I ask this because I think of the recent switch of Ubuntu to the Rust recode of the GNU core utils, which use an MIT license. There are many Rust recodes of GPL software that re-license it as a pushover MIT or Apache licenses. I worry these relicensing efforts this will significantly harm the FOSS ecosystem. Is this reason to start worrying or is it not that bad?
IMO, if the FOSS world makes something public, with extensive liberties, then the only thing that should be asked in return is that people preserve these liberties, like the GPL successfully enforces. These pushover licenses preserve nothing.
like the GPL successfully enforces
I’m not aware of the GPL being legally tested to where you can claim that; there are a lot of open questions, and it has failed to protect works from AI companies, for example.
You’re taking an incredibly slanted position. There is a whole world of vibrant, viable, meaningful FOSS outside copyleft licenses. Even when one philosophically and politically prefers copyleft licenses, sometimes there are cases where the humanitarian or practical argument favours permissive licensing. But there are many who simply don’t share your interpretation of the philosophy and politics.
I like non-copyleft licenses for one reason. Imagine if ffmpeg devs were like:
so many security vulnerabilities, your free labor is bad
thanks for pointing that out, it’s not longer free
Most devs (including me) want to have some control over what they made. Permissive licenses allow rugpulling project if someone is using it while making YOU do stuff. ffmpeg is a great example. You may not like it but that’s how it is.
Yes.
Anyone who cares about user freedoms is not choosing a permissive licence.
The problem is developers only caring about themselves and other developers.
When I talk to devs I know who like FOSS, they are always focussed on their needs as a dev when it comes to licences. The real concern was, and always should be, for the software user’s freedoms.
God forbid developers earning something for their work
uutils developers aren’t earning any more than coreutils developers. This is an orthogonal discussion.
That’s good point.
Another thing that is dangerous are CLAs or “contributor license agreements”, like Google uses for jujutsu. Technically, it is GPL, but Google demands to hold all the copyright, so it can change the license at a whim.
A little bit.
A lot of the Rust remakes are being made by morons who have no problem using weak licenses that favor corporations.
We should hold them accountable and avoid using/contributing to their projects until they switch to a free license.
Coreutils has little commercial value to take can create a proprietary fork of. There is little value that can be added to it to make it worthwhile. The same is for sudo - which has had a permissive licence from the start. In all that time no one has cared enough to fork it for profit.
Not saying that is true of every project. But at the same time even GPL software has issues with large companies profiting off it and not contributing back. Since unless you are distributing binaries the GPL does not force you to do anything really. See mongodb and their move to even more restrictive licences.
The GPL is not the only thing that stops companies from taking open software. Not does if fully protect against that.
Not does everything need to be GPL. It makes sense for some projects and less sense for others. Especially libraries as that basically forces no company from using them for anything. Which is also not what you want from a library.
Okay then; what licence can we use to force any entity using a library to make their project open-source?
EDIT: clarification
what licence can we use to force any entity using a library to make their project open-source
GPL requires this, since linking with a library is considered a derivative work even if the library is dynamically loaded.
This is why the LGPL exists, which makes the library copyleft but does not extend the derivative work classification to programs linking with the library.
None. The closest you can get is the AGPLv3.
If you go further, it will no longer be open source. This is the case for the Server Side Public License (SSPL) for example. It requires the entire system configuration to be released under the same license*. This sounds “open source friendly” but it’s actually just a proprietary license because it’s not realistically possible to legally comply with it. You cannot run standard hardware without proprietary firmware, which means you cannot run SSPLed software on it legally.
*This only applies if you host the software as a service but the result is the same. It basically violates the freedom to use the work for any purpose.
I don’t think there is a good license for that. The ones MongoDB used turned the open source community against them. But that is not really my point. I just mean that some projects using MIT won’t suddenly mean every company will start stealing and closing that software. Some things like coreutils and sudo just don’t have the commercial value to make that worth the effort. So there is no real need to worry about these two projects IMO. Other projects are a different story altogether though. Each project needs to make its own decision on what licence best suits it. The GPL is not the one and only license that is worth using.
