Even if we paint all of their actions in the most favorable possible light, and even if the clause is a paper tiger as some have claimed, it doesn't matter. This is not how open source should work. We should not have to debate for years if a project's license is radioactive. Especially individual devs like myself who just want to use a great tool. We should be able to just use it, because it's open and that's what open means. This is so much worse than closed. It's closed masquerading as open.
It's under MIT license developed by a single person in addition to community's contribution.
This link is rather interesting https://vuejs.org/v2/guide/comparison.html#React
Preact is a fast 3kB alternative to React, with the same ES2015 API as that of React.
Preact is MIT licensed and does not have any additional conditions beyond that.
I also agree with the OP, even viewing FB in the best light possible, about the best case you can make is that they want to hedge any risks to themselves while profiting from OSS contributions and the OSS marketing. As it stands, there is virtually no case to be made for them wanting to contribute to the OSS community. IMHO if you're a dev and contributing to the facebook oss ecosystem, I would actively encourage you to stop.
Patents protect ideas and inventions. In most cases, patent assertion cases are not black or white — win or loose. Infringement evaluation is complex and costly. A lawsuit can cost hundreds of thousands or millions to file and pursue. You might have a 85% confidence that FB violated a patent of yours, but to even pursue it it’s going to cost you a lot of money.
If on top of that, you will need to invest to migrate away onto a different frontend framework first, and make sure that all your customers are using your new product version (what if you’re using React Native? your users may not upgrade the apps at once!), before you can even file the lawsuit, do you think that’s an honest, ethical usage of open source philosophy?
Bottom line: Open Source is not a “quid pro quo” trade. Open Source is about creating communities to build better software together. It should never be used as a marketplace to exchange people's rights.
It would be fitting for FB to change their motto (?) to "We're not evil either." Lol
Do you believe Google also has shown intents to be totalitarian or "be evil" ?
IMHO Google has handled their enormous power and popularity very well.
Fair Disclaimer: I must confess I'm a google user, not affiliated to them in any other way (that I know of) though :D
There is still a question on fair use. Google won the jury trial, but the appellate court is ruling in a few months, and that could change everything.
Oracle really has a way of being a big swinging legal turd, I do believe they would try anything they could. It just seems like they wouldn't wait a year to get it going.
Namely: "For the avoidance of doubt, it has to be made clear that only the expression of a computer program is protected and that ideas and principles which underlie any element of a program, including those which underlie its interfaces, are not protected by copyright under this Directive."
The actual permission notice says you have the right to use the software without restriction. To me, a layman, it would seem contradictory and unfair if they later claimed that they held previously unmentioned patents that restricted your use of the software.
As a bonus, it's a lot smaller, just 3kb minified
also check out nuxt.js, a small abstraction layer on top of vue that has some opinions about file structure and also makes SSR a breeze https://nuxtjs.org/
I'd venture to say that very few if any of the sites Facebook lists at https://github.com/facebook/react/wiki/sites-using-react are using "React the view library" by itself.
not sure, but I think that means users of weex are subject to BSD+PATENTS also
And Polymer isn't even really either of those things, it's a polyfill for a native browser feature.
This creates great looking results pretty fast and also enables you to easily give back to the community by open-sourcing your own components. Last time I checked already 1100 components were listed, of which the vast majority seemed really well build.
I hate toolchains and their clunky 10+ seconds compile step.
It's conspicuously missing from these discussions
Angular has other issues like the AOT compilation file sizes and the fact that certain standard language features are not supported with it. But even having to know the ins and odds of AOT vs JIT...these aren't even things you have to worry about in any of the ones I mentioned above.
I really wish the Angular team had learned the best lessons from React...but they didn't. It's definitely better than Angular 1...but it's not as good as these other alternatives.
I wonder if this is React's "Angular 2." What's worse, the misstep this time is due to ham-fisted corporate mal-
stewardship, not just miscommunicated technical good intentions. Vue is similarly positioned to be the "next thing" in the way React was three years ago. My how this space churns.
Compare that to the space ship Angular 2. They really made an outstanding effort to create a huge barrier of entry for anyone not having a degree in DevOps. I'm an old fart, I don't need your stinking CLI, Grunt, Gulp, NPM etc stuff.
Compare that to Vue.js really shines in this regard with the same level of entry as AngularJS. For me that is part of what I thinks makes it a succes.
When choosing a new framework I tend to not look for the future, but look in the past. I chose what was mainstream 2-3 years ago, which means right now still AngularJS for me. This means I'm a leecher on StackOverflow, but so be it. I have my own company and clients pay me for working applications, which means I have to choose my tools as efficient and effective as possible. By choosing last years model, it is less sexy but will get me from A to B with the same speed plus added reliability. At the same time I'm keeping a close look to Vue.js and if still going in the same direction next year as it is now, I will definitely switch to it.
It's not a copyright license. It's a patent grant/license which is completely independent. This matters for several reasons, including when just saying "license", this usually means a copyright license.
If this patent grant get's revoked, you are back to simply using the BSD license with no patent grant. I've read so many people say "you'd have to stop using react if you sued facebook", uh, no, you'd have a bsd license with no patent grant like you probably do with tons of other free software your company uses. Clearly, people should be complaining about that if they are complaining about this, but the misunderstanding and misinformation is really strong. If you believe software patents are universally bad, like many people including me, then it is clearly better using the MIT/BSD license alone, which gives you zero patent rights, you are simply infringing and waiting to be sued. I have no problem with it. https://www.gnu.org/philosophy/software-patents.en.html.
Also by "license" I meant the "BSD + Patents license" as the Facebook writeup put it.
Those others were wrong. Facebook have made this very clear in their FAQ :
> Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?
If BSD is a "license to use", then it is implicitly a copyright license _and_ a patent licence.
Assuming the above, the argument goes that the implicit patent license in plain BSD is overridden by the explicit patent license in BSD+Patents, and that the explicit one is much more restrictive than the (unwritten) implicit one.
The FAQ doesn't address that.
I meant to write "better than using." Also, I was not aware of the implied patent license argument.
I suppose there's not much I can do about it except to move my efforts elsewhere, even if it affects my earnings.
It's more like developers in large parts stopped caring for standards and looked after products and "big players" and "the next big thing" instead aka the consumerization of IT.
Happened to SQL, browsers, middleware, network protocols, app servers, containers, programming and markup languages, and more.
Nowadays, big things come onto the scene and into developer's minds via obscene venture capital budgets.
This is not a recent phenomenon. For example, developers using (mostly) Microsoft tools on Windows have been doing it for decades already.
Drives home the point of why I need to move on and be careful where I put effort.
Its not that great anyways when compared to angular 2/4. There are too many concepts to be mastered and it soon become overwhelming. I tried learning react but dropped it after spending a week when I still could not understand routing. Sense of cohesiveness between different concepts is missing. I believe some learning junkies may get the kick out of it but that's not me. My time is better spent elsewhere.
Angular on the other hand introduces everything one single tutorials to make one productive. Deep dive later can be done later on when required.
Edit: minor typo
It's just React components up and down.
When you haven't had "that much trouble", it sounds like you're calling them stupid or a liar, and it sounds like you didn't consider the possibility that you're working on a very different problem or have a different definition of "figure out routing".
I store all of my user state in the URL. This way users can copy URLs to each other containing their state, I can press reload to debug things, Other people can embed portions of my application into iframes, and other good benefits.
However I don't want to sprinkle url changes and parsers all over my code, so I'd like to hook into the router system and glue it into the property system. I've probably been through a few versions of this idea with react and certainly spent at least a week in total trying to get it working well with all the different browsers and widgets, only to have react-router 4 come out and break it.
I then probably spent at least a day or two looking for similar-shaped hooks and couldn't find them. Maybe I should have spent more, maybe I should've been smarter.
However I note that the author of React-router took four very different approaches towards figuring out routing and produced incompatible APIs, which is a strong sign that they weren't able to figure out how routing should work either.
If React Router is not suiting your needs, there are many other options out there. That's the beauty of the ecosystem:
I'm glad that even React Router was willing to iterate on its implementation.
It takes a couple of hours to do a bit of research and searching to find the solution that fits your needs best.
I feel like I'm missing something big with everyone not even talking about angular. Maybe I feel this because Angular was big and then soon it wasn't. Probably that's the disconnect
And for me, the opposite was true vis-a-vis Angular and React, though got as far as making contributions to the Angular 2 tools before I decided to jumping ship.
and that's the problem. React itself solves a tiny subset and delegates the other responsibilities to different tools which may not align with each other. Most of the is spent is wiring making different choices and wiring them together.
On a side note what made you move away from Angular 2 to React?
So modularity is a problem now?
It's like breaking a kitchen knife into two: the blade and the handle, in the name of modularity.
Concretely, this is what I mean: Routing, and a bunch of other things are used together, it would've been better if react had kept the view library separate but also maintained an official router among other things
There are zero known patents related to react.
See for example:
"Some free and open source software licences also explicitly grant the patent rights necessary for the purposes of using, adapting and distributing the code, for example the Apache License v2, the GNU General Public License v3 and the Eclipse Public License. In some jurisdictions, including the UK, it is highly probable that even those free and open source software licences that do not explicitly grant patent rights do in fact provide them implicitly. After all, giving permission to perform a specific act strongly implies permission to perform the steps needed to do so. Thus the permission to redistribute the software granted by all free and open source licences - it can be argued - implies the granting of the right to make use of any of the licensor’s patents which would be infringed by the distribution of the code."
In the specific cases of the BSD and MIT copyright licenses note that the licenses do not say that they are irrevocable. A license granted for no consideration is generally revocable unless it specifically says that it is not.
There are substitutes for consideration. It is an open question as far as I know whether or not those apply in the case of free software and make licenses like MIT and BSD irrevocable.
If you use BSD or MIT licensed patented software that does not come with an explicit patent grant, you'll have to deal with these arguments if the patent owner decides to go to court:
1. There is no implied patent license,
2. If there is an implied patent license it is revocable and they revoked yours,
3. The copyright license is revocable, they revoked yours, and that implicitly revokes the implied patent license (even if it is irrevocable normally).
