
Open Source License Business Perception Report - adamnemecek
https://writing.kemitchell.com/2017/03/29/OSS-Business-Perception-Report.html#
======
irfansharif
Kyle Mitchell's blog is an excellent source for the intersection between
copyright law and software. Some of his recent interesting posts were on the
MIT License[1], his takes on 'open source'[2] and on the ubiquitous LICENSE
file[3].

[1]: [https://writing.kemitchell.com/2016/09/21/MIT-License-
Line-b...](https://writing.kemitchell.com/2016/09/21/MIT-License-Line-by-
Line.html)

[2]: [https://writing.kemitchell.com/2016/05/13/What-Open-
Source-M...](https://writing.kemitchell.com/2016/05/13/What-Open-Source-
Means.html)

[3]: [https://writing.kemitchell.com/2016/05/13/License-from-
Who.h...](https://writing.kemitchell.com/2016/05/13/License-from-Who.html)

~~~
kemitchell
Very kind!

If and when you find typos or misfires, please feel free to send me patches
via GitHub. I'm always happy to give credit where it's due.

~~~
contras1970
would be awesome to see a direct response to
[https://news.ycombinator.com/item?id=13997215](https://news.ycombinator.com/item?id=13997215)

------
thomasahle
So I get that they equal Strictness with Pain. That's just the perspective of
somebody who want to include free software in their nonfree software.

However I don't get why every copyleft licence get a minimum of two ?'s. They
write that it is a measure of popularity and quality, but for example

    
    
        "EPL-1.0  Best copyleft license. Clear patent license. Professionally drafted."
        "GPL-2.0  Most popular “community” copyleft license. Can hire compliance pros."
    

Those have quality and popularity, but they still get a double ?? in
Confusion?

~~~
4c2383f5c88e911
Yes, that article doesn't read much like "Lawyer's perception of open source
licenses" and more like "Licenses liked by companies”. Companies don't like
copyleft or responsibility, and want a clear patent clause, that's it.

The pain rating is "how difficult is compliance" and the confusion rating is
"do I trivially understand the concepts" (and apparently copyleft is hard). It
was a bit of a disappointing read as I was expecting some more analysis than
one-line descriptions.

edit: that was probably a bit unfair of me, since the author has dissected
several free software licenses on their blog in separate articles, which I
recommend reading

~~~
andybak
Why just companies? Surely the pain and confusion applies to anyone wanting to
incorporate open source code into something else that may or may not carry the
same licence. The patent granting is rather critical even to other open source
projects.

~~~
4c2383f5c88e911
Software patents are a US thing, and it's a good thing many don't care about
them.

I should have said for-profit software instead of companies, really; the legal
entity is quite irrelevant in this case. I said companies because they are
entities that: 1) stand to be sued in case of license violations (you
typically don't sue a hobbyist project) 2) have the perceived need to maximize
profits, and as a consequence want to veer off from anything that might
require releasing source code, which might offset a competitive advantage.
Thus a hobbyist project being a licensing clusterfuck is a less critical
issue, although it is of course an important one (and certainly, depending on
the project’s popularity, there may be a vocal portion of people wanting to
clarify the situation).

The pain and confusion ratings also do not go into the details which are
useful for OSS projects, such as how do licenses interact with each other, how
is attribution and re-licensing managed, etc. Not to mention the ratings do
not differentiate between pain/confusion for the developer, and pain/confusion
for other future developers (e.g. in case of a lib).

(I admit that I tend to forget that there is also hobbyist closed-source
software, for reasons I never understand)

~~~
TD-Linux
Software patents also exist in most of the EU and Asia as well, unfortunately.
Check out one of the MPEG-LA license portfolios and look at the countries
represented if you want your day ruined.

------
rwallace
So while I previously had regarded the MIT license as the one to generally use
for any project where one has decided not to go the copyleft route, this guy
seems to be saying it's fine but Apache 2.0, being a little clearer about some
edge cases, is the best of all permissive licenses and the one that should
ideally be used.

