Wednesday, September 7, 2011

A short-yet-satisfying open-source license

I've been looking for a good, short, open-source license. This is intended for small projects, such as scripts, that might comprise of one or a handful of files. So I'm looking for a license that is only 2 or 3 paragraphs long that can easily be pasted into the header of the source files. (For larger projects, I would consider something like GPL or Apache License 2.0.)

I've been browsing the Open Source Initiative's list. I'm aware of license proliferation, so I'm trying to pick one that already exists. However, each license seems to have something different to recommend it.

MIT License - I like how short and yet explicit this one is. For example, it explicitly includes the ability to sublicense, so it is obviously compatible with other additional licenses. The only requirement to using the code is to keep the license text (including waiver of liability) and copyright notice (which also acts as an attribution) in place.

BSD 2-Clause License - The nice thing about the BSD license over MIT is that it's a little clearer that the license to freely redistribute also applies to binary (compiled) forms of the work. The 3-Clause version includes an extra clause that prevents any modifying authors from using the names of the original author or contributors in marketing the derived version.

This is a good reminder that, while I want to release my code and have it forever known that I am the originator, I also don't want that reputation tarnished by poor-quality modifications done later by others. In short, I'd like to require that any modifications to the software be clearly marked in some way, which neither MIT or BSD 2-Clause really deal with.

zlib - I think zlib does a good job of dealing with this "don't misrepresent me or my work" issue. However, I don't find the rest of the license as clean and precise as MIT on the main points of what you're allowed to do with the code and that the author(s) are not providing any sort of warranty.

Another issue that none of these licenses really handle is specifying how to clearly mark that the software has been modified. This is something I think Wizard of the Coast's d20 Open Gaming License handled very well: It required later contributors to add their own copyright statement the end of the license, beneath the intact notices from previous contributors. What I like about this is that 1) it's a simple mechanism--just add a line of text, 2) contributors generally want to add their name to a work anyway in order to receive recognition too, and 3) it's clear who the last contributor was, which protects the reputation of earlier contributors from "poor" later modifications.

So, while I was trying to avoid license proliferation, I couldn't find a single short license that was satisfying. I like the MIT License the best, except for a missing "clearly mark that this work has been changed so that you don't misrepresent my work" clause. So I borrowed that from zlib. I also added an explicit requirement that a later contributing author append a copyright notice. Here is my finished "MIT License with Modification Clause":

Copyright (c) <year> <copyright holders>

Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"),
to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense,
and/or sell copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following conditions:

1) The above copyright notice(s) and this permission notice shall be
included in all copies or substantial portions of the Software.

2) Modified versions of the Software must be plainly marked as such, and
must not be misrepresented as being the original software.  If you modify
this Software, append your own copyright notice to the list above.

3) THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, express
or implied, including but not limited to the warranties of
merchantability, fitness for a particular purpose and noninfringement. In
no event shall the authors or copyright holders be liable for any claim,
damages or other liability, whether in an action of contract, tort or
otherwise, arising from, out of or in connection with the Software or the
use or other dealings in the software.

This is still not a perfect license, though. Unlike BSD, it's a little vague as to whether the license should also be included with binary forms of the software. (I think "all copies or substantial portions" should be read to cover binary versions, though this is not explicit. For the most part, I plan to use this license with libraries or scripts, where the distributed form is the source code itself, so this won't be much of an issue for me.)

Also, dealing with contributions (such as from a large project submitting changes through CVS or the like) is probably a little onerous. I considered requiring only those that publish or distribute a modified version to add a copyright notice. (Thus, modifying a private copy without notice would be fine.) However, it would be easy for someone to then unknowingly publish a version that had been previously modified by someone else. So each modifier should update the copyright notice list. It would also be fine if contributors are waiving or granting their copyright to a project (through some separate agreement between project and contributors) and then only the project or licensor is listed as the modifications copyright holder in the license. For example, consider Section 5 of the Apache License 2.0.

Note that, like all the source licenses, this license is not copyleft: modifiers are not required to release their source code.

As stated above, I got the text of these original licenses from OSI. In practice, everyone freely copies the text of these licenses without attribution. However, I'm not entirely certain I have the right to modify this text--except through the Creative Commons Attribution license at the bottom of all of OSI's pages. So, while I waive copyright to my own contributions to the above license text (meaning you may freely copy or modify it without my permission), you may still need to be attributing the text of the original license to OSI.

Copyright issues aside, there's another problem with modifying the MIT license: The license above is no longer an approved OSI license. That means it cannot legally be called "Open Source" because OSI holds a trademark to that term. The term can only legally be applied to software licensed under approved licenses.

So I'm still thinking about whether to actually use this new license or not. An uglier approach (but one that makes OSI happy) is to license software under both MIT and zlib together. Or possibly to only "politely request" that clause 2 be followed without making it an official part of my license.

While I think about it, any comments or suggestions are welcome...

2 comments:

  1. Thanks Zach, really insightful and helpful points. I hadn't thought about modification clauses before. Once something is open sourced and let out, there is a loss of control (hence the licences).

    ReplyDelete
  2. I've run into this as a user too. For example, when using Creative Commons licensed material from Wikimedia Commons, I've wondered how best to attribute the work so as to be in compliance with the license. So I've appreciated specific license instructions as a user too.

    ReplyDelete