Slashdot Mirror
Most Projects On GitHub Aren't Open Source Licensed
PCM2 writes "Kids these days just don't care about open source. That's the conclusion of the Software Freedom Law Center's Aaron Williamson, who analyzed some 1.7 million projects on GitHub and found that only about 15% of them had a clearly identifiable license in their top-level directories. And of the projects that did have licenses, the vast majority preferred permissive licenses such as the MIT, BSD, or Apache licenses, rather than the GPL. Has the younger generation given up on ideas like copyleft and Free Software? And if so, what can be done about it?" Not having an identifiable license is one thing, but it seems quite a stretch to say that choosing a permissive open source license is "not caring"; horses for courses.
The vast majority preferred permissive licenses such as the MIT, BSD, or Apache licenses, rather than the GPL. Has the younger generation given up on ideas like copyleft and Free Software?
No, they haven't. They've just noticed that licenses like BSD is better open source license than GPL. There's a simple reason for it too - BSD license is truly in the spirit of freedom. Anyone, either open or closed source projects, can use BSD licensed code.
This means younger generation haven't forgotten about open source licenses (BSD is one), they've just chosen the better one of them.
I really like the GPL, I like what it is trying to do.
But over time I've gravitated to BSD like licenses, because I really do want as many people as possible using something.
It's a matter of trust - I trust that generally others will do the right thing, and good changes will come back. It's re-enforced by the fact that contributing code back makes it was easier to absorb updates to the main codebase, selfishly keeping your updates private makes lots of extra work for you over time.
The GPL tries to enforce something that will happen naturally, which I feel is overkill.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
It is, in fact, very restrictive. If one wants truly free software, one uses a more free license or makes one's code public domain.
I personally prefer the BSD license. To me freedom means "do whatever you want with it," as soon as you start attaching strings and restrictions it's no longer free. Yes other people could make money off what I write but if I was worried about that I wouldn't have released it in the first place.
I really wish FreeBSD would keep up with Linux. I keep trying to go back to my FreeBSD roots but the hardware support isn't there, the software choices are narrowing (thanks to gnome3 and systemd) and the FreeBSD team has an "I don't care" attitude when it comes to the desktop.
I see the two comments up top completely missing the point, as does the original submitter.
This is why. And this is because they don't understand copyright law and don't realize that unless they explicitly put the code into the public domain or apply a license, no one can touch it without violating copyright law.
It's probably a mixture of that and outright laziness.
BSD Licenses aren't "better" just different.
For the little bits of Perl and C that share with the world BSD licenses are just fine. I'll lose no sleep if they end up in Microsoft's or Apple's O/S.
But if I take the time to write a difficult Kernel driver I'm contributing arduous, "real," "could have been paid for it," work to a specific ecosystem that I want to protect. That's a different level of effort and a different license needed.
Just different.
I am sure most of those 1.7 million projects have no aspiration to become a real software project. do they have a website, mailing list/forum, releases, users? or are they just random little scripts, snippits and exercises, just put on line for the education of others?
For a large piece of coding i might care about getting bug fixes back. for the script i use to sort my digital photos in to folders based on the date in their exif, and is 50% lines pasted from documentation or stack exchange, i don't care. if you want to know which licences are used for serious projects then grab the top hundred or thousand from ohloh and check them.
Speaking of kids: If you want an example of the latest tempest-in-a-teacup over open source licensing, look no further than Minecraft, which has sold upwards of 12 million copies on the PC alone. As the license for the game gives sole ownership rights of modifications to the game to their authors, the number of mods for the game have exploded. However, few, if any, of the mods for Minecraft are open source, which leads to complete incompatibility between most of them even while using open source APIs like Forge. When enterprising users attempt to gather together collections of these nominally independent mods to distribute in one package, they run headfirst into licensing and "permissions" issues, with many authors refusing to allow redistribution or modification of their work. How ironic.