It's so much safer to try to stick to licenses that say they are irrevocable and include an explicit patent grant.
Sadly, although Facebook includes an explicit patent grant, it does not claim to be irrevocable. They even list one specific case where it can be revoked.
Though I use Angular in my day-to-day, I would really love to be in React land for that reason alone. I've had too many interface bugs due to simple template typos
I've contributed to React before and will continue to do so. I haven't seen a single reason why not to. Just because React doesn't use your favorite license? Well this may shock you but I also use and help develop closed source software. In my view there is nothing morally wrong here. What's more, it's not even clear which morals you think I would be failing by continuing to contribute to React.
That's not really the problem here. The problem is that by using React, even in a closed source context, you are potentially setting yourself up to not successfully make an IP claim against facebook, even for unrelated technologies.
You give up your right to sue facebook with ALL your patents while facebook only gives up the right to sue you with their REACT patent. We don't even know if there is such a thing as a "react patent".
If you live in a jurisdiction where the concept of software patents are void, as the GP indicates, the patent clause in the license is meaningless because there cannot be any patents on React in that jurisdiction.
The way I understood this conversation was that BMW (continuing your example) cannot sue facebook if facebook infringes them on an of their car patents but it's not a right or a grant or even a license of any sort.
No, that's not the problem for many(most?) of us. The problem is that Facebook has decided to throw out innovative extra conditions to an old and established license. Innovation is typically not a good thing with open source licenses. It just throws a lot of uncertainty and confusion onto the situation, and for what gain? In fact, no one has any clue how this patent grant will work in practice.
If we believe the minimalist interpretation that some people are proposing here, Facebook has gained virtually nothing here. And that fact in itself makes people suspicious, because why would they dig in for almost no gain?
Why do you even care? It's a great framework and if you don't want to use it under the license then don't. But why ranting about they should change the license?
I can understand why FB is licensing the way they do. I also would be pissed off if I would get sued for some nonsense all the time and would take an opportunity to potentially reduce that.
I'm going for Preact (https://github.com/developit/preact) for React alternative.
The most likely thing for Facebook to patent is the concept of a virtual DOM that's diffed to apply updates to the real DOM. IF they have such a patent (and apparently they don't), then any library that has a vdom implementation infringes, including Preact.
Of course, if they DON'T have such a patent (which seems to be the case), then Preact is safe, but so is React. :)
This would cause mass alienation in the community for little gain, and force many previously neutral parties to align against them for attacking a completely separate project.
And for little damage as well....
If we rewrote our sites to use React coming from Backbone, JQuery and Angular... it won't be too much of a hardship to rewrite our sites to no longer use React in the future. Heck considering the 5-year churn of JS frameworks, I'm already penciling in the rise of a new framework in 2022.
It would likely be a company suing FB for infringing a patent who happens to also use Preact in a site. FB presumably wouldn't have access to the site source code (pre-suit), but would be looking at the compiled, minified public site. I don't know how Preact and React look when compiled compared to each other, but given their similar structures it might be hard to tell them apart. FB would identify the offending bits of code or code structure. They wouldn't need to even use the word "Preact" (or "React") in the suit.
If the underlying suit was a patent troll suing FB, FB's use of React patent clause might actually be celebrated in a enemy-of-my-enemy kind of way by the broader developer community.
It would require FB to finally disclose the patent numbers applicable to React. I've spent a few hours attempted to review FB's patents to find anything related to React technology, but it's a needle in a haystack challenge and I failed. There are tens of thousands of patents and impossible to know what keywords to search for. (If someone else has done this work, would be great!)
Why? Why is the API relevant at all?
The implication is if you use react now you give away rights.
The same is not true for angular, vue or mithril. Some argue if you use vdom there might be issue. But at least with those you/your dev is not giving away rights willingly...
But come to think of it; That is the way fb started :/
The patent grant from FB grants you strictly more rights than BSD alone (though admittedly, you could lose those extra rights).
Not at all.
It's been discussed a ton, the plain language of the license makes that clear, Facebook even covered this in their official React license FAQ (https://code.facebook.com/pages/850928938376556).
Please stop spreading FUD.
>> Does the additional patent grant in the Facebook BSD+Patents license terminate if I sue Facebook for something other than patent infringement?
>> Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook?
> No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license.
My interpretation of that is if I use React I can't sue Facebook for any patent violations lest they pull their React patent licenses and immediately sue me for infringement.
Of what? Patents are public; link me the patent you think they'd sue you for infringing. :)
If they really want to crush little ol' me, I'm sure their legal team can find something in their existing patent warchest that would apply to React.
Plus we don't know if they have applied for patents that would apply to React that are still under review.
Yes, but also to your non-React code, right?
Like...seriously, what patent do you think they might have that somehow only applies to React and not all the other modern frameworks that have been busily copying React?
In short, if you get into a patent dispute with them, your license to use React does not terminate.
So when someone says "if you sue you will lose your rights to use react" this is wrong. My rights to use React come from the BSD license, not from the patent grant.
It's not so much they're "digging in" in the face of criticism, as they simply haven't noticed the criticism, because it has no relevance to Facebook at the level where corporate policy is set. Or so I believe. :)
I disagree. There are clearly a lot of people who evangelize React and other open source projects. It helps a lot with recruitment and Facebook's public relations among devs. I just don't think the attorneys grasp how much this is affecting other parts of the company.
I don't want a non-standard license... It's just more complexity we don't need.
Make it LGPLv3 or something if you want a patent clause, don't invent your own.
The patent issue is really not a big deal with React; the real concern is philosophical.
They won on a fair use claim. And that win is still subject to an ongoing appeal.
did we? I think the jury is still out on this, i.e. we had one verdict for google, one for oracle, one for google again, and now there's another appeal.
npm i -S preact preact-compat
If you're starting from scratch pretty easy though, sure. But that assumption is all too widespread in the JS ecosystem these days : (
- Yahoo Mail
- NY Times
If they're ok with the license, you probably shouldn't worry too much. Basically, if you don't own any patents or if your company is smaller than any of the above, you should be ok.
I assume they were.
This license is likely to protect facebook against patent litigation that a startup might claim facebook is in violation of.
It's not too hard to imagine a scenario where the next snapchat-like-startup is using react native. Facebook is then in a super leveraged position against them legally.
Snap stories are now facebook stories, instagram stories, and whatsapp stories. It's not such a big leap that it'll happen again.
Once your 'professional lawyer' agrees that the license is enforceable it's up to you to decide whether giving Facebook an effective grant of all your patents it worth it.
my understanding is that this isn't the case - react isn't itself covered by patent, and the bsd license remains in effect.
Anyway, it's not up to me, it's up to the legal team and they are saying "No".
Turns out that forking a somewhat recent version of React that uses Apache is possible while still retaining any relevant patents (esp pending vdom patents) and API compatibility.
Maybe we need groups who can push to lobby for legislation to remove software patents in more countries?
So, Facebook, lets assume, isn't being malicious and genuinely feels this is the right approach to deal with what they consider to be "meritless" lawsuits... but at the same time, if this response-- genuine as it may be-- gives them abusive power, don't abide it.
Similar principle for politicians-- never support Obama/Trump having a power you wouldn't want Trump/Obama wielding.
For any aspect of power, assume the most abusive historical figure has it-- should they have it? IF not then don't grant it to even people you like.
At most situations you might be assigning improbable risks to things. If you have a reason to believe someone is not going to abuse power, then giving them said power should be okay in real life
Edit: May I add that you're swinging from one extreme to the other. Things need not be black/white. It's a fallacy all on its own
Everyone in this whole thread is saying the same thing. For anyone not up to speed, I found the following explanation of the issue (analysis of the license) very good and short:
This lets you know why we have 300+ comments saying the same thing.
Oh, come off it!
If you went to some company and got a patent license, and then proceeded to sue that company for patent infringement on an unrelated patent, they would terminate your license. (That's what cross licensing prevents.) So FB is granting React users a patent license free. Why wouldn't they revoke the license if you were suing them? There's no difference from the normal state of affairs except the patent license is free. Now, if you are worried about FB infringing on your patents, it's wisest not to use React, but that's no different than licensing a patent from someone else.
I'm surprised at how many companies are willing to embrace frameworks that they believe come from Facebook and Google but are not truly backed by those companies. Aurelia has commercial backing and community contributors and a decent license.
You can. What's stopping you?
A few things:
1. If you want to suggest you are doing this as part of an attempt to avoid meritless litigation, you really should give concrete examples of that happening. Otherwise, it comes off as a smoke screen.
2. The assertion is that if widely adopted, it would avoid lots of meritless litigation. This is a theoretically possible outcome. Here's another theoretically possible outcome of wide adoption of this kind of very broad termination language: Facebook is able to use other people's technology at will because nobody can afford to not use their stuff, and no startup that they decide to take technology from, and say "no more facebook/react/etc for you" could realistically launch an effective lawsuit before they died.
Assume for a second you think Facebook is not likely to do this. If widely adopted, someone will do it.
Nobody should have to worry about this possibility when considering whether to adopt particular open source software.
(there are other theoretical outcomes, good and bad).
It's also worth pointing out: None of this is a new discussion or argument. All of the current revisions of the major licenses (Apache v2, GPLv3) went through arguments about whether to use these kinds of broader termination clauses (though not quite as one sided and company focused), and ultimately decided not to, for (IMHO good) reasons. I'm a bit surprised this isn't mentioned or discussed anywhere.
These kinds of clauses are not a uniform net positive, they are fairly bimodal.
If it's the case that these startups wouldn't have the resources to mount an effective lawsuit, then that's true regardless, no? Whatever the React terms say are moot. (I might be misunderstanding; the sentence is one that's hard to parse.)
> All of the current revisions of the major licenses (Apachev2, GPLv3) went through arguments about whether to use these kinds of clauses (though not quite as one sided and company focused), and ultimately decided not to.
When MPL2 was being drafted, I pointed out that a strong, React-like approach to patents would be better, because the protection that Apache 2.0 offers against patents is very narrow. My takeaway was that the reason not to do so was because it wouldn't have been politically expedient at the time—it would just result in people rejecting the MPL. If Facebook is now taking that approach, then run with it now; it suggests the idea should be opened back up for reconsideration in future revisions of these licenses because they can capitalize on the momentum.
