Software license allowing source code to be used, modified, and shared
Open-source licenses are software licenses that allow content to be used, modified, and shared. They facilitate free and open-source software (FOSS) development. Intellectual property (IP) laws restrict the modification and sharing of creative works. Free and open-source licenses use these existing legal structures for an inverse purpose. They grant the recipient the rights to use the software, examine the source code, modify it, and distribute the modifications. These criteria are outlined in the Open Source Definition.
The two main categories of open-source licenses are permissive and copyleft. Both grant permission to change and distribute software. Typically, they require attribution and disclaim liability. Permissive licenses come from academia. Copyleft licenses come from the free software movement. Copyleft licenses require derivative works to be distributed with the source code and under a similar license. Since the mid-2000s, courts in multiple countries have upheld the terms of both types of license. Software developers have filed cases as copyright infringement and as breaches of contract.
Intellectual property (IP) is a legal category that treats creative output as property, comparable to private property.[2] Legal systems grant the owner of an IP the right to restrict access in many ways.[3] Owners can sell, lease, gift, or license their properties.[4] Multiple types of IP law cover software including trademarks, patents, and copyrights.[4]
Most countries, including the United States (US), have created copyright laws in line with the Berne Convention with slight variations.[5] These laws assign a copyright whenever a work is released in any fixed format.[6] Under US copyright law, the initial release is considered an original work.[7] The creator, or their employer, holds the copyright to this original work and therefore has the exclusive right to make copies, release modified versions, distribute copies, perform publicly, or display the work publicly. Modified versions of the original work are derivative works.[8] When a creator modifies an existing work, they hold the copyright to their modifications.[9] Unless the original work was in the public domain, a derivative work can only be distributed with the permission of every copyright holder.[10]
In 1980, the US government amended the law to treat software as a literary work. Software released after this point was restricted by IP laws.[11] At that time, American activist and programmer Richard Stallman was working as a graduate student at the MIT Computer Science and Artificial Intelligence Laboratory. Stallman witnessed fragmentation among software developers. He blamed the spread of proprietary software and closed models of development. To push back against these trends, Stallman founded the free software movement.[12] Throughout the 1980s, he started the GNU Project to create a free operating system, wrote essays on freedom, founded the Free Software Foundation (FSF), and wrote several free software licenses.[13] The FSF used existing intellectual property laws for the opposite of their intended goal of restriction. Instead of imposing restrictions, free software explicitly provided freedoms to the recipient.[14]
In the 90s, the term "open source" was coined as an alternative label for free software, and specific criteria were laid out to determine which licenses covered free and open-source software.[15][16] Two active members of the free software community, Bruce Perens and Eric S. Raymond, founded the Open Source Initiative (OSI).[17] At Debian, Perens had proposed the Debian Free Software Guidelines (DFSG).[18] The DFSG were drafted to provide a more specific and objective standard for the FOSS that Debian would host in their repositories.[19] The OSI adopted the DSFG and used them as the basis for their Open Source Definition.[20] The Free Software Foundation maintains a rival set of criteria, the Free Software Definition.[21] Historically, these three organizations and their sets of criteria have been the notable authorities in determining whether a license covers free and open-source software.[22] There is significant diversity among individual licenses but little difference between the rival definitions.[16] The three definitions each require that people receiving covered software must be able to use, modify, and redistribute the covered work.[23]
Eric S. Raymond was a proponent of the term "open source" over "free software". He viewed open source as more appealing to businesses and more reflective of the tangible advantages of FOSS development. One of Raymond's goals was to expand the existing hacker community to include large commercial developers.[24] In The Cathedral and the Bazaar, Raymond compared open-source development to the bazaar, an open-air public market.[25] He argued that aside from ethics, the open model provided advantages that proprietary software could not replicate.[26][27] Raymond focused heavily on feedback, testing, and bug reports.[28] He contrasted the proprietary model where small pools of secretive workers carried out this work with the development of Linux where the pool of testers included potentially the entire world.[29] He summarized this strength as "Given enough eyeballs, all bugs are shallow."[30] The OSI succeeded in bringing open-source development to corporate developers including Sun Microsystems, IBM, Netscape, Mozilla, Apache, Apple Inc., Microsoft, and Nokia. These companies released code under existing licenses and drafted their own to be approved by the OSI.[31][32]