I have uploaded the meagre, puny code that I've written in a small number of projects without bothering with a license. I expect people to steal it and be quiet about it, because I am the noise floor of github.
Frankly for most projects on github (1.7 million is not a small number of computer software projects), legalese is a bother. It is simply uncouth and considered harmful.
All rites reversed 2010
I work in firmware, and there are significant problems with leveraging GPL code. In general, we can't do it and fulfill security obligations within the critical sector I work in.
I have some hobby projects going on, and I always license BSD, because I want them to actually be useful to someone. In my line or work, we don't even consider GPL code as something that's possible to leverage, and it's not just legal paranoia - it really can't be done in my business and many others.
Personally, this is why I feel that the recent invention of the "automatic copyright" grant is an epic fail. By default all published works should be in the public domain. Only those that are explicitly marked by the author with a copyright and a license should be protected.
the growth in cynicism and rebellion has not been without cause
It goes back and forth, developers follow trends.
Right now the trend is to focus on the viral, strict portions of the GPL, which prevent people from using code if they don't want to share back. This trend probably started around the time of GPL3.0
In a few years, people will realize that corporations are taking their code and not giving back, and they'll get upset, and a lot of them will start using the GPL. Then some other life event will happen and they'll switch back.
It's worth mentioning that the vast majority of code on github isn't worth sticking a license on, because it's so short, my code included. I did add a license to my project though, and it doubled the size of the repository. It was embarrassing.
"First they came for the slanderers and i said nothing."
The GPL was created with the notion that every strata of software must be free and open. That's fine and lovely for Stallman but it provides unrealistic restrictions for commercial use. Businesses and individual developers alike donate resources to these communal properties for the benefit of all in a share and share alike manner so that we can focus resources on our real goal--the software we actually want to write and sell. In Stallman's idealistic world perhaps everyone would be communist and no one would care about money and possessions because we'd just step up to a replicator and say "earl grey, hot." But, this idealism does not match the reality on the ground. We depend upon commerce to provide for ourselves and our families.
If you don't like it and want to do something about it then you will have to solve the ultimate problem that has plagued mankind from the beginning, the scarcity of resources, and contention for the same.
Two of my imaginary friends reproduced once
I'm sorry, but the entire premise that there is one "best" open source license is completely wrong. Where did this obsession arise to see one license crowned victor over all others, in all situations?
BSD (and MIT and variants) -- I've found they work best for providing backend and reference libraries, which by their nature are trying to provide a standard implementation of something, or at least a standard API. Open and closed sourced projects alike can use and modify it to suit their needs. This means such a library gets the widest adoption over the alternatives (all other factors being equal). This is especially great for server-side programs which want to promote multiple third-party clients - just release a BSD reference client.
LGPL -- A step down, for when you want the adoption level of a BSD license, but your project is complex and high maintenance enough that it needs to keep all the developers focused on a single api and codebase in order to thrive. Graphics libraries like GTK, audio processing libraries like LAME, are a great example of this.
GPL -- Finally, for the same reasons as LGPL, your want everyone contributing back to a single codebase, whether it's because you don't want to give the codebase away to closed source products that then profit from it, prevent brand confusion, or just maximize developer contributions. Mind you, closed source projects *will* choose an LGPL/BSD alternative over this or closed source, so it doesn't make much sense for libraries, etc. Primarily, this is useful for applications, which are vying for user (not developer) eyeballs.
So given they all have different uses that fit better for different project types and target markets, who in their right minds thinks only one of these licenses is correct?
BSD is about 200-250 words, depending on version, with the newer versions being shorter.
GPL is 2000-5000 words, with the newer being substantially longer.
Is one of them really 10 to 20 times better than the other?
Actually, even RMS refers to the BSD and Apache licenses as "GPL-compatible free software". So the GPL and other two popular licenses, BSD and Apache, are all free software by the Free Software Definition. The difference is that GPL is a copyleft license and the Apache and BSD licenses aren't.
