
PolyForm Noncompete Licenses - joeyespo
https://writing.kemitchell.com/2020/05/14/PolyForm-Defensive-Perimenter.html
======
verdverm
The real problem with the licenses is that they are not open source, but many
users of them still seem to think they are doing open source.

The funny thing is that they are trying to protect themselves from Amazon and
other competition before it usually exists, and that in reality, they are
doing themselves more harm because the big co lawyers are starting to reject
these unusual, project specific license. "If it takes more than a few minutes
to understand, then I tell the devs No"

To all those would be users of the Faux Pas OSS licenses, why did you make it
open source in the first place? If you want to protect your code, why no make
it private? Why use one of these licenses?

~~~
ghaff
I had a conversation with a company a few weeks ago about this. What they told
me aligned with other things I've heard. Basically they're seeing customers
giving preference to open source software and they believe (rightly or
wrongly) that using one of these non-compete licenses will give them the
marketing advantages of open source without the potential business model
downsides.

Of course, they also likely don't get the development model advantages of open
source but anecdotally these companies don't much care about that. (And TBH a
lot of single-company products/projects don't get a lot of outside
contribution anyway.)

~~~
Wowfunhappy
Could the company use something like AGPL in these instances? (The developing
company ofc wouldn't follow the AGPL, but in this case the code is
_officially_ open source.)

~~~
ghaff
It's possible. Although a cloud provider could still potentially run a
competing service so long as they made any modifications available to the
public. (A cloud provider still might choose not to do so because of
uncertainly about how the code interacts with other services in their
infrastructure.)

But, yes, "Why doesn't the AGPL solve your perceived problem?" is a reasonable
question to ask in the context of these non-compete licenses.

------
fenwick67
Let's say I work at Giphy and we publish a library with the Defensive license.
Then the library is used by the folks at Twitter. Okay, Twitter isn't
competing with us and they send lots of traffic our way, our team is cool with
that. Then Giphy is acquired by Facebook. Is Twitter in trouble?

~~~
scj
Alternative, but similar scenario:

Let's say a database gets licensed under the defensive license by
$CORPORATION_0. And let's say that $CORPORATION_1 makes many contributions to
that database under the same defensive license (where they retain copyright).
A little weird, but presumably both companies are comfortable with the
situation.

Let's then say that $MEGA_EVIL_DB_CORP buys out the contributor
$CORPORATION_1, and now $MEGA_EVIL_DB_CORP owns the copyright and has
competing databases.

I'd assume both companies can no longer use the defensive licensed DB. Meaning
all Oracle has to do to destroy the competition is buy whichever company is
cheaper.

That seems like a bad attack vector.

~~~
wmf
IANAL but it seems like a non-compete license would need copyright assignment
so it's clear who you can't compete with. The dual-licensing bait-and-switch
business model also requires copyright assignment so it's not that different.

------
cycloptic
As an open source developer, I wouldn't contribute to any project that uses
these licenses or trust any company that's using them. They're not classified
as free software or open source for a reason: it's crucial to be able to fork
in the event that the company decides to become hostile. The ability for the
other contributors to do this is what keeps them honest. With these licenses,
that whole trust aspect gets thrown out.

------
verdverm
Joseph Jacks has some interesting ideas for Commercial Open Source Software
(COSS) [https://coss.media](https://coss.media)

Though he recently told me that he thinks all OSS should bootstrap and never
take investment, which doesn't exactly align with top COSS co spreadsheet he
also maintains.

~~~
josephjacks
Hey, Tony. :) I believe that COSS companies are extremely successful when they
are able to build large and successful positive-sum and inclusive ecosystems
around their FOSS core (specifically, that core being FOSS licensed, not
source-available license'd). My partner Heather Meeker has written most of
these non-compete licenses. They are useful at the crust around the core, not
in the core, IMHO.. if they are applied to the core, there is very little
distinguishing it from freemium/proprietary which != FOSS. Also, many of the
most successful COSS companies never raised a cent of VC to get to scale:
Jetbrains, Liferay, Odoo, etc. and the ones that did raise a similar amount of
money to get to scale did not really need it, they just accepted it along to
way maybe to speed growth a bit, but their commercialization strategies were
often working quite well and their customer acquisition costs _highly_
efficient.

~~~
verdverm
Hi JJ.

Steph and I have been breaking things down from our chat, and basically came
to the same conclusion, though often favoring closed source where one might
GPL/NonC license that crust around the core. Also that outside investment is
to add fuel to an existing fire, COSS or fully private makes less difference
than showing you've built something people want.

Do you have any new videos or podcasts? Always love to hear your thoughts, you
put things very succinctly!

------
vharuck
Let's say a repo on GutHub has the Perimeter license, and I clone it to a
public repo. Would I be unable to include any personal changes on the clone I
have? Because it'd be a substitute product that's distributed via GitHub?

------
mcint
s/complete/compete/

I appreciate attempts to standardize the law, and make it more accessible and
cost-effective to rely on.

Hmmm, guess there are issues though

