Even if we paint all of their actions in the most favorable possible light, and even if the clause is a paper tiger as some have claimed, it doesn't matter. This is not how open source should work. We should not have to debate for years if a project's license is radioactive. Especially individual devs like myself who just want to use a great tool. We should be able to just use it, because it's open and that's what open means. This is so much worse than closed. It's closed masquerading as open.
It's under MIT license developed by a single person in addition to community's contribution.
This link is rather interesting https://vuejs.org/v2/guide/comparison.html#React
Preact is a fast 3kB alternative to React, with the same ES2015 API as that of React.
Preact is MIT licensed and does not have any additional conditions beyond that.
I also agree with the OP, even viewing FB in the best light possible, about the best case you can make is that they want to hedge any risks to themselves while profiting from OSS contributions and the OSS marketing. As it stands, there is virtually no case to be made for them wanting to contribute to the OSS community. IMHO if you're a dev and contributing to the facebook oss ecosystem, I would actively encourage you to stop.
Patents protect ideas and inventions. In most cases, patent assertion cases are not black or white — win or loose. Infringement evaluation is complex and costly. A lawsuit can cost hundreds of thousands or millions to file and pursue. You might have a 85% confidence that FB violated a patent of yours, but to even pursue it it’s going to cost you a lot of money.
If on top of that, you will need to invest to migrate away onto a different frontend framework first, and make sure that all your customers are using your new product version (what if you’re using React Native? your users may not upgrade the apps at once!), before you can even file the lawsuit, do you think that’s an honest, ethical usage of open source philosophy?
Bottom line: Open Source is not a “quid pro quo” trade. Open Source is about creating communities to build better software together. It should never be used as a marketplace to exchange people's rights.
It would be fitting for FB to change their motto (?) to "We're not evil either." Lol
Do you believe Google also has shown intents to be totalitarian or "be evil" ?
IMHO Google has handled their enormous power and popularity very well.
Fair Disclaimer: I must confess I'm a google user, not affiliated to them in any other way (that I know of) though :D
There is still a question on fair use. Google won the jury trial, but the appellate court is ruling in a few months, and that could change everything.
Oracle really has a way of being a big swinging legal turd, I do believe they would try anything they could. It just seems like they wouldn't wait a year to get it going.
Namely: "For the avoidance of doubt, it has to be made clear that only the expression of a computer program is protected and that ideas and principles which underlie any element of a program, including those which underlie its interfaces, are not protected by copyright under this Directive."
The actual permission notice says you have the right to use the software without restriction. To me, a layman, it would seem contradictory and unfair if they later claimed that they held previously unmentioned patents that restricted your use of the software.
As a bonus, it's a lot smaller, just 3kb minified
also check out nuxt.js, a small abstraction layer on top of vue that has some opinions about file structure and also makes SSR a breeze https://nuxtjs.org/
I'd venture to say that very few if any of the sites Facebook lists at https://github.com/facebook/react/wiki/sites-using-react are using "React the view library" by itself.
not sure, but I think that means users of weex are subject to BSD+PATENTS also
And Polymer isn't even really either of those things, it's a polyfill for a native browser feature.
This creates great looking results pretty fast and also enables you to easily give back to the community by open-sourcing your own components. Last time I checked already 1100 components were listed, of which the vast majority seemed really well build.
I hate toolchains and their clunky 10+ seconds compile step.
It's conspicuously missing from these discussions
Angular has other issues like the AOT compilation file sizes and the fact that certain standard language features are not supported with it. But even having to know the ins and odds of AOT vs JIT...these aren't even things you have to worry about in any of the ones I mentioned above.
I really wish the Angular team had learned the best lessons from React...but they didn't. It's definitely better than Angular 1...but it's not as good as these other alternatives.
I wonder if this is React's "Angular 2." What's worse, the misstep this time is due to ham-fisted corporate mal-
stewardship, not just miscommunicated technical good intentions. Vue is similarly positioned to be the "next thing" in the way React was three years ago. My how this space churns.
Compare that to the space ship Angular 2. They really made an outstanding effort to create a huge barrier of entry for anyone not having a degree in DevOps. I'm an old fart, I don't need your stinking CLI, Grunt, Gulp, NPM etc stuff.
Compare that to Vue.js really shines in this regard with the same level of entry as AngularJS. For me that is part of what I thinks makes it a succes.
When choosing a new framework I tend to not look for the future, but look in the past. I chose what was mainstream 2-3 years ago, which means right now still AngularJS for me. This means I'm a leecher on StackOverflow, but so be it. I have my own company and clients pay me for working applications, which means I have to choose my tools as efficient and effective as possible. By choosing last years model, it is less sexy but will get me from A to B with the same speed plus added reliability. At the same time I'm keeping a close look to Vue.js and if still going in the same direction next year as it is now, I will definitely switch to it.
It's not a copyright license. It's a patent grant/license which is completely independent. This matters for several reasons, including when just saying "license", this usually means a copyright license.
