1. 25
  1.  

  2. 36

    I disagree with the second takeaway:

    Takeaway: If you can choose a more permissive license for your project than GPL or LGPL, please do.

    The GPL is a political and ethical choice. If you agree with the principles of free (libre) software, then please do choose the GPL.

    I understand that it is annoying to find a project or library that solves your problem beautifully and not being able to use it in a commercial context (It has happened to me). Well, that’s life. At least you have the source as inspiration and to learn.

    1. 13

      There is the question of how common it is for someone to choose the GPL or LGPL without understanding that it is a political choice (and I do agree with you that it is). choosealicense.com, the site recommended by GitHub for the selection of an open source license when you create a new repository, describes the GPL as “…the most widely used free software license…” and I could definitely see people unfamiliar with it (students and those people new to open source) choosing it based on that line alone.

      1. [Comment removed by author]

        1. 4

          If your philosophy says to use GPL/LGPL then there it is, choose those. Otherwise, consider using a license that allows more people to use it.

          But even this framing makes GPL/LGPL the minority position, and MIT the majority position. I could also say

          If your philosophy says others can take your work and not give back, choose MIT. Otherwise, consider using a license that keeps your open code open.

          Things are hard. :)

        2. 7

          Exactly. If I decide to license a library under GPL or LGPL, it’s because I want compensation for my work. I will accept compensation in the form of code, and I’ll accept it in the form of money – I’ll happily cut you a release with a commercial license.

          But either way you chose to pay for the GPL code, “Fuck you, pay me”.

          1. 9

            This is my perspective as well: gratis non-GPL code (MIT, BSD, Apache, etc) is exploitative of the developer: it allows taking without contributing back. It is - in my frank opinion - a scourge on hackers that they have NOT gotten compensated for their work, or recognized. A great example is the guy running the core NTP infrastructure. He should have a solid sinecure somewhere where he is paid a hefty salary with benefits to keep the system running.

            If you want to give out your code, you deserve to be recognized and compensated. Your labor has value! If it’s a valuable contribution, it should continue on past your control and the control of the corporate users. This to me means AGPL3 is the most ethical licence when taking the historical view. From a “PAY UP” view, the commercial license is the correct one; MIT et al lets you NOT get recognition or compensation in any form except for corporate charity, which is sketchy at best. I feel super strongly about this.

          2. 5

            I was going to post this as well. Of course, many people end up choosing the GPL by default; the real takeaway for me is not necessarily “avoid the GPL”, but rather, “think about how you want your contributions to be built upon”. If you decide that the GPL is best aligned with your beliefs, than please choose it.

            1. 3

              If you agree with the principles of free (libre) software, then please do choose the GPL.

              Copyleft does not have a monopoly on the principles of free software. I absolutely agree with said principles, but also explicitly avoid the GPL because of its viral tendencies and its reliance on intellectual property laws to work. If a library is GPL’d, I won’t even use it open source projects, because it (in practice) means that my project has to become GPL’d.

              1. 3

                It can be also a commercial choice if you dual license your code, the viral effect of GPL means no commercial work can be built over it, so it can be a tool to undermine your competition (by offering a “free” product ) and increase your market share (if you provide an easy transition from your GPL'ed code to the commercial one)

                1. 6

                  the viral effect of GPL means no commercial work can be built over it,

                  Commercial work like github built on git or EducateWorkforce built on top of AGPLed edX?

                  There’s more than one way to make money than to hide the source code and restrict your users.

                  1. 5

                    Straight from the horse’s mouth: http://www.gnu.org/philosophy/selling.en.html

                    1. 1

                      But those are services not products, my point is your competition cannot take your GLPed code, maybe extend it, and sell it as it was it own, thus they cannot (legally) steal your work. Plus, making available a free alternative of the product undermines their market.

                      There’s more than one way to make money than to hide the source code and restrict your users

                      I was never arguing in favor of that… in fact, I’m arguing about the opposite: dual license your product under GPL can be a good way to make money…

                  2. 4

                    I, on the other hand, use and have used tons of GPL'ed software commercially and I bet you have too. Which company nowadays would avoid using git just because it’s GPL'ed?

                    There’s no need to be so afraid of the GPL, even for the most evil of plutocrats.

                    1. 10

                      Using GPL software and integrating with GPL libraries are two very different things.

                      1. 9

                        Of course, but the original blog post was “why I’m not using your open source software”. It sounded like they refused to even touch it if it was GPLed.