I would say AGPL is the “safest” license still approved by the OSI. Could you share your opinion?
GPL is the only thing standing between us and Embrace-Extend-Extinguish.
There’s a reason that “Stallman was right” is a meme in the FOSS world.
Do you think IBM wouldn’t make Red Hat completely proprietary if they had the chance? They already tried to use their customer licensing to restrict source access!
It only takes one successful proprietary product to gain mind-share and market-share and become a new de-facto standard, and then all of the original FOSS has to play catch-up and stay compatible to stay relevant.
See Jabber/XMPP for an example.
See Jabber/XMPP for an example.
There was a (short) time when I could chat with my friends on google hangouts (or whatever that was called back then) and facebook messaging via my own xmpp server. It was pretty cool and somehow felt like that’s the way things should be. Like email today (even if every big player is trying to destroy that too).
Maybe in some version of the future we’ll get that back.
You’re on the fediverse where that is a possibility.
It’s not really a same thing. I can’t reach my mother or neighbor over fediverse since they don’t know nor care what that is. But they use whatsapp, facebook and other stuff which are in their own walled gardens and there’s no option to communicate to those gardens with anything I self host.
And trying to convince everyone to switch is not a battle I’m actively fighting for multiple reasons. Of course I mention signal, fediverse and everything to anyone who’s willing to listen, but those encounters are pretty rare.
GOOD GOD, the number of people getting downvoted in this thread that know WTF they are talking about IS INSANE.
This question is a bad question by somebody who is new to this ecosystem, and clearly doesn’t understand how the community, development, or code works.
The people in here who are pointing this out are being brigaded by other commentors who have zero idea about how any of the licensing or code management works as well.
You can’t have a corporate “takeover” of something which is code-complete, and already out in the world. There is a fundamental misunderstanding over what licensing protections are designed to do as well.
Y’all need Jesus /s
Code complete is arguably a myth when talking about security. You need to update when vulnerabilities are found at minimum. Sometimes, the changing software environment changes and so the software has to start adding features again or get replaced. Rarely old features are the vulnerability, and have to be removed.
What does security have to do with open-source projects succumbing to “corporate takeover”, which isn’t even possible?
If the code is of such a restrictive license that you aren’t able to fork and re-release it with changes, then it isn’t open-source to begin with.
To your last point about removing “old features”, this is done all the time, and this is why things use semantic versioning. Nobody wants to be forced to maintain old code into perpetuity when they can just drop large portions of it, and then just release new versions with deprecated backends when needed
Sorry, I didn’t explain what I was talking about.
The problem is that in the modern software environment there’s a constant need for updating and patching, and if a proprietary fork provides those updates and a free original can’t keep up for whatever reason, the proprietary fork (that could have contributed otherwise) gains inertia until the free original dies. This is admittedly harder to pull off in a mature and well maintained free software ecosystem, but I think you’d be surprised how many important free software projects lack needed manpower. It doesn’t help that MIT practically encourages people not to publish code, compared to GPL.
People make out forking like it’s a big protection against proprietisation, and it is, but it’s not foolproof. Good forks are usually founded by community members that already understand and contribute to the code, most forks actually die quickly. The fewer contributors relative to the project’s size and complexity, the more realistic it is to either be overtaken by a more competitive proprietary fork, or for the maintainers to sell out and relicense without anybody to fork it.
Realistically, I don’t know how likely this would happen to anything decently important, but it has happened at least a few times. I remember using Paint .NET while it was still MIT licensed years back, but nobody forked it. Since we’re on Lemmy, Reddit used to use a Free software license.
I suppose it’s true that neither would have been called feature complete by its authors, proprietisation is much more likely when there is still a lot missing. But I would still caution against thinking that having all the features you need means you’re immune to it.
You’re the only user catching downvotes
Check the rest of the thread 🤣
People in here don’t work in the space, and are clearly not knowledgeable about the subject. They can downvote me all they want.
I did, twice
Also on that topic, very interesting read:
Interesting, but ultimately a roundabout justification for why the author chose a non-FOSS license for their startup Slack-clone built on ATProto.