The FSF [https://www.gnu.org/licenses/license-
recommendations.html](https://www.gnu.org/licenses/license-
recommendations.html) seems to agree with that.

Can we take that conclusion away and go with it henceforth? Are there any
downsides to it at all?

~~~
kibwen
The downside is that it's not compatible with projects that are strictly GPL
2.0. Rust is dual-licensed under both Apache 2 and MIT for this reason.

~~~
teamhappy
Also FreeBSD and OpenBSD aren't too fond of merging Apache 2.0 licensed code.

------
tannhaeuser
I'd like an assessment of the EUPL [1]. IANAL, but supposedly it's an AGPL-
like copyleft license adapted to EU (Code Civil-derived) law eg.

\- with American and Common Law concepts and terms such as "copyright"
translated to concepts meaningful in the EU

\- covering "moral rights" (like German UrhG law which has certain rights that
you can't transfer at all, such as claiming to be the author of something)

\- avoiding overly broad (and hence void) non-liability provisions

\- with provision to determine the venue/court to bring cases to.

The EUPL has provisions to integrate EUPL-licensed works into other works and
for relicensing under more liberal/non-copyleft licenses, but the cavalier
attitude when it comes to copyleft makes it unclear to me whether the EUPL
actually is a strong copyleft license (cf what the FSF says about it [2]).

[1]:
[https://joinup.ec.europa.eu/community/eupl/og_page/eupl](https://joinup.ec.europa.eu/community/eupl/og_page/eupl)

[2]: [https://joinup.ec.europa.eu/community/eupl/news/new-fsf-
stat...](https://joinup.ec.europa.eu/community/eupl/news/new-fsf-statements-
eupl-are-step-right-direction)

~~~
dom0
The EUPL also has legally binding translations (since they are legally
equivalent, is "translation" the technically correct term?) into a lot of
languages and a comprehensive compatibility chart.

~~~
microcolonel
It would be interesting to draft a wide array of ISC-equivalent licenses in
different languages+jurisdictions. If you could make sure licensees reference
the right license text for their jurisdiction, then you could even remove some
of the duplicate language like the warranty distinction between _DIRECT_ and
_CONSEQUENTIAL_ , which are apparently interchangeable in some jurisdictions.

------
adrianN
I'd go with the recommendation from the FSF

[https://www.gnu.org/licenses/license-
recommendations.html](https://www.gnu.org/licenses/license-
recommendations.html)

While Kyle Mitchell seems to discourage the use of the AGPL, the description
on the FSF site seems to be pretty much what I as a developer who cares about
free software would want for server software.

~~~
Dayshine
Except AGPL has very few resources and is incredibly unclear on what it
actually covers. Mainly because of the huge conflict of interest that the few
adopters have with their commercial dual-license.

E.g.

\- I have a database.

\- I have a closed-source website that uses this database

\- I have an APGL service that uses this database

Do I have to opensource the website? APGL companies say yes.

~~~
vishbar
I thought the AGPL only applied to modifications of the AGPL'd software? E.g.
you'd have to open source any modifications of the AGPL service you make.

~~~
Dayshine
Yes, but to "modify" under the definition of GPL (which AGPL extends) includes
linking.

Which is why the weaker LGPL excludes linking, AGPL is stronger, so definitely
includes linking.

~~~
haddr
How does the concept of linking translates to a deployed database that is
interfaced using some SQL endpoint or REST service?

------
SwellJoe
It's interesting that his perception of the GPL v3.0 and LGPL v3.0 is that it
has higher "confusion" than the v2.0 versions (and the highest confusion
rating of any of the licenses, only matched by WTFPL, which even I, a laymen,
lack confidence in).