                        My point is that some people have have more misgivings about the GPL than necessary.

                        Oh, and this is not purely academic. I know for example Apple has or had a policy to not touch anything GPL'ed. A friend of mine once got excited about Octave and installed it on her Apple-owned laptop. She got chewed out by her boss for installing GPLed software. As part of her admonition, she was told that if she needed a Matlab license she should request it, but never install anything GPLed.

                    2. 2

                      There are libraries licensed under the GPLv3 and I cannot use those libraries with my MIT/BSD/ISC-licensed projects because if anybody deployed the binaries he would essentially break the GPLv3-conditions. I wouldn’t mind if the GPL was protecting free software from commercial exploitation, but the GPL does too much for my tastes. It tries to control what can’t and shouldn’t be controlled. In the end, companies don’t care anyway.

                    3. 12

                      I suppose I’m in the minority, but I don’t care.

                      I create projects because I need them, or because they interest me. I release them as open source on the remote possibility they’re interesting or useful to other people. If it’s not useful to you because I’m not jumping through the particular hoops you’ve setup, I don’t care. I’m not going to lose any sleep over it, and I’m definitely not going to do extra work for free on your behalf. You’re not entitled to use my work; use something else.

                      By all means, if there’s a bug, or a feature you need, open an issue on GitHub, and I’ll probably fix it when I have the time, but you’re not entitled to that, either.

                      1. 1

                        It would be great if there were some consistent way to communicate the purpose of the release. It’s obviously totally fine to release software solely so that if other people find it useful, they use it, or that they can learn from it. But it’s pretty different to release software that other people can rely upon.

                        For my own projects (and especially for work), I try to never depend on a library released by someone with your attitude. Which isn’t to say that your attitude is bad, it’s just that if I’m going to take on the extra effort of understanding someone else’s code, dealing with the slight differences of how they solved things rather than how my problem needs it solved, I only want to do that if I have a commitment to maintenance. That if dependencies change, the library will be updated, and breaking changes will come with documentation / changelogs, version number indications of stability, etc. If that’s not the case, using the library is going to most likely cause more work / headache than it saves, and so it doesn’t make sense.

                        When I was less experienced, I definitely had a different attitude, as there were a lot of things that I had no idea how to solve (so finding libraries, no matter the state, was the way to solve them). But at this point, most libraries that I want I could (with enough time) probably write myself, so it becomes a matter of what is going to take the least time / cause the least trouble in the long run. And unmaintained stuff just isn’t worth it.

                        I wonder if a “for the purpose of education” type of disclaimer would be useful. And the other side would be “intended to be infrastructure”. Or some other phrases with similar meaning… There are certainly projects I’ve released that fall under both categories, and it would be neat to make that more explicit (rather than forcing people to try to figure out intend from various signals).

                        1. 4

                          It seems like what you’re really saying is that you’re looking for free labor more than free code.

                          For me personally, you can tell my stuff is released for fun because it’s open sourced. If I wanted to make a “commitment to maintenance” and what not, I would charge money for it.

                      2. 11

                        The article’s takeaways, especially with the GPL item, seem to boil down to “Because you didn’t give me enough high-quality code to reuse without any obligation”. Which, sure, I understand why you want that and I won’t tell you that you shouldn’t want that, but the part where devs have any reason to give it to you is missing.

                        For example, wouldn’t it be nice if Chipotle gave out free burritos?

                        Why I’m not serving your free lunch to my paying customers

                        When you think of lunch, you might think of a few specific restaurants depending on your taste. If like burritos, the term “free lucnh' might conjure up visions of holiday promotions or grand openings; if you’re into spiciness, then perhaps their salsa comes to mind; if you care a lot about saltiness, you might think of their chips; if you’re into crunchiness, then maybe their taco shells pop into your head. In all cases you’re htinking about those lunches that are delivious and, to some degree, have achieved a level of ubiquity in their respective arenas. It’s with this success in mind that a lot of people consider offering free lunches, sharing their food with the hopes of reaching a similar level of success and ubiquity.

                        There’s a peculiar mix of altruism and egotism that goes into giving people free lunches. On the one hand, you might be solving a problem that others are struggling with, and sharing your burritos will save them a lot of money. On the other, the near-fantastic rock star status of those who have given away lots of burritos drives people to overshare in the hopes of also achieving such status. This has resulted in a glut of free lunches being released into the wild and their creators venturing out on marketing campaigns to attract businesses that want to repackage that food for sale.