This isn't only covering Facebook - this covers subsidiaries or subsidiaries etc..
Untrue. They couldn't sue Facebook (or subsidiary) without immediately losing their right to use any patents Facebook may-or-may-not have on React. Their right to use React would be untouched.
So, are there any patents? People have looked; so far none have been found. More to the point, what JS lib do you think our hypothetical firm should have used instead? Preact? Vue? Angular? Backbone? Why do you think Facebook doesn't have any patents on those?
Google is able to use other people's technology at will because nobody can afford to not use their stuff, and no startup that they decide to take technology from, and say "no more Google/Angular/Closure Library/etc for you" could realistically launch an effective lawsuit before they died.
That would work incredibly well to neutralize patents, actually, and would be a huge win for free/open source software.
It's surprising not to have seen anyone point out the logical conclusion of a world where every major license includes a React-like stance on patents: it's a world where no one is able to bring patent suits against anyone, because it means they are now violating the licenses of every piece of FOSS they're currently using. (I'm relying on the assumption that there's no entity that could perform an audit right now and conclude that there's not a single piece of FOSS underpinning their products/services/infrastructure.)
Licenses like Apache 2.0, MPL2, etc all have a "MAD" policy wrt patents, but they all have a gaping hole in their strategy. The React license patches this hole in a really clever way--probably the cleverest thing since the GPL's invention of copyleft to hack copyright law by using it against itself. It's really disappointing to see people's sense of disdain for Facebook overpower their ability to appreciate how clever the React license is.
Addendum from the last time  I commented: "FWIW, I don't use React, I don't want to, I'm not a Facebook employee, and in fact I think the world would be a lot better off with Facebook having less influence than they do today. But that doesn't change how weird it is to keep seeing comments like [those that frame the React terms in a negative light]".
If you use project A that was written by one or two developers in their spare time (and they included a BSD+patents) clause, would Facebook fear being sued by them? Probably not -- but new companies that get anywhere close to what Facebook does (increasingly, that's everything these days) definitely live with the real possibility of facebook suing them.
In theory the "no one is able to bring patent suits against anyone because they're violating licenses" is a good outcome (mostly the no patent suits part), but it doesn't quite stand up in practice because patent suits cost money, and bigger companies can sue you longer than you can sue them. I don't want a world where MAD is the default, because the large companies carry nukes, and I carry a peashooter.
I will no longer use react on any new projects.
As pointed out by Dennis Walsh in (https://firstname.lastname@example.org/react-facebook-and-the-revok...), it would take millions to bring a patent suit against Facebook.
At it's best this is like some sort of warped "you infringe on my patents and I'll infringe on yours" kind of thing, assuming MAD means it doesn't become a very-uneven suing war. This case is also bad news, because larger companies are much more capable of infringing on your patents and competing with smaller companies in a conglomerate style.
Amazon is a conglomerate. Alphabet/Google is a conglomerate. Somehow, everyone in the government who manages anti-trust (whether that should be a thing is another debate), seems to be asleep at the wheel, literally everyday.
Also, guess who has lots of resources to rebuild a shitty copy of ingenuous software they found online? Big corporations do. All the starry eyed CS grads who want to go work for Big Conglomerate Co. are going to be rearing to re-implement Redis in 50K LOC, but it's harder for some small company (or just random open source project) to re-build the parts of their app that used react in some other framework.
The PATENTS file is red herring. If you're a small player and you launch a patent lawsuit against Facebook you stand no chance of winning. Facebook has thousands of patents in its portfolio, and software patents being broad as they are, you're invariably infringing one of them.
You know what, scrap that. Even if you were a somewhat large player with your own respectable patent portfolio, and Facebook had almost no patents you could never win. Why? Because this already happened, dear internet:
TLDR: Yahoo sued Facebook before their IPO with 10 infringed patents (not just 1), trying to scare Facebook into giving them money. Facebook only had 56 patents, but they had money, so they bought up 1400 more patents, and countersued with just 10 of them. Yahoo realized they don't have the money to win a lawsuit against Facebook, and meekly submitted and cross-licensed the patents to Facebook.
Now imagine trying to copy cat the Yahoo move with two guys in a garage who own just a single patent against a stronger and more prepared Facebook that has thousands.
To give this comment meaningful content:
In that case, you have two other options:
* Quietly swap out your frontend before you file
* Continue using React and dare Facebook to produce a patent they can actually claim
This, of course, is based on the assumption that your frontend is a significant portion of your product. If your frontend is a trivial portion, then "rewrite your frontend code base as fast as you can" is also trivial.
Edit: fixed formatting
Large companies carry massive war chests of patents, such that anyone who makes software is most likely violating several of them without knowing it. They defend themselves from patent lawsuits with countersuits from their war chests. (Trolls are immune, though, because they don't make software and therefore aren't infringing in the first place.)
As for the problem you're focusing on, the particular problem is that to actually your patent defensively (the original purpose), you must litigate. To litigate, you must have lawyers, and quite a bit of money. If the other side is capable of buying better lawyers, or lawyers for a longer time, you lose.
They should be. Many popular open source projects are supported by a 'community' of large companies, or are invested into a widely respected foundation like Apache.
Additionally, many projects that started off as simply a few developers, grow to the point that a company is founded to handle support and customization. An example of this would be Redis Labs---started by the originator of Redis.
If even tiny patent trolls can be 'dangerous' to multinationals, I expect most would steer clear of declaring a patent war on the community at large.
What if Postgres had a retaliatory patent clause?
What if Linux did?
Also, you're right except for the fact that lots of very very useful projects are not backed by large companies or foundations like apache. What you describe a solution is precisely the world I don't want to live in. I don't want the MAD state of things to be held in check by large organizations -- humans kind of forget themselves in large organizations, far too easily.
Redis is a great success story, but again, that organization is way way weaker than facebook. They just have more money in the bank, and MAD only works if EVERYONE has nukes. It doesn't work if one side is carrying rifles and only one side has nukes.
Maybe we should fix the patent system instead -- I'm aware it's hugely nuanced, but for all the griping that tech does, surprisingly nothing has changed -- the tech companies that make it just don't seem to be trying to change the system once they're established (someone please correct me if I'm wrong).
Instead of forming organizations to fight patent wars, just put effort towards fixing the patent problems.
It's also a world where entrenched companies can feel free to use whatever technology they want from smaller competitors without fear of lawsuit, and use it to further entrench themselves :)
I'd put a lot more money on that happening than "happy fun kumbaya singing".
This is among the many reasons that apache, et al chose not to use them when revving their licenses.
It's totally worth reading the discussions that happened around these issues back then.
As a friend said WRT to this issue: "Everything old is new again"
I agree, but software patents are arguably bad enough that doing away with them entirely is worth the collateral.
A legislative solution might exist to have the best of both worlds, but, in the absence of that, suppose there's a copyleft-analogue hacky way to undermine software patents indiscriminately without requiring an Act of Congress. (and that's not a sure thing at all, but suppose.) Wouldn't you press the button?
It would be a huge win for companies with large software patent portfolios, which is the opposite of what the free software movement is about.
This is backwards. Those are exactly the companies that would be harmed, because their hopes to be able to wield those patents offensively have been nixed.
So, here's how the real conversation will happen at MegaCo of your choice, should this play out:
Alice: We want to sue for patent violation against XYZ Co. But we use XYZ Co's software. If we file suit, we'll have to stop using it due to the license.
Some top-level guy with a three-letter title named "Joe": Okay. How big is their company and what software do we use?
Alice: <MegaCo has more money than God so the only meaningful comparison is "cockroach" at best, and the software is in no way something they cannot acquire elsewhere>
Joe: Okay. Assign 50 engineers to just recreate whatever stupid software of theirs we use, in-house. Or buy another version from someone more reliable. Then assign a billion dollars to legal to destroy them.
And that's it. They're done. That strategy was all cleared up before lunch. Keep in mind of course Facebook will probably have enough money to litigate you into the ground so long that probably won't even be able to actually tell them to stop using your software, until they've already replaced it completely and also ruined you at the same time.
It turns out when you have effectively unlimited engineering resources and money (to wage legal battles), things like "Use a new virtual DOM library" or "Replace RocksDB" don't matter at all. They can just do it and crush you anyway.
If you assume that MegaCorp is evil, the startup has no life whatsoever, whatever open source license is picked. If instead assume that MegaCorp is good, the patent grant has a positive effect on the ecosystem.
> We believe that if this license were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.
This would only neutralize patents of actual companies that have something to create.
The only ones left to hold patents would be patent trolls. This would just massively empower patent trolls, and harm everyone. Because patent trolls don’t have to license patents there’s no risk for them.
It just leaves them as clearly the only enemy left, with massive corporate lobbies against them, and widespread public distaste weighing them down.
The current situation is mixed---companies aren't fully in favour of patents, but support the status quo.
Against each other only, right? They could still use their patents against patent trolls.
Even if the entire FOSS community decided to adopt a patent termination clause right now, it cannot retroactively apply to whatever fragments of FOSS code that has found its way into proprietary products so far. So I'm safe as long I don't install any new software until I'm done trollin'.
Your idea would make sense If all the FOSS that was ever written came with a patent termination clause. But that's not the world we live in.
But what prevents everyone from becoming patent infringers in this scenario?
However, in such a world I don't think the courts would approve of this 'hack' and kill the enforceability of these clauses precisely because they render patents useless.
I believe that contracts that terminate if you sue the other party are fairly standard, and in court these licenses would be considered fairly similar to those contracts.
I don't really know what a court would say, but if I sign a contract that says "I will not sue X for any patent infringement under the condition they don't sue me for patent infringement" I would be surprised if a court found that contract unenforceable. The right to file a patent suit is not a fundamental human right after all, why would signing it away not be possible?
Any project with such a license would be non-free, so I'm not sure how that would be a win for free software.
I'm inclined to say you're mistaken. The FSF hasn't published an analysis of the React terms, but if they did, it seems pretty much assured that they'd deem it a "free software license, but incompatible with the GPL".