I get that the 2.0 versions have been in use a lot longer, and have had some
tests in court. But, my understanding was that part of v3.0's purpose was to
clarify the license and remove uncertainty about its meaning. They certainly
had a lot more resources and experience when constructing the v3.0 versions.
It's been many years since I read them side-by-side, but I recall liking the
language in 3.0 more than in 2.0.

~~~
Matthias247
The v3 versions also have the additions that require to provide the end user
with the means to update/exchange the [L]GPLed software binaries with custom
ones. Which is mostly interpreted as "I have to provide my customer not only
my application sources (in case of GPL), but also a way to deploy custom
binaries of with arbitrary code and behavior". This causes gigantic headaches
for most embedded device manufactureres, and the outcome is ususally the the
[L]GPLv3 licenses are strictly avoided.

~~~
swiley
Is that really such a headache? Usually all of that is already there but the
manufacturer is doing signature checking.

~~~
Matthias247
Technically it's of course doable without too much headaches. But it causes
some other headaches: One is IP protection: If you provide the enduser with a
way to upload arbitrary code which might often get run with root rights
(because that's what the application requires) then you essentially provide
the user a backdoor that gives access to the whole system. Which then can be
used extract everything including proprietary code and also exchange other
components and not only the GPL ones. It also causes headaches regarding
device qualification and associated warranties: In many industries
(automotive, medical, etc.) devices have to go through a very rigorous
qualification and test process, which ensures that exactly the 1 software
snapshot on the device is OK. The manufacturer then takes liability for that
and gives warranties. If the customer can exchange some parts of it then the
device basically counts as untested, and nobody can and will guarantee
anything. Device manufacturers will be scared, that they could get sued for
device malfunctions that are caused by arbitrary code injection. It might of
course be a solution that the user-code upload process triggers some anti-
tamper switch which auto-revokes the warranty/liability. But I think as a car
manufacturer you don't want to give the user a way to drive around with
untested code, which might cause really really big headaches if an accident
happens with it. Lawyers will discuss endlessly if the tempered software could
have been the root cause or not, and even if it is the manufacturer might get
bad press why he allows endusers to decrease safety levels.

~~~
swiley
I understand what you're saying but it's not like the user couldn't physically
change the device and create similar dangers. This is why uploading custom
firmware on most devices voids the warranty, but I don't think you can make it
impossible for someone to "break" their device if they really want to.

------
kibwen
This is the first I've heard of the EPL. I'd love to hear someone elaborate on
why it's listed as the "best copyleft license", specifically with regard to
the GPL.

~~~
swhipple
The EPL is roughly in the middle of MPL and LGPL in terms of copyleft scope.
MPL requires per-'file' source sharing. EPL requires per-'module' source
sharing. LGPL requires per-'module' source sharing and separating the module
to permit the user to use/replace it without additional restrictions.

The one downside that EPL has is that, unlike MPL (without "Incompatible With
Secondary Licenses" notice) or LGPL, it is incompatible with the GPL-family of
licenses. It specifies different conditions for providing the source code and
has a governing law clause (New York).

It is popular in the Java ecosystem (Eclipse, Clojure, etc).

------
nugget
A note to founders out there working with a heavily open source influenced
stack: take a few hours to read through and really understand the history of
these licenses and how they work. It's likely to come up in fundraising and
m&a due diligence and can cause panic from others (even lawyers) involved in
the process who don't understand the fine points and assume that your
proprietary code is laden with all sorts of burdensome obligations inherited
from open source components.

------
ISL
This sibling post on the author's blog gives valuable perspective for his
background: [https://writing.kemitchell.com/2016/05/13/What-Open-
Source-M...](https://writing.kemitchell.com/2016/05/13/What-Open-Source-
Means.html)

------
tscs37
As the author also noted, the MPL is a rather rare license, tho I always ask
myself why.

I use the MPL for most of my projects that aren't under MIT simply based on
the fact that it feels like the GPL but without infecting any larger projects
that want to use my code.

Or am I overlooking something as a IANAL?

