The issue of licensing


#21

To the original post, the GPL is falling out of favor for a very simple reason: licensing pressure. I spoke about this a decade ago (http://www.zdnet.com/article/day-3-stein-in-5-10-years-most-of-the-software-you-use-will-be-free/)

TL;DR: given the choice of a permissively-licensed library, and a GPL one … a developer will always go with the permissive license.

Developers drive the licensing, as end-users rarely care. So we will always see developers demanding permissive code. That applies pressure to library/software providers to license more permissively.


#22

I think this depends on whether you are talking full applications or libraries. Libraries will be permissively-licensed for the reasons you mentioned. Not even LGPL is really good enough for many developers.

But full applications/systems such as the kernel or MariaDB, I don’t really see developers shying away from using it.


#23

[quote=“jonobacon, post:20, topic:11045”]
Sure, GitHub are not obliged to do anything. They weren’t obliged to add +1 buttons to issues, but they did it because GitHub users were crying out for it. For GitHub to remain competitive they need to react to the market and the needs of the market. This in part means that they should be receptive to not just the needs of the developer, but the needs of the ecosystem too.[/quote]

Adding +1 buttons made them look better, so yes they did it. Doing something about unlicensed projects makes the ecosystem better but makes Github look worse: my contention is that they will therefore not do it; they will not be prepared to make themselves look worse, even if the reason for it benefits the ecosystem and even if it’s their fault in the first place.

I agree with this. However, just because the ecosystem really needs it does not mean that Github really have to provide it! If Github could help there be clearer licensing of code and look good by doing it, of course they’d do it! But they can’t; all they can do is benefit the ecosystem while making themselves look worse.

(yeah, my fault there, I thought they’d IPOed already, @stephenrwalli pointed out my wrongness as well)

You’re misreading my sentence, possibly because it wasn’t well-worded :slight_smile: Full context:

The chances of them doing something detrimental to themselves because it benefits the community they ostensibly serve are slim and none

This does not mean “doing this thing makes the community better and therefore it is bad for Github, because things that are good for the community are bad for Github”.

It means “there are things that Github should do because they are a good thing for the community. Some of those things, despite being good for the community, are bad for Github themselves. I, Stuart, think that if Github were a Christian saint of some kind then maybe they would do things which are good for the community and bad for themselves, but they are not a saint and therefore are very unlikely to do this thing, and the reason they are very unlikely to do this thing is that it is good for the community and bad for Github themselves.”

Let me try explaining this a different way.

Stuart’s Proposition: “Github will avoid doing anything about unlicensed projects for as long as they can, because anything they could do will make themselves look worse, regardless of whether it would be better for the larger open source ecosystem for the problem to be fixed”.

Arguments that I’m wrong take, I think, one or more of the following forms, or maybe there’s another:

Fixing the problem will not make Github look bad because there is a way of fixing it you didn’t list in the post above: cool, I’d like to hear that way, because I can’t think of one

Fixing the problem will make Github look bad but that doesn’t stop them doing it, because they are so invested in the open source community that they are prepared to do a thing which is good for the open source community even if Github themselves take a reputation and monetary hit by doing so, i.e., they are a saint. I believe this to be bullshit, but if someone can make a credible-sounding argument that it’s the case, I’ll listen.

Fixing the problem will make Github look bad but that doesn’t stop them doing it, because fixing this will provide enough good PR about “Github fixes unlicensed software problem” that it outweighs the hit they’ll take, i.e., they think that looking like a saint makes you look good enough that it’s OK if you actually get a kicking while doing so. I would like to believe that they aren’t this rankly hypocritical, and besides I don’t think it’d work because the PR bounce they’d get is short term and the hit is long-term.


#24

I don’t think github can “solve” this without using one of the extreme examples above. They could attempt to reduce the problem though. How about a notice like “hey, we noticed your repository doesn’t appear to have a license, this means other people can’t use your code.” along with help me choose a license and go away, never mention this again buttons.

