Please stop inventing new software licences (2020)

I&#x27;m not sure the title is the correct response. As in &quot;stop making software licenses&quot; is not the problem.<p>Clearly any business can license their software any way they like.<p>What caused the poster some confusion is that it was marketed as an &quot;open source&quot; product. Once he determined it was not an OSI approved license then that should be the end of it. It&#x27;s not Open Source. period.<p>By all means call them out on that - lots of people and companies are not licensing experts, and need guidance. I&#x27;ve helped people with this in the past and encouraged them to change to actual Open Source licenses that are compatible with their goals, and the goals of their community.<p>If anything the real headline should be &quot;stop calling your product open source when it doesn&#x27;t have an open source license&quot;.<p>[To be clear - I produce commercial software under not-open-source licenses. I&#x27;ve got no objection to folk doing that. I even ship the source with the product, and accept contributions back. But I don&#x27;t call it &quot;open source&quot; because it&#x27;s not &quot;Open Source&quot;. It&#x27;s something, sure, but it&#x27;s not Open Source.]

I will only add that non-standard licenses also hurt adoption, specifically in medium&#x2F;big businesses&#x2F;enterprises.<p>Most organizations understand common open source licenses and there&#x27;s usually a blank statement that allows teams to use GPL&#x2F;MIT&#x2F;whatever-licensed software.<p>Anything outside that subset of licenses (even if they&#x27;re permissive, open source or whatnot) requires a legal review and a lot of people won&#x27;t go through the pain of that process just to use a library&#x2F;service&#x2F;app. It&#x27;s easier to just choose something else.

&gt; The wording still precludes me forking this repo on GitHub.<p>AFAIK that&#x27;s irrelevant per GitHub&#x27;s TOS, which users agree to:<p><i>By setting your repositories to be viewed publicly, you agree to allow others to view and &quot;fork&quot; your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).</i><p><i>If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub&#x27;s functionality (for example, through forking).</i><p>AIUI you therefore always have the right to fork something on GitHub.<p><a href="https:&#x2F;&#x2F;docs.github.com&#x2F;en&#x2F;site-policy&#x2F;github-terms&#x2F;github-terms-of-service#5-license-grant-to-other-users" rel="nofollow">https:&#x2F;&#x2F;docs.github.com&#x2F;en&#x2F;site-policy&#x2F;github-terms&#x2F;github-t...</a>

Agree it&#x27;s complex, and when attempting to solve a particular problem you end up with yet another license every time.<p>What businesses in particular want is a &quot;Yes, you can read the code and yes you help if you want to, but you can&#x27;t use the code to make your own product&quot; source-available license (because they have devs to pay, and being able to keep doing that is the first thing they need to protect).<p>I think such licenses do sort of exist but they&#x27;re fragmented.<p>The root of this particular argument seems to the definition of Open Source meaning unconstrained use of source code, instead of source-available.

I wish there were more standard open-but-not-open-source licenses available. Or open-but-only-for-personal-use or open-but-cannot-distribute.<p>Something standard and vetted enough that projects like these could adopt instead of having to write themselves.

(2020). Also the very existence of 100+ OSI approved licenses means that there are some reasons (or incentives) to invent new software licenses after all.

Mostly unrelated to the article, but the title stirred up memories.<p>~20 years ago I stumbled across the &quot;Ё&quot; license, that granted you all rights you can dream of with one condition, you must use the letter &quot;ё&quot; in its right place all the time. It is a Russian story, with some people loving &quot;ё&quot; and whining that outside of children books you can&#x27;t find it, and other people trolling the first group by arguing that &quot;ё&quot; was a stupid addition from the very beginning, and even more stupid now.<p>Sadly I cannot google the text of the license now.

I’ve created a non-toy programming language, and at some point I intend on creating a package manager for it. The official repository for packages will require all code to be open source, and I’ve already decided to be opinionated about what that means. I’ll pick a handful of well known, and actual open source licenses (MIT, GPL, BSD, Apache Commons, etc) and require people that want to upload to this repo to select their license from the finite list. If they want to use another license, they are still free to do so, but they’ll have to stand up their own repository, and get users to add the repo to their sources list.<p>There’s just too many licenses, each with different (sometimes incompatible) requirements, so one advantage to being so opinionated is that you can add automatic checks to ensure you’re in compliance. For instance, if your library is MIT (only), you can’t use GPL dependencies. Most people probably don’t know this, so having tooling that helps enforce this ought to make things more compliant overall.

Almost all of the existing licenses were designed many years ago, before LLMs and enterprise cloud abused the open source model.<p>Only half jokingly, I wanted a couple months ago to change the license of a Javascript project I made to allow anyone to do anything with it, except train LLMs on it [1]. I couldn&#x27;t find anything, so I cobbled together something which I&#x27;m sure is not in proper legalize. What were my options otherwise?<p>[1] <a href="https:&#x2F;&#x2F;github.com&#x2F;mciucu&#x2F;stemjs&#x2F;blob&#x2F;master&#x2F;LICENSE">https:&#x2F;&#x2F;github.com&#x2F;mciucu&#x2F;stemjs&#x2F;blob&#x2F;master&#x2F;LICENSE</a>

Cyph cofounder here. To be clear, the primary purpose of the license change was to allow users to validate reproducible builds of our code against the production version of Cyph without fear of technically violating the Ms-RSL license. OP&#x27;s feedback was appreciated, but mostly unrelated to the license change except insofar as it reminded me to touch base with our counsel on the topic.<p>If there&#x27;s an alternative license to the Cyph-RSL that meets our needs, I&#x27;d be happy to consider it, but I don&#x27;t see any particular problem with the fact that we authored our own.