Recall that Apache 2.0, MPL2, and GPLv3—all free software licenses—have patent termination clauses as well, but they're comparatively weak. In fact, GPLv2 didn't have one, and this was the reason why Apache 2.0 is labeled as free but incompatible with GPLv2. The FSF's solution to this was to include it's own patent termination in the next update to the GPL, which is why Apache 2.0 and GPLv3 are compatible today.
> I'm inclined to say you're mistaken. The FSF hasn't published an analysis of the React terms, but if they did, it seems pretty much assured that they'd deem it a "free software license, but incompatible with the GPL".
Richard Stallman said it is non-free :
> React.js is nonfree because of its patent license restriction.
And after actually reading it he said it's okay to use for GNU projects: https://lists.gnu.org/archive/html/directory-discuss/2017-01...
Not the most impartial person to define "free" and "non-free".
Anyway, even if you dont line Mr. Stallman, the set of licenses he deems as free software is pretty much 99.9% compatible with the set of licenses deemed "open source" by the OSI or licenses acceptable by Debian (the other authorities you might Sant to look to when it comes to this)
The thing is, I agree with your premise that we should always push for licenses that (in the long term) will result in a better free software world where threats such as software patents and draconian copyright are effectively neutralised. All three GPLs did this to copyright (as you noted), and Apache helped step forward on the patent front. I would love to say that the React license helped further this cause. Unfortunately I don't agree, and it's for several reasons.
* This may sound like a minor point, but the React patent license only applies to Facebook's patents, and relies on Facebook retaliating. Code contributed by anyone else may not be giving you the same protection, which means that if they sue someone other than Facebook the target has no real protection. Apache and GPLv3 both tackle this problem because the copyright license is terminated if anyone sues a copyright holder (and GPLv3 even more so because it's copyleft). By only terminating the patent license, you're relying on Facebook suing the offensive party.
* As with almost all patents, Facebook makes it exceptionally explicit that independent discoveries will not be protected. While this is to be expected because it's the default patent law position, it's not exactly what you want if you're going to try to sell me on this being "an ingenious, anti-patent license".
* The patent license clearly favours protecting Facebook over the wider software community. The fact that suits "(i) against Facebook or any of its subsidiaries or corporate affiliates," will result in termination means that the license is incredibly asymmetric in it's protection. The problem is that the "more free" stance of extending this protection to every user of the software would be too strong of a stance for companies to take (it would mean that no company could sue any other over patents in fear of being vulnerable to Facebook's patent portfolio). Not to mention that it still wouldn't solve the patent problem, you'd need to fix my first point and make it apply to all patents by all users. And then it would be seen as an incredibly risky business decision.
* By definition the patent grant cannot be used against Facebook, because of the above protections are not provided. If Facebook sues you over a patent unrelated to React, you cannot counter-sue them for any patents they may be infringing because then you'd be giving them more ammunition. This is where your comparison to the GPL falls flat for me. The GPL does protect users in this situation.
I understand that these might seem like "perfect being the enemy of good", but you have to consider that Facebook's dominant position is what makes these sorts of discussions critical. Sun made some mistakes in the CDDL, and we're still living with those mistakes to this day thanks to the whole Oracle OpenSolaris fiasco (though it went better than we could've hoped). We need to be far more careful in how we evaluate software licenses, and thinking about doomsday scenarios is crucial. If Facebook became a bad actor, would this patent license be better or worse for the community than Apache 2 or GPLv3?
> Apache and GPLv3 both tackle this problem because the copyright license is terminated if anyone sues a copyright holder (and GPLv3 even more so because it's copyleft).
This is not true of Apache 2.0. Filing a patent suit against someone over a piece of Apache licensed software means the plaintiff loses the grant to patents held by other contributors to that software, but that's the extent of it.
> If Facebook sues you over a patent unrelated to React, you cannot counter-sue them for any patents they may be infringing
This is also untrue. Your ability to file a countersuit for other patents is explicitly protected by the React grant. This has been the case ever since version 2 was published.
> If Facebook became a bad actor, would this patent license be better or worse for the community than Apache 2 or GPLv3
Either better or the same, depending on your values, but definitely not worse. The license termination clauses in Apache 2.0 and GPLv3 are so narrow they don't offer any greater protection against bad actors.
Right, but the "right to use" permission is granted as part of the patent license not the copyright license. You're right that I misspoke and the copyright license is not touched, but the effect is similar AFAICS.
> This is also untrue. Your ability to file a countersuit for other patents is explicitly protected by the React grant.
Ah, you're right. I did read the latest version of the document, I guess that sentence must've just slipped by me. My point about asymmetry still stands though.
> Either better or the same, depending on your values, but definitely not worse.
I believe that the asymmetry does not make it better. You could argue it's the same, but I still am not sure I agree.
I'm pretty sure they'd be thrilled. That seems to be their aim.
> I bet it would deter them from enjoying much of the code they built their business on.
Why? Serious question; I just don't see why Facebook would care.
There's a pretty obvious solution to this: relicense React. The fact that Facebook isn't even considering that is a pretty strong indication that they "weaponized" their license on purpose.
> To this point, though, we haven't done a good job of explaining the reasons behind our BSD + Patents license.
I think we already understand the reasoning behind it.
> As our business has become successful, we've become a larger target for meritless patent litigation.
And the solution you chose stops merit-ful litigation as well.
> We respect third party IP, including patents, and expect others to respect our IP too.
Clearly you don't, because you've intentionally designed a license to allow you carte blanche to violate other companies' patents if they're dependent enough upon React to not be able to easily stop using it.
I think it's pretty clear how disingenuous this is since they don't even constrain the patent revocation to IP lawsuits.
If they were doing this in good faith they would want to scope this as tightly as they could, but this is clearly Facebook just trying to extract additional benefit from their OSS contributions.
> We believe that if this license were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.
They do not give a pathway for litigation with merit. This is a patent weapon.
Somewhere along the line we lost the distinction between "Open Source" and "Source Opened".
I just can't unsee the way this theoretically could allow Facebook to partake in patent infringement without fear of retribution.
It's possible that there were two groups in FB that were for this, some that were naive enough to just not understand it, and some that totally understood it and let the others continue with their misconceptions. I don't believe there existed a group that actually understood it and it's ramifications and thought it was benign.
Facebook has gone too far with React and its Trojan patent clause. So easy to get away from it though with smaller, faster and more focused libraries.
But, and especially concerning patents, assuming one can't exist is pure folly. And designing your own licenses in a way that prevents someone else from initiating a meritorious lawsuit against you seems quite intentional, especially since they refused to back down once it was pointed out (and especially because there was already precedent in open source licenses for doing this in a sane way, e.g. the Apache License, Version 2.0, and presumably others too).
Situation A: React is licensed under BSD + PATENTS. You sue Facebook for infringing your widget patent. Turns out Facebook has a patent for something in react. They revoke your grant and counter sue you for infringing that patent. Long legal battle ensues.
Situation A: React is licensed under just BSD. You sue Facebook for infringing your widget patent. Turns out Facebook has a patent for something in react. You never had a grant so Facebook counter sues you for infringing that patent. Long legal battle ensues.
Can someone coldly explain how anyone anywhere would be helped in any way by removing the patents file? Or is the BSD license the problem?
The patents clause doesn't have anything to do with any patents on parts of React. It's a way for Facebook to make it so that anyone who wants to sue them for patent infringement can't use React.
This cannot happen. This is not a thing. Nobody is legitimately worried about this; anyone who is needs to take a deep breath and stop being ridiculous. This has been clarified many times.
(Source: The plain language of the license, multiple independent lawyers who have commented on this, Facebook's official license FAQ, etc. The BSD license does not terminate when the patent grant does.)
> Automaticc’s general counsel also agrees with my analysis of contractual and copyright liability in that the patent clause does not revoke the underlying license.
"The license granted hereunder" refers to the patent license, not the copyright license.
You get counter sued whether or not there is a PATENTS file.
In situation B (React is licensed under just BSD), the patent rights necessary to use React are not written in explicit terms. You have made no explicit agreement to have your patent grant to use React revoked when you sue Facebook for patent infringement. In addition, without an explicit patent grant, a patent grant is implied with the license. You can at least continue to use React until the results of the court case.
No you haven't. That is not what is written in the PATENTS file. The PATENTS gives you a patent grant to any react patent facebook may or may not have, that you can only lose if you sue facebook for patent infringement. Without the patents file, you don't have any grant to those patents.
> You have to immediately stop using React.
No you don't. Why do you think this is the case? There is nothing in the PATENTS file about this at all. All it says is that you lose the grant. If a court grants a preliminary injunction, then yes, you have to stop using it immediately, but guess what: assuming Facebook has some react patents, they can apply for a preliminary injunction against you whether or not the PATENTS file is in there. With just plain jane BSD they can also get a preliminary injunction.
> In addition, without an explicit patent grant, a patent grant is implied with the license.
It's totally misleading to state unsettled law as fact like this. It's wishful thinking. Not being a patent holder myself, I would like it to be true as much as anyone, but the fact is that until this stuff ends up in court, just assuming that a license to redistribute also implies a license to any patents is just a theory.
When Facebook explicitly includes a revocable patent grant (aka the PATENTS file), the argument of it being a "BSD license with no patent grant" when the patent grant is revoked is self-fulfilling. But if the PATENTS file had never existed, then what you have is a "BSD license with a debateably implicit patent grant", which has been the topic of debate long before React even existed, and has yet to be tried in court so could set a precedent, and is a way better bet for the consumer than a "BSD license with no patent grant because that patent grant has been explicitly granted and now revoked, no debate, period".
The fact that Facebook has continued to ignore this sentiment tells me that it's no longer a place where developers have much influence. I personally don't want to contribute to or use open source software from such an entity.
But that's just my personal opinion. It's a shame, because I've been really impressed and happy with the work Facebook has done in the area of programming languages (Flow, Hack, HHVM, etc.).
The problem is that in the case you have a legitimate claim against Facebook they always have an 'out' if you have significant React use in your org.
Apache license includes an irrevocable patent grant.