Open-source licenses are categorized as copyleft or permissive.[33] Copyleft licenses require derivative works to include source code under a similar license. Permissive licenses do not, and therefore the code can be used within proprietary software. Copyleft can be further divided into strong and weak depending on whether they define derivative works broadly or narrowly.[34][35]
Licenses focus on copyright law, but code is also covered by other forms of IP.[36] Major open-source licenses written since the late 1990s contain patent grants. These open-source patent grants cover the patents held by the developers.[37]Software patents cover ideas and, rather than a specific implementation, cover any implementation of a claim. Patent claims give the holder the right to exclude others from making, using, selling, or importing products based on the idea. Because patents grant the right to exclude rather than the right to create, it is possible to have a patent on an idea but still be unable to legally implement it if the invention relies on another patented idea. Thus, open-source patent grants can offer permission only from covered patents. They cannot guarantee that a third party has not patented any concepts embodied in the code.[36] The older permissive licenses do not discuss patents directly and offer only implicit patent grants in their offers to use or sell covered material.[38] Newer copyleft licenses and the 2004 Apache License offer explicit patent grants and limited protection from patent litigation.[39] These patent retaliation clauses protect developers by terminating grants for any party who initiates a patent lawsuit regarding covered software.[39]
Trademarks are the only form of IP not shared by free and open-source software. Trademarks on FOSS function the same as any other trademark.[40] A trademark is a design that identifies the distinct source of a product. Because they distinguish products, the same designs can be used in different fields where there is no risk of confusing similar sources.[41] To give up control of a trademark would result in the loss of that trademark. Therefore, no open-source license freely offers the use of a trademark.[42]
Trademark restrictions can overlap copyrights and affect material otherwise freely available.[43] The US Supreme Court described using trademark law to restrict public domain content as "mutant copyright".[44] In Dastar Corp. v. Twentieth Century Fox Film Corp., the court "caution[ed] against misuse or over-extension of trademark" law without providing a firm decision on those mutant copyrights.[45][46] Trademark overlap can leave open-source and free content projects vulnerable to a "hostile takeover" if outside parties file for trademarks on derivative works.[47] Notably, Andrey Duskin applied for trademarks on the SCP Foundation, a collaborative writing project, when creating derivative works based on SCP stories.[48]
Permissive licenses, also known as academic licenses,[49] allow recipients to use, modify, and distribute software with no obligation to provide source code. Institutions created these licenses to distribute their creations to the public.[49] Permissive licenses are usually short, often less than a page of text. They impose few conditions. Most include disclaimers of warranty and obligations to credit authors. A few include explicit provisions for patents, trademarks, and other forms of intellectual property.[50]
The University of California, Berkeley created the first open-source license when they began distributing their Berkeley Software Distribution (BSD) operating system. The BSD license and its later variations permit modification and distribution of the covered software. The BSD licenses brought the concept of academic freedom of ideas to computing. Early academic software authors had shared code based on implied promises. Berkeley made these concepts explicit with clear disclaimers for liability and warranty along with conditions, or clauses, for redistribution. The original had four clauses, but subsequent versions have further reduced the restrictions. As a result, it's common to specify if the covered software uses a 2-clause or 3-clause version.[51][52]
