Lost in the flutter over Google's hymn to openness is an intriguing factoid on open-source licensing:
Though many of the programs hosted on Google Code are licensed under the GNU General Public License (GPL), when Google wants to open-source its software, it turns to the Apache Software License version 2.0.
Why?
Google's Jonathan Rosenberg elucidates:
When we open source our code we use standard, open Apache 2.0 licensing, which means we don't control the code. Others can take our open source code, modify it, close it up and ship it as their own. Android is a classic example of this....
Control. Apache is a signal that a company is prepared to fully remove its hands from a software project's steering wheel. The GNU General Public License (GPL), a more widely used open-source license, tells a different story.
Glyn Moody correctly articulates that "the GNU GPL gives a disproportionate advantage to the company that owns the copyright." Bingo.
In fact, as I wrote back in 2006, the GPL is the closest thing to traditional copyright ever devised in open-source licensing:
Please keep in mind that the supposed paragon of software freedom [GPL] is also the license that most tightly imposes a distinct lack of freedom on downstream users. If you're a capitalist like me, you probably like this fact. But if you're a software developer...?
Google, at the top of its game (and with its profits firmly secured by a very proprietary revenue stream), doesn't need to constrain its development community with the GPL. Indeed, doing so would be counterproductive, given the persistent privacy concerns that hover over its every action.
Google needs to demonstrate a lack of control. Apache helps it do so.
This shouldn't be underestimated. Microsoft, having lived on the regulator's rack for so long, may be anxious to ensure Google gets to know U.S. and European regulators, too. Apache licensing could help.
Apache licensing is one of the cards played by MySQL co-founder Monty Widenius with European regulators recently: Apache puts original developers and downstream developers on equal footing, so why not keep Oracle from snuffing out MySQL's life by relicensing it under Apache instead of the GPL?
It was a jaundiced card for Widenius to play, but it would be a decent card for Google to play against claims that it's too dominant. (Competition is "just a click (or a fork) away....)
Rosenberg writes that because of Google's open-source licensing, "others can use our software as a base for their own products if we fail to innovate adequately." True. Google is clearly betting on its ability to innovate fast, which is incidentally also the very thing that makes the prospect of seeing its code forked so remote.
Even if competitors are technically and legally capable of taking Google's code and using it to create competing products, the truth is that it's very hard to fork fast-moving code, especially if you're not an active contributor to that code. Google understands this. It's the savviest open-source company around.
The freedom to fork is the essential right of open-source software. Until Oracle's attempted acquisition of Sun/MySQL, however, few realized just how important it would be to retain the right to fork one's own code.
After all, just because you have the letter-of-the-law right to fork doesn't mean you have a meaningful ability to do so. So long as you're not the primary copyright holder, you're always going to be second place, with second-place commercial opportunities in the software.
MySQL co-founder Monty Widenius hints at this in his letter to the European Commission, citing conflicts of interest between Oracle and MySQL development interests. Such conflicts wouldn't be of such importance were it not for the lack of external commercial appeal that stems from MySQL's use of the GNU General Public License (GPL).
Even Richard Stallman, co-author of the GPL and founder of the free-software movement, and not someone that spends much time worrying about monetization of open-source software, gets this.
As noted in a letter co-drafted with Open Rights Group and Knowledge Ecology International, Stallman notes that Oracle's proposed acquisition of MySQL could hurt its development because the GPL reduces incentives to commercialize the code:
The acquisition of MySQL by Oracle will be a major setback to the development of a FLOSS database platform, potentially alienating and dispersing MySQL's core community of developers. It could take several years before another database platform could rival the progress and opportunities now available to MySQL, because it will take time before any of them attract and cultivate a large enough team of developers and achieve a similar customer base.
Given that forking of the MySQL code base will be particularly dependent on FLOSS community contributions - more so than on in-company development - the lack of a more flexible license for MySQL will present considerable barriers to a new forked development path for MySQL. [Emphasis added.]
For those who have been reading/hearing Stallman for the past 10-plus years as I have, this admission is shocking in the extreme. The GPL, which is supposed to be the ultimate guarantor of software freedom, may deliver the opposite. Because of its control-freak urges, it can stymie competition, which is presumably why Stallman is now calling on the European Commission to grant what his license couldn't: freedom.
Now consider if MySQL were licensed under the Apache 2.0 license. MySQL 2 could arise, take the code, hire all of the developers, and development of the open-source database would not miss a beat.