Without patents file:
- Facebook can sue you for any reason, including react related patent infringement
- You have no patent grant for anything in react
- You can sue Facebook for anything, including patent infringement.
With patents file:
- Facebook can sue you for any reason, except for react related patent infringement
- you have a grant for any Facebook patents related to react
- You can sue Facebook for anything, including patent infringement of any kind. If you do sue them for patent related infringement, you lose the grant above (i.e. You are in same position as if there was no PATENTS file)
It seems like yes it's true that there is an implicit grant, but it's not well established in case law.
Also instead of contributing few tweaks into NPM they made a clone of NPM called Yarn, so funny.
Instead of contributing changes to PHP they made a clone of PHP called HackLang, i am laughing laughter :D
Facebook is a proven bad actor for all open source projects, and its time to be aware. One possible solution is to ban facebook from using any open source projects with a new license.
One day we will going to have F-Git (a copied version of git with some tweaks by facebook)
Snapchat denied to become a part of their monopoly cycle, they made a 100% clone of the product in facebooks every fucking platform. As a software engineer i found it very illegal and unethical, every maker should have good ethics, thats why facebook was unable to invent anything other than Poke feature on facebook itself.
If i were working at facebook i would definitely switch the company to better one, who won't force me to copy others.
However, i am upset, because the technology that i loved most was just a typical facebook product comes with hidden payloads.
I would definitely stay 100% away from all facebook products. It also gives us a free lesson how a evil a tech company could be.
My personal list of alternatives are,
React = Vue JS
React Native = Native Script
All i can do is this: https://twitter.com/rakibtg/status/892784442476904449
Funnily enough, their source control is actually a counter example to your assertions here.
Facebook reportedly don't use git but rather mercurial, and seemingly have contributed significantly to that project. See this for example https://code.facebook.com/posts/218678814984400/scaling-merc...
Note, I don't work at Facebook or have any affiliation or knowledge of how they operate, I'm just taking the contents of this blog post at face value.
npm is the buggies software I had to deal with! Also God forbids if you want to fix a bug! First the code is absolute piece of poop and when you figure all this "smart" hacks they wrote and fix it you will have a hard time getting it merged. They close prs and force their way of doing things without caring about community feedback. Take for example that stupid error output or randomly running prepublish script for example
There are so many bad architectural decisions in npm that there is no way you can fix it by a few changes.
npm is buggy and seems to need a lot more than a few tweaks. Some time before Yarn came out I was wondering why no one had yet decided to make a direct competitor / rewrite npm from scratch.
I used the original Caffe and thought it was built by Berkely University - Caffe2 only shared the name I guess?
This includes things far outside the React ecosystem:
- Flow (JS type checker, like TypeScript)
- prepack (JS optimizing transpiler)
- a bunch of Android/iOS UI/debugging frameworks,
- all their GraphQL libraries (server/client)
- their machine learning work (mostly targeting Torch)
- Reason (statically typed programming language that transpiles to JS/OCaml)
- ZSTD, a highly competitive compression algorithm.
It's not a copyright license, and it's not incompatible with any other free software license. I'm frustrated with the misinformation spread about it.
If this patent license/grant get's revoked, you are back to simply using the BSD license with no patent grant. I've read so many people say "you'd have to stop using react if you sued facebook", uh, no, you'd have a bsd license with no patent grant like you probably do with tons of other free software your company uses. Clearly, people should be complaining about that if they are complaining about this, but the misunderstanding and misinformation is really strong. If you believe software patents are universally bad, like many people including me, then it is clearly better using the MIT/BSD license alone, which gives you zero patent rights, you are simply infringing and waiting to be sued. I have no problem with it. https://www.gnu.org/philosophy/software-patents.en.html.
I suspect this must be coming from Zuckerberg. He's pissed off that some patent troll, somewhere, was using Facebook open source, and he issued an edict. That's the only way this makes any sense at all.
The patent license is indeed independent of the copyright license, but it's troubling enough that multiple legal teams (Apache and Google, at least) don't want to entangle themselves with it.
I'm doubtful that any licensing scheme can significantly drive patent reform. Lobbying and legal precedents hold that capability.
Citation needed on Google. Apache isn't "not wanting to be entangled", they reject EVERY license which gives stronger protections for user freedoms than apache license alone, like the gpl, lgpl, cddl, mpl, etc, etc, etc. Google has no problem using the gpl for linux and lots of licenses and projects that apache would reject, so you can't just lump them together like it's the same thing.
I suppose mainly what I'm asking is that by having this patents clause, is Facebook asserting that some or all contents of react are patented by Facebook? Would they be able to sue you for using react if you did something to get your patent grant revoked?
That really makes it seem like Facebooks stance is: "As long as we have a few really huge projects that infiltrate most companies' codebases, our 'smaller' projects can drop the patent clause".
3 years from now, most startups and companies will still be using React as they did for the last 5 years that the same terms held.
Hmmm.. in that case the people who actually need this advice even more would be the maintainers of ZSTD who seem to have hastily changed the license after seeing the backlash from the Apache policy change. Care to stand by this opinion and leave your comment on the thread which discusses the license change over on GitHub?
Not being inflammatory, genuinely interested as a user of both Go and React...
The Go and Kubernetes patent licenses terminate if you file litigation specifically regarding those projects-- if you sue anyone for violating some garbage collector patent in Go, you lose the patent licenses Go granted.
Facebook's patent license terminates if you sue Facebook, subsidiaries, or "any party relating to the Software" for any patent infringement. It doesn't have to be related to React.
Google's grant protects (or tries to protect) specific tech, Facebook's grant protects (or tries to protect) as an umbrella, the organisation.
Well - can't comment on how effective it will be as a disincentive to sue, but I do feel at the same time if it does succeed in that goal it will almost certainly act equally as a negative factor in adoption; because it's my opinion that this is creating a soft-walled garden around Facebook open source tech.
This, to me, is a significant warning sign.
I was leery of the React license to begin with. But the community at large had _almost_ convinced me that it was nothing to worry about.
Unfortunately, Facebook's position as stated here is clearly that the license is weaponized for a reason. I think it's irresponsible to leverage software with this license without clear guidance from legal and corporate overlords stating that it's OK.
"Replace React with Mithril for licensing reasons"
Personally, I increasingly doubt that BSD+PATENTS is even GPL-compatible -- and so potentially Automattic may be violating the GPL by using React integrated with WordPress.
What's especially sad about this is that React isn't even that good compared to other vdoms like Mithril and Inferno and others. React just has a lot of name recognition and mindshare from the Facebook association (which then translates into a rich-get-richer effect with more tutorials and components).
Here is a list of more than twenty alternative vdoms I put together in January 2016 (although Mithril remains my favorite):
If Facebook has a patent on the vdom, then all the projects in your list violate the patent, and none of them come with even a conditional patent grant from Facebook.
If Facebook does not have a patent on the vdom or other React technology, then those other projects are safe, but so is React, since termination of the patent grant has zero cost to you.
My personal belief is that Facebook has no patents on React, so I feel safe to use React, Mithril, or any other vdom based library. But I can certainly understand people who feel like they need to play it safe, assume Facebook does have a vdom patent, and avoid all such libraries.
But I'm not really following your logic at all. It's like you think Facebook has a patent, but then you only want to use the libraries that maximise your ability to get sued over it? What am I missing?
Also, Facebook has no vdom patent. It's not like you can be granted a secret, hidden patent (even the word "patent" itself means "open").
Incorrect. (This has been clarified many times, including in Facebook's official FAQ about React licensing.)
> Also, Facebook has no vdom patent. It's not like you can be granted a secret, hidden patent (even the word "patent" itself means "open").
I agree. Many people have looked; no one has found one. Hence why I believe there's no risk to using React.
It doesn't address the scenario of Facebook's violating your patents first.
Facebook cannot revoke your React license in any circumstances, as that link makes clear.
In my mind that situation is effectively identical to losing "the right to use" license on grounds of patent suit (like Apache). Interestingly, in Apache you'd still be sued for patent infringement (not copyright infringement) because "right to use" is provided as a patent license.
Yes, but for what patent? People have looked; none have been found. :)
The PATENTS file affects more than just React. It's found in their other projects too.
you mean their patent grant? How can an open source license like apache, MIT or bsd be "revoked"? Do facebook have a public blacklist of people who aren't allowed to use react?
> If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
Note that the "Grant of Copyright License" of Apache doesn't grant you the right to use the work, so revoking the patent license is effectively revoking the whole license (though you can still redistribute the work).
MIT and BSD licenses merely provide short-cuts to understanding a project's licensing
Using React just opens you up to liability, with no real benefit (other than using React). Why would you use it?
Again, if they have a patent, they can sue you if you use one of the alternatives mentioned. If they don't have a patent, they can't sue you if you use React.
What's your thinking behind saying using React adds liability? Because to me, it looks like either it does nothing or it reduces liability.
That seems extremely weird. Normal startups do nothing of the kind; do you have extremely weird investors?
> My investors were very specific about software licenses - we aren't allowed to use GPLv4 or AGPL at all.
Ah, there we go. First off, there's no such thing as GPLv4. Second of all, you do realise that avoiding even the AGPL puts you in a vanishingly rare crowd in these parts, right? Eg, MongoDB is AGPL; of all the reasons I've seen given for avoiding Mongo, the license is a new one on me.
If you've decided to only use GPLv2 or vanilla MIT licenses software that's totally fine, but it is unusual.
If you have a patent, and use React, you can't sue Facebook if they use your patent.
Citation needed. Let's say I have an awesome VR patent, and a React based website. I find out the Oculus violated my patent, what happens next?
Answer: I sue them. :) Nothing about the React license stops this; I will even still have a right to use React. What I won't have is a right to use any patents that Facebook might have on React. But Facebook, as far as is known, has no such patents.
> The license granted hereunder will terminate, automatically and without notice, if you [...] initiate [...] any Patent
The key part is that if you don't have a license to use the patented technology (or more pertinently - that license is explicitly revoked), you can't legally use that technology, no matter what the BSD license might say: the patent grants supersedes the BSD license.
So, to respond directly to your answer - you lose the right to use React; Facebook can sue you for your use of React, since they own the patents to that technology.
