Apache better than GPL for open-source business?

I have spent years advocating the GNU General Public License as the optimal open-source license for commercial open source.

Roughly nine years after I first became a fan of the GPL, I think I've been wrong.

My admiration for the GPL mostly stemmed from its ability to mimic, but then invert, proprietary licensing. The GPL is like opening a cannister of radioactive waste: while your competitors can touch it, you're dead certain that they won't.

Given that openness is increasingly a winning business model--if not the winning business model, as Red Hat executive Michael Tiemann argues--one has to wonder if pretending to be open through the GPL accomplishes as much as fully opening up through Apache-style licensing would.

Open-source luminary Eric Raymond is pretty clear on this point:

I think we live in a...universe...in which the GPL is unnecessary rather than futile. Mind you, I am not claiming the GPL is entirely useless. It's a signaling behavior, like wearing a crucifix or yarmulke or pentagram; it helps build trust groups. But it has costs, too.

It creates a lot of needless fear from potential allies and users who suspect they won't be able to control their exposure, if they let it in...Is the GPL's utility as a form of in-group signaling worth the degree to which fear and uncertainty about it slows down open-source adoption? Increasingly, I think the answer is no.

The GPL may be a community-building signaling device, but it is also a confession of fear and weakness. To believe that it matters, you have to believe that you live in a...universe where closed-source development is such an attractive proposition that you have to punish people for trying to move to it.

In other words, if openness works (in the Jamesian, pragmatic way), why not give it free rein, rather than hedging our open-source bets to the point of obviating their efficacy?

Equally important, we may not be getting the "protection" we seek from the GPL, anyway, as the GPL becomes the new BSD in the cloud, as Linus Torvalds recently commented to me in an e-mail:

AGPL/GPLv3 anti-ASP/TiVo language doesn't "protect" anything. There is no upside to pushing freeloaders away.

Sun Microsystems CEO Jonathan Schwartz rightly identifies adoption, not protection of freedom, as a key open-source benefit: open source provides an efficient way to distribute software to the maximum audience at the minimum price. With this in mind, unfettered Apache-style licensing would be the ideal license to maximize adoption, despite likely being the worst way to directly monetize software.

So long, however, as one's business either monetizes software indirectly (i.e., Google with its advertising model) or adds to the open-source components with commercial extensions (i.e., IBM with proprietary software, services, and hardware add-ons), then a company should be able to reap a bounteous harvest from its open-source seeds.

In sum, the GPL may well be an excellent capitalist tool, but Apache licensing could well be even better.

Disclosure: My company uses the GPL, not an Apache license.

Follow me on Twitter @mjasay.

[JosefAssad]

I'm not so sure ESR and Jon Schwartz are really the people to listen to when it comes to adopting a position with respect to open source licensing ideologies, Matt.

[Random_Walk]

I tend to agree. I respect ESR (and yes, I've read 'Cathedral and Bazaar'), but I think he is mistaken as to the nature of the GPL and its role even today.

I mean, seriously - am I the only one who remembers how frickin' impossible it was in the programming community to share ideas back in the day, and keep them from being stolen and locked up? Am I the only one who remembers the Windows 2000 networking code that was ungraciously swiped from BSD, then noticing that Microsoft complied with the BSD license only after burying the required credits notice in a DLL file? Do we really want to go back to those days?

It's not like you're trying to "punish" people for trying to lock up code, it's a mechanism for preventing what companies do even now with many existing OSI licenses - exploiting loopholes to profit off of others' IP with no recognition or return of improvements.

Now I'm not saying that the GPL is the end-all and be-all, but seriously - the Apache license and the zillions of OSI-approved licenses only came about because the GPL existed in the first place. The GPL is more than just a 'token' or a signaling device... it is a solid license that insures that a developer who wants to keep his or her source code open can do so with no equivocation. That's all it is.

If a business is that afraid to use it, then perhaps that business can instead write its own code.

[odubtaig]

Yes, anyone wanting to use GPL code in a closed product could always contact the author(s) to see if an alternative licensing arrangement can be agreed upon (for a fee). If you want people to pay for your software then don't expect to be able to cobble it together for free.

[Amir-Shevat]

It is not a matter of ideology; it is a matter of open source business strategy.
You can read my full opinion about ?Why I think GPL is a poison pill for open source market share?
http://spacebug.com/Open_source_community_should_employ_Microsoft_business_strategies

[Random_Walk]

@Amir: The last thing FOSS wants or needs to do is to stoop to the level of illegal practices and being a crappy business partner.