Why are the Apache and BSD licenses becoming more popular than the GPL? Because free software has grown up. Where I work, we would not dream of implementing the whole software stack from scratch. We use lots of open-source libraries. My company's legal department is allergic to the full GPL because they want to keep open the option to do exactly what the GPL is designed to forbid -- make a proprietary product using open-source code. Usually our code is custom developed for a specific client but we might want to re-use that and/or make a general purpose product some day.
So, for us, using Apache/BSD licenses is easy. It's almost frictionless. Legal is comfortable with them, and pretty much all we have to do is include the license file and do a quick audit to make sure we've complied with it. GPL is much harder for us to work with because we have to justify to legal why we're signing away the rights before the product is even developed.
The whole point of the Open Source Initiative, as I understand it, is to promote adoption and use of free software. It turns out that copyleft is {sometimes, often} a barrier to that in the business world. So I would say that "open source" (aka non-copyleft) has simply beaten "copyleft" in the marketplace.
Copyleft was a brilliant idea but non-copyleft free libraries are what I use in day-to-day development work. And I say that as a dyed-in-the-wool, sandals-wearing, free-as-in-freedom, latte-sipping, corporation-hating hippie wannabe.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
Or perhaps they simply don't care about *your* ideals. That hardly implies that they are ignorant. I don't include licenses in my github projects because I simply don't give a fuck. Yes, that means that by default technically nobody can use it. In practice nobody gives a fuck, and everyone lived happily ever after.
Screw permission culture.
And no true Scotsman would murder his wife. The GPL's strings will never get in anyone's way unless they're trying to take a piece of free software, closed source it and redistribute it - typically with the intention of profiting on others' work while contributing nothing in return.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Ah, it's "make random shit up about RMS day" again. Didn't we have one last week.
Most of the opinions people ascribe to RMS are, in fact false.
SJW n. One who posts facts.
If that were true then why isn't GPLv3 being widely adopted? Even the Linux kernel remains GPLv2.
I am pretty sure I'm not the younger generation.
And yes, I've pretty much abandoned the GPL, because the GPLv3 is to open source what the anti-circumvention cause in the DMCA is to copyright. RMS had a vision of a cooperative paradise. Then he realized that some people wouldn't play nice, and did what everyone else does when they realize that not everyone will voluntarily adopt the business models they want everyone to use. Tried to figure out a way to make it happen by force.
So, yeah, I'll use the GPL where it's the established license, and some of the stuff I work on ends up being put out under LGPL. But for stuff I write because I want it to be open source? Permissive licenses. Usually the lightweight BSD (no advertising clause) or Artistic, or heck, public domain. My goal is to give stuff away, not to force other people to give stuff away.
It's the same thing that's happened to my morality over the years; I've started focusing more on living according to my own moral beliefs, and less on trying to find ways that society can force other people to do so too.
My blog: http://www.seebs.net/log/ --- My iPhone/iPad app: http://www.seebs.net/seebsfrac/
Moving from GPLv2 to GPLv3 requires the consent of all contributors, there are a lot of holdouts among kernel developers (even Linus is against it - although it seems to be because he sees himself as an "apolitical" developer).
The big difference between the GPLv2 and v3 is just the anti-tivoization - closing a major loophole in the GPLv2 but hardly a difference in overall philosophy.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I agree.
I have three projects on GitHub. One of them is practice code I was writing for when I interviewed with Google (don't worry, they didn't ask me a single question that was on the study sheet - but I did have fun writing a splay tree). It was just a bunch of functions with a description of "nothing to see here".
Another project is eventually going to be a GPL project that runs a football pool. Currently it's just a parser that scrapes nfl.com and puts info into data structs. I haven't bothered putting the license file in it yet. It uses another GPL library, so it's already implied that it will be GPL code when it matures past being a bunch of functions sewn together just enough to test them. Why would I put a license on that? So I can be sure that I get changes back for incomplete interfaces? The interfaces aren't even defined yet.