~~~
rectang
The MPL is an excellent, well-drafted license for precisely the use case you
describe. It is not so rare that it poses a problem.

------
bluejekyll
There are a bunch of projects dual licensing, such as "MIT or Apache 2.0"; I'd
love feedback on the legal aspects of this.

That is, does a downstream user have option to choose either license ever, or
would best practice be to announce which license you default to on usage?

~~~
eridius
A downstream user gets to choose which license applies. That's the whole
point. If I publish something that's dual-licensed, I'm giving you two
licenses and you can pick whichever one you prefer for your usage.

~~~
kibwen
And the magic pixie dust of dual-licensing appears to be that you don't need
to immediately select one license or the other: you can simply assume a
superposition of both licenses until such time as someone decides to sue you
for license-related reasons (which is to say, you remain in this superposition
for basically eternity), at which point you could just point to one and say,
"aha, look, we've been using this one all along". It's the sort of thing that
feels like it shouldn't fly, but yet I don't think it's ever been challenged
and at least Mozilla (which _tri_ -licenses Firefox) appears to be fine with
it.

~~~
phkahler
None of those licenses put restrictions on use of the software, only
redistribution. So if someone makes Firefox derivative and distributes it they
will have to either collapse the license wave function by choosing one, or
they can offer their users the same multiple-license. At least that's the way
I think it works. They can't redistribute without stating their terms to the
recipients.

------
shakna
If I'm reading this right, and I'd need more information on the references
used to make the judgments, then a MIT License with a definitive statement on
patents (positive or negative) would be a fantastic copyleft license that is:

* Easy for nonlegally minded people to read

* Legally obvious with little room for interpretation

* Easy to be incorporated into larger projects

~~~
bluejekyll
MIT is not copyleft. It's one of the most permissive licenses out there.

------
pettou
Could someone knowledgable please comment on ISC License [1]? Why would one
use it over MIT/BSD?

[1] [https://spdx.org/licenses/ISC](https://spdx.org/licenses/ISC)

~~~
floatboth
The OpenBSD project prefers ISC. You'd use it if you like OpenBSD :)

------
gpvos
To me, the Apache 2.0 License seems to have too much verbiage. I'd much rather
see a license similar to MIT/BSD/ISC but with a patent grant. Could someone
write that up in a way that lawyers like it?

~~~
falcolas
Think of legalise as a low level language for defining law. It has to cover
not only the common cases, but also the corner cases, account for differences
in running environments (i.e. courts), cover bugs found in previous versions,
and so forth.

Even simple programs, made robust enough to run anywhere, get pretty damned
big.

That makes the Apache 2.0 license a simpler choice than a MIT style license
(from the point of view of a lawyer), as it's incredibly explicit and battle
tested.

------
yellowapple
Interesting that - of three licenses with only one question mark - the
Artistic License 2.0 is one of them.

I disagree that it's "niched" to Perl, though; it's much less so than its
predecessor at the very least.

------
Nokinside
Licensors perspective (I know, many licensees will disagree with the first
part)

1\. If you want to dual license, use either AGPL or GPL (possibly even EUPL)
Choice depends on what's your intent is. Choose carefully (EUPL has licensor
warrant requirement). AGPL can be perfect for small companies who want to use
licensing to generate revenue. Remember to be clear that dual licensing is an
option. You can always switch to more permissible license later when you own
all the code.

2\. Use Apache-2.0, or MIT if you want the code just to be open source.