Could MySQL 2 achieve the same with the GPL? No, it could not, because the copyright holder, Oracle, would always have a superior commercial opportunity, because it has more rights than downstream users, as the GPL leaves the copyright holder with a greater range of business model options, and not simply support/services.
Apache leaves everyone--developers, users, vendors, etc.--on equal footing. The GPL does not. With the GPL, the copyright holder retains effective control.
That's one reason it has been so popular with commercial open-source companies, but the Oracle/MySQL situation may prompt more companies to consider using an Apache license so as to preserve maximum freedom in case of takeover, hostile or otherwise.
Disclosure: My company uses the GPL but has been actively considering areas to use Apache licensing.
The GPL version 2 has been in decline for some time, and has just dipped below a 50 percent adoption rate among open-source projects, according to new data released by Black Duck Software.
While some of this decline may be due to GPL version 3's increased adoption, at least some may derive from growing commercial interest in Apache-style licensing.
GPLv2 adoption falls below 50 percent
(Credit: Black Duck Software)One of the best indications of this shift is Red Hat's decision to license the JBoss HornetQ project under an Apache license, rather than the Lesser General Public License, to which it had previously defaulted.
Having said that, it's important to note that Apache's share of the market hasn't been growing dramatically (see the July 2009 data), which lends further weight to a hypothesis that GPLv3 is cannibalizing GPLv2. Even so, I find the dip interesting, and anecdotally I'm seeing a groundswell of support for Apache.
This isn't to suggest that the GPL doesn't matter: it clearly does. As Redmonk analyst Stephen O'Grady recently noted, "the GPLv2 is more popular than all of the other licenses on the (Black Duck) list...combined."
But as Open Core becomes the default business model for "pure-play" open-source companies, we will see more software licensed under the Apache license.
The GPL makes sense in a world where vendors hope to exercise control over their communities (by constraining the sorts of derivative works that remain palatable to would-be competitors or "free-riding" users), but if the desire is to foster unfettered growth, Apache licensing offers a better path.
I don't see an end to GPL adoption anytime soon, as its ethos appeals to a certain class of developer and because it can offer tangible development and business benefits, as I'll be arguing at Monday's "Which open-source license is best?" discussion with the Free and Open Source Software Learning Centre. The whole Apache vs. GPL debate may be much like Coke vs. Pepsi: a matter of personal preference and nothing more.
With GPLv2 adoption dropping below 50 percent of open-source projects surveyed by Black Duck Software, however, it's very possible that preferences are starting to shift in favor of Apache licensing.
Follow me on Twitter @mjasay.
Red Hat marketing guru Chris Grams posits a simple but powerful key to Red Hat's strategy: default to open. It's not new to Red Hat--Tim O'Reilly's analogue is the "architecture of participation"--but it has apparently influenced everything from product design to office layouts at Red Hat.
In a nutshell, it means:
...[R]ather than starting from a point where you choose what to share, you start from a point where you chose what not to share.
You begin sharing by default.
It's a good principle for any company, open or not. It's the same principle I hear from a wide variety of open-source companies today, including those that describe their business models as "Open Core." The first impulse is always to open source: holding anything back must clear a number of hurdles.
It seems to be working in accelerating adoption of open source, presumably because open source's transparency and ease of access makes adoption easy. Carol Rizzo, former CTO for Kaiser Permanente, suggests that "average Fortune 500 companies are using more than 100 open-source projects each." And those are just the ones they're tracking.
It also works on the development side, though a debate has resurfaced over the ideal way to encourage openness and adoption. A longtime GPL supporter, I've found myself increasingly in the Apache camp over the past year.
My reason follows Benjamin Black's excellent post on the topic:
...[T]he goal of the GPL and its variants...[is to act] as a virus to force the release of ever more source. The GPL serves to rigidly control what you can and cannot do with software covered by it, and is thus the license equivalent of digital rights management.
This leads to a related problem. The GPL produces, in practice, a two-tiered structure dividing those who control a software project from those who merely contribute to it. Those in the former group are free to create a dual-license: those who want to use the software for non-commercial purposes can do so freely, but those wanting to use the software commercially must pay. The latter group cannot do this, regardless of how much they may have contributed to the project....
When the GPL is abused like this, as it is more and more frequently, the most obvious difference between it and the permissive licenses is a matter of who decides who gets paid. Under the GPL, that control rests only with the project owner, just like content DRM. Under a permissive license, anyone can decide.
The GPL is basically proprietary software with the intent to control through openness rather than opacity. The result is largely the same.