The Massachusetts Institute of Technology (MIT) created an academic license based on the BSD original. The MIT license clarified the conditions by making them more explicit.[53] For example, the MIT license describes the right to sublicense.[54] One of the strengths of open-source development is the continual process where developers can build on the derivative works of each other and combine their projects into collective works. Explicitly making covered code sublicensable provides a legal advantage when tracking the chain of authorship.[53] The BSD and MIT are template licenses that can be adapted to any project. They are widely adapted and used by many FOSS projects.[51]
The Apache License is more comprehensive and explicit. The Apache Software Foundation wrote it for their Apache HTTP Server. Version 2, published in 2004, offers legal advantages over simple licenses and provides similar grants.[55] While the BSD and MIT licenses offer an implicit patent grant,[56] the Apache License includes a section on patents with an explicit grant from contributors.[57] Additionally, it is one of the few permissive licenses with a patent retaliation clause.[58] Patent retaliation, or patent suspension, clauses take effect if a licensee initiates patent infringement litigation on covered code. In that situation, the patent grants are revoked. These clauses protect against patent trolling.[59]
Copyleft licenses require source code to be distributed with software and require the source code to be made available under a similar license.[34][60] Like the permissive licenses, most copyleft licenses require attribution.[61] Most, including the GPL, disclaim implied warranties.[62]
Copyleft uses the restrictions of IP law—contrary to their usual purpose—to mandate that the code remain open.[63] The term and it's related slogan, "All rights reversed", had been previously used in a playful manner by the Principia Discordia and Tiny BASIC; the modern usage begins with Richard Stallman's efforts to create a free operating system. In 1984, programmer Don Hopkins mailed a manual to Stallman with a "Copyleft Ⓛ" sticker. Stallman, who was working on the GNU operating system, adopted the term.[64] An early version of copyleft licensing was used for the 1985 release of GNU Emacs.[14][65] The term became associated with the FSF's later reciprocal licenses, notably the GNU General Public License (GPL).[66]
Traditional, proprietary software licenses are written with the goal of increasing profit, but Stallman wrote the GPL to increase the body of available free software. His reciprocal licenses offer the rights to use, modify, and distribute the work on the condition that people must release derivative works under a license offering these same freedoms. Software built on a copyleft base must come with the source code, and the source code must be available under the same or a similar license. This offers protection against proprietary software consuming code without giving back.[67][68] Richard Stallman stated that "the central idea of copyleft is to use copyright law, but flip it over to serve the opposite of its usual purpose: instead of a means of privatizing software, [copyright] becomes a means of keeping software free."[69]Free software licenses are also open-source software licenses.[70] The separate terms free software and open-source software reflect different values rather than a legal difference.[71] Both movements and their formal definitions require the covered work to be made available with source code and with permission for modification and redistribution.[16] There are occasional edge cases where only one of the FSF or the OSI accept a license, but the popular free software licenses are open source, including the GPL.[72]
Practical benefits to copyleft licenses have attracted commercial developers. Corporations have used and written reciprocal licenses with a narrower scope than the GPL.[74] For example, Netscape drafted their own copyleft terms after rejecting permissive licenses for the Mozilla project.[32] The GPL remains the most popular license of this type, but there are other significant examples. The FSF has crafted the Lesser General Public License (LGPL) for libraries. Mozilla uses the Mozilla Public License (MPL) for their releases, including Firefox. IBM drafted the Common Public License (CPL) and later adopted the Eclipse Public License (EPL). A difference between the GPL and other reciprocal licenses is how they define derivative works covered by the reciprocal provisions. The GPL, and the Affero License (AGPL) based on it, use a broad scope to describe affected works. The AGPL extends the reciprocal obligation in the GPL to cover software made available over a network.[74][32] They are called strong copyleft in contrast to the weaker copyleft licenses often used by corporations. Weak copyleft uses narrower, explicit definitions of derivative works.[75][35] The MPL uses a file-based definition, the CPL and EPL use a module-based definition, and the FSF's own LGPL refers to software libraries.[76]