So if you want to operate under the belief that Facebook has no patents to assert, then yes, you will consider yourself to be safe. The fact is that many lawyers, including the Apache Foundations lawyers, disagree with this assertion.
Incorrect. The ASF's objections had nothing to do with believing Facebook had any patents, and many ASF projects are looking to move to Preact, which is presumtively covered by the same patents React would be (if any).
I.e. the exact situation you would be in if you sued Facebook and there was no PATENTS file.
The "implied" license doesn't have a strong legal finding backing it up yet. Even so, most lawyers are comfortable with the idea that if a company tells other people to freely use their software, they can't then come back around and sue those same people.
To me, the most important part of a vdom library like Mithril is using the HyperScript API with it, a library which predates React:
Aug 20, 2012: https://github.com/hyperhype/hyperscript/tree/9237f590f3bc82...
May 2013: https://github.com/facebook/react/blob/75897c2dcd1dd3a6ca462...
Here is an example of a coding playground I wrote that way with several examples in it which use that approach:
So, by writing UIs using HyperScript (plus a vdom library), you can potentially (with some work) replace a backend like Mithril with almost any other vdom or even a non-vdom solution. So, that is another way I mitigate this risk when I have a choice.
Granted, I know many web developers grew up on tweaking HTML and love HTML-looking templates and so they love JSX or whatever and are happy to ignore how hard it is to refactor such non-code stuff in the middle of their applikcations or validate it (granted, some IDEs are getting better at that). But I came to web development from desktop and embedded development working with systems where you (usually) generated UIs directly from code (e.g. using Swing, Tk, wxWidgets, and so on). I like the idea that standard tools can help me refactor all the code I work on and detect many inconsistencies.
Maybe a deeper issue for me is that with BSD+PATENTS Facebook is redefining what "open source" means in a way that is harmful to the open source community -- and also free software community as well like with Automattic using React on top of a GPLd WordPress. Which is why the Apache Foundation rejected the React license.
That said, I would expect that vdom libraries like Mithril that work in a very different way than React would be less likely to be claimed by Facebook to infringe a React-related patent than, say, Preact which tries to duplicate the React API.
Of course, this is all speculation with a lot of unknowns. It all is another example of why software patents are very problematical ways to "promote the Progress of Science and useful Arts".
That, to me, is also a significant warning sign.
Of course, you are right that legal and corporate should review such a license. And for any company that deals in patents (or has customers who deal in patents), the likely answer is "no way".
That's the conundrum for any open source project and the exposed danger of the BSD license.
I doubt some statement of opinion in some out-of-the-way place that did not accompany the software directly would hold up in court.
That said, your point on uncertainty is why many people prefer the Apache2 License or the GPL3 which have an explicit patent grant (but not a one-sided grant like in Facebook's PATENTS file).
In 2005, Dan Ravicher explained that, in the USA, recipients of software under the GNU GPL version 2 receive an implicied patent grant, based on the following US case law.
* De Forest Radio, 273 U.S. 236 (1927)
"No formal granting of a license is necessary in order to give it effect. Any language used by the owner of the patent, or any conduct on his part exhibited to another from which that other may properly infer that the owner consents to his use of the patent in making or using it, or selling it, upon which the other acts, constitutes a license."
* Hewlett - Packard Co. v . Repeat - O-Type Stencil Mfg. Corp. , Inc., 123 F. 3d 1445 (Fed. Cir. 1997).
"Generally, when a seller sells a product without restriction, it in effect promises the purchaser that in exchange for the price paid, it will not interfere wit h the purchaser's full enjoyment of the product purchased. The buyer has an implied license under any patents of the seller that dominate the product or any uses of the product to which the parties might reasonably contemplate the product will be put."
* Bottom Line Mgmt., Inc. v. Pan Man, Inc., 228 F. 3d 1352 (Fed. Cir. 2000)
"Unless the parties provide otherwise, the purchaser of a patented article has an implied license not only to use and sell it, but also to repair it to enable it to function properly. This implied license covers both the original purchaser of the article and all subsequent purchasers"
Legal scholars are mixed on that, and it hasn't been tested in court.
But that implicit license is certainly better than the explicit license in FB's code.
To sum up: you may be worse off with BSD+Patents.
The only clarity they offer is that they have their license in place for litigation purposes.
For a personal project, everybody can make their own decisions. For a project involving a corporate entity or an institution, it is irresponsible to leverage any facebook licensed software without a legal review of the license. I'm not saying that it's bad. I'm not saying that it's good. I'm saying that however a laymen may interpret the license, there is a high chance of being wrong. Better to have the professionals review it and make a judgement call. I have seen many people state that their legal departments reviewed the license and have come back in some cases supporting the use of facebook software, in other cases denying the ability to use it. Even among professionals there seems to be disagreement.
There is a common understanding of many open source licenses. There is none surrounding facebook's.
I have asked ASF to have their lawyers make a public interpretation of the facebook BSD+Patents license for the betterment of the community, but the response was along the lines of "no lawyer would do that." Someone else might have better luck with the FSF. The FSF does support the idea of patent clauses, or at least at one point they did. I have seen nothing from them regarding the facebook license specifically though.
And this is a problem, because we all know how much of a huge pain in the ass it is to get any new license or legal issue relating to open source cleared with a big corporation's legal dept.
I think this is a pretty clear signal from Facebook that at least part of the company really doesn't care if people use Facebook open source or not. After all the work some in the company have done to promote Facebook open source, to great benefit to the company for recruiting and for synergy with other large company open source, that is a big surprise to me.
This kind of tone-deaf response from part of the company with the other half frustrated that it's causing so many problems reminds me more of how large old, moribund companies like IBM operate. It's a surprise that Facebook's already there, or at least starting to be.
Here is why:
MIT and BSD licenses don't have any patent grants, unlike the Apache 2.0 license. If you use MIT/BSD open source software, and some functionality of that software is patented by the author, you could be sued for patent infringement.
If you use software licensed under Facebook's BSD + Patents license, and the author of the software (Facebook) has patented technology in the software (which AFAIK they don't), the author CANNOT sue you.
Now if you turn around and use the author for patent infringement for something else, you lose the patent grant that came with the software, and you are back to a normal plain old BSD license.
The BSD + Patents license is strictly better than the regular BSD/MIT licenses. You lose no rights, you may gain some patent protection.
Major software like Ruby (BSD), Rails (MIT), and FreeBSD (BSD) use licenses without patent grants. Entire businesses are built on top of these pieces of software, e.g., GitHub (Ruby and Rails) and a lot of commercial hardware built on FreeBSD (https://en.wikipedia.org/wiki/List_of_products_based_on_Free...).
Read the patent grant for yourself:
"If you use software licensed under Facebook's BSD + Patents license, and the author of the software (Facebook) has patented technology in the software (which AFAIK they don't), the author CANNOT sue you."
This is just flat out false, and i'm not sure why you believe this.
The termination is broader than the grant. The grant is for patents in a given piece of software, the termination crosses all software.
Concretely: if you use react, and they sue you over patents in notreact, and you countersue, you do not lose your react patent license. They are still welcome to sue you over notreact, there is nothing in this license that will prevent that from happening. It only gave you patent rights to react.
(It also says that if you sue them over notreact, you will lose all patent licenses in all software that use this license, which is why the termination is broader than the grant).
"The BSD + Patents license is strictly better than the regular BSD/MIT licenses. You lose no rights, you may gain some patent protection."
This is also an incorrect legal statement.
Once their is an explicit grant, any implicit grant you would have gotten is extinguished.
In this case, the terms of the implied grant were much better for people than the terms of the explicit one.
So you are, in fact, losing something
Citation needed. And if you aren't planning to sue over software patents, then the author is clearly correct that this is strictly better than BSD/MIT alone.
Seriously? This is basic IP law 101.
No license can be implied if there is an explicit license.
I actually started gathering cite lists for you like I normally do, but instead, i'm not going to in this case. If you really want to argue this point, please go to google scholar and spend the 2 minutes it will take to pull up 100 cases on this.
I don't feel it's fair to argue about a thing without taking the very small amount of time to familiarize yourself with it.
If you find cases that say otherwise, awesome, let's talk about it!
Otherwise, this is like arguing about baseball and asking someone to cite rules because you want to argue that swinging at the ball and missing isn't a strike.
"then the author is clearly correct that this is strictly better than BSD/MIT alone."
They actually are not, as the scope of the implied license is much broader than the scope of the explicit grant here.
The grant isn't specifically about software patents, it's about all patents.
The BSD license grants explicit rights to use the software, thereby granting implicit rights to use the patents in the software while using the software as it is intended to be used.
The sentence "redistribution and use in source and binary forms, with or without modification, are permitted" doesn't go away because there is an "additional grant of patent rights".
If React doesn't implement any of their patents, the patent clause offers nothing extra. If it does, it would be damned nice to know which one(s). Do other libraries (other virtual DOMs, perhaps) infringe?
From Facebook's blog post:
> The patent grant says that if you're going to use the software we've released under it, you lose the patent license from us if you sue us for patent infringement.
Reading the file in its current form (https://github.com/facebook/react/blob/b8ba8c83f318b84e42933...), You lose the license to make, have made, use, sell, offer to sell, import, and otherwise
transfer the [React] Software.
Does the additional patent grant in the Facebook BSD+Patents license terminate if I sue Facebook for something other than patent infringement?
Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook?
No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license.
Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?
> A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.
So when they say "license under any Necessary Claims" they are granting a patent license, the copyright license in the LICENSE file is separate.
The FAQ link provided by silentstreet makes it very clear:
> Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?
Above from bottom of page to be clear to agree!
Say you are a company A, and have product P that uses react.
You find out that company B infringed on a patent in your other product Q.
You sue B.
It turns out B is owned by FB.
Your product P is in trouble.
I.e. patent grant nullifies, and you are left with a BSD only license.
The feeling is a bit like stepping into a restaurant that offers lead-free burgers for only $0.99 extra. Theoretically, declining the upcharge is no different than eating anywhere else. Yet...
I am not a lawyer. This is not legal advice.