The last project, I can't even recall what it is. I'm not maintaining it and I don't care if anyone swipes the code. It's probably code that scratched an itch that I had that was unique to me.
If I mod you up, it doesn't necessarily mean I agree with what you've said, sorry.
I haven't had an opportunity yet to publish any non-trivial open source projects, but when I do, my LICENSE.txt file will simply contain the sentence "There ain't no such thing as intellectual property." and the following link:
https://mises.org/document/3582
Do what you want with my code, and don't bother me about licenses. If you're going to badger me about fantasy concept X vs fantasy concept Y, at least make it fun, like who would win in a fight -- Aragorn or Han Solo?
Personally, I license all my own work under the BSD license to maximize its potential for inclusion into works using other licenses. If I were to use the GPL, I would be restricting the use of my code to projects under GPL-compatible licenses. And that would be a dick move.
I could understand it being seen as a dick move if you took code from BSD-ish licensed projects...but otherwise, why would it be?
"When information is power, privacy is freedom" - Jah-Wren Ryel
Moving from GPLv2 to GPLv3 requires the consent of all contributors, there are a lot of holdouts among kernel developers (even Linus is against it - although it seems to be because he sees himself as an "apolitical" developer).
Which was exactly my point.............
Maybe those people just wanted to share something interesting they made and weren't much interested about the fancy fine print. "Cheers, have fun" is the only license they need.
The GPL (and no open-source license that I know of) can protect developers from other people taking their work and selling it for profit.
There's nothing to protect from. Someone else selling something for profit is not dangerous or destructive for you.
Because some people think "free" can only mean that they are personally free to do whatever they want. Just like any free society has no laws against murder.
IAIFARSIJDPOOTV - I Am In Fact A Reality Star; I Just Don't Play One On TV
is optimum for an optimum world. where it fails is in assuming the right to squander knowledge and remove ideas from the public domain, the right to close the source, is a "right." How soon the regents have forgotten their lawsuit with AT&T, and how readily they concede good faith in every major multinational afforded their hard work and the hard work of thousands of BSD developers. Oracle the BSD license erodes security and undermines open source projects by sequestering a codebase that is neither independently verifiable nor auditable on any level. if you consider programmers the means of production, the BSD license enables us to relive the era of controlled production known in the early 20th century.
closed source is to computing as cloistered monks and the church were to the middle ages. youll have your decree read, youll not see the writing, and if you could youd not understand it anyhow.
Good people go to bed earlier.
The "anti-tivoization" introduce use-based restrictions on GPL software (which is a major change in philosophy from GPLv3), and only apply limits to software with certain intended uses (creating a difference between what is "free" -- from the FSF point of view -- for "consumer" markets and what is "free" for "business" markets), another major change in philosophy.
Because of the distinction in where the anti-tivoization limits apply, it also doesn't close any "loophole" that existed in GPLv2, it just prevents consumer devices incorporating GPLv3 software from providing certain features that are allowed in business devices incorporating GPLv3 software.
it just prevents consumer devices incorporating GPLv3 software from providing certain features that are allowed in business devices incorporating GPLv3 software.
Features like closed-source crap, hardware & platform lock-in? They can keep 'em.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Or trying to link against a library.
The BSD, LGPL, not for commercial use, and other such licenses seem to me to be a good licenses. The GPL really strikes me as being kind of a bait and switch by Stallman to try to get everyone to buy into his philosophy.
The vast majority know they will get bored in a few weeks and the project itself will wither on the vine so it's not really worth any amount of effort even thinking about what license to use.
Personally, it's more important to me that OS's are GPL b/c the OS is the playing field on which application play.
It's too easy for an OS developer to abuse their position in regard to applications.
Competition Good, Monopoly Bad.
Go on, 'fess up. You only consider YOUR freedom to be worth anything.