License compatibility determines how code with different licenses can be distributed together. The goal of open-source licensing is to make the work freely available, but this becomes complicated when working with multiple terminologies imposing different requirements.[77] There are many uncommonly used licenses and some projects write their own bespoke agreements. As a result, this causes more confusion than other legal aspects. When releasing a collection of applications, each license can be considered separately. However, when attempting to combine software, code from another project can only be in-licensed if the project uses compatible terms and conditions.[78]
When combining code bases, the original licenses can be maintained for separate components, and the larger work released under a compatible license.[79] This compatibility is often one-way. Public domain content can be used anywhere as there is no copyright claim, but code acquired under any almost any set of terms cannot be waved to the public domain. Permissive licenses can be used within copyleft works, but copyleft material cannot be released under a permissive license. Some weak copyleft licenses can be used under the GPL and are said to be GPL-compatible. GPL software can only be used under the GPL or AGPL.[77] Permissive licenses are broadly compatible because they can cover separate parts of a project. Multiple licenses including the GPL and Apache License have been revised to enhance compatibility.[80]
Translation issues, ambiguity in licensing terms, and incompatibility of some licenses with the law in certain jurisdictions compound the problem of license compatibility.[81] Downloading an open-source module is straightforward, but complying with the licensing terms can be more difficult.[82] Because of the amount of software dependencies, engineers working on complex projects often rely on license management software to achieve compliance with the licensing terms of open-source components.[83] Many open-source software files do not unambiguously state the license, increasing the difficulties of compliance.[82]
Free and open-source software licenses have been successfully enforced in civil court since the mid-2000s.[85] In a pair of early lawsuits—Jacobsen v. Katzer in the United States and Welte v. Sitecom in Germany—defendants argued that open-source licenses were invalid.[86][87] Sitecom and Katzer separately argued that the licenses were unenforceable. Both the US and German courts rejected these claims. They ruled that the defendants could not have legally distributed the software if the licenses were unenforceable.[85][84]
Courts have found that distributing software indicates acceptance of the license's terms.[88] Physical software releases can obtain the consumer's assent with notices placed on shrinkwrap. Online distribution can use clickwrap, a digital equivalent where the user must click to accept.[89] Open-source software has an additional acceptance mechanism. Without permission from the copyright holder, the law prohibits redistribution.[90] Therefore, courts treat redistribution as acceptance of the license terms. These can include attribution provisions or source code provisions for copyleft licenses.[91][92]
Developers typically achieve compliance without lawsuits. Social pressures, like the potential for community backlash, are often sufficient.[93]Cease and desist letters are a common method to bring companies back into compliance, especially in Germany.[94] A standard process has developed in the German legal system. FOSS developers present companies with a cease and desist letter. These letters outline how to come back into compliance from a violation. German judges can issue a court-mandated cease and desist order to unresponsive companies. Civil cases proceed if these first steps fail. The German procedural laws are clear and favorable to claimants.[95]
Uncertainties remain in how different courts will handle certain aspects of licensing.[96] For software in general, there are debates about what can be patented and what can be copyrighted. Regarding an application programming interface (API), the European Court of Justice noted in the 2012 SAS Institute case that "ideas and principles which underlie [computer program] interfaces are not protected by copyright".[97] In a similar 2021 case, the US Supreme Court permitted the recreation of an API in a transformative product under fair use.[98]
A long-debated subject within the FOSS community is whether open-source licenses are "bare licenses" or contracts.[96] A bare license is a set of conditions under which actions otherwise restricted by IP laws are permitted.[85] Under the bare license interpretation, advocated by the FSF, a case is brought to court by the copyright holder as copyright infringement.[85] Under the contract interpretation, a case can be brought to court by an involved party as a breach of contract.[99] US and French courts have tried cases under both interpretations.[100] Non-profit organizations like FSF and the Software Freedom Conservancy offer to hold the rights to developers' projects to enforce compliance.[95]
When a copyright expires, the work enters the public domain, and is freely available to anyone.[102] Some creative works are not covered by copyright and enter directly into the public domain. In the early history of computing, this applied to software.[11] Early computer software was often given away with hardware.[103] Developed initially at MIT, the pioneering video game Spacewar! was used to market and test the PDP-1 computer.[104]