In case you hadn't noticed, companies like RedHat are making record profits even in this economy. IBM is still doing just fine as a huge FOSS contributor. Oracle and Cisco are getting into the game and seeing positive results. VMWare incorporates FOSS just fine, and is making a killing in profits... all in an economy that is hating it. What part of FOSS' already growing market share did you miss?

[mystereman]

Random_walk. I think you're awfully self-rightious for someone who's facts are incorrect. Windows 2000 did not use the BSD network stack. The original Windows NT 3.1 did, but it was later removed. Windows 2000 had it's own stack. it did still contain the usermode apps, like telnet and ftp that were BSD licensed.

Further, Microsoft never "stole" the BSD stack. They licensed it. They paid for it. The key is to look at the copyright dates, which pre-date the first open-source version of the open source BSD network release. This code was licensed (for a fee) by the Regents of UCB to Spider software. Spider, in turn, licensed it to Microsoft (again, for a fee as they were allowed to do in their license with Berkeley).

To read the history of the BSD stack in Windows, check out this article written by Adam Barr (who worked on the project).

http://www.kuro5hin.org/story/2001/6/19/05641/7357

Not that I think this will change your opinion, but at least you should get your facts right for your argument.

[mattflaschen]

I agree completely. The alleged "fear and doubt" regarding the GPL is really just proprietary manufacturers way of telling you they'd rather not have to reciprocate. The GPL consistently gets the result it was made for, user freedom, and there is no reason to drop it.

As for Torvalds's claim that, ""AGPL/GPLv3 anti-ASP/TiVo language doesn't "protect" anything. There is no upside to pushing freeloaders away.", if it were true that it made no difference, why would companies like Google be trying to stop it? Clearly, it does make a difference to them and their users' freedom.

I believe that apart from the obvious bias in ESR views, the underlying analysis is too simplistic and off the mark. I wrote a rebuttal here: http://carlodaffara.conecta.it/?p=206 And the problem of the cloud ("the GPL will become the new BSD") is real, but uncorrelated to Eric's analysis, and in my opinion requires a different approach (related to scale and what is the optimal balance between openness and maintenance cost, for example).

[Mike Milinkovich]

I certainly agree that more permissive licenses help industry adoption[1]. But what we're discussing here is really the range of business models enabled by these various licenses. I think that the "weak copyleft" licenses such as the EPL and MPL offer some significant advantages where you want to have an open source platform enabling a commercial ecosystem.

There is no one right answer.

[1] http://dev.eclipse.org/blogs/mike/2009/04/27/licenses-matter/

[ITRebel]

We should be wary anyway of theoretical economic non-speak given how economists have done such a good job of managing how economy. Additionally, this theoretical talk from economists in the links provided about efficiency of different licenses and how the market will punish companies for wanting to move to open source misses one major point. The measure that companies want from software is profitability and not adoption. Why is it that all major profitable software companies continue to be mainly proprietary software companies and why is it that Sun is no longer a company since it bought MySQL (which I have been warning about going way back)? Adoption is the wrong measure of the efficacy of a software business model, whereas profitability is the correct measure. Theoretical economists need to go out and start businesses and they might learn a bit about economics and profitability which would end up help our global economy enormously.

[ITRebel]

Sorry, my statements should have read "punish companies for want to move to closed source" and "all major software companies continue to be closed source" in the above paragraph. I am also guilty of non-speak at this early hour of the morning.

[odubtaig]

...and guilty of completely ignoring Sun's flailing hardware division and that Oracle claim to be most pleased with the acquisition of Java which is, get this, open source, that change doesn't happen overnight (how long did it take IBM to shrink to its present size?) and that open source is still a growth area.

You're not big on acknowledging anything which contradicts your point of view, are you? No, don't start with your ********* on MySQL, it grew solidly from inception and never made a loss, unlike Sparc/Solaris.

[DMAN3k]

The problem with GPL is RMS.

RMS is just a flat-out crazy communist. Although the ideals of communism isn't bad, it's that RMS is a believer of communism economy which flat-out doesn't work until we end the human need to acquire wealth and power. Sorry, good for Star Trek, not good for our times. And to believe that GNU is good for software as a service, you have to be a bit insane.

