Github Finally Agrees Public Repos Should Have Explicit Licenses

WebMink writes "After strong criticism last year, Github has finally accepted the view that public repositories with no open source license are a bad thing. Self-described as the 'world's largest open source community,' a significant number of GitHub projects come with no rights whatsoever for you to use their code in an open source project. But from now on, creators of new repositories will have to pick from a small selection of OSI-approved licenses or explicitly opt for 'no license'. In Github's words, 'please note that opting out of open source licenses doesn't mean you're opting out of copyright law.'" A quick scan of their new choose a license site reveals at least a few flaws: they present simplicity, caring about patents, and sharing improvements with others as mutually exclusive points when they clearly are not (e.g. the Apache license and the GPLv3 both help with patent concerns, but only Apache is mentioned; and the MIT/X license is listed as the simple license when BSD-style is more prevalent). They also imply it is entirely optional to actually note your copyright in your files, when it is really bad practice not to unless you really want to make it impossible for people to understand the copyright history when e.g. merging your code into another project. Their list of licenses does provide a nice overview of the features of each, but regrettably encourages the use of the GPLv2 (without the "or later version" clause), listing the GPLv3 and all versions of the LGPL in league with seldom used licenses like the Perl Artistic license.

I'm surprised

[msobkow]

I'm surprised GitHub didn't require one to specify a code license of some kind when publishing code. The default if no license is specified is not "public domain", but private with all rights implicitly reserved for the owner of the code.

Re:I'm surprised

"Public domain" is not a thing in many countries. In the UK for example, it is simply impossible to give up your copyrights while inside their term. The closest you can come is to license them under the WTFPL.

And they block screwball licenses, YAY!!!!

We've seen what happens with screwball licenses: anyone remember why qmail, djbdns, and daemontools never made it into major software distributions, despite being noticeably better than their alternatives? Because Dan J. Bernstein saddled them with a license where you couldn't publish your modified code or binaries from it, you had to publish *his* source and your diffs against it and let people build their own binaries locally. He finally got a clue and released it all as public domain, but it was too late. Inferior products (such as Postfix, BIND, and systemd) had evolved to the point where it wasn't worth investing any effort in Dan's technically and conceptually superior tools. I was in a stack of meetings where I had to explain that we couldn't get vendor support from those tools on our operating systems because Dan's license prohibited the vendors from shipping the tools.

Hooray for reducing license wackiness!!!!!

No need for copyright notice on every file

[mounthood]

They also imply it is entirely optional to actually note your copyright in your files, when it is really bad practice not to unless you really want to make it impossible for people to understand the copyright history when e.g. merging your code into another project.

No need for copyright notice on every file, a single LICENSE file is enough. If people want to merge files or copy parts of the code, then they can note the licensing. This attitude isn't helping when you imply that people aren't doing enough, even when they write open source code and license it appropriately.

Re:No need for copyright notice on every file

[TheRaven64]

Not having a license on every file is a colossal pain for people wanting to take part of your code and integrate it into something else. I recently went through this with OpenIndiana: they wanted to take some of my code from another project and include it in their libc. This is fine - the license I'm using is more permissive than their libc so there's no legal problem - but I'd forgotten to include the license text in the file, I'd only put it in a LICENSE file in the repository root. Keeping track of the license for one file that is different from the others in the project imposes a burden for them and, without the copyright in the file, potentially means that others will grab that file and think it's under a different license.

In short: Please put licenses in files. It makes life much easier for anyone wanting to use your code. If you don't want people to use your code, then you can save effort by not publishing it in the first place.

GPL 3 shouldn't be suggested to newbies

[raymorris]

I don't think it's "regrettably" that the classic GPL (v2) is featured over v3. Many, many GPL projects have decided v3 is a bad license, so newbies shouldn't be pushed in that direction.

    The wording of the patent clause is broader than most of those who participated in the drafting intended, in a way that could be problematic for most companies. The GNU project themselves, the creators of GPL. v3, have had to disavow the plain language of the license, claiming it doesn't say what it does.

I think most people intended that if you release code under GPL, you give up patent rights related to the code you contribute. The wording is broader than that, though. The way GPL3 is actually worded, if a company contributes to any GPL project a third party can use that project to nullify other patents from some other division of the company, arguably. The issue hasn't been tested in court, but it's enough of a risk that many companies won't touch GPLv3 code. It could cost Apple, Samsung, or Google tens of millions of dollars if that loophole allowed competitors to nullify their patents, rather than having to cross-license them.

Re:GPL 3 shouldn't be suggested to newbies

[Kjella]

I think most people intended that if you release code under GPL, you give up patent rights related to the code you contribute. The wording is broader than that, though. The way GPL3 is actually worded, if a company contributes to any GPL project a third party can use that project to nullify other patents from some other division of the company, arguably.

How is that exactly? The definition of "essential patent rights" is

A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version.

I suppose that if I'm playing devil's advocate you could have a patented algorithm in one division and another division contributes to LibreOffice Calc, then someone else implements that algorithm in a spreadsheet and says "Hey, I haven't modified the code so your patent grant now includes this algorithm" but it sounds extremely contrived.

Contempt for copyright law

[dwheeler]

We can thank the RIAA and MPAA for the contempt many people have for copyright law. And I agree that copyright law needs a serious overhaul.

