Permissive vs Copyleft Open Source | shazow.net<br>&larr; Back to shazow.net<br>The premise of copyleft licenses is attractive: Create more open source!<br>With permissive licenses, someone can take the code and make proprietary modifications to it and sell it to other people without releasing the modifications. We want people to publish their improvements, right?<br>With copyleft, we can force people to publish their improvements to copyleft code. Businesses will want to use our code because creating it was so much work in the first place. We need copyleft if we want more contributors, more open source, more code re-use, more freedom.<br>Right?<br>Wrong.<br>In this post, I break down all the ways copyleft licenses fail to achieve their stated goals, and explain why permissive licenses succeed where copyleft fails.<br>Background<br>(Skip this if you already know the difference between permissive and copyleft licenses.)<br>Open source licenses were created for important reasons: To protect the author, to protect the contributors, and to protect the consumers. This is achieved through codifying rights regarding redistribution, derived works, discrimination, and disclaimer of liability/warranty. Perhaps most importantly, an open source license is designed around allowing us to &ldquo;fork&rdquo; a project while retaining all the rights in the license.1<br>When picking an open source license, there&rsquo;s two camps: Permissive licenses (like BSD, MIT, Apache-2.0) and copyleft licenses (like MPL, GPL, AGPL).<br>Permissive licenses give the author the same rights as the contributors and consumers. Everyone can do anything as long as the license is not removed from where it is. If you want to use permissively-licensed code in a proprietary program, go wild.<br>Copyleft licenses are different–they were created as an exploit of our intellectual property and copyright system, a kind of &ldquo;virus&rdquo; to combat our proprietary rights-reserved-by-default legal system. With copyleft licenses, derivative work is required to perpetuate the same license. The boundary of derivation varies between licenses. For example: MPL constrains at the &ldquo;file&rdquo; level, GPL is at the binary distribution level which can be bypassed with dynamic linking, AGPL is at the &ldquo;network&rdquo; level specifically to target SaaS usage.<br>There are many downstream repercussions of these details that I&rsquo;ll discuss below.<br>Copyleft is asymmetric<br>(Please bear with me as I take a brief detour to explain this not-very-intuitive point that comes up again and again. It turns out the asymmetry of copyleft is a critical flaw relevant in many scenarios.)<br>In the construct of our society&rsquo;s intellectual property law2, the author retains copyright by default. If I write some code and don&rsquo;t explicitly release my rights to it, then it is considered proprietary and owned by me by default. I don&rsquo;t even need to write &ldquo;all rights reserved&rdquo;!<br>Having copyright over my code gives me the right to license it however I want. I can keep it proprietary, or I can make a custom contract to sell to a customer or another publisher, or I can release it under a common license template like an open source license.<br>When I commit code to a code repository with some open source license, I am consenting to include my code under the project license (which usually lives in the root of the repository and applies to the whole thing unless said otherwise). But because I still own the copyright to my work, I can also release the same code under a different license in a different repository.<br>This means as an author of some copyleft code, I have special rights that my users don&rsquo;t have: I am allowed to use my code for proprietary purposes, but my users are not.3<br>Permissive licenses don&rsquo;t have this asymmetry by virtue of giving everyone the right to use the code for proprietary purposes.<br>Okay, why is this important?<br>Custom-licensed copyleft code is a liability<br>Some projects choose copyleft licenses as a way to convince businesses to pay for a custom license.<br>On paper, this sounds rational: The code is available to review and even prototype against, but deploying to customers may cross the viral copyleft boundary and a business would choose to pay for a custom license from the maintainer to avoid relicensing their entire product.<br>For every dependency that a business pays for a custom license, it adopts a liability and creates another point of failure. Each dependency has the power to rug the business: They can choose not to renew the license next year, or they can choose to pivot the project in an incompatible direction, or they can refactor in a way that increases the copyleft boundary.<br>Most importantly, the business has no recourse!4<br>Recall that with permissive licenses, we all have the same rights: If a maintainer does something that doesn&rsquo;t work for me, I can simply fork and continue using the code as I was before. I don&rsquo;t lose any rights even if I was...