I would like to hear disagreeing legal arguments.

~~~
phkahler
I agree with your intent. I've always advocated for the following:

1)GPL or LGPL for things you want to stay free.

2)BSD or MIT for everything else. This is important for things like firmware,
where offering source code can be rather silly. Also, some people don't have
an issue with companies incorporating their code into closed products and
these offer an easy way to allow that.

I always felt the OSI did a huge disservice by encouraging companies to create
their own licenses. There really aren't that many things people want from a
source code license, so a few that broadly cover those cases is important. All
the others just create license-compatibility issues that limit the usefulness
of the code.

------
peschmitz
@tannhaeuser requesting an assessment of the EUPL (strong or weak copyleft).
Recital (10) of Directive 2009/24/EC on the legal protection of computer
programs reminds that the function of a computer program is to communicate and
work together with other components of a computer system (a logical and, where
appropriate, physical interconnection, done by interfaces). This is known as
“interoperability”. Recital (15) of the same directive states that the
reproduction of the source code that is indispensable to achieve
interoperability does not require the authorisation of the right holder,
provide it is done by a person having the right to use that code and provide
this use does not conflicts with a normal exploitation of that source code.
Therefore, it seems that the directive implements an exception to the author’s
exclusive rights. The objective of this exception is to make it possible to
connect all components of a computer system, including those of different
authors or manufacturers, so that they can work together. Notwithstanding the
“strong” copyleft provision of the licence covering one or more of these
components, it seems therefore that the legitimate recipient can always link
two programs or link (logically or statically) any received code with its own
code without being restricted by the copyleft provisions. The recitals of the
directive are not transposed as such in the various national laws, but it
makes little doubt that the Court of Justice of the EU will find there a
motivation for rejecting any claim that “linking makes derivative” or that
“linking extends the coverage of a copyleft licence”. This does not invalidate
the concept of copyleft, that remains valid on the covered code, but it
invalidates the so-called “viral” pretention of some copyleft licensors to
extend the coverage of their licence to any linked program. In other words,
the famous distinction between “strong” and “weak” copyleft has little reality
according to the EU legal framework.

------
SadWebDeveloper
I really dont see whats the confusion on WTFPL, the license states you "CAN DO
WHAT THE FUCK YOU WANT TO PUBLIC LICENSE", this is code/work i don't want to
be entitled nor endorsed nor looking for "royalties". Most corporate people
will probably relicense under their own terms the code/work and I (as a
developer/creator) couldn't care about it... so whats the "pain" and
"confusion" on this lawyer?

~~~
swanson
> "Most corporate people will probably relicense"

Okay, is there evidence of this? who else has done it? is there existing legal
precedence for this action? will presenting something that says "WHAT THE
FUCK" in it cause me embarrassment in a corporate setting? how is our exposure
for implicit vs explicit license agreements?

~~~
SadWebDeveloper
You are thinking as if there were a "litigation in process", licenses are
looked only if one the parties decided to sue, usually the "creator" or
"author" of the work are the ones which are "suing" because he wants to gain
royalties for the "work" he is done but in the context of WTFPL, given that "i
license my work under this license" this non-existant because m licensing "my
work" as something near "public domain" (if you accept the premise that even
such us-specific legal term applies, which usually isn't) so pretty much all
your question don't matter, there won't be a legal precedence if there isn't
something to "sue" maybe for liabilities but this is something rare to see
outside us.

------
dankohn1
This very much fits with my perception on how most company's lawyers
understand open source licenses today. But then I would say that, as my
organization (CNCF) requires our projects to be licensed under ASLv2 and I
wrote this justification for it: [https://www.cncf.io/blog/2017/02/01/cncf-
recommends-aslv2/](https://www.cncf.io/blog/2017/02/01/cncf-recommends-aslv2/)

------
soufron
Strange document. I don't get why Lawyers would be bothered by the GPL or the
MIT licenses... in 2017 !

As a Lawyer myself, I am certainly not. Free Software and Open Source Licenses
are a great way for developers to get protected, worldwide, at a very low cost
- and to achieve their goals and values besides their software itself.