[Random_Walk]

I couldn't care if Adolph Hitler or Josef Stalin wrote the GPL... the text and the mechanisms it uses make perfect sense. The thing is ideologically neutral as far as I'm concerned.

[odubtaig]

Source?

[pentest]

I am confused. The GPL was written by RMS, and is a very free market type of license. Yet you claim he is a communist?

[Random_Walk]

@pentest: indeed - the very basis for the GPL relies on free-market principles, and GPL code is far more reliant on the free market to survive than proprietary code.

[rapier1]

It's odd but I find myself agreeing with Asay for once. I've often found GPL to be overly restrictive and fear inducing to the point where many of the semi-commercial products I work on strictly avoid it's use. The Apache and MIT style licenses are more amenable to our business model and has actually allowed me to placate the partners and customers that would rather see the use of closed source solutions.

[pentest]

Of course, you can use the code and not have to pay for it via reciprocity. Crappy businessmen like that sort of thing.

If it is fear inducing it is only because those that fear it are uneducated about the GPL.

[onnoweb]

This article seems too simple a comparison of two licenses and the business models they may enable. I believe that the Apache license is a tough choice if software is your company's main business and source of income. Case in point: Alfresco uses a GPl-like license. Yes, IBM makes use of the Apache license but not for its main products as outbound license and probably for good business reasons. The Apache license seems to work well if adoption is indeed the overriding goal (eg Apache HTTP server and Tomcat). When wanting wanting to create a commercial ecosystem or in general a commercial business based around the software then other licenses like GPL (the Linux companies) or EPL (Eclipse et al) seem to work better.

I agree that for a business the BSD-style licenses are much nicer as inbound licenses, but the picture is much more complex in the case of outbound than the author paints in this article.

[jimmyed2000]

Hi Matt, here are my thoughts on this topic:

http://jamesdixon.wordpress.com/2009/04/27/is-the-general-public-license-gpl-futile-or-unneccessary/

My summary - the GPL is a work of art as far as licenses go: simple, elegant, and principled. It is also effective. But it wasn't create for commercial open source companies to use as a deterrent.

Apache and Eclipse are clearly very successful without having the IP lock-out that the GPL has.

The GPL is therefore effective (and thus not futile), but obviously not necessary for open source success. We will have to wait a long time to see whether the GPL becomes de-facto or legacy, it is the most popular license at the moment.

[alegr]

So you're saying Ballmer and Gates were right about GPL? Better late than never.

Oh, and all those backward communistic regimes and dictators (Putin, Chavez et al) are so grateful to their buddy RMS for free Linux. In the old times commies had to steal IBM's and DEC's bits; not anymore.

[pentest]

LOL

Too bad MS is more communistic than OSS is.

[ITRebel]

Below is an interesting link to thread in the open source R community's developer forum this week about what can go very wrong with GPL. Basically Revolution-Computing is a proprietary start-up that has developed a parallel version of some 700 GPL-licensed R programs that were originally not coded for parallel processing. Making these programs parallel might mean just changing a small part of the original code. You can see that developers who wrote the original code are not at all pleased and one of them actually notifies Revolution-Computing of his legal claim and legal dispute in the developer's forum. This is the worst nightmare for any start-up. Now they have to fend off legal claims from possibly as many as 700 developers who dispute their interpretation of the rights granted under GPL. These developers have a wonderful open forum in the deveoper's forum to state their legal claims. How can any start-up software business ever make a profit or even attract investors if it is being hit by this kind of barrage? Yes, there is a problem for software businesses that are held hostage to the GPL.

http://www.nabble.com/Re:-About-ParallelR-and-licensing-of-packages-p23249148.html

[odubtaig]

If you take GPL code and put it in a closed program you are in breach of the author's copyright, an absolute ******** and you deserve to be sued into the ground.

However, that letter is an attempt to resolve the issue without suing.

That's not a danger of the GPL, that's a danger of being a thieving little git no different from stealing that Microsoft code that was leaked the other year.

[MichaelTiemann]

Just because Revolution-Computing is a start-up does not in any way exempt it from complying with the GPL. And just because Revolution-Computing employs people who have been friendly to the FSF or the OSI does not in any way exempt it from complying with the GPL. Indeed, I would expect such people to have a sufficiently robust understanding of those requires so that complies is assured, not assumed nor waived.

