How do you handle OSS licenses?

Answers (6)

Write answer

When I need to quickly understand what a license means, I look it up on: TL;DR Legal

Here's the TL;DR of the MIT license: https://tldrlegal.com/license/mit-license

It breaks it down so at a glance it's easy to understand what you are allowed to do, not allowed to do, and how attribution works.

I'm a big advocate of open-source software, and believe that open-sourcing your work is an important way to give back to those that follow in your footsteps, an act of corporate stewardship.

Because I love open-source so much I used to use a lot of plugins and libraries and free-to-use snippets in my work, but after having worked for a number of companies who later sold their product (or themselves) to another company I've had to retroactively sign releases claiming that 100% of the work I did on the project was legal and all code is 'owned' by myself and the original company, and that I would personally take legal liability after making this statement so if there ever was a dispute about ownership of the code.

After signing those a few times I prefer to do clean-room implementations of ideas, and work mostly with my own code. I still believe in open-source, but for me the licenses make it tricky to work with a lot of OSS code.

For my own releases, I have been using MIT because it seems very liberal. In the future I might go full 'Public Domain' for stuff I release just so there's no possible confusion.

@tomhodgins I would never write my code into the file of a third-party library... I rather split up my own code into many small files! But I guess everyone is different, huh :)

@ndaidong yeah, you are right. But the problem is that many different licenses have many different requirements and as a result have to be handled in different ways. The many different licenses stem from everyone having diffferent thoughts about how OSS code should be handled (see our discussion alone; which is a good thing imho, btw). Problems arise especially then, when you do not want to go opensource. I really love programming and contributing to the community, but I also need money, hence I have some proprietary projects :)

Write a reply...

Generally I just do everything MIT unless I'm forking something with a more "viral" license -- for example, back in the day a lot of Joomla plugins were GPLv3 (and they probably still are...), which requires anything made from them also to be GPLv3.

Anyways, MIT just simplifies everything, no thinking, no questions, etc.

Yup. Avoid GPL and AGPL like the plague.

Write a reply...

I generally use Apache 2.0. I feel it's a pretty open one allowing you to use it for personal or commercial, while not necessarily requiring recontribution. The recontribution clause (a la GPL) is what stops most companies from using GPL packages. I fully believe it is very important for people to recontribute back to the community, but I also realize that we live in a real world and some code is proprietary and should not be exposed outside of the business, so forcing someone to just doesn't seem right

Write a reply...

I just use MIT. Let's take a look at this page where everything has been explained as well:

http://choosealicense.com/

Write a reply...

Pivotal as a good license finder tool to analyse dependencies of licenses which works with ruby, python, node, go, java and many other types of projects.

I have been strongly recommended this book by Van Lindberg. It is in my reading list for 2017.

Write a reply...

The hard part is especially NPM since of the dependency load it's impossible to keep track of all the licenses.

I don't know if they have anything to prevent problems.

@emilmoe the backend is ok, since you do not compress them and probably just do npm i ., which leaves all the licenses in place. But as for the browser, you usually strip everything using webpack or something similar. So you ship libraries without licenses, which is not ok and has to be handled in some way, no?

Write a reply...

loading ...