The issue of licensing


#41

Yes! Absolutely. Requiring a licence file – not asking people to provide one but letting them avoid it – is precisely what I was suggesting would actually go a long way towards fixing the problem (doing that and telling existing repo owners that they have six months to add a licence file or get removed would entirely fix the problem, from Github’s PoV). I didn’t think you were proposing that; I thought you were proposing nicely asking people and not actually forcing it. If so, I misread, and I apologise!

However, forcing people is exactly precisely what I think Github will not do, because they’ll look like the bad guys by doing it, no matter how much they say “it’s good for the open source world” (which it is), and I think that that will be perceived as bad PR and so they will not do it. You may disagree on this.


#42

Well, kind of.

I am proposing the new repo screen strongly encourages you to pick a LICENSE and has a tiny “Skip this step” link. I don’t think it is possible to require a license decision at that point.

Agreed, I don’t think they would be willing to force the user to include a license at repo creation time, which is fair to me.


#43

Right, was thinking about this and there are two classes of projects I think would be interesting to look into.

  • Popular software (measured by checkouts per month, commit activity, stars…).
  • Trending software (actively developed and gaining attention faster then average).

If there were some way to find projects in the second group with missing license information, this would be a good candidate for putting some social pressure (report issues for eg, perhaps look into the project and suggest a license thats a good fit… not sure how popular this would make you :smiley: … or if anyone would really want to do this). Nevertheless, it would be interesting to see such a list to know if its even something to try to solve, and makes the argument stronger if its something GitHub could address.

But I’m still not convinced this is as big of a problem in practice as is being implied by the statistics.
GitHub ends up getting used as online-storage for technical people, it’s a mistake IMHO to assume the average repository is a significant software-project.


#44

I don’t like that idea. Yes, I’m sure that big popular projects provide more use to people, and big popular libraries get more work done on them and get reused more. But the world of open source is a totality. I can’t tell you how many times I’ve been trying to solve a problem and I’ve been helped by finding an example of what I’m trying to do in a blog post, or in a github project with no stars and no forks. Saying “well we really only care about significant software projects, the other stuff, fuck it who cares?” feels to me like people who don’t like scientific research without a specific targeted goal in mind because it’s aimless and might get anywhere.


#45

[quote=“sil, post:44, topic:11045”]
But the world of open source is a totality. I can’t tell you how many times I’ve been trying to solve a problem and I’ve been helped by finding an example of what I’m trying to do in a blog post, or in a github project with no stars and no forks.[/quote]

Same here, and in all cases these small projects I stumbled on had a license (maybe just good luck… but I couldn’t overlook this since it needed to be compatible with the project I worked on).

Don’t think its saying “who cares” at all - its more accepting that some random shell script doesn’t have the same value of decades of work by a studio for example.
And there is a point when you can legitimately say “who cares about some small shell script”… or whatever tiny amount of work which is easier to grab from git then spend 30min writing again. In this case I could have emailed it to the person who asked me for it, I made a git repo instead to avoid getting hassled a second time :slight_smile:.

Realize my comments seem to discount small projects, and I didn’t mean it that way… of course its a better situation if projects of all sizes have licenses, and who is to say what small snippet of code is invaluable to someone else.

Its just that from what I’ve seen, developers who write non-trivial code, have enough sense to add a license too).

The problem I have with statistics that talk about percentage of git repositories - is it treats some tiny-shell-script, dotfiles, version control migration scripts, 48hr game jams, some color themes… and every weekend project I made while learning a new language - the same as <insert useful project name> .

To be clear - I agree with the general goal, but if there is a problem. I don’t think its unreasonable to ask for evidence before taking it seriously - more then just some statistics from grepping repos.

Else it’s like worrying about all the typos in youtube comments… ok, not really… but if someone said that - how would you convince them otherwise?


#46

Highly doubt there could be a gradual shift towards no licensing at all, unless laws change significantly.

If an organization is to depend on some software - they can’t be vague about who owns copyright (who knows, maybe the code is leaked propitiatory software?)… that wont fly!
To the extend that the code is just some small snippets you could find on stackoverflow - or the project is only likely to be used by individuals … I guess it could, but that’s very limiting.


#47

Highly doubt there could be a gradual shift towards no licensing at all, unless laws change significantly.

Thanks for your kind reply :slight_smile: I think this doubt makes perfect sense. Here is how imho it might play out:
Maybe the laws would still be around for a time, but the niches in which noone really cares and thus those laws would not be applied would grow bigger.

Those niches might grow let’s say in african or asian countries where governments face other challenges than enforcing copy-right laws.

This might enable their software industries to develop faster and overtake the established countries’ industries. If this sounds familiar, that’s probably because a similar thing was claimed for germany in the 19th centrury (link here).

