The issue of licensing


#1

As discussed in 2x02, it would appear that the GPL is falling out of favour. My point of view is that this is because for a new developer (imagine a new JS developer, for example), there’s no easy way (not that I can find) to compare licenses without having to read through pages of legal and ethical view points.

I think a good method to address this would be to have a simple table, for example on GitHub when creating a repo, that shows the headline features of each license (including some ethical points). I am also debating in my head whether or not hosting sites, such as GitHub, should enforce that a license is included. What are your thoughts?


#2

I can’t see “pick a licence” enforcement being popular on GitHub. Not every repo contains code, not every repo is public. Picking a licence should be a thoughtful, measured process, rather than a “ohshitgottapickalicenceummmokthatone” frantic donkeytail mistakefest.


#3

Whilst it isn’t exactly what you are looking for this is a great resource for summarising licenses so it makes it easy to see which has what you want:

https://tldrlegal.com/

They are bringing in a comparison tool soon.


#4

My thoughts
@LinuxJedi I didn’t know about that site, thx for sharing the link

@neuro

Picking a licence should be a thoughtful, measured process

aggree, but i would like to add “…and demand-driven…” to the set of properties of that process.

Because i don’t think it’s reasonable to ask from everybody to put effort into this licensing in general unless someone cares in particular.

So, as an example let’s say @sil puts something on github just to display it (sorry if i understood you wrong on the podcast on that point), then that’s fine. Making up his mind on licensing is just a waste of time.

Now assume in 1 out of 10 times, someone wants to use it. Then they can ping him and ask him to license it, and then making up his mind would actually be beneficial to anyone.


#5

Whilst that is great in theory that isn’t how it works in practice. The reality is one of two things:

  1. The code is assumed public domain and just used (this is wrong, but it does happen)
  2. The code is avoided with a 20 foot barge pole because there is no guarantees there won’t be a legal minefield behind it.

Not having a license is a good way for code to be abused or die.


#6

There’s no motive to fix this problem.

Github could do one of the following:

  1. Declare that all code not declared to be under a specific licence is some open source licence: let’s say, MIT, for the sake of argument. This screws two sets of people:
    a. People who have their code under a specific licence but haven’t declared it in a way that Github will autodetect. For example, you’re not obliged to have a file name LICENSE. If in my README.txt I say “this code is under the GPL”, that’s perfectly legitimate, but Github won’t know that (and can’t realistically code a way to recognise all ways of declaring a licence on some code) meaning that I’ll have said it’s GPL but Github say it’s under MIT, which is at best confusing and at worse Github attempting to unilaterally relicence my code without my permission!
    b. People who don’t want their code to be under a specific open source licence for some reason; Github have now declared that their code is MIT when they didn’t want that. Github would then have to also declare that “all code pushed to Github has to be under an open source licence unless you pay for private repos” or something, which would be immensely bad PR for them and cause at least some people to move away from Github and to somewhere else, which is bad for Github and so they aren’t going to do it.
  2. Declare that all code pushed to Github which doesn’t have an explicit LICENSE file is under no licence (which is the current actual legal state of affairs) and put a banner on such repos saying “This code isn’t declared to be under any licence which means that it’s proprietary and you can’t use it”. This would be a pretty big nudge to people to make such a declaration, and as such would be good for the open source world, but it’d be really bad for Github because they’d go from being “big repository of code you can use” to “big repository of code most of which you can’t use”. Yes, this is actually the case right now – you can’t use unlicenced code – but at the moment that’s your problem. If Github start highlighting that problem then it switches from being your problem to check out into being their problem for being a repo of unusable code, which makes them look bad and so they aren’t going to do it. Regardless of whether it would be better for the open source world were they to do so. (Note: this would also screw people in state 1a above, where their code is licenced but not in a way that Github autorecognises, and would maybe be worse; I release GPL code, Github doesn’t recognise that it’s GPL, they declare the code can’t be used when actually it can. This moves from “you have to identify your code as GPL” into “you have to identify your code as GPL in a way that Github recognises”, which is the sort of thing that Stallman et al will get all narrow and shouty about.)
  3. Do what they’re doing now, i.e., nothing; it’s your problem to identify.

I can see why they’re doing (3), even though it’s bad for our community.

tl;dr: “Not having a license is a good way for code to be abused or die” is true, but there’s no way for Github to improve this situation without making Github look bad, and therefore they won’t do it.