It wouldn’t force anybody to do anything and gives an easy out, but might at least make some people think about licensing.


#25

I just spotted this on Twitter which has been created by GitHub, maybe they should incorporate it into new repository creation? https://choosealicense.com


#26

The reality is one of two things:

The code is assumed public domain and just used (this is wrong, but it does happen)
The code is avoided with a 20 foot barge pole because there is no guarantees there won’t be a legal minefield behind it.
Not having a license is a good way for code to be abused or die.

That’s the problem you were talking about and how github should or could or would (not) solve it for the community.

But what I’m actually wondering now is whether this is a problem at all.
Maybe instead we just see an evolution of free software, from copyleft (as the antithesis to “actual” software-copyright) to permissive licenses
…and further down the road - while development cycles become shorter and shorter - maybe that means that licensing just doesn’t really matter anymore, in the majority of cases.
Ok, we can see that, but the point I want to make is: maybe that is a not a bad thing per se?

What remains important is attribution (I mean the ability to prove that one was the one who came up with a cool thing), because that’s the way to raise in a meritocracy.
But the ability to control how the code is used by others, doesn’t have to be a priority anymore.

Do we have any evidence for the contrary claim, i.e. that code is more likely to die or be misused if it’s not explicitly licensed? I mean, e.g. statistics indicating that a having picked a license would actually actually have made a difference for particular repos?

Btw, note that in order to speak of “misuse”, IMHO the author has to have an issue with the un-licensefull use.

I appreciate if you let me know in which ways I’m naive here. Maybe it’s just that I’m be curious if you think that we actually need copyright at all, or if it will become a thing of the past.


#27

I am still failing to understand your rationale as to how it will make them look worse? How is GitHub trying to provide an easier way for people to understand and license their code going to be anything other than a positive affirmation of their commitment to open source?


#28

Because some random developer will follow a link to a github project and it will say at the top of that project page: this code is not licenced. So you probably can’t use it. Contact the developers to ask. And then they will go away.

If the plan is that Github don’t do that – that is, that they take some different approach such as “send an email to all owners of all repos without a LICENSE file” – then they’re not actually solving the problem, are they? The problem isn’t “people release unlicensed code”, it’s “other people can’t use your code because it isn’t licensed, but they don’t really understand that and so use it anyway, potentially exposing themselves to liability”.


#29

I am not suggesting that GitHub needs to have a perfect solution, they won’t, but I think if they offered at a minimum a license picker on repo sign up and did some outreach to repos to add LICENSE files that would be very well received.

No solution is perfect, but inaction isn’t ideal either. The worst thing GitHub can do is nothing.


#30

Sure, probably. People who think that open source is important in and of itself – you know, people like us – would congratulate them, and it’d be a good thing. But it wouldn’t actually solve the problem; it’d just make it 1% less of a problem. So it’s worth doing, sure, but I feel kinda whatever about it because I’d like to see the problem actually_fixed_, not just have Github say “well, we did what we could, there you go, job’s over”.

This is what I think of as a West Wing thing. When Leo gave Josh a job to do, he was expected to get the job done. Coming back and saying “well, did my best, but it can’t be done” wasn’t acceptable; you don’t get credit for having tried your hardest, you get credit for actually fixing things. This is like that, I think.


#31

I disagree. I would argue that a major benefit of open source is a rich patchwork of code all over the world that you can use. If a large chunk of that code is unlicensed, it is effectively useless to a lot of people. If GitHub did this right it would yuuuuuuuge value to their platform and the community.

When I said I don’t think any solution is perfect I just don’t think there is a simple way to resolve all use cases of this problem. Saying that though, I would argue GitHub could significantly impact the value and availability of open source code by doing the two simple things I suggested: adding a license picker at repo creation time and doing outreach to high-starred projects to encourage them to add a LICENSE file.

Sure, it won’t build a perfect world in which every understands all licenses and can make quick licensing decisions, but I think the investment of this work would be a huge leap forward.

