

Ask HN: understanding Sonatype's licensing model - ojosilva

Our startup makes software mainly for businesses. We're thinking of modeling our licensing structure after Sonatype's... if only we could figure how they do it.<p>Our base framework, call it software A, will be an open-source version, maybe GPL or Apache licensed. It contains lots of other GPL software, particularly the dual-licensed Sencha's ExtJS library.<p>Our commercial version, call it software B, is a slightly enhanced version of A, targeted at business users (ie. intranet).<p>Since one can't embed GNU GPL'd software in Apache-licensed OSS, we probably have to choose GNU GPLv3 for A, which is an umbrella for most common oss licenses. <i>But that would make it impossible to have a closed-sourced B software package based on A</i>. Or wouldn't it?<p>Sonatype has a similar offering: Nexus OSS and Nexus Professional. Nexus Professional is an enhanced version of Nexus OSS. Nexus OSS is released under a GNU AGPLv3, "GNU Afferro General Public License" [sic], http://nexus.sonatype.org/license.html<p>Now, how can Sonatype release Nexus Professional closed-source when its base, Nexus OSS, is AGPL'd? Aren't they breaking their own license agreement by reusing the community oss software in their closed-source, commercial Nexus Professional?<p>As far as I understand, to commercially re-release your own open software as closed-source it would need to be licensed under MIT/BSD/Apache in the first place, ie. IBM Rational Dev. and Eclipse. But then... I'm confused.<p>Besides, their software, like ours, has ExtJS, which is GPLv3 for OSS, but not for commercial use, which makes it impossible to use Nexus OSS in a business intranet without buying an ExtJS license. Right? Dunno... since ExtJS is actually commercially licensed on a developer base, using OSS that contains ExtJS is actually ok. But then developers from the community can contribute to Nexus OSS Github repository, which kindda makes the ExtJS license useless as there are endless developers contributing to the Nexus OSS project, whereas Sonatype probably only pays for their own ExtJS developer licenses.<p>I know, this is a mess of a question! But our startup will have an offering that is similar to Sonatype's, and we're not sure their licensing is consistent, or even legal, so we're afraid to imitate them.
======
bigiain
If Sonatype own the copyright to all of Nexus OSS, they then have the right to
release it under another license as well. They can't take back anybodies
rights to the OSS version, but they are allowed to distribute it under a
different license.

MySQL used to do this - they required contributors to assign copyright to the
MySQL company before accepting patches specifically so MySQL could sell
commercial licenses to users who didn't want a GPL encumberment on their
software that used MySQL.

If you've built "Software A" out of open source components to which you do not
own all the copyright too, you won't be able to follow that path (technically,
you _could_ reach out to each individual contributor/copyright holder and ask
for permission to relicense their code. Good luck with that...) If you wrote
(and released under an OSS license) all the Software A code, you've got the
right to release it under as many different licenses as you want.

