Skip to main content

The businessmen's guide to open source licenses

·4 mins
Kristof Kovacs
Kristof Kovacs
Software Architect & DevOps Consultant

Hello, I’m Kristof, a human being like you, and an easy to work with, friendly guy.

I've been a programmer, a consultant, CIO in startups, head of software development in government, and built two software companies.

Some days I’m coding Golang in the guts of a system and other days I'm wearing a suit to help clients with their DevOps practices.

is it OK to take program code under the ______ license, add our own functionality, and then ______?

The "TLDR" answer is: #

License name ...sell / license as a product? ...provide it as SaaS?
BSD / MIT License OK OK
Apache License OK OK
MPL (Mozilla Public License) If done right * OK
LGPL (Lesser GNU Public License) As a larger work ** OK
GPL (GNU Public License) Your code must be given away for free OK
AGPL (Affero GNU Public License) Your code must be given away for free Anyone has to be able to download and use freely


* MPL covers only the original files, and new ones that contain code from the originals. Your new files are yours, and yours only.

** It's okay if your product is NOT the modified version of the original code, but a program that just uses ("links") the code under the LGPL.

TIP: Interestingly, you can also legally modify any code under any of these licenses (even AGPL), and use it internally in your organization, without having to give your modifications to anybody.

TIP 2: For all these licenses, it's legal to contract for software development work on an open-source software for a client, who then will use the resulting product internally.

There are some things to watch out for #

GPL cares about where the code runs. Even if you provide something as SaaS over the Internet, some parts of your software (JavaScript) actually is distributed to your costumers. Just as an example, ExtJS is under GPL, but you MUST NOT base your SaaS on it, since the code gets transferred to the visitor and then run there, requiring you to distribute your code for free under the GPL too.

GPL and AGPL are picky about what kind of code gets linked to it. Not even all open-source licenses qualify.

In what exact way parts of your code interact with each other can be important. For example, you can make GPL and non-GPL code communicate through a database, web services, or APIs. But the moment you call GPL code directly, your code must be put under the GPL.

Some of these licenses may require you to include notices, source code of the original, or other things to include with your product distribution.

Make your project manager and lawyer talk to each other!

IMPORTANT: You may be providing a service over the Internet now, but also think about the time when you might want to sell your assets to another company; either because you are selling the service to somebody, or because you're redistributing your assets. I'm just saying, think ahead!

What about GPL v2 versus GPL v3? #

Earlier, when GPL was v2, there was talk of putting an anti-SaaS clause into v3, but later the Affero GPL was created for that purpose. (This causes lots of confusion.)

Actually, the differences between GPL v2 and v3 are not really important to you, unless:

- you own related trademarks,
- you are developing something that enforces DMCA,
- you are disallowing modified code to run on your hardware.

The financial benefits of giving code back for free #

Besides being a socially responsible businessman, you should also know that giving the code you have had developed to the open source community for free can also be the right thing to do financially. If you are not profiting directly from that code, it's rarely smart to hang onto it.

The community will go forward with the development anyway. Their next release will have nice new features, bug fixes, and better security. If you have kept your code secret, you will be the one who pays (in money or in time) for the integration of that secret code into their new releases. Or integrating their security fixes into your code. Both get messy quick, even with the help of state-of-the-art version control systems (that you should be using for every project, but that's another article.)

Gnu Public License FAQ
Mozilla Public License FAQ
Apache License FAQ

Disclaimer #

I'm not a lawyer and this article should NOT be considered legal advice. Always consult your own lawyer before betting the company on somebody else's licensing terms (this applies both for open-source and non-open-source licenses).

Don't take legal, medical, or financial advice from strangers on the Internet, ok? :)