More importantly, why shouldn’t they do this? What is the compelling reason not to solve this problem? How is inaction a justifiable choice?


#32

You did read the bit where I said “So it’s worth doing, sure”, right? I am not advocating for inaction. My point is that them doing what you suggest isn’t actually particularly helpful. It helps a bit, great, but it doesn’t actually make the problem significantly better; what it does do is allow Github to feel a warm sense of satisfaction that they “did something about it” and get good PR. Meanwhile, the vast majority of Github repositories will remain unlicensed, and therefore unusable, but now Github can say “hey, we tried, what else can ya do eh? not our fault”. I don’t want absolution, I want the problem fixed!


#33

Are there many popular / actively developed projects that don’t have a license? Are there examples someone can link to?

Personally I’ve not found useful code on github without a license (though I’m mostly involved with Rust/C/Python… maybe other languages skew differently).

The statistic of projects without licenses may be misleading if they’re a mix of weekend experiments, student projects, dot-files… etc.

If any of these repos become even slightly popular, I’d assume there would be pressure (issue raised) to choose a license… so while I agree it would be nice to solve, I’m not sure the problems so big?
Happy to be proven wrong though :slight_smile:


#34

Daft example: see http://sil.jsbin.com/morexoz for a thing which lets you search github for repos matching a search term and then shows whether they have a LICENSE file. Obviously this is trivial and quite likely to be wrong (you can, as noted above, be correctly licensed without necessarily having a file explicitly named LICENSE!) but it gives a flavour, I think; I’ve tried searching for various things (“react sidebar component”, “linux desktop”, “tetris”) and I’m seeing around a third to a half of repos being unlicensed…


#35

Were we just trying to add Licence terms at the same time?


#36

While I don’t mean to quibble, a search for rust shows 10 projects apparently without licenses (including Rust its self). On checking, all have licenses, around half have licenses that should be easily detected but for some reason weren’t (LICENSE.txt, LICENSE.md… and similar).


This isn’t really the point though. I’m sure if you search for repos that don’t have licenses - you can find loads, but is this software anyone seriously relies on or cares about? Are developers frequently finding useful software they want to use or contribute to then notice it doesn’t have a license?


#37

I am still unclear on how this won’t have a positive effect. Now, I am making a fairly significant presumption that (a) if people are asked to choose a license at repo creation, it will have a marked impact on how many repos have a license file, and (b) that if GitHub reach out to all projects over a certain number of stars to ask them to choose a license, this will bear some fruit too.

You seem to be looking at this from a cynical PR perspective. Sure, a company could do this for PR, but I honestly think GitHub have bigger fish to fry. What is more important is that I think this is necessary from their position as stewards of open source development.


#38

This is a great question. I don’t know. :slight_smile:

It would be interesting to run a report of all GitHub repos without LICENSE files, ordered by number of stars (which is a crude way of determining interest). I am curious to see what this list would look like.

Anyone able to run such a query?


#39

It will have a positive effect. It just won’t fix the problem. Think of it this way: imagine you’re worried about climate change. So, you buy an electric car, and you try to avoid food waste, and you turn lights off. These are all good things! Do they contribute to a better world? Yes. Will they fix the problem? No; what’s needed to fix the problem is huge collective action, and central encouragement to do that huge collective action. Github emailing repo owners is certainly encouragement, and a good thing, and well done to them if they do it. But everyone already gets emailed about how they should buy electric cars and avoid food waste and turn lights off. Some do it… but it’s not actually fixing the problem, because it’s just exhorting people to Do The Right Thing and then saying “sorry, we did our best but nobody cares” when they don’t.


#40

I am not sure your comparison fits. Your comparison would be equivalent to asking GitHub users to ensure they license their work.

I think a more apt comparison is if General Motors decided to switch all their cars to hybrids (equivalent of requiring a LICENSE decision for new repos). Would that have an effect on the environment? Yes indeed it would.

You also seem entirely convinced even if if GitHub did this that it would have no effect? Why?


Please respect our code of conduct which is simple: don't be a dick.