                        You need to be aware of this trend and the reality of free lunches today: most free lunches are crap, and you need to be careful which ones you use.

                        Note: For the purpose of tihs post, the term “use” refers to giving the free lunch to your own paying customers.

                        [just doing the takeaways…]

                        Takeaway: When you give away your burrito, make sure you have a sign saying “Free Food”.

                        Takeaway: If your sign can be really explicit that the food doesn’t with any non-monetary obligations either, please do.

                        Takeaway: If you’re unsure that you want to give away free food for more than a year, think twice before encouraging people to adopt it. Don’t lead them down a dead end. Build up a pattern of giving people burritos and let that speak for itself.

                        Takeaway: Make sure you keep up to code and pass city health inspections.

                        Takeaway: You should always be your lunch’s first diner. Make sure you can stand the taste of your own food first, then ask friends to try it out.

                        In closing

                        I think free burritos are wonderful for many reasons, but not all free lunches are created the same. “Free” isn’t the same as “good,” and burritos that don’t measure up (based on the criteria) in this article should be handled with care. As I said in the introduction, the majority of free lunches are crap, so picking out the good ones is a tough job. When you succeed, you’re able to get a delicious meal and be satitated; when you fail, you can get food poisoning.

                        This isn’t to dissuade anyone from giving away free lunches - please continue to do so. Just realize that there is a significant bar for delicious burritos that are reliable enough to resell commercially. If you want your free food to succeed, you should be aiming for that bar. If you’re just sharing so someone tries it, be sure to say so on your menu. There’s plenty of room in the restaurant industry for both categories of projects, we just really need people to be better about pointing out which is which.

                        1. 4

                          I don’t agree with this, as you seem to be exploiting burrito makers for your own profit.

                          Takeaway: When you give away your burrito, make sure you have a sign saying “Free Food”.

                          Why should I have to put a “Free Food” sign on my burrito? I often make burritos for my own use and put the leftovers on the front porch for passersby and don’t have time to add a sign.

                          Also, I hear that burrito-hub adds a sign to the whole facility saying that you can inspect the contents of any burrito on the premises, and also that you can use it as inspiration for your own burritos. I see no reason to add your own sign since that one seems to cover all the bases.

                          Takeaway: If your sign can be really explicit that the food doesn’t with any non-monetary obligations either, please do.

                          This exploits indie burrito makers. I really advocate dual-signage instead, offering a non-monetary sign for paying users, and giving them away free with the GNU Public Burrito sign for non-paying users. If you are not going to pay for the burrito, you should expect to have an obligation to share the recipe with your paying customers.

                          Takeaway: If you’re unsure that you want to give away free food for more than a year, think twice before encouraging people to adopt it. Don’t lead them down a dead end. Build up a pattern of giving people burritos and let that speak for itself.

                          This touches on my first point. If I am making burritos for my own use, you can’t expect me to continue to give you free burritos, as I am under no obligation to give you free burritos. You should just be happy I am giving you free burritos at all.

                          Takeaway: Make sure you keep up to code and pass city health inspections.

                          Look, it’s sitting on my front porch. If you don’t like the quality of my burritos, make your own. That said, if you find my burritos at burrito-hub, feel free to leave a note explaining what part of the burrito seems unsanitary to you and I’ll probably fix it if I have time.

                          Takeaway: You should always be your lunch’s first diner. Make sure you can stand the taste of your own food first, then ask friends to try it out.

                          I do eat my food first to make sure it tastes good. However, please realize that since I have no allergies, I probably won’t be making allergy free burritos. If you have food allergies, it is your responsibility to examine the burrito for allergens, not mine.

                          EDIT:

                          Something I just thought of, @pushcx: what are your thoughts on a certification for burrito engineers modeled after the certificates other types of engineers have to get? Also what do you think of this new fad of calling burrito makers burrito engineers, which seems to have originated in Refried-Beans Valley startup culture?

                          1. 2

                            “Burrito engineer” is exactly the kind of doublespeak that large food-service companies actually do give their employees as job titles. :(

                            I have nothing useful to add to the above except to note that you two seem to be agreeing with each other, and that it’s hilarious.

                            1. 4

                              We don’t agree at all. I’m talking about how it’s vital, not optional, to give away free lunches according to my strict set of criteria. I don’t know how flyingfisch thinks he’s going to get a job in the food industry unless he gives away lots of burritos.

                              1. 3

                                Will you hire me to make burritos? The best way to survive in the food industry is to get hired by a larger food company, not to give away free burritos 24/7 to aforementioned larger food company.