And then at a certain critical mass, law-makers might switch the default setting from “nothing allowed” to “all allowed”, unless stated otherwise.

…yup…that’s pretty optimistic, i guess. So far, things always went into the other direction…but who knows…looking at the last 30 years of open source and looking at the progress China was able to make by disregarding copyright, maybe this time it might work out.


#48

I was certainly ignorant (a state I am quite familiar with!) of licenses and the like. This thread has been informative. After listening to @bryanlunduke show about FreeBSD, is there any appeal to using the FreeBSD License? Or is this an apple and orange question?


#49

Wow 48 posts about this topic, that’s more I can handle. It feels like trying to read the whole text of a license.


#50

Now you understand my point about how developers think “if I pick the GPL I have to get into long discussions about it, and that’s annoying and boring and hard, I’ll just pick a permissive licence and then all that hassle goes away”… :slight_smile:


#51

By the way,
did anyone here ever consider to contribute to an open source project, but then did not, because of
a) their license or
b) a CLA one would have had to sign
?

Personally, I’m going to sign&mail the apache CLA for years now, but didn’t yet do it out of pure lazyness…


#52

Using as an alternative to what? MIT license is a little shorter if you just want a simple permissive license.[quote=“sil, post:50, topic:11045”]
Now you understand my point about how developers think “if I pick the GPL I have to get into long discussions about it, and that’s annoying and boring and hard, I’ll just pick a permissive licence and then all that hassle goes away”… :slight_smile:
[/quote]

If they don’t care about copy-left - it seems fine? they can always move to copy-left later if they want.

@tobi42, CLA issue seems a bit off-topic for this thread?


#53

@tobi42, CLA issue seems a bit off-topic for this thread?

uum…yes, in hindsight i think you are right…might be a bit too off-topic.
thx for your friendly heads up


#54

Anecdata here. Today I wrote (the first part of) a little Python thing. And, mindful of this conversation, I thought “hey, I should add a licence to this”, and I thought “hey, I’ll make it GPL v3! why not!”

and then I thought: hang on, I include the python3-yaml library. And requests. And requests-mock. If I make it GPLv3, is that allowed? Are those things licenced compatibly with GPLv3? Where would I go to look? Do I have to go to each of their websites?

And then I thought: fuck this, I’ve already thought about this too much, and made it MIT.

That is, in my opinion, why the GPL is dying.

If some sort of can-i-gpl-this program existed which looked at all the stuff I import or depend on and then looked for machine-readable licences and printed probably or probably not or dunno, that would be cool. But nobody’s gonna write that program and expose themselves to liability, unless it just always prints dunno: ask a lawyer :slight_smile:


#55

ask a lawyer

oooor:

  • invite Bradley Kuhn from the software freedom conservancy to the show once more
  • (buy him lunch if you didn’t yet)
  • ask him what he thinks about this issue in general and mixing incompatible licenses in particular

#56

As in you actually bundled them, or did you have a requirements.txt which needs pip install -r / setup.py ing?


#57

At the moment, neither; it just imports them and if they’re not already available then it’ll just ImportError. It’ll probably get a requirements.txt at some point :slight_smile:


#58

First of all, if you write code for an existing eco-system - it nearly always makes sense to use a license which is compatible with other 3rd party components. Yes you can go and use your favorite license, but it just ends up being more hassle then its worth, although this is mainly the case for libraries and middle-ware.

Secondly, you don’t have to do that much research to find that all mainstream permissive licenses are GPL3+ compatible.

Thirdly, if you don’t care much about software ensuring software-freedom for some piece of code, who cares - go permissive. Linus is quoted as saying “Over the years, I’ve become convinced that the BSD license is great for code you don’t care about” - of course Linus can do what he likes. It’s just interesting to note that the author of some of the most successful GPL software (Linux/Git) will happily release code under permissive license too.

Would be interested to know if your point of view would be different were you to self-fund 2+ years of full-time development to start a new software project, with some anticipation that you could eventually earn money from its continued development. *


* Realize the answer to this question is always “It depends”… as stated, it depends on the software eco-system you’re working in, the kind of software you write, your potential customers, existing solutions… etc.
My point is that if your spending a significant chunk of your life working on some project - you may have a different perspective.



#59

GitHub just published these Open Source Guides.
GitHub also has this Guide on how to choose a license.


#60

This is where the confusion (certainly for me) starts - if you’re not actually distributing them, are they still counted as dynamically linked? I guess they are, but there are plenty applications, written in Python, that are proprietary and (I assume) must use GPLed libs?


Please respect our code of conduct which is simple: don't be a dick.