GPL doesn't give you the freedom to remove the freedom of others, and YOU count this as being all about restriction.
Tell you what, if you want that sort of freedom, then act to abolish copyright.
But don't complain that laws against murder, rape and slavery are not about freedom (to live, love and exist free) just because you're being resticted.
I believe another reason is because JavaScript development has increased exponentially over the years. For persons like myself, never saw the need to use GPL since you have to share your code anyways in order to use it (code is always delivered to the browser). Also when other major libraries (e.g. jQuery) have chosen MIT, then it's not helpful to choose something more restrictive.
Didn't this exact same information get posted a while ago, and then a few days later we got a rebuttal from a different source? The difference is in how you slice it. This article is using the number of projects. If you go by lines of code, I seem to recall it being quite different, and if you went by number of commits, it'd probably be very different as well. Trends in software licensing are not accurately represented by sound bites, and very few studies on the matter seem to be doing anything remotely comprehensive on it. The headline might as well be, "A lot of small projects have no or ambiguous licensing, and the relative growth of different licenses is too complex to trivially measure." However, that's not clickbait because its boring and more or less common sense.
This is my signature. There are many like it, but this one is mine.
I've created dozens of 'projects' under my account - none of which have any license. I get an idea, throw together some code to test the concept and back it up to Github. I'm the only one who cares about them, and I'd be surprised if anyone ever saw, let alone used the code. If any of my projects were to gain traction, I'd probably consider putting a license on it, but until then, who cares!? I wouldn't be surprised if a large proporation of the 1.7m projects are just like mine - tumble weed territory.
GPL is suitable for some projects,and it is not for others.I don't think that "finally people realized gpl is bad" like most posts here state.I believe people have also turned to alternative licences when needed.And do not forget that many repos on gh are small programs and scripts which are not licenced at all,have a licence like "do whatever you want" or the author just mentioned in a comment #licence:GPLv2 and did not paste the whole GPL text.
I wonder if someone will get caught stealing unlicensed software hosted on places like GitHub, leading to some kind of a case in which an implied license is discussed. Furthermore, I wonder what kind of license they would decide is implied in that situation (if they decided that there were one) - BSD style, or GPL style?
We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories.
"you agree to allow others to view and fork your repositories." Sounds pretty permissive to me.
All of my projects on github are either GPL, LGPL or WTFPL*, depending on the license of any code I borrowed from, unless I've forgotten one, even if it isn't stated in the code or README (because the license is always stated on forum posts where I publish the existence of the projects).
[*]WTFPL is a license commonly used in the Minetest community, equivalent to CC0 or "public domain".
RMS and like-minded ideologs never really understood that most projects that adopted GPL (like Linux or even GCC) did so for expediency, not belief.
. I'm arguing that in many cases companies release changes or source code even if permissively licensed
Good point. It's orthogonal to my point, however. Because it still stands that many times companies would not release the source code if it weren't required by the GPL.
"First they came for the slanderers and i said nothing."
One of my favourite programming language is implemented in a non-GPL-compatible way. There are are a few quibbles about SRC's rights to use it and redistribute it as if it were their own if a modified versino ever gets back to them, but basically says that you ca do anything you want with it, provided you release an modified code under the same licence.
Now for technicalities, this is incompatible with the GPL, and it becomes difficult to write software using both Modula 3's libraries and GPL'd libraries. I'd like to distribute binary object code for those benighted platforms where ordinary users don't have development tools, but I can't.
I prefer the original revision though, gives more freedom to the licensee.
"Does not have a file in the project root directory that a computer program can identify as a license" is not equivalent to "is not made available under an open source license".
When they see someone take their code and make a $M off of it the lesson will we learned.
No, it wasn't. The 4-clause BSD license (which is substantially more restrictive than the more recent versions that people usually mean when they refer to the BSD license today) was first used in 1990; it hadn't existed for two years when Linus first released Linux, and it certainly wasn't a "well established" license. The 3-clause version seems to date from 1999. The 2-clause versions are, I believe, newer yet.