~~~
jwilk
GPL licenses are hairy beasts. If you're not bothered by them, it's most
likely only because you don't understand them.

~~~
cyphar
That is just FUD. They're only "hairy beasts" if you didn't care enough about
the licenses of software you were using in the first place and suddenly a user
exercised their rights which you weren't equipped to deal with. There is so
many resources available from the Free Software Law Society that being
ignorant as a lawyer is not excusable.

------
floatboth
What about Zero-clause BSD?
[https://spdx.org/licenses/0BSD.html](https://spdx.org/licenses/0BSD.html)
(OSI approved, even)

I currently prefer Unlicense but 0BSD looks very nice…

------
giancarlostoro
I wish he would of included the MS-PL which is not as common but a very decent
license if you worry about patent based claims, otherwise has an MIT License
vibe.

------
kazinator
Figures that a lawyer would give a single question mark to some licenses which
say _" you can use the patents in this code (well, those that are _ours _,
that is), and this license terminates if you litigate us for any reason "_ but
two question marks to the BSD 2 Clause.

A tactical position in the legal arms race is of course clearer than some
implicit assurances of peace.

------
cdubzzz
Some very interesting posts on this blog. I particularly enjoyed the 2014 FTC
"year in review" post[0], but was sad to find none for other years.

[0] [https://writing.kemitchell.com/2015/02/13/FTC-2014-Year-
in-R...](https://writing.kemitchell.com/2015/02/13/FTC-2014-Year-in-
Review.html)

~~~
kemitchell
I'm proud of that one, but you're the first person I've seen even _mention_
it!

It takes at least a full working day to round up all the FTC actions for a
year, read them, code them, categorize them, synthesize, write it up, and
proofread. I had that kind of time back in early 2015, when I'd just started
my own practice, and wasn't backed up with client work to do. I holed myself
up in the San Francisco Law Library for it, as I recall.

~~~
cdubzzz
Haha. I'm surprised it only took you a day! I've spent much longer on far more
mundane writing.

Thanks for all of your work on the blog. Very interesting material.

------
libeclipse
What does it mean by the patent clause? What kind of stuff does that cover,
and in what scenarios does it become relevant?

~~~
psyc
In short, if anything in the code is patented, the license also grants
licenses for those patents.

------
franciscop
Really nice to know an _official_ opinion. While IANAL, I made a small tool to
find out what licenses your packages are using:

    
    
        npm install legally -g
    
        legally
    

It should print the licenses and how many times you have them in both a
frequency list and a detailed list. I use it mainly to avoid GPL.

~~~
OJFord
> _Really nice to know an official opinion._

From what office does this opinion stem?

------
itsadok
Are there any downsides to multiple-licensing? What happens if I say "This
software is released under every license listed in
[https://opensource.org/licenses/alphabetical"](https://opensource.org/licenses/alphabetical")?

Just curious.

~~~
franciscop
IANAL but I'd guess it depends on the wording. If it's an "AND" (as your
question suggests), the most restrictive would apply while if it's an "OR" (as
it's common when dual-licensing) the less restrictive would apply.

~~~
pksadiq
> If it's an "AND" (as your question suggests), the most restrictive would
> apply

Please note that it is not possible to do this with some License X and GNU
[LA]GPL. Because it is an additional restriction which is not allowed as per
the terms of GNU [LA]GPL.

------
darekkay
Here are some great resources to get a quick software license overview and
help making a decision:

* [https://tldrlegal.com/](https://tldrlegal.com/)

* [https://choosealicense.com/](https://choosealicense.com/)

------
eterm
It's a shame MS-PL isn't on the list, it would be nice to see where it fits.

------
andrepd
So he basically rates permissive licenses invariably better than copyleft?

------
kozak
What does "Can hire compliance pros" mean?

~~~
ahakki
It probably means that the license is well known and understood by many
compliance experts.