#7

I wonder if this is even legal?

On one hand, many services say “by ticking this box you agree to all the shit in our EULA” (see Human Centipad from South Park), but on the other hand, I would imagine that the law requires that licensing something requires an explicit decision, as opposed to a default setting.

Even if this were legally doable, I suspect the reason in GitHub and other platforms to not require a license at repo creation time is that it will likely result in a significant drop-off for final repo creation as many people get stuck at that question.

Even though, speaking personally, I do believe it is the (and this are heavy words), moral responsibility, for code hosting platforms to at least encourage the user to make a decision (e.g. have a simple Creative Commons style license picker on repo creation, but then allow people to skip it if needed).

Otherwise, we will end up with a load of unlicensed code that is not particularly useful to anyone.


#8

@sil, Github says: “GitHub is free to use for public and open source projects.” That’s their banner sized definition on their pricing page. And it is poor, because conflates “public” and “open source” depending on how you read it. I read it as: My documents are public, so I should say so with a CC license; My code is open source, so I should say so with an OSI approved license. Forcing the repository builder to use a license file is goodness from both a legal clarity perspective, AND from their own business clarity perspective. What would make them unpopular would be sending a bill to every repository owner without a license. That’s a very different thing. They’ve been lazy. It requires them to clean up the mess they created. They don’t get to play dumb. Flickr and every photograph sharing website were pretty clear from the start. Github should have been as clear.


#9

It doesn’t. That’s precisely the point I was trying to make. It should, but it doesn’t. It would be better for open source as a whole were Github to fix this mess that they’ve made, but it would be worse for Github, and they aren’t obliged to do it: therefore they will not do it. It is unfortunate that we’re in this state of affairs, but Github are a publicly traded company who have taken venture capital investment. The chances of them doing something detrimental to themselves because it benefits the community they ostensibly serve are slim and none, and slim is out of town.


#10

Tables and license choosers are a little difficult to get “correct”. Because of the history of licenses, some popular ones still have problems (with legal venue for example). I tried to get around that once with a blog post “Everything you need to know about licensing in 2 minutes”.

The US Copyright Office applied copyright to software in 1980. It was probably a poor idea in hindsight. (Software is way too dynamic to have been protected by copyright.) Stallman’s brilliance wasn’t necessarily his articulation of software freedom or the creation of the original GPL, but his very simple hack on copyright law in 1985. Copyright law says you the copyright holder NEEDS to say who can do what with your photo/essay/code/drawing/performance etc. Everyone expects that to be on a per request basis (messy – especially with sharing on the Internet) or a license basis (give me money). He simply declared a licensing concept that said: Great – I give you permission to do anything you want if you adhere to the following requirements. That’s the simple hack on which all open source licensing depends. For the minor investment in stating a license up front, which also defines the collaborative culture you want to instill, anyone can then get on with using your software to their own ends.


#11

So I agree that it would be unreasonable, bad form, and very bad PR to:

  • Send a bill to anyone with a “license” free repository. (This is actually against their own terms.)
  • To stamp a banner on every project page without a license, saying in BOLD BLINKING RED TEXT that this code is presently unlicensed so you will need to get permission to use it.
  • To threaten to take down any page without a license as it’s clearly not open source, or freely licensed content.

But why is it bad form to tell anyone that is getting free service to please add a LICENSE file to your free repository so your publicly viewable account is publicly usable? There are ways to make the creation of such a file easy. It is leadership.

They aren’t public at present. I would argue they can’t go public until they clean up the legal mess they’ve created for themselves by allowing “publicly viewable” (so free account) to be conflated with publicly usable. They are doing themselves and the entire industry of less experienced software developers a disservice. And frankly, at this point in their success, if they refuse to fix it, they deserve every malicious damages suit they receive and the bad PR that goes with such things.


#12

Whatever Github do in this situation will result in some non-zero number of people choosing to take down their repositories, or leave them unlicenced, or choose to not use Github for future things. That’s detrimental. As a reward for accepting this detriment, they get… what? Nothing. The open source community get something, but Github don’t, and I really don’t think they care; I imagine that they are severely paranoid that one day the seesaw tips and they stop being the cool thing and everyone goes to gitlab or bitbucket or virtual_reality_vcs_services or TelepathyHub or something. This is a pathological situation to be in, certainly, but that’s what happens when a big VC-funded company owns a big chunk of the open source infrastructure. I think this argument needs a carrot for them as well as the implied stick, otherwise it’s absolutely in their best interest to avoid engaging with it and just hide under the duvet every time someone asks this question… especially since most people don’t ask this question because mostly it’s only old-style open source people and enterprise lawyers who would even know to ask it.