> The BSD + Patents license is strictly better than the regular BSD/MIT licenses. You lose no rights, you may gain some patent protection.
Could you provide a citation backing up your claims?
if you read the patent grant for yourself:
There's no mention of any patent grant coming with the software
>> "The license granted hereunder will terminate"
"The license" here is the one defined as:
>> Facebook, Inc. ("Facebook") hereby grants to each recipient of the Software ("you") a perpetual, worldwide, royalty-free, non-exclusive, irrevocable (subject to the termination provision below) license under any Necessary
Claims, to make, have made, use, sell, offer to sell, import, and otherwise transfer the Software
and the "Sofware" here is the one defined as :
>> "Software" means the React software distributed by Facebook, Inc.
> > A "Necessary Claim" is a claim of a patent owned by Facebook that is
necessarily infringed by the Software standing alone.
I understand the followup question other people have now: What are those patents?
I see no reason to assume that it reverts "back to a normal plain old BSD license" in such a case.
The article linked by Stallman's response that this is a nonfree license doesn't make that assumption, either:
Um, no. Let's say you own patent A and Facebook has granted you rights to patents B and C. Then let's say Facebook infringes your patent A and you sue them. You lose the license to use patents B and C. That's what the PATENTS file says. Read it. What it doesn't say is because Facebook is publicly traded, it has a fiduciary duty to shareholders to defend all of its intellectual property so if you continue using anything covered by a Facebook PATENTS grant, you better be prepared to be sued for patent infringement. There is no implicit patent grant in the BSD license. Nothing in the BSD license shields the user of BSD-licensed software from patent litigation brought by any party.
This is the situation I now find myself in. The next few months will be spent removing react and immutable from the project I'm working on because th legal department say so.
This is quite frankly, bullshit.
- Facebook gets attacked by meritless patent litigation
- Facebook creates the BSD + Patents license, which has the following effect :
- Facebook believe that 'if this license were widely adopted, it could actually reduce meritless litigation for all adopters'
I understand Facebook's position here, surely this will decrease meritless litigation, but what about meritful litigation?
Let's take an example, a small startup has a cool technology but also all their front-end is using React. That cool technology is patented.
Now if 'Facebook or any of its subsidiaries or corporate affiliates' infringe on that patent, that startup won't be able to sue them without first re-writing the entire front-end to not use React.
I don't think software should be patent-able in the first place anyways but it seems the situation above would still be true if that startup sues them for what they believe is a completely legitimate hardware patent.
Also, IANAL, I'm wondering what even is the definition of a 'corporate affiliate' here? Who is a 'corporate affiliate' of FB?
Finally, what 'patent license' are they referring to in this post anyways ?
The react's PATENT clause (https://github.com/facebook/react/blob/b8ba8c83f318b84e42933...) says they're providing the React software License, and they revoke this software license if you sue them.
1: give up your main business so you no longer infringe on the Facebook patents. IOW, become a troll.
2: get demolished by the Facebook counter suit.
The React license doesn't change those two options one bit, it just makes it much more obvious. Facebook's intent is likely just to prevent the suits from even being considered in the first place.
Do note this isn't necessarily the case, because nobody has yet found a patent that covers React.
But https://github.com/facebook/react/blob/b8ba8c83f318b84e42933... , the way I read it says they grant you a license to to "make, have made, use, sell, offer to sell, import, and otherwise transfer" the React Software. They don't seem to give you a license to any patent.
>> A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.
I'm never going to use React under this license, but this is still worrying to me because more companies could follow Facebook's lead and start using open-source as a nuclear deterrent against patent legislation.
Does the additional patent grant in Facebook BSD+Patents license terminate if React infringes upon your legitimate patents and you sue another company using React over this?
If Facebook has any patents that are related to React, and you lose the grant for those patents, then Facebook can sue you over them if you use React.
If Facebook doesn't have any patents that are related to React, then why do they have a patent grant?
Facebook has thousands of patents. If you sue Facebook for patent infringement, their lawyers are going to comb through their patent portfolio and look for things that you might be infringing on. That's standard, and to be expected, with or without the React patents clause.
A common understanding of the BSD license is that it has an implicit patent grant, but the existence of the explicit patent grant presumably negates the implicit one, meaning if you lose your explicit patent grant (e.g. by suing Facebook when they infringe one of your patents), then you have no protection from Facebook suing you over your usage of React.
Edit: I think I see what you are saying. It says you lose the patent license, not necessarily the license for the software that doesn't have a patent, so doesn't do anything. Not sure how a judge would decide to interpret it though.
You'd be surprised. Patent trolls can have all forms, not just a only-suing company. Some company that has failed as a startup, but which holds 1-2 patents might decide to turn into patent-trolling to make a quick back while it dies.
Think also of companies like SCO.
If the startup is dead it should be trivial to transfer the patents to a separate entity and then sue from that entity, making counter-suits irrelevant.
This only has an affect on companies which are a going concern.
Companies who plan to make litigation part of their strategy can pretty easily just not use React.
This does the most harm to companies who were not planning to come into conflict with Facebook, and then do.
Sweeping conclusions like "you have nothing to worry about" or "you should never use software with such a license" do not apply to everyone.
As a Free Software advocate, I abhor troll-like behavior, regardless of whether the vehicle is patents, copyrights, or anything else.
I am also more likely to benefit from potential patents contained in a project like React than I am to ever 1) Own a patent. 2) Have a company use that patent in a way I find harmful and offensive. 3) Have the resources to sue an internet giant.
So for me, it's probably worth it to use React, although I can understand why others insist on a more cautious approach.
One thing Facebook could do that would inspire confidence (not to mention make the company a champion of free innovation) is to enumerate which patents the company owns and release all of them under the Defensive Patent License .
Such a move would require a lot of courage, but Facebook is large enough and entrenched enough that they would probably gain much more than they could potentially lose.
Sure, it may never be a problem (it probably won't be a problem for 99.9% or more of those who use it), but who is willing to take that chance with the future of their company?
I personally wish FB would release even more of their platforms as free software, preferably under (A/L)GPL3 or MPL 2 or Apache 2. But we do not live in a perfect world. Even the folks at FSF made some compromises regarding the wording of the patent provisions in the GPL3 family, in order to get more companies to adopt the licenses .
I am sure the folks at FB know the first time they abuse the patent stipulations, a lot of people using React will jump ship.
Do you feel that if a company is "evil", do you feel there's a moral imperative to not use their products? It seems to me there's a lot of "But React!" going on.
If you believe the BSD has an implicit grant, then the facebook license is a more limited license. If you don't believe it, then the facebook license is better for the user.
As far as I know there is no president to solve this neither in the U.S. or europe, so both views are valid.
One thing is weird in facebook's behaviour though - they imply that the BSD doesn't have an implicit grant, and so they are benevolently giving away a better license, but if so, then the public outcry should be enough to take it back, if it's just a gesture of good will, and it isn't received as such, what's the point in continuing in this course?
The only explanation they give is that they are more or less on a crusade for people to adapt this license because they believe it will reduce patent lawsuits
> The license granted hereunder will terminate, automatically and without notice, if you (or any of your subsidiaries, corporate affiliates or agents) initiate directly or indirectly, or take a direct financial interest in, any Patent Assertion: ... (ii) against any party if such Patent Assertion arises in whole or in part from any software, technology, product or service of Facebook or any of its subsidiaries or corporate affiliates,
I always thought the main problem was this part, where you basically lose the license or your IP if Facebook ever decides to become your competitor, e.g. you start a company with a react front-end that does X, and then Facebook decides to directly copy your business. You have no recourse against Facebook, because if you sue them for infringing your IP, you lose the ability to use the React license.
Any sane aspiring developer would know not to give Facebook that much power.
If not, then would it have mattered if they used React?
Especially: Is BSD+Patent strictly more permissive than BSD or not? There are two major camps as far as I can see:
Camp 1: BSD license does not give you a patent grant. You can always be sued by Facebook if you infringe (potential) React patents. On top of this, Facebook grants you use of (potential) React patents - but only as long as you don't enforce patents against them. If you do, you are back to the BSD license alone.
Camp 2: This camp believes a) that the BSD license implies an unconditional patent grant (for React) and b) that the conditional patent grant ('PATENTS') is not optional, but inseparable from 'LICENSE'. If this is true, BSD+Patent grant is strictly less permissive than BSD alone. If you enforce patents against Facebook, you stand worse than with BSD alone.
The only way this could be cleared up (beyond doubt) is by a court, or very easily with a few lines from Facebook.
Were Facebook to amend that license to soften the criteria for revocation of the license grant in cases of suits against Facebook for infringement, this outrage might just go away. But as it stands now, Facebook stands to exercise an ability to infringe on others' patents for monetary gain so long as the patent holder uses React in deployment. It would be easy to weaponize this arrangement, and you have to assume that any fiduciary would consider it.
More broadly, this is a good case to be made against software patents in general.
What complete, tone deaf newspeak. If a BSD-licensed project uses code with a Facebook BSD license, the project is now Facebook BSD licensed. That means it's incompatible with the BSD license.
This is the ultimate disagreement of what software freedom means. GPL people think derivatives of their software should remain free. (the viral nature of GPL) Strong BSD proponents believe the freedom to incorporate the software into non-BSD projects (including closed software) is the ultimate freedom.
It sounds like you are more in the copyleft/GPL camp if you are concerned with derivative works remaining compatible with the original license.
I believe FB is at the "pounding on the table" stage.
This is pretty clear, and the ASF has been operating under this "no more restrictive than the Apache license" since its origin.
The Apache Software License does grant a patent license  (as does GPLv3) so is incompatible with either of these BSD licenses (unless an 'implied' grant is assumed).
Sure the dom diffing technology was hot at the time it came out but it's basically is a commodity item at this point.
In that sense, the open source community can (and should) build multiple react clones that are licensed more liberally.
Sure, I'm annoyed by the licensing of React too, I think abou it a lot. But does it really matter that Facebook won't budge on this? The technology is out there whether it's React or not.
It was ember vs angular. I was like I'm out, going for data science.
While on the side line I've witness:
Angular was winning until Google made a new framework and named it Angular 2.