I know of no companies that hostage to the GPL. The GPL is a license that grants many important rights, subject to certain requirements and responsibilities. If a company cannot fulfill those requirements nor uphold those responsibilities, then it should not expect to enjoy those rights. It is the same thing with a checking account: if you don't have the money in your account, to write checks you cannot afford to cover. Only the most fraudulent companies act in such a cavalier fashion with respect to their checking accounts, and when caught, they plead guilty (Madoff) or protest their innocence while juries convict them. I have yet to hear any of them say "I was a hostage to my checking account! I blame the banks, the capital markets, and the US Federal Reserve!" Why, then, blame the GPL in this case? It's absurd.

[teh_chrizzle]

bsd style licenses have their place, as does the GPL.

as for the costs associated with the GPL, i would only trust a company that GPL's it's product. in my situation (IT guy with zero budget) GPL is the only way i can be sure that a tool or service i use/deploy will not result in complications later. i see this sentiment echoed among many of my colleagues.

[narrowhouse]

The article makes a number of good points, but in some cases I think it contradicts its own premise.

"...unfettered Apache-style licensing would be the ideal license to maximize adoption, despite likely being the worst way to directly monetize software."

A small open source based business can't always afford to care more about the adoption of its software than it does about the ability to prevent larger and better staffed competitors from taking the ball and running with it.

To not believe in a "universe where closed-source development is such an attractive proposition that you have to punish people for trying to move to it." is to not believe in a universe where many companies care more about short term profit than almost anything else.

The GPL gives companies a reason to listen to the angel on their shoulder that says software quality, user experience and matter. The devil will just shout "take it, make a buck and move to the next big thing". The devil's way leave us in a world where people pay for software that does 85% of what they need it to do, in hopes that the software vendor will see value in adding the extra 15% (sound familiar?).

The Apache license will work for projects that are already at the 85% mark because companies will monetize adding the last 15%. If a traditional software company finds a piece of software that is under the Apache license that they can make quick changes to, allowing them to grab market share greater than the open version and ruining the market for everyone else with proprietary bits they often will just for the quick win.

[HymanRosen]

The purpose of the GPL is to provide users of software with the freedom to run, read, modify, and share it. If people find that the GPL gets in the way of their providing software to users while withholding any of those freedoms, then the GPL is functioning as intended.

The purpose of the GPL is not to help develop better software or to save developers time or money. Any of those are laudable goals, but they are not the goals of the GPL.

[pentest]

It is not a coincidence that the Apache license was written for projects with absolutely no interest in "monetization". You business guys sure love your meaningless buzzwords.

In fact, it is no coincidence that the best, most stable, most advanced, and most flexible OSS projects have absolutely no concern with profit. It is the Alfrescos and other pseudo-OSS companies putting out the crap.

It is also no coincidence that the very best OSS is leaps and bounds better than competing proprietary alternatives.

[russ danner]

Wow, I?m so late to the party here! Matt, I admit I am shocked.
This thread has been interesting; a lot of good points.
The best license for the job depends on your motivation. Motivations will move with maturity and circumstance.
If you want to motivate adoption, use a more permissive license. If you want to keep your options open and run a business (given the maturity of most OSS projects to Narrowhouse?s point) you need a license like the GPL.
IMO use of the GPL and careful management of your copyright is absolutely necessary for a commercial endeavor. Both are important.
It?s indisputable that too much (extreme) FREE is bad for business. GPL is 100% open and only restricts FREE when someone other then they copyright holder is trying to redistribute the IP. Awesome ? this is AS IT SHOULD BE. If you own the copyright all this amounts to, is giving you, the owner, the option to choose how you want to proceed with the particular entity wanting to redistribute the IP. Through the GPL, you by default demand code. However, through a dual license you have the option to waive this for cash or even give the IP away if you so desire ? which you may do in some rare case, but not to a competitor. ASF and the like provide no such option / feedback. For the purposes of business, the negatives clearly do not outweigh the positives here.
GPL signals that while you are open with your IP, you also see the unique value it offers. If you are in the software business you have expectations around that value:
? Attribution for your work.
? The right to decide how it is shared (starting from the common ground GPL provides.) Dual licensing etc.
? Payment when someone else wants to distribute your work. Code or cash.
? Not be someone else?s free lunch.
Matt, is this really a change of heart here? I think not, but if so, lets get down to the mechanics of how you think this ASF/BSD model might work if massively employed for the majority of commercial open source projects. Few are in the class with IBM and Red Hat so I would suggest that these are not particularly great cases given the maturity of most other projects. While they are important parts of the echo system they are hardly representative. Can you describe how such an ecosystem (with near zero enforced feedback mechanisms) would thrive more profitably (read cash) than it would with the help of the GPL?