------
melling
What about Creative Commons Zero? I've been told that's a great way to make
your small source, etc examples free. I use it on dozens of my github repos:

[https://github.com/melling/ComputerGraphics](https://github.com/melling/ComputerGraphics)

[https://github.com/melling/ios_topics](https://github.com/melling/ios_topics)

~~~
david-given
CC say it's suitable for software (unlike the other CC licenses):

[https://wiki.creativecommons.org/wiki/CC0_FAQ#May_I_apply_CC...](https://wiki.creativecommons.org/wiki/CC0_FAQ#May_I_apply_CC0_to_computer_software.3F_If_so.2C_is_there_a_recommended_implementation.3F)

However the OSI didn't approve it and don't recommend it, mainly because it
explicitly does not cover patent rights:

[https://opensource.org/faq#cc-zero](https://opensource.org/faq#cc-zero)

~~~
pksadiq
> However the OSI didn't approve it and don't recommend it, mainly because it
> explicitly does not cover patent rights

That was not the reason. If so, [L]GPLv2, MIT or several other licenses won't
be accepted by OSI.

The issue is CC0 explicitly disclaim any conveyance of patent rights (from the
linked faq).

~~~
Mithaldu
Is there any document that explains why the CC0 does that?

I've been using it for a long time as a "socially acceptable WTFPL" and
thought it did, well, exactly the same as WTFPL, let any person in possession
of the source do whatever the fuck they want. But apparently with CC0 there
are some things they can't do even if the local law allows it?

~~~
poizan42
Except this is missing from WTFPL:

> Unless expressly stated otherwise, the person who associated a work with
> this deed makes no warranties about the work, and disclaims liability for
> all uses of the work, to the fullest extent permitted by applicable law.

If you don't explicitly disclaim warranty then you can get hit by this in
Common Law jurisdictions, see [0]

[0]:
[https://en.wikipedia.org/wiki/Implied_warranty](https://en.wikipedia.org/wiki/Implied_warranty)

~~~
Mithaldu
That only applies to source code sold, right?

~~~
cyphar
Or if you sell a collection of software that includes that code, a product
that contains that code, a service that runs that code, etc.

------
peteretep
What is "niched to Perl" meant to mean? I realise it was originally the Perl
license, but is it tied to it?

~~~
lloeki
I read it as "mostly only in use in or around Perl code" (not that it could
not be used elsewhere, it just turns out it mostly isn't).

~~~
kemitchell
That is what I meant exactly.

------
madisfun
tl;dr:

Fine with commercial users not giving anything back? Apache2.

The best shot to dual-license your free software? AGPL3.

Care about patent attorneys' working hours? EPL1.

Dyslexic? MIT.

------
douche
So the GPL sucks. Good to have confirmation on that.

------
user5994461
Need to add the CCDL:
[https://opensource.org/licenses/CDDL-1.0](https://opensource.org/licenses/CDDL-1.0)

If I recall right, it was written originally by Sun a long time ago, to allow
them to open-source their software while giving clear terms to entreprise
users to let them combine/integrate software together.

It is unique in some aspects and it is friendly for entreprise.

[https://en.wikipedia.org/wiki/Common_Development_and_Distrib...](https://en.wikipedia.org/wiki/Common_Development_and_Distribution_License)

~~~
cyphar
CDDL is basically like the MPLv1, but has some clauses that are worrysome. If
you want file-based copyleft just use MPLv2 (which is also compatible with the
GPL -- which CDDL is not).

I feel sad every time new code uses CDDL.

------
briandear
Wow. As someone who pays little attention to open source licensing it seems
like the whole system is just a confusing amalgamation of nonsense. By
nonsense I mean that every little organization has their "thing" and you need
a lawyer to do anything or keep track of it all.

Can we just simplify the licenses or does everyone need to write their own?
Why not just have MIT for all open source and be done with it?

~~~
pseudalopex
If you think open source/free software is full of complicated one-off
licenses, check out proprietary software sometime!

The large majority of projects use MIT, GPLv2, GPLv3, Apache, or a common
variant like LGPL or BSD. Older projects often use other licenses for
historical reasons, and modules often use the same license as the core
software.

Asking why everyone doesn't just use your favorite license is a good way to
start a flame war. The MIT license doesn't address patents, and some people
like copyleft.