They talk about “pro-labor licensing” but what they mean is pro- their -labor, not pro- anyone else’s -labor.
GPL is already the most pro-labor licensing since it respects the work of anyone who contributes in equal measure, and does not hold the “original” founding author in higher regard.
It’s really quite something to rail so unequivocally against the “fascistic mega-corps” and “autocratic corpostates” in your licensing justification blog post and then build your commercial product on top of Bluesky .
Why are they pushover licenses? Because they don’t force people to contribute back? Because a lot of companies aren’t doing that for GPL licensed software either.
Also not really sure how this would allow a takeover, because control of the project is not related to the license.
It’s not so much about forcing to contribute, but rather keeping companies from selling commercial forks/having checks against profiting from work that happens to be freely available.
You can profit from GPL software. The only restriction is if you distribute it you also need to distribute modifications under the GPL.
GPL also does nothing for software as a service since it is never distributed.
GPL even explicitly allows selling GPL software. This is effectively what redhat do. They just need to distribute the source to those that they sell it to.
Prograns like that are usually distributed under AGPL which protects server side software
And RHEL bit-for-bit compatible gratis alternatives exist, which is because of the GPL
The GPL doesn’t place any restrictions on selling or profiting from GPL licensed works. It only requires that anyone distributing the work provides the recipients with the same rights under the GPL, ie. the right to view, modify and redistribute the source code.
This means that a company cannot take a GPL licensed work and turn it into a proprietary product.
The GPL doesn’t force to contribute. But if you make changes to it, you need to have these changes reflect the liberties you yourself received. Megacorporations use the so-called “Explore, Expand, Exterminate” model, the GPL stops this from happening.
I’ve heard it mostly as Embrace, Extend, Extinguish
You can just wrap the software in a binary and interact with the binary and you will likely elude the GPL terms. This is kinda grey area but it would be hard to win against it in court. (I am not a lawyer)
I mean that broadly because nobody will make proprietary Coreutils or sudo as someone already pointed out.
You should look into the origins of OS X and CellOS.
Your pathetic rhetoric actively contributes to making people richer than you even richer.
Stop selling yourself out just because it’s easy.
Funny you say that because OS X shipped (and probably still ships) plenty of copyleft licensed software such as Bash. The Linux kernel is used in Android and ChromeOS.
If you want to stop corporations from profiting off your work, putting a GPL on it isn’t gonna do it. In fact no free software license will do it, because by definition they allow anyone to use and ship your software.
Tell me you don’t understand how GPL works without telling me how GPL works.
GPL has been battle tested in court and has the most precedence than any other license. Hell I’d even include proprietary licenses.
Core Android and ChromeOS are FOSS because they have to be. But because Linus Torvalds didn’t want to move Linux to GPL3, we have proprietary bootloaders with free software.
THAT’S how we have corporations profiting from GPL. Not because GPL allows anyone to use it.
GPL has been battle tested in court
Well… parts of it have been. Others have not. Notably the FSFs view on whether or not linking to a GPL-licensed library constitutes a derivative work (and triggers the GPLs virality) is not shared by all legal scholars. In the EU in particular it’s a common view that linking does not create derivative works, but this view has not been tested in court.
Some other parts like the v3 anti-tivoization hasn’t gone to court either, but those don’t have the same kind of ramifications.
THAT’S how we have corporations profiting from GPL. Not because GPL allows anyone to use it.
What distinction are you trying to draw here exactly? They can do it precisely because the GPL (v2) allows it. The GPLv3 has some extra restrictions but doesn’t do anything about closed source drivers (beyond the linking thing) or the Google Play Services type of proprietary extensions.
You don’t understand.
It’s not a problem if corporations profit off of it. It’s a problem when they extend a program without giving the public access to those changes.
Sure it’s a problem when that happens. It’s not the only problem, and honestly in the case of coreutils it’s not really the most relevant one.
Do you think it’s likely that corporations will take over UNIX-likes with proprietary coreutils extensions forked from uutils? Because that’s the one thing that is legal to do with an MIT/BSD licensed coreutils but not with GPL licensed ones.
No