[russ danner]

Should have used open office :P -- copy and paste from Word.. clearly that worked out well.

[pentest]

As a license for commercial work, the more permissive licenses are not very good. They are great for the OSS projects that use them, but they do allow a free lunch for businesses.

[MichaelTiemann]

Ugh.

Matt, if you are going to use my name to make one of your arguments, you should at least report whether my 20+ year history of speeches and writings agree with your argument or disagree with it.

I have always preferred the GPL (or LGPL when appropriate) license to licenses like MIT or BSD, and that is why I have written more lines of code for GPL-based projects than non-GPL-based projects by more than 1,000 to 1. Indeed, I believe that MySQL eclipsed PostgreSQL not because it was a better database, but because the PostgreSQL license encouraged quasi-proprietary appropriation of their open source code (just as Sun appropriated the BSD Unix software). Such appropriate may attract a lot of venture capital, but it doesn't grow the project very organically.

Of course, as President of the Open Source Initiative, I don't run around saying "any non-GPL license is BAD BAD BAD". I *don't* say that. But I do prefer GPL, as a developer, and as an entrepreneur, and if anybody wants to experiment with other open source-approved licenses, go right ahead. But don't say that my recommendations are away from GPL--that is false.

Now, if you want to say "funny that Michael Tiemann, who likes the GPL, also thinks that openness is key to the success of open source, and since I find the GPL closed to people who want to build hybrid models, I think Michael is preaching a paradox," that's fine with me. But please do not leave your readers with the impression that I'm a GPL-basher, because I'm not.

[pentest]

I am curious how you can say that "I find the GPL closed to people who want to build hybrid models" because there are plenty of counter-examples.

[noble_paul]

GPL is evil and it ensures that the contributors will not be able to earn revenues from it. Imagine ,if I have contributed a lot to a GPL project and I wish to build a consulting business over the project by offering custom extensions to the software, I will be forced to open the code and that may threaten my ability to make a living.

Why should a license force me to open up the code that I have written if I do not wish to .

[russ danner]

Because you are standing on the shoulders of someone elses' work, and that's the terms they laid out for those who wish to do so. Seems fair to me.

That said:

It's all in the packaging and distribution.

If your extensions are an add on and are distributed separately there is no issue what-so-ever. You can even license differently. You also need to be careful on how you bind to the software.

If you create something that REQUIRES a GPL product embedded. You invoke the viral nature.

I really believe the AGPL, the GPL and the LGPL are good licenses that IMO have made it possible for open source to thrive and further for commercial open source to thrive.

If you look closely at the GPL, the network loophole is not the only movement in the document. Take a look (or another look as the case may be) for yourself. It's a good document and I think it bends where it needs to bend and holds strong where it needs to hold strong.

Don't forget. The author chooses the license. And the OSI has a wide, wide, wide (probably too wide) a range of licenses from the most open of open to the most viral (like AGPL.) It was the choice of the author. She chooses the license because it scratches her itch. Just like the software that she writes.

If you absolutely need to embed a GPL product in your product and none of the movement in the document can help you out you always have the three C's

* pay the owner *C*ash
* provide your *C*ode to the community and make your money on superior service
* *C*onvice the author dual license the code to you on whatever terms you can work out

[noble_paul]

russ,

I respect the authors of GPL s/w and I am not going to breach any of the terms laid out by them. But I can choose not to use it . That is why i show the preference for ASL style license.

[korakmitra]

There definitely seem to be different points of view on this article and topic.

GPL is a perfectly good license especially in a pure open source environment. It has been extremely successful, so it must be doing a lot of things right.

However, most commercial software developers have objectives that are not compatible with GPL. They want to "profit" from their software, and yet they want to leverage open source where it makes sense. Most, do not have a problem contributing back modifications they make to the open source, but they will not tolerate any risk to their own proprietary code, and they are not interested in changing their business model to become pure open source.

Thus, commercial software developers will tend to leverage open source but only if it is licensed with a "commercial friendly" license like BSD, Apache, CPL/MPL and sometimes, LGPL. The viral nature of GPL is basically a deal breaker. This may be exactly what GPL advocates want, ie, perhaps they would see commercial software companies as entities that they do not want to adopt their software.

http://sourceauditor.com