~~~
verdverm
The OSS license body is rejecting these non-compete licenses as open source.

~~~
ghaff
To be somewhat pedantic, the Open Source Initiative maintains the open source
definition and has a license review process which can lead to a license
becoming an OSI-approved license. There are a variety of reasons licenses
don't get approved but one of them is that it doesn't meet the open source
definition.

I'm not sure any of these "non-compete" licenses have been rejected by the
OSI. I'm pretty sure at least some of them haven't been submitted because they
almost certainly would fail to be approved.

But to be clear, anyone can claim their license is an "open source license"
just not that it's an OSI-approved license if it's not.

~~~
verdverm
I suppose what I am getting at is that, like with many things, humams tend to
gravitate towards adopting definitions around the governing body (experts)
certification. We can get into problems, like certified organic, when there
are too many bodies creating standards. There was actually an analogous
conversation in Cuelang about this, w.r.t. user registered builtins, Cue code
which can no longer be used with cue, and the worry of fracturing the
ecosystem.

------
henryfjordan
Are these enforceable in California? California does not like non-compete
clauses.

See cal civ code section 16600: "... every contract by which anyone is
restrained from engaging in a lawful profession, trade, or business of any
kind is to that extent void"

~~~
bradrydzewski
I believe copyright law in the U.S. is governed by federal statute and
copyright infringement matters would be handled by a federal court.

~~~
henryfjordan
You might be right about that, but federal courts can consider state laws. I'm
not sure how that would play out.

I also found an unpublished opinion from SCO Group, Inc. v. Novell, Inc., that
deals with a similar issue that also makes me think that this software license
could work:

> The license in the APA and the TLA does not preclude Novell from pursing its
> business. Rather, the license merely restricts Novell's ability to use SCO's
> property and is part of an ongoing relationship between the parties.
> Therefore, the court finds that there is no restraint on trade and the
> restrictions are not void under Section 16600.

------
Communitivity
I am not a lawyer, and none of this is legal advice, but these licenses seem
SAF (Sketchy As...).

More precisely, using software written with these licenses would be something
I would never do, either in an Open Source project or a commercial project.

Consider for example the 'Patent Defense' section of the Polyform Defensive
license. If I am reading this right then if you have a patent and use Polyform
Defensive licensed software from Example,inc. to the point that stopping using
the software is a major hardship, then Example, inc. can infringe on your
patent and be safe because you won't risk losing the right to use their
software.

Or the 'Sales of Business' section. Let's say Example,inc. is building a blog
hosting platform and Open Sources a library for an image carousel under
Polyform Defensive. Exemple SA start using it for their Computer Based
Training site. Later Example,inc. enters the CBT market. If I am reading this
right then Exemple SA now has to either stop using the software, or leave the
CBT market - and might not even have a choice about leaving the CBT market.

A lot of work has gone into making useful and effective Open Source licenses
that benefit both sides when a company open sources their software (software
user and the company making the software). A company has a range of
protectiveness they can choose: Affero GPL, GPL v3, BSD, MIT, Apache, EPL are
some well known ones [1]. Why do we need the PolyForm licenses, especially
when they seem to me to be several steps back toward the dark ages of
commercial licenses, and being so ambiguous you need a lawyer to evaluate it
every case.

You also have the question of legality in every region. Aren't noncompetes
heavily restricted in California.

I also am of the mind that 98% of noncompetes and NDAs are hubris and
unnecessary, other than to use as a collar to retain employees. Better to
retain through incentivizing than threatening. And also, ideas are a dime a
dozen..most people are not going to steal your idea as it's the execution and
the funding backing it that will make the difference.

Lastly, a key thing to not is that the Polyform Project itself says these are
not Open Source licenses[2]:

    
    
      PolyForm is not…
      Open source or free software.  There are plenty of
      existing open source licenses. PolyForm is not a
      substitute for them, but an alternative for those 
      who want to license source code under limited rights.
    

There are Open Source licenses out there that legal experts state will protect
you, whatever your range of needs if you are willing to abide by the Open
Source ideals[3]. Why not embrace the Open Source movement, instead of saying
mired in the past?

[1] [https://en.wikipedia.org/wiki/Comparison_of_free_and_open-
so...](https://en.wikipedia.org/wiki/Comparison_of_free_and_open-
source_software_licenses)

[2] [https://polyformproject.org/what-is-
polyform/](https://polyformproject.org/what-is-polyform/)

[3]
[https://opensource.org/licenses/category](https://opensource.org/licenses/category)

~~~
fxtentacle
It seems the most on-topic comment was downvotes into oblivion.