#13

Well I feel old now.


#14

You are young, virile, and handsome, as evidenced by:


#15

No, copyright law says the copyright holder is the owner of the created work. No-one needs to say anything about what can be done with your photo/essay/code/drawing/performance etc. because the default is “nothing”. Someone can ask you what you, as the copyright holder, will permit them to do with the created work on a case by case basis, unless or until you explicitly declare, using a copyright licence, what they can do with it by default.

This is why copyright is A Good Thing, because it allows, for a limited period of time, for you to decide what happens with your work. If you want to exploit it in any way you please, you can. Once that limited period of time has passed, the public domain applies.

I know this isn’t always the case, with shit copyright extension legal battles, but as an idea, it’s a good one.

And then if you, feeling magnanimous, decide that, either from the beginning or at some point down the road, you want others to use your work as they please, with as many or as few restrictions as you like, you can.

But the default position of any public publishing platform can, and should, be “this is my stuff, and I want you to appreciate it, but if you want to exploit it on your own, please reward my time and effort and ingenuity by providing me with kudos/pizza/beer/monetary units/whatever”. If you want to engage on the magnanimity scale on some level, then you can take the deliberate step to do so, but at all times, your rights as the creator of the work are protected.

Unless you don’t have a fucking clue what licence you’re applying, in which case, qa’pla!


#16

Yeah, because 9 year old video of anyone is good evidence about how young they are… :slight_smile:


#17

We are old-style open source people, dude. Embrace it :slight_smile:


#18

@ralight’s a dead ringer for Aaron Seigo at one frame!


#19

@neuro: I completely agree with every thing you say about copyright and how to handle it. My snark in general is that there’s lots of good history and examples of publishing and explicitly claiming one’s copyright with an “all rights reserved” or pointing to a license. There were lots of good sites around sharing blogs, software, photos, etc. explicitly acknowledging the laws under which we live. For github to ignore that in the name of making free repositories available to folks making their work publicly viewable is … unhelpful/misleading/naive/ignorant.

Being “old” by @sil’s definition, I can find no nice way to view the problem created by github.

That said, the concern I raised over the application of copyright to software in general as “probably a poor idea” was simply an observation in how it was applied. I completely agree with protecting an author’s creation, and an author’s choice in how they control it. (Copyright is generally about protecting the channel but in software creator and publisher were historically generally pretty close to being the same entity.) Works protected by copyright don’t tend to change quickly. Books might have different editions, but they’re generally the same content with small corrections or additions in subsequent editions. Regardless of how many times Scott wants to release Blade Runner, most movies have at most two cuts, and having more than one is a pretty modern thing because the cost of distribution continues to plummet. When you get to a WWW full of software, and the friction entirely removed from developing new derivatives of software, copyright to protect a channel starts looking to me to be a poor choice.


#20

Sure, GitHub are not obliged to do anything. They weren’t obliged to add +1 buttons to issues, but they did it because GitHub users were crying out for it. For GitHub to remain competitive they need to react to the market and the needs of the market. This in part means that they should be receptive to not just the needs of the developer, but the needs of the ecosystem too.

I would argue that the ecosystem really needs to have clarity on the licensing of code. I know you and I both agree that people should not have to care about licensing as much as licensing dorks like @stephenrwalli ( :slight_smile: ), but I do believe that a way to solve this problem is that key providers of functionality in the commons should help to resolve common issues. It is the same principle that the way you get kids to make smarter food choices is to get schools to adjust what they offer and how they lay those offerings out - this is more effective than convincing each kid.

(firstly, they are not a publicly traded company, they are a private company with venture funding. :slight_smile:)

Why is adding features to bring better clarity to licensing in open source projects “detrimental to themselves because it benefits the community”?

GitHub’s bread and butter is the open source ecosystem. The only reason why GitHub is a game in town is because they became the de-facto standard for where people put code online to share and collaborate. I would argue that any functionality that the open source community needs to be successful is by definition important for the future success of GitHub to retain their dominant position in this regard.

Now, if your point is whether GitHub are aware of the importance of these needs and will not resolve them anyway is more a question as to the individual competencies of the company.


Please respect our code of conduct which is simple: don't be a dick.