React took over until people find out their license is a trojan horse.
Now what? emberjs? Angular 3 (oh wait wtf it's 4)?
Jeez, front end is a mess of wild west. Yes, I understand the value in keeping up to date and continuously studying but the rate that frontend is going it is stupid.
> but what about using some other library that installs React as some dependency?
I think that still counts as "using react".
> Does using JSX also count as using "React"?
I think that if you use a custom JSX compiler instead of the one that comes with React then you could be clean. JSX itself is just a programming language and cannot be copyrighted.
> I just feel that what exactly constitutes using React is very vague esp
I don't think that is vague, actually. In the end, what matters is if the whole system includes React source code in some way or another.
> and associated technologies, eg the idea of Virtual DOM
Associated technologies are not covered by copyright. They could possibly be covered by patents but that would be a whole different can of worms.
My questions are as follows:
1. If fb copies the entire thing, repackages it as something different and tries to make it free and open source. I wouldn't be able to sue them just because I used React and React-Native?
Is that all what the patent license means or I am missing something here?
While popularity might not have anything to do with your use case, it still means a lot in terms of ecosystem, tooling, training, support and documentation.
These things usually don't happen overnight. It will be interesting to take another look about a year from now.
As such, ASF decided to disallow FB licensed dependencies. One particular ASF project did not have an alternative, so they asked FB to re-license. FB agreed to do so.
Because it was easy, and because the positive talk surrounding FB's license seemed to intimate that FB's intention was the same as ASF's license intention, they requested FB to relicense react so that it too could be included as a dependency on ASF projects.
Faced with making a decision, FB determined that their licensing strategy associated with litigation was more important than their ability to be included in ASF projects.
A lot of eyes were watching the request, many hopeful that the FB decision would justify and clarify their interpretation of the FB license and it's intentions. FB disappointed them though, and basically said "bugger off if you don't like it. We'll lose people, but we don't think it will be that many."
Judging from this discussion - and the fact that HN is one of the most pro-react communities around - this decision will not play out kindly and could be the death-knell of react's position as a major force in UI development.
- They confirm Apache's legal reading of the BSD + Patents.
- They deny the part about Facebook being able to steal your IP because Facebook isn't like that.
- They refuse to codify changes to enforce Facebook isn't like that
- We therefore must assume Facebook is like that.
I don't get this. The Apache2 license also has a section on patents ...
Also, could that original patent grant in the original license apply to later versions of React?
If there were something like create-preact-app (not forked from create-react-app) I'd be all about it. With special decorators, dogmatic separation of templates, styles and logic, and mutability I don't think I can get aboard the Vue.js train though I'll admit I haven't dove deep yet.
The worst part is how Facebook seems to be asking other big players to follow their lead in adding kill switches to FOSS. It'd be one thing if it were just React. Devs shouldn't let this become common practice.
The Foundation does not presuppose to know how others should license their products. That is those others' choice. The Foundation does have policies on what licenses can be used, within the Foundation's projects. But that is for our projects, and not the same as pushing back against license holders.
So please. Stop with the meme of "Facebook rejected the Foundation's request". Not true. Facebook made a business choice, and the Apache Software Foundation will make its own choices.
The request came from one our projects' committers. Please do not confuse who speaks for whom.
So my take on this is that it's BSD-licensed code. Period. The patent license is a "bonus" and not at all required by the BSD license, and doesn't affect the BSD license. Any other company offering BSD licensed code is free to withhold licensing their patents at all. So are we suggesting that the patent license is a bad idea? That it's revocability is a bad idea? Why does this matter when the software is licensed under a BSD license?
Say my company patent some key part of a product, and Facebook then release a product which infringes on this patent.
If my company were to sue Facebook for this (unrelated to React) patent infringement, then as I understand it, this patent clause would cease to apply to my company.
Does that then mean that Facebook could countersue my company for using React, saying that some part of React is patented and my use of it is therefore infringing that patent? This seems kind of weird to me, as React is a product that they put out there for people to use - it's like Microsoft suing me because I use Office and they have a patent on the ribbon UI or something.
Or does it just mean that some third party could claim that React infringes on some patent of theirs, and they can then sue my company saying my use of React infringes on their patent? (Whereas previously Facebook would protect my company against this)
Or does it mean something else entirely?!
"Can Apache projects distribute components under prohibited licenses?
Apache projects cannot distribute any such components. This means that no source code can be from Category X and that any convenience binaries produced may not include such contents. As with the previous question on platforms, the component can be relied on if the component's license terms do not affect the Apache product's licensing. For example, using a GPL'ed tool during the build is OK, however including GPL'ed source code is not"
After August 31, no Apache projects can make a release that has a hard dependency/requirement on the FB/BSD+Patents license (same as for all other licenses described as Cat-X). Older releases will remain in the archives, but no new releases with such dependencies.
Will note though that if Facebook does choose to revoke a license on the basis of getting sued for something unrelated it will definitely reflect poorly on FB in the developer community and reduce React's adoption.
Well, they've specifically related React if it's in use, so the only case where it's not related is if isn't being used by the plaintiff.
In a similar vein, people are wondering what Facebook will do with patent infringement suits that do have merit, to which I ask, when's the last time a company defending a patent suit stated the plaintiff's case had merit.
Imagine a small company releasing a new js framework with BSD+Patents license. Will FB use ever this framework? No. Because merely using this framework gives this small company the effective freedom to infringe Facebook's patents. Why? Because the cost for FB to shift frameworks will be huge, thus prohibiting FB to sue this small company for patent infringement.
Using a software with BSD+Patents license is almost giving up the right to sue this company. This is dangerously radioactive.
Patent trolls are companies that don't create anything, and just sue with their patent portfolio instead, so why would they care that they can't use react patents anymore?
Closure Compiler , GWT , and protobufs  would like to have a word...
I realize they said "some" large companies, but it seems like there's plenty of precedent for successful tech companies to release core infrastructure as open source.
1) This will deter people and organizations from using such libraries. For example :- WordPress.com and many other companies have said that they will no longer use React.
2) Lower usage and application of such libraries means that lesser people will find bugs in them, lesser people will fork these libraries, lesser people will contribute to these libraries.
3) Facebook may itself lose interest in continuing to open source the library. Or add any new features to the open source version.
4) People may get stuck with bugs in such libraries and with no functionality being added to such libraries for years.
It appears to me that FB might be using their open source contributions as a Trojan horse to make sure others can't compete with them. If a startup happens to use FB open source tech for their startup, FB can duplicate everything they do, even legitimately patented stuff, and the startup is unable to fight back because their sign up page happened to be built in React.
This is giving just too much power o one company.
I think it's an intimidation play on the part of Facebook to keep large players from profiting off of their IP.
Same is true for Fuchsia, Google's new os replacement for android / linux. See https://github.com/fuchsia-mirror/calendar/blob/master/PATEN...
1. large tech cos. they always want to reserve the right to sue each other.
2. large advertisers. they need the ability to sue FB for any beefs they have over the ads they have purchased.
So if you're one of the two, I think your general counsel will say not to use react for any new projects.
Facebook is offering a separate patent license, and that is out-of-scope of the GPL.
According to the FAQ on the GPLv3: https://www.gnu.org/licenses/quick-guide-gplv3.html "Whenever someone conveys software covered by GPLv3 that they've written or modified, they must provide every recipient with any patent licenses necessary to exercise the rights that the GPL gives them."
So, since GPLv3 talks about patents, and the Facebook PATENTS clause reduces the implicit patent grant of BSD, I feel it is in scope for GPLv3. A plain BSD 2.0 license with an implicit patent grant would presumably provide enough patent rights to be compatible with GPLv3. To my reading of the situation, BSD+PATENTS does not seem to provide enough patent rights to comply with GPLv3 (because of the one-sided retaliation clause of Facebook's PATENTS file).
The GPLv2 is a different story which is less clear to me.
In section 7 GPLv2 says: "If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program."
So, because some of your downstream users might not have a valid patent grant from Facebook if they sue Facebook for infringing their patents, does the last sentence imply you can't distribute the combined BSD+PATENTS and GPLv2 code?
I also wonder if this will hold up in court, or is purely a defensive measure.
If I do use React, what is the specific legal risk (if any)?
PLEASE no emotionally charged comments - I just want a clear answer from someone who deeply understands the legal stuff.
So much about "do not be evil" policy although that is Google slogan one must ask is the Angular or Node.js next?
21st century and still greed for money and monopoly "one to rule them all" screwing open trusting hard working guy ...
I know this is side ways but: how should we trust any other thing they release or talk about privacy, sharing, VR, Basic Income ... ?!
If I understand the issue correctly, there's a clause in their license that says the license is revoked if you sue them.
How risky is this for regular usage?
No, some feel they have to stop using React, not all UI frameworks, VueJS is pure MIT etc.
I also think very few companies are going to have a time where they need to sue FB for patent infringement (how many people have patents, how many of those patents should really exist, how likely is facebook to violate that patent)?
This mostly follows if you believe the world is a better place without software patents at all.
I salute its main author, Facebook and instagram for inventing the virtual DOM concept; it's fucking genius and helped us make better apps, faster.
but absolutely no need to use react now.
Yes, they have benefited from open source software under BSD, MIT, Apache licenses and giving back under BSD+Patent grant. What a load of bullshit.
You're reading too much into the intent of the license. GPLv2 being used on servers is a valid use case.
Tivoization is indeed subverting the intent of GPLv2, which is one of the reason for GPLv3. But in the case of Tivoization, you _are_ distributing the code to end users, rather than just running it on their behalf, and hence, in my eyes, violates the intent of GPL (that end users you distribute your software to should be allowed to modify the software).
Hosted software isn't like tivoization, in that the host doesn't distribute, and so no GPL issues whatsoever.
GPL works because it forces the source code to remain open allowing everyone to enjoy all new changes.
BSD works because you are free to repackage and resell with bsd code. This code can be used in an existing product.
Angular is terrible.
React is trojan horse.
Vue is developed by Chinese.
Edit: I'm just summarizing and projecting the sentiments around the popular frameworks and wondering about the future, not sure why I got so much hate...