According to attorney Lawrence Rosen, copyright laws were not written with the expectation that creators would place their work into the public domain. Thus intellectual property laws lack clear paths to waive a copyright. Highly permissive licenses described as "public domain" may legally function as unilateral contracts that offer something but impose no terms.[105][106]
A public-domain-equivalent license, like the Creative Commons CC0, provides a waiver of copyright claims into the public domain along with a permissive software license as a fallback. In jurisdictions that do not accept a public domain waiver, the permissive license takes effect.[107] Public domain waivers share limitations with simple academic licenses. This creates the possibility that an outside party could attempt to control a public domain work via patent or trademark law.[108] Public domain waivers handle warranties differently from any type of license. Even very permissive ones, like the MIT license, disclaim warranty and liability. Anyone using the free software must accept this disclaimer as a condition. Because public domain content is available to everyone, the copyright waiver cannot impose a disclaimer.[102]
Use in proprietary software
Open-source licenses allow other businesses to commercialize covered software.[109] Work released under a permissive license can be incorporated into proprietary software.[110] Permissive licenses permit the addition of new terms, including proprietary ones.[111][112] Proprietary software has heavily integrated open-source code released under the Apache, BSD, and MIT licenses.[113]Open core is a business model where developers release a core piece of software as open source and monetize a product containing it as proprietary software.[114] The strong copyleft GPL is written to prevent distribution within proprietary software.[115][116] Weak copyleft licenses impose specific requirements on derivative works that may allow the covered code to be distributed within proprietary software in certain circumstances.[77]
Cloud computing relies on free and open-source software and avoids the distribution that triggers most licenses. Cloud software is hosted rather than distributed.[117] A vendor hosts the software online, and their end users do not have to download, access, or even know about the code in use.[118] The copyleft GNU Affero General Public License (AGPL) is triggered when covered code is hosted or distributed.[119] Some developers have adopted the AGPL, and others have switched to proprietary licenses with features of open-source licensing.[120] For example, open-core developer Elastic switched from the Apache license to the "source-available" Server Side Public License.[121]Source-available software comes with source code as a reference.[122]
Since 2010, the cloud model has grown in prominence.[117] Developers have criticized cloud companies that profit from hosting open-source software without contributing money or code upstream, comparing the practice to strip mining.[123] Cloud computing leader Amazon Web Services has stated they comply with licenses and act in their customers' best interests.[123][124]
^See Smith 2022, p. 102 for: Apache License version 2.0 in 2004, GPL version 3 in 2007, LGPL version 3 in 2007, and AGPL version 3 in 2007. See Smith 2022, pp. 95–101 for: MPL version 2.0 in 2012 and EPL version 2 in 2017.
Bernelin, Margo (2020). "The Compatibility of Open/Free Licences: a Legal Imbroglio". International Journal of Law and Information Technology. 28 (2): 93–111. doi:10.1093/ijlit/eaaa010.
Joy, Reagan (2022). "The Tragedy of the Creative Commons: An Analysis of How Overlapping Intellectual Property Rights Undermine the Use of Permissive Licensing". Case Western Reserve Law Review. 72 (4): 977–1013.
Oman, Ralph (Spring 2018). "Computer Software as Copyrightable Subject Matter: Oracle V. Google, Legislative Intent, and the Scope of Rights in Digital Works". Harvard Journal of Law & Technology. 31 (2): 639–652.
Ombredanne, Philippe (2020). "Free and Open Source Software License Compliance: Tools for Software Composition Analysis". Computer. 53 (10): 105–109. doi:10.1109/MC.2020.3011082.
Onetti, Alberto; Verma, Sameer (May 1, 2009). "Open Source Licensing and Business Models". ICFAI Journal of Knowledge Management. 7 (1): 68–94.
OSI (February 2023). "OSI Approved Licenses". opensource.org. Open Source Initiative. Retrieved December 23, 2023.
Sen, Ravi; Subramaniam, Chandrasekar; Nelson, Matthew L. (Winter 2008). "Determinants of the Choice of Open Source Software License". Journal of Management Information Systems. 25 (3): 207–239. doi:10.2753/MIS0742-1222250306.
Smith, Alexander (2019). They Create Worlds: The Story of the People and Companies That Shaped the Video Game Industry. Vol. 1: 1971 – 1982. Boca Raton, Florida: CRC Press. ISBN978-1-138-38990-8.