I used to like this because, as I once wrote in Open Sources 2.0 (PDF here), as a vendor I wanted this control:
What we thought was a software development methodology may have far more importance as a business strategy that undercuts competitors while driving down costs and shifting control to buyers. In such a world, those who understand and leverage open source commodification (or escape it) will thrive - everyone else will be marginalized into economic oblivion. Commodification, the highest stage of capitalism; open source, the highest stage of software.
Years later, I'm surprised by how consistent my thinking has been on this (right or wrong - you choose). The GPL is great for control, but if it's community you want, Apache may be the better bet because, following Grams' post, it may be "more open by default."
Glyn Moody offers an excellent defense of the GPL, but the primary thing that Moody misses, and that Richard Stallman and other free-software advocates miss, is Black's critical point about control over who gets paid.
This isn't their concern, and that's fair. But it is the concern of just about everyone else that has to make a living selling software or services around it, which is why you find no businesses of any significant scale that depend upon monetizing GPL software directly. (Even Red Hat doesn't count - it sells a subscription to a closed binary of otherwise open-source software, much of it GPL.)
"Open by default" is absolutely the right strategy for software, in my view. But how different people interpret it will be highly variable. And while I'm leaning toward Apache, I'm grateful that my views can dovetail with the GPL crowd the vast majority of the time. We share a commitment to openness. We just interpret it differently.
Follow me on Twitter @mjasay.
If most developers contribute to open-source projects because they want to, rather than because they're forced to, why do we have the GNU General Public License?
Free Software Foundation
That's the question that hit me last night as I tried to sleep in the shadow of Richard Stallman's MIT. Stallman, of course, originated the GPL, a brilliant way to turn copyright on its head in order to force software to remain open.
But in the process, did Stallman simply create an alternative way to release proprietary software?
I'm not trying to be cute here. Think about it. If you you want to maximize adoption and reuse of your software, why wouldn't you use Apache? Perhaps because you don't like the thought of someone using your free software in a proprietary product?
"I would actually rather nobody use my software than be in a situation where everyone is using my gear, and nobody is admitting it," wrote Zed Shaw, creator of a popular library and Web server for Rails called Mongrel.
Shaw, and perhaps other coders, have turned to the GPL as a way to protect their software from use they deem objectionable. But isn't this precisely what the proprietary software licenses do? The only difference is that the GPL forces code to be open, rather than closed.
Are the two approaches so very different? The effect--blocking undesirable use of one's software--is largely the same.
After 10 years in open source, I'm increasingly of the Apache-licensing persuasion because I'm starting to concur with open-source luminary Eric Raymond that "the GPL is unnecessary...(and) is also a confession of fear and weakness."
If I'm mostly concerned about adoption, Apache promises to be better than the GPL for all the reasons stated by Daniel Jalkut in his excellent ode to Apache.
And if I'm concerned about protection, then why not simply use a proprietary license--one that doesn't scare opposing legal counsel?
With the Web making open-source licensing largely irrelevant, anyway, it's a good time to evaluate the merits of the two dominant open-source-licensing approaches. For this moment in time, they're essentially equivalent, at least to end users and Web developers, neither of which is required to contribute back derivative works.
Indeed, I believe that one of the primary reasons that Linux, MySQL, Lucene, Hadoop, and other Web-oriented technologies have thrived in the past few years is that they have basically come legal-encumbrance-free.
Would Google have built its server infrastructure with Linux if it had been required to contribute all its software back? Almost certainly not. Yes, it has elected to contribute back to MySQL and others when it was advantageous to do so, but I think that Affero GPL, which translates the GPL's provisions to network-hosted software, would have effectively killed the utility of MySQL, Linux, and other open-source technologies for Web titans like Google, Facebook, and others.
In short, perhaps the best thing that could have happened to open source in the past few years is the increasing relevance of its code due to the decreasing relevance of its licensing. More adoption due to fewer controls.
Developers don't contribute to open-source projects out of force. They do so out of interest, desire for recognition, and other reasons. Once you take force out of the equation, the GPL loses its relevance except as a tool to protect against competition...which proprietary licensing perfected long ago.
For those who worry about the world being closed off behind proprietary licenses, it's not going to happen. The software world has been opening up, though not always at the pace some open-source advocates would prefer. On this point Tim O'Reilly has correctly argued:
If you close things off, eventually, you lose. This is why one of my slogans is, "Create more value than you capture." As long as people are doing that, I don't care whether they're trying to capture some value (through proprietary licensing).
In other words, people don't have to be forced into openness. It happens out of natural, selfish desires. Given the history of humanity, that's probably a more dependable basis for business strategy than an expectation of charitable donations through code contributions.
