy to reproduce so the need to steal the code is low. Or you just don’t care what others do with the code.
GPL is probably safest for some hobbies that does not care about companies and just wants everyone that is using their project to not bake it into a product they distribute. But also means companies likely wont want to use your project if it is a library.
LGPL might be a good option for library code if you want other companies to use and contribute back to some complex library you are using that is hard to reproduce in isolation.
Other licenses are needed if you want to prevent other hosted services from using your project without contributing back.
Different licenses exist for different reasons and it all depends on what you want for your project.
Thanks for sharing your opinion and expanding.
In the past I used to think the same. Or rather, probably naïvely, I considered the GPL to be a bit of a nuisance, and preferred LGPL or MIT software.
Now I’ve changed my mind and started preferring AGPL for all my code. If a big company likes your MIT or LGPL code, they can legally steal it. If it’s GPL at least you get some safeguards, but they can still take it and put it on a server without the need to release the source code. That’s why I started to believe AGPL is the only “safe” license approved by the OSI, at least at the moment.
Of course I agree that MIT and GPL or LGPL make sense in some cases, but I would say in general they don’t protect users’ freedom anymore in today’s cloud-first world.
Yeah, Ubuntu actually isn’t the first distro without GNU coreutils. Beyond Android and Busybox, there’s also stuff like Talos, which is something like … Kubernetes/Linux.
IME something like Kubernetes/Linux running “distroless” containers have a huge potential to displace traditional GNU/Linux in the server market, and I wouldn’t be surprised if someone manages to build a desktop out of it, either.
Removed by mod
Let’s see how this goes then revisit the question.
Yes.
Anyone who cares about user freedoms is not choosing a permissive licence.
The problem is developers only caring about themselves and other developers.
When I talk to devs I know who like FOSS, they are always focussed on their needs as a dev when it comes to licences. The real concern was, and always should be, for the software user’s freedoms.
God forbid developers earning something for their work
Developers should absolutely get paid for their work, but as @mina86@lemmy.wtf said, that is is a different issue. There are plenty of companies that employ developers of FOSS code, both copyleft and permissive licence.
How does permissive licensing lead to corporate takeover? Companies can do proprietary forks of permissively licensed foss projects, but they can’t automatically take over the upstream.
Permissive licensing can create what is effectively “software tivoization” (the restriction or dirty interpretation of distribution and modification rights of software by the inclusion of differently-licensed components).
The Bitwarden case is a good example of how much damage can be done to a brand with merely the perception of restrictive licensing. obviously, bitwarden has clarified the mess, but not before it was being called ‘proprietary’ by the whole oss community.
So I don’t think op is referring to direct corporate takeover, but damage caused by corporate abuse of a fork.
I like non-copyleft licenses for one reason. Imagine if ffmpeg devs were like:
so many security vulnerabilities, your free labor is bad thanks for pointing that out, it’s not longer free
Most devs (including me) want to have some control over what they made. Permissive licenses allow rugpulling project if someone is using it while making YOU do stuff. ffmpeg is a great example. You may not like it but that’s how it is.
I’m not sure I’m following. The owners of the code can re-license anytime they want, and even dual-license or license on a case-by-case basis. Would require a contributor license agreement to be practical though, and it looks like ffmpeg may not have one.
To quote Brian Lunduke, because the GPL is viral and functioning systems licensed under the GPL have been published, if a future Rust-based MIT version of Linux ever comes out, we can just “Fork it, then we’ll have our own Linux.”
To paraphrase Brian Lunduke: This software has gone woke! That software has gone woke! Boo woke software!
Why are they pushover licenses? Because they don’t force people to contribute back? Because a lot of companies aren’t doing that for GPL licensed software either.
Also not really sure how this would allow a takeover, because control of the project is not related to the license.
It’s not so much about forcing to contribute, but rather keeping companies from selling commercial forks/having checks against profiting from work that happens to be freely available.
You can profit from GPL software. The only restriction is if you distribute it you also need to distribute modifications under the GPL.
GPL also does nothing for software as a service since it is never distributed.
GPL even explicitly allows selling GPL software. This is effectively what redhat do. They just need to distribute the source to those that they sell it to.
I’m thinking of the Apache project, and all the important projects it covers that are under an Apache license and I’m not sure where the sudden worry comes from.
HTTPD and Nginx have had very permissive licensing for years and seem to do fine.
The GPL doesn’t force to contribute. But if you make changes to it, you need to have these changes reflect the liberties you yourself received. Megacorporations use the so-called “Explore, Expand, Exterminate” model, the GPL stops this from happening.
You can just wrap the software in a binary and interact with the binary and you will likely elude the GPL terms. This is kinda grey area but it would be hard to win against it in court. (I am not a lawyer)
I mean that broadly because nobody will make proprietary Coreutils or sudo as someone already pointed out.
One side community wants total GPL take over and one side they don’t support total GPLv3 licenced Operating system like
Removed by mod
Most Open Source software is written by corporations. The Open Source licenses are an advantage to them.
The biggest source of GPL software is probably Red Hat (IBM). They maintain most of what people think of when they think of GNU software and they wrote many of the newer GPL projects that everybody uses (like systemd).
The trend has been towards permissive licenses for a long time. The have led to more Open Source software, not less.
Look at Clang vs GCC. Clang attracts a greater diversity of corporate contribution and generates greater Open Source diversity. Zig and Rust appeared on LLVM for a reason.
What we should be worried about is the cloud. It allows big companies to outsell the little companies writing Open Source software. Neither permissive nor copyleft licenses prevent this.
Also on that topic, very interesting read:
It is concerning, yeah. I usually license my own software with MIT, but, not all of it, and I think GPL is very important for Linux.
deleted by creator