                                For this reason, I always put a GNU Public Burrito sign on burritos I put a large amount of effort into, since I don’t want others to profit on my hard work. As I have said before, if you want one of these excellent burritos, you can just pay me in [insert latest cryptocurrency] and I will gladly give you the burrito with a less restrictive sign.

                                On the other hand, my one-off burritos are licensed with very few restrictions, but keep in mind that these burritos sometimes explode, cause food poisoning, are made of non-edible ingredients, or are not tested for use in a high-demand enterprise burrito making environment. I also do not go out of my way to ensure they are compatible with the latest burrito-making frameworks, if you want this you can leave me a note or pay me. Or you can contribute back and fix the burrito yourself, while making sure you acknowledge me as the original maker of the burrito.

                                I only do this in the best interests of consumers, who want free-as-in-freedom burritos as opposed to free-as-in-beer burritos.

                                It’s really quite simple.

                        2. 11

                          The fact that works not explicitly licensed for public use are automatically copyrighted in the US is something that could probably be better explained when creating a new repository on GitHub and the like. I know that GitHub encourages you to choose a license when you create a repository, but it would be useful even after creation for the owners of repos without a license to receive some notice indicating that their work is not open source (as they very probably believe it is).

                          Back on the article itself, it is definitely true that there are inherent risks in using an unsupported or poorly maintained open source library. Not everything (95% or more of what’s available, I imagine) is intended for direct use by others. An open source project may be a proof of concept, or a keeping of personal programming history. It may be made available as an example or inspiration to others, or as the accompaniment to a blog post or book or tweet. There are a great number of things published on sites like GitHub that are never intended for use as a component in a production system. There are no particular standards to hold things like this to.

                          1. 2

                            GitHub’s ToS actually say that if your code is in a public repo that other users have the right to fork and build upon it.

                            1. 5

                              Looking at the document, I don’t imagine that to be nearly the same as the rights afforded to users of a repo with an explicit license. GitHub’s TOS enumerates the right to view and fork, but not to modify the source in any way, nor to redistribute or make use of the works provided. I am not a lawyer, but I would be very interested to have some sort of analysis of the GitHub TOS' effect on the rights afforded to users of a GitHub repo without an explicit license, and how the wording squares with US intellectual property law.

                          2. 5

                            I also will not accept just an email from the author granting me a license.

                            Why not?

                            1. 2

                              If the goal of a license is not to (successfully) get sued, an email is pretty deniable compared to a LICENSE file on a publicly-visible repository. I don’t know how the author would feel about an email signed by a well-trusted key, though.

                            2. 10

                              Once again, the “keep pushing commits or I won’t use it” crap shows up.

                              There’s a word for something that grows uncontrollably: cancer.

                              1. 5

                                Comparing this to cancer is really silly, because living organisms replace their cells continuously, so there is constant activity.

                                But, more relevantly, the author mentions other metrics - response to issues / pull requests being probably the most useful of them.

                                If a project has a bunch of open issues, or even worse, a bunch of open pull requests, and no activity on them, that’s a massive red flag that it is unmaintained. If there are no issues and the code hasn’t been touched in a while, then further research has to be done on whether the code is maintained. Maintenance matters.

                                Since most projects depend on other projects, and APIs do change (and even standard libraries of programming languages change), it’s pretty common to have minor changes that need to happen over time if you want the code to keep working with the current ecosystem. So if there are no changes in a long time, there is pretty good cause concerned. Obviously some languages are worse at this than others (C is probably the most stable of languages I interact with with any frequency).

                                But there not being substantive changes in a while is a total non-issue. If the only changes in the last few years were minor fixes based on changed dependencies, that’s totally okay. Or minor improvements based on pull requests, also totally fine.

                                1. 1

                                  Yup, I was being inflammatory.

                                  But software should be able to be declared ‘done’ without maintainers made to feel bad because they’re not refreshing Hacker News and adding support for Angular React Super Components or whatever everyone’s high on at the moment.

                                  Author of said piece is awfully particular about free code that is likely generating value for their project.

                              2. 3

                                Dual licensing. Even if a project is GPL/LGPL you can always ask if you can license it under a different license. That is what my company is doing at the moment, an LGPL was the best in its field but after an enquiry we can now license it for a few per sale and statically link/not provide source etc. It benefits the project to some extent too as they get direct funding. Just ask, the worst that can happen is they say no.