So, wither the GPL? I'm asking a sincere question to which I have hunches but no definitive answers. I'd love to hear your thoughts.
Disclosure: my company licenses its software under the GPL. This post reflects my personal (evolving) opinion and should not be construed as representative of the intentions of my employer.
Follow me on Twitter @mjasay.
As a law student doing my thesis on open-source licensing (PDF), it was nearly impossible to find any substantive legal papers on the topic. In fact, the only one I can remember is Ira Heffan's excellent "Copyleft: Licensing Collaborative Works in the Digital Age" from Stanford Law Review in 1997.
It's about time.
The journal is peer-reviewed by an editorial committee made up of members of the European Legal Network which, despite its name, actually includes legal experts from all over the globe. A few of the better-known names include Andrew Katz, Amanda Brock (Canonical), Mark Webbink (former general counsel at Red Hat), and Lawrence Rosen (noted author and author of the Open Source License). The journal will be released biannually.
As companies like Qualcomm seek lawyers with deep open-source expertise, journals like the IFOSSLR are critical to elevating the depth and breadth of open-source analysis, moving it well beyond the intellectual battleground of opposing ideologues.
The first issue is now available online. As Glyn Moody notes, despite the legal nature of the journal, its contents are genuinely interesting--fascinating at times--and relevant to anyone in the business or development of open-source software.
Follow me on Twitter @mjasay.
The GNU General Public License (GPL) used to dominate open-source licensing, but its hold appears to be slipping according to new research from Black Duck Software. While GPLv3 has seen a 400-percent increase in adoption, and though the GPL and its variants still claim over 65 percent of all open-source projects, Black Duck reports a 5 percent decline in GPL adoption.
This drop makes sense, given the GPL's decreasing relevance to the modern world of network-delivered software and the increasing value of data over software.
ZDNet's Dana Blankenhorn points out that there are no clear replacements arising for the GPL, and he's right. But I'm not sure that's the point.
Peter Vescuso, executive vice president of marketing and business development at Black Duck Software, argues that we're starting to see greater diversity in licensing approaches, as "many developers are selecting licenses that are less restrictive, a move that underscores the broader adoption and value of open source in today's multisource development environments."
Perhaps. Or perhaps developers simply don't care that much about open-source licensing qua licensing very much any more. The real value in open-source software is no longer the software, but rather the resultant services that are delivered over the Web, a theme that Tim O'Reilly has been hitting consistently over the past six years.
The GPL was highly relevant in the Software 1.0 world because it was a great way to protect software assets. In effect, the GPL became the preferred way to replicate the copyright regime, except under the banner of free software.
Today, the GPL (and open-source licensing, generally) is irrelevant.
It's irrelevant because the GPL protects nothing in a world where software is delivered over the Web, because the GPL's "distribution clause" isn't triggered. The GPL becomes BSD/Apache, in short.
Because of this, Web developers long ago stopped worrying about open-source license requirements and instead are focused on data-driven lock-in. Open-source software becomes a way to build free services that encourage adoption, which adoption yields valuable data. That data is the crown jewels in a networked world, as O'Reilly suggests.
Because Web developers don't necessarily need to protect their software, we're seeing more adopt licenses like BSD, Apache, and other permissive licenses in order to foster community, rather than protection, around their software. Those who persist in seeing the world through the Software 1.0 lens continue to try to protect the software, which is why we're seeing a four-fold increase in AGPLv3 adoption. (AGPLv3 extends the definition of "distribution" to include network-based delivery of software.)
The GPL isn't dead, and perhaps it's not even dying. But that isn't the point. The point is that the real question is Web-based delivery of software, and current licensing has almost nothing to say on that topic.
Follow me on Twitter @mjasay.
Microsoft's Internet Explorer continues to hemorrhage market share to Mozilla's open-source Firefox browser. But Microsoft is set to surpass Mozilla in one area: adoption of its open-source Microsoft Public License (MS-PL), according to research from Black Duck Software.
The MS-PL is now used by 1.02 percent of open-source projects. This is impressive given that it was only approved by the Open Source Initiative some two years ago. The Mozilla Public License (MPL), by contrast, has been around for many more years and is used by 1.25 percent of open-source projects, ranking ninth in terms of popularity. MS-PL is 10th but is gaining fast.
It's a matter of coloring inside the CodePlex lines.
The MPL offers some benefits over its long-serving peers like the GNU General Public License (50.17 percent market share), but often the benefits are outweighed by the sheer momentum of the GPL. Whatever its deficiencies, the GPL is a relatively well-understood license.