TFA:<p>&gt; What does &quot;intended&quot; mean here?<p>I don&#x27;t understand what problem the author have. We have lots of law and case based on intention.

In other words, please stop pretending you&#x27;re open source.

This article could be summed up with “many projects are engaging in open source&#x2F;free software cosplay”.<p>There are lots of projects that claim to be open source, and either are lying&#x2F;don’t have free software licenses (CapRover, for example), or don’t work like an open source project is expected to (VS Code, Chromium), denying patches being integrated even if they fit project standards and provide benefit to users.

AFAIKT, even the &quot;Popular&#x2F;Strong Community&quot; list on <a href="https:&#x2F;&#x2F;opensource.org&#x2F;license" rel="nofollow">https:&#x2F;&#x2F;opensource.org&#x2F;license</a> all just essentially say you don&#x27;t have pay for the source code, can&#x27;t complain to the authors if it goes wrong, and then some variations around not treating it as your own code.<p>(BTW their filters work funny)

Also worth mentioning that, in the time since this article was written, Signal Messenger is now post-quantum secure [1], and has always been free and actually open source.<p>[1] <a href="https:&#x2F;&#x2F;signal.org&#x2F;blog&#x2F;pqxdh&#x2F;" rel="nofollow">https:&#x2F;&#x2F;signal.org&#x2F;blog&#x2F;pqxdh&#x2F;</a>

I checked the Wayback Machine to see how the about page for cyph looked like [1], and it said &quot;open source&quot;, not &quot;Open Source&quot;. So, I don&#x27;t get what the beef is about.<p>[1] <a href="https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20200517031524&#x2F;https:&#x2F;&#x2F;www.cyph.com&#x2F;about" rel="nofollow">https:&#x2F;&#x2F;web.archive.org&#x2F;web&#x2F;20200517031524&#x2F;https:&#x2F;&#x2F;www.cyph....</a>

So many companies try to scam the community, by calling themselves open source but many are not. Great to see you checked and called them out.<p>We should support and reward the real companies that are actually open source, and who care about the community and transparency!

Reminds me of the old “Standards” xkcd <a href="https:&#x2F;&#x2F;xkcd.com&#x2F;927&#x2F;" rel="nofollow">https:&#x2F;&#x2F;xkcd.com&#x2F;927&#x2F;</a>

Its almost as if some companies <i>cough</i>Elastic<i>cough</i> want the upsides of being open source without having to, you know, actually be open source.

There&#x27;s nothing wrong with releasing software under a license that allows contributions but disallows commercial use, which is what Cyph was attempting to do:<p>&gt; We&#x27;re a small startup with a significant amount of time and money invested into the development of Cyph. We recognize the need for anyone to be able to review the code and verify our production build against it from a security perspective, but at the same time it would be problematic if an unrelated third party could just stand up their own instance of Cyph and directly compete with us at this stage. We would be much more inclined to fully open source Cyph at a later stage of the business.<p>I disagree with the philosophy of forbidding any contributions just because they are not fully open-source for commercial purposes.<p>This seems like a very common scenario for software that is almost &quot;open source&quot; except for not allowing commercial deployments. I would be surprised if there is no existing licence to cover this use case, but it will not be fully open source of course. Which again doesn&#x27;t mean that all contributions need to be forbidden.

Please fit in the exact little box that I have of you in my mind and stop deciding for yourself what you want to do with your stuff.<p>I beg your pardon!?

Microsoft dropping &quot;open source&quot; licenses into the Open Source ecosystem? Why am I not surprised? The ghosts of their &quot;Linux is Cancer&quot; campaign just cannot die.

This is why I like Fair Source License. It protects the company&#x27;s IP but gives a community legal ways to contribute &amp; use software for their needs.<p><a href="https:&#x2F;&#x2F;fsl.software" rel="nofollow">https:&#x2F;&#x2F;fsl.software</a>

Going one level up from the title one should want to avoid OSI licenses. Their original purpose was to approve new licenses. MIT, BSD, and the GPLs already existed, so OSI &quot;approving&quot; more was IMHO not very helpful. Anyone not satisfied with those options was usually trying to add some level of control. Even with a well written new license you cause developers problems wondering about &quot;license compatibility&quot; when they try to combine code under different licenses - a practice that is really useful but often overlooked by license creators.

You know what I hate about these days is this is a blog I enjoyed but then I got to the post about hacktoberfest and it occurred to me, what if this was all written to advertise hacktoberfest and the author got paid in some way for this? What bothers me about it isn&#x27;t whether or not it happened, it&#x27;s that I questioned the authenticity of the author simply because he posted a link and what if he did so because he was paid to do so as opposed to simply being interested. Which is exactly the internet I want to live in. One where people write interesting things and share links to other interesting things.