Presumably because it was the single widely-known well-established free/open license at the time.
Either:
1) The features prohibited to consumer (but not business) devices incorporating GPLv3 software are contrary to Software Freedom, and GPLv3 deliberately created a huge exception contrary to software freedom in one domain, or
2) The features prohibited to consumer (but not business) devices incorporating GPLv3 software are not contrary to Software Freedom, and the GPLv3 limits the free choice of users and suppliers for a reason unrelated to software freedom.
That you aren't interested in the features is irrelevant to software freedom.
You made a lot of assumptions about the scenarios under which someone might want to use a open source project in another closed source project.
I'm sorry, I recant, I misread and missed the "unless" part.
Just time for fact checking...
>Do closed source people share code with BSD people? Nope.
Hmm. Strange, I'm guessing that means Apple doesn't release any source from what they do with BSD source, and BSDI never contributed SMP or anything like that to FreeBSD, and Juniper never contributed anything back.
Read the links, especially the last one.
> Do GPL people? Nope.
For the most part, correct...although there are a few who insist on not converting permissive source code (Luis Rodriguez is the main one .
>Are BSD users against closed code? Obviously not...
http://www.openbsd.org/lyrics.html#43
Start with bad data, you'll get bad results.
None of my stuff on Github has a license specified. But then the only stuff I have on Github is a random bunch of Arduino sketches that are of no use to anybody else. Github charges for private repositories but provides public ones for free. So it costs me nothing to be able to view my code from anywhere, even if I just get an urge to double check something from my phone or iPad when I'm out of the house.
I wonder how many of the projects they found without an explicit license are even intended for any distribution at all. Perhaps there are others like me who use version control for code (or perhaps even non-code) that is for their own personal use but is in no way personal or sensitive.
RMS fought for the GPL
Not quite sure what the point was in relation to my post, but I have great respect for RMS, the GPL, and renew my membership to the FSF nearly every year (some years I have forgotten sadly).
It's just that I personally after some thought, think BSD style licenses are free in the way I prefer for my own code. But I agree that we would not have the fantastic range of BSD (and other license) source to draw on had GPL not pushed the idea into the mainstream.
There probably is even code for which GPL makes way more sense. I'm just not sure what that is anymore.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
As a general broad swath, BSD may be better for code dissemination, but does BSD-vs-GPL mean anything for code movement?
That is really the key question. I would assert that at worst there is no difference, but on average it would be in favor of BSD - I think people who stay away from GPL code and get BSD code because they don't have to submit back changes, would generally not have used that GPL code to begin with and so you aren't missing anything.
Meanwhile people that would have contributed code back from changes in GPL source would, it seems to me, be as likely to contribute back without arm-twisting for at least the reasons I've stated (keeps YOU from having to maintain a branch).
But I have no hard evidence for this, only the observation of the proliferation of BSD code in IOS development that has a ton of people contributing back to it.
It would be great to see some kind of rigorous study done.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Actually, free software was the older term, and the definitions of 'open source' and 'free software' are almost entirely identical. There aren't many licenses that meet the definition of one but not the other, and they aren't very widespread. All of the licenses that showed up on the chart are both free software and open source. I'm tired of the unbacked idiocy that free software means copyleft.
This is my signature. There are many like it, but this one is mine.
I use GitHub for all of my projects, and for interaction with my clients, and I'm sure many other freelance developers are the same. While some of the projects I work on are set as public (I'll admit I don't usually bother putting any sort of license out there for those projects â" maybe if I wrote something useful I would) most of my projects contain client confidential info and are private. I suspect this is the same for many others.
I don't think this is some sort of slap in the face for Mr Stallman, but that, for most of us, we are just doing our jobs, and GitHub is an amazing tool enabling us to do them. Most developers don't think about Mr Stallman at all.
I used to have a better sig than this, but I got tired of it