Given how open source is everywhere, it's useful to know how open source licences work. Luckily, a rough mental model is not too difficult to form. I'll sketch one out in the replies to this post.

Follow

You (or your employer) automatically have copyright over everything you write. That roughly means that you can do pretty much everything with it, and others nothing.

At their core, open source licences simply allow others to use what you wrote as well.

Some examples:

- The MIT licence says that people can use your code, provided they do not remove the licence from it.

- The GPL says that people can use your code, provided that, for anything they build on top of it, they give the same rights to anyone they give it to.

This means that a licence violation, in essence, is just a copyright violation.

In other words, if someone e.g. uses GPL'd code in a closed-source product, the offence is the same as if they'd have used non-open source code: a copyright violation.

They were never given permission to use that copyrighted code in a closed-source product in the first place!

It's also important to note that open source licences only *give* rights to others; the only limitation it places on the copyright holder is that they cannot revoke those rights.

That's why even under the GPL, the copyright holder can still build a closed product on top of it.

Of course, that gets messy when there are multiple copyright holders: a contributor can use their *own* code in a closed source product, but not others'.

That's why some projects require a "Contributor Licence Agreement", giving an org even more rights than the licence does.

It's not just to enable closed source work though. It can also prevent having to reach out to all contributors if there's a good reason to change the licence in the future.

For example, this is what LLVM is having to do now: foundation.llvm.org/docs/relic

This mental model also helps explain how a project can have multiple licences: since they just confer extra rights, they're strictly additive. Users can benefits from the rights granted to them in both licences.

Anyway, keep in mind that I'm not a lawyer, and that there are nuances to every licence. That said, I hope that this rough mental model can be helpful to some of you when working with (or hopefully contributing to!) open source in the future.

@VincentTunru nice summary.

Wrt the CLA Drew Devault wrote a nice article on the alternative "Developer Certificate of Origin".

drewdevault.com/2021/04/12/DCO

@humanetech Yeah, I was thinking about adding something about the DCO, but decided that would be wading too far into the weeds.

To be clear, the DCO solves a different problem than the one LLVM is running into now: to ensure that those who licence their work take responsibility for being allowed to do so (i.e. that they're the copyright holders). It does not allow an organisation to later re-license that work. (Which, of course, is exactly the reason for going with a DCO over a CLA.)

@humanetech @VincentTunru The copyright assignment by FSF does not give them blanket rights, but instead binds them to keeping the software free.

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.