For those developers looking to go "off-piste" with a different license, and particularly for those with a Microsoft inclination--as is the case with Microsoft open-source code hosting repository CodePlex--it's far easier to opt to do so with the MS-PL versus the MPL, the Eclipse Public License, or another license.
As CodePlex continues to gain in popularity, I expect we'll see the MS-PL push past MPL and potentially even past the MIT License, which currently ranks seventh at 3.79 percent share. When that happens, it will be a sign that Microsoft has truly arrived as an open-source player.
Of course, I suspect that Microsoft would rather beat Mozilla in browser market share than in license market share. But you can't have everything, now can you?
Follow me on Twitter @mjasay.
I have spent years advocating the GNU General Public License as the optimal open-source license for commercial open source.
Roughly nine years after I first became a fan of the GPL, I think I've been wrong.
My admiration for the GPL mostly stemmed from its ability to mimic, but then invert, proprietary licensing. The GPL is like opening a cannister of radioactive waste: while your competitors can touch it, you're dead certain that they won't.
Given that openness is increasingly a winning business model--if not the winning business model, as Red Hat executive Michael Tiemann argues--one has to wonder if pretending to be open through the GPL accomplishes as much as fully opening up through Apache-style licensing would.
Open-source luminary Eric Raymond is pretty clear on this point:
I think we live in a...universe...in which the GPL is unnecessary rather than futile. Mind you, I am not claiming the GPL is entirely useless. It's a signaling behavior, like wearing a crucifix or yarmulke or pentagram; it helps build trust groups. But it has costs, too.
It creates a lot of needless fear from potential allies and users who suspect they won't be able to control their exposure, if they let it in...Is the GPL's utility as a form of in-group signaling worth the degree to which fear and uncertainty about it slows down open-source adoption? Increasingly, I think the answer is no.
The GPL may be a community-building signaling device, but it is also a confession of fear and weakness. To believe that it matters, you have to believe that you live in a...universe where closed-source development is such an attractive proposition that you have to punish people for trying to move to it.
In other words, if openness works (in the Jamesian, pragmatic way), why not give it free rein, rather than hedging our open-source bets to the point of obviating their efficacy?
Equally important, we may not be getting the "protection" we seek from the GPL, anyway, as the GPL becomes the new BSD in the cloud, as Linus Torvalds recently commented to me in an e-mail:
AGPL/GPLv3 anti-ASP/TiVo language doesn't "protect" anything. There is no upside to pushing freeloaders away.
Sun Microsystems CEO Jonathan Schwartz rightly identifies adoption, not protection of freedom, as a key open-source benefit: open source provides an efficient way to distribute software to the maximum audience at the minimum price. With this in mind, unfettered Apache-style licensing would be the ideal license to maximize adoption, despite likely being the worst way to directly monetize software.
So long, however, as one's business either monetizes software indirectly (i.e., Google with its advertising model) or adds to the open-source components with commercial extensions (i.e., IBM with proprietary software, services, and hardware add-ons), then a company should be able to reap a bounteous harvest from its open-source seeds.
In sum, the GPL may well be an excellent capitalist tool, but Apache licensing could well be even better.
Disclosure: My company uses the GPL, not an Apache license.
Follow me on Twitter @mjasay.
The Open Knowledge Foundation blog provides some excellent reasons to take open-source licenses seriously, especially for data on the Web, but these struck me hardest:
Together, a definition of openness, plus a set of conformant licenses, deliver clarity and simplicity. Not only is interoperability ensured, but people can know at a glance, and without having to go through a whole lot of legalese, what they are free to do...Thus, licensing and definitions are important, even though they are only a small part of the overall picture.
If we get them wrong, they will keep on getting in the way of everything else. If we get them right, we can stop worrying about them and focus our full energies on other things.
Efficiency can be reached through consistency and transparency. This is why licenses like the General Public License and Apache/Berkeley Software Distribution work in open source: everyone knows what they mean or, at least, what everyone else thinks they mean.
They're not perfect licenses, but they're understandable, and the Open Source Initiative has proved invaluable in ensuring the ongoing integrity of what "open source" means.
As the debate shifts from software to the data enabled and constrained by software, it will be critical that open data licenses emerge. Just as open source and open protocols paved the way for the modern Internet, so, too, will open data ensure the freedom of the next-generation Internet.
Open-source licensing is fundamentally about efficiency, not law. It's about understanding and keeping everyone on the same page so that the more important work can move forward. Licensing matters.