But releasing code without a copyright license isn't "sticking it to the man", it's polluting the world with software that is not legal for users to use. Even if YOU won't sue, no one can be sure of that. If you die (see: Seth Vidal), whoever controls your estate can sue your users.

Releasing software without a license is just another way of setting up an extortion scam. It may be unintentional, but that's still the effect. We already have patent trolls, porn trolls, and so. Really, we have enough extortion scams, thank you.

Re:No, you can't use it.

[VGPowerlord]

Forking is a "use" right.

Re:Simple...

[ta_gueule]

Not sure they can. I don't think Github get to decide what license to apply to the code they host. The code belongs to the author until he grants Github a license. If the user doesn't do it explicitly, I'm afraid Github is distributing the code illegally. I don't think Github is allowed to add a public domain license file by default.

Re:No, you can't use it.

[nedwidek]

From their terms of use:
"We claim no intellectual property rights over the material you provide to the Service. Your profile and materials uploaded remain yours. However, by setting your pages to be viewed publicly, you agree to allow others to view your Content. By setting your repositories to be viewed publicly, you agree to allow others to view and fork your repositories."

So yes you can view and fork, but you don't get clone rights. The instant you do that, you infringe the copyright. So if you have no license that allows you to put out on your machine and use it, how useful is it? Until copyright or the Berne convention are changed, this is the world we live in.

No, copyright is about copying

[dwheeler]

Distribution is only part of the story. IANAL, but let's focus on US law, starting with the software-relevant portions of 17 USC 106:

"The owner of copyright under this title has the exclusive rights to do and to authorize any of the following: (1) to reproduce the copyrighted work in copies or phonorecords; (2) to prepare derivative works based upon the copyrighted work; (3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending;"

A common interpretation is that copies from storage to RAM are copies, and thus, you have to get a copyright holder's permission to run the software. I HATE this interpretation, I think it's a vile distortion of the original intent. However, it was upheld in "MAI Systems Corp. v. Peak Computer, Inc., 991 F.2d 511 (9th Cir. 1993)". For more about this controversial but widespread interpretation, see A new perspective on temporary copies: The Fourth Circuit's Opinion in Costar v. Loopnet (Band and Marcinko). After the MAI decision, Congress then added 17 USC 117: "it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided: (1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner, ..." Basically, Congress said that even if copying to RAM would be considered a copyright violation (which it pointedly did not rescind), there's a special exception that it's okay to do if you're the owner of a copy of a computer program.

But wait! That means you have to be the "owner of a copy of a computer program" to use the program (or get the owner's permission). Did github say you were the owner of a copy? No, it said that you could "view" and "fork". "View" sure isn't "owner of a copy", and it's dubious that "fork" means that either. Note that the github TOS doesn't define "fork", so it has no clear legal definition. Yes, technically there's no "use" right in copyright law, but under at least some common US law interpretations you can't use the software in US if the code is just posted on github. Many software EULAs claim you aren't the owner, and then grant you permission to run the program through contracts, but if there's no license you can't claim that a license gave you such permission.

If you don't clearly give a right in a copyrighted work you create, then some judge gets to decide what rights (if any) are granted to users. You will probably not like what the judge says, especially since most judges don't understand software at all (there are glorious exceptions, but they're exceptional). Maybe "fork" gives users enough rights... but I wouldn't count on it. And since legal cases cost a lot of money, wise users will avoid software without licenses; they're not worth the legal risk. I hope that the "RAM copy as copy" interpretation is completely overturned someday, but that has not yet happened, and I wouldn't count on it happening soon.

Lots of people have worked out software licenses for sharing software. Just pick a common open source software license (MIT, BSD 3-clause, Apache 2.0, LGPL 2.1 or 3, GPL 2+ or 3+).

Re:Why copyleft is important, and LLVM helps Apple

[BitZtream]

Marketing FUD. What part of GPLv3 is anti-business?

All of it, its viruslike nature that requires it to infect anything associated with it is why businesses want nothing to do with it. This is by design of your glorious leader RMS, it is intentional because he's a tree hugging hippie who forgets that someone has to actually work so his fat ass can eat.

Has Apple brought FreeBSD to a higher level? Nope. Have they profited massively from the free labour? Yep.

Seriously? You know absolutely nothing about this conversation do you?

The Apple kernel is in no way related to FreeBSD. Its a Mach kernel. A small portion of the FreeBSD Userland provides the 'unix' feel under the hood of OSX.

Apple did however contribute back FBSD's current USB stack. Contributed SMP code that removed the giant kernel lock, filesystem journaling came from darwin, superpages, dtrace support, ARM support, support for more than 16TB of ram, pure 64 bit support.

But heres the thing ... BSD licensed people ... give for free without silly virus like catches that come with GPL.

FreeBSD doesnt' EXPECT anything back, its not a false openness that really translates to 'If I show you mine, you have to show the entire world yours too!', BSD is a 'heres mine, enjoy, do whatever you want with it.'

Its the difference between giving and pretending to give with expectations on return.

You really have no clue. I haven't even listed the entire OSS projects that apple pretty much eats the maintenance costs for that you certainly benefit from, its not a short list.

You pretend to give, but what you really are doing is bartering for source code using something other than money then pretending to be on some holy God-sent quest of enlightenment. You're just a fake.