If this patent grant get's revoked, you are back to simply using the BSD license with no patent grant. I've read so many people say "you'd have to stop using react if you sued facebook", uh, no, you'd have a bsd license with no patent grant like you probably do with tons of other free software your company uses. Clearly, people should be complaining about that if they are complaining about this, but the misunderstanding and misinformation is really strong. If you believe software patents are universally bad, like many people including me, then it is clearly better using the MIT/BSD license alone, which gives you zero patent rights, you are simply infringing and waiting to be sued. I have no problem with it. https://www.gnu.org/philosophy/software-patents.en.html.
Also by "license" I meant the "BSD + Patents license" as the Facebook writeup put it.
Those others were wrong. Facebook have made this very clear in their FAQ :
> Does termination of the additional patent grant in the Facebook BSD+Patents license cause the copyright license to also terminate?
If BSD is a "license to use", then it is implicitly a copyright license _and_ a patent licence.
Assuming the above, the argument goes that the implicit patent license in plain BSD is overridden by the explicit patent license in BSD+Patents, and that the explicit one is much more restrictive than the (unwritten) implicit one.
The FAQ doesn't address that.
I meant to write "better than using." Also, I was not aware of the implied patent license argument.
I suppose there's not much I can do about it except to move my efforts elsewhere, even if it affects my earnings.
It's more like developers in large parts stopped caring for standards and looked after products and "big players" and "the next big thing" instead aka the consumerization of IT.
Happened to SQL, browsers, middleware, network protocols, app servers, containers, programming and markup languages, and more.
Nowadays, big things come onto the scene and into developer's minds via obscene venture capital budgets.
This is not a recent phenomenon. For example, developers using (mostly) Microsoft tools on Windows have been doing it for decades already.
Drives home the point of why I need to move on and be careful where I put effort.
Its not that great anyways when compared to angular 2/4. There are too many concepts to be mastered and it soon become overwhelming. I tried learning react but dropped it after spending a week when I still could not understand routing. Sense of cohesiveness between different concepts is missing. I believe some learning junkies may get the kick out of it but that's not me. My time is better spent elsewhere.
Angular on the other hand introduces everything one single tutorials to make one productive. Deep dive later can be done later on when required.
Edit: minor typo
It's just React components up and down.
When you haven't had "that much trouble", it sounds like you're calling them stupid or a liar, and it sounds like you didn't consider the possibility that you're working on a very different problem or have a different definition of "figure out routing".
I store all of my user state in the URL. This way users can copy URLs to each other containing their state, I can press reload to debug things, Other people can embed portions of my application into iframes, and other good benefits.
However I don't want to sprinkle url changes and parsers all over my code, so I'd like to hook into the router system and glue it into the property system. I've probably been through a few versions of this idea with react and certainly spent at least a week in total trying to get it working well with all the different browsers and widgets, only to have react-router 4 come out and break it.
I then probably spent at least a day or two looking for similar-shaped hooks and couldn't find them. Maybe I should have spent more, maybe I should've been smarter.
However I note that the author of React-router took four very different approaches towards figuring out routing and produced incompatible APIs, which is a strong sign that they weren't able to figure out how routing should work either.
If React Router is not suiting your needs, there are many other options out there. That's the beauty of the ecosystem:
I'm glad that even React Router was willing to iterate on its implementation.
It takes a couple of hours to do a bit of research and searching to find the solution that fits your needs best.
I feel like I'm missing something big with everyone not even talking about angular. Maybe I feel this because Angular was big and then soon it wasn't. Probably that's the disconnect
And for me, the opposite was true vis-a-vis Angular and React, though got as far as making contributions to the Angular 2 tools before I decided to jumping ship.
and that's the problem. React itself solves a tiny subset and delegates the other responsibilities to different tools which may not align with each other. Most of the is spent is wiring making different choices and wiring them together.
On a side note what made you move away from Angular 2 to React?
So modularity is a problem now?
It's like breaking a kitchen knife into two: the blade and the handle, in the name of modularity.
Concretely, this is what I mean: Routing, and a bunch of other things are used together, it would've been better if react had kept the view library separate but also maintained an official router among other things
There are zero known patents related to react.
See for example:
"Some free and open source software licences also explicitly grant the patent rights necessary for the purposes of using, adapting and distributing the code, for example the Apache License v2, the GNU General Public License v3 and the Eclipse Public License. In some jurisdictions, including the UK, it is highly probable that even those free and open source software licences that do not explicitly grant patent rights do in fact provide them implicitly. After all, giving permission to perform a specific act strongly implies permission to perform the steps needed to do so. Thus the permission to redistribute the software granted by all free and open source licences - it can be argued - implies the granting of the right to make use of any of the licensor’s patents which would be infringed by the distribution of the code."
In the specific cases of the BSD and MIT copyright licenses note that the licenses do not say that they are irrevocable. A license granted for no consideration is generally revocable unless it specifically says that it is not.
There are substitutes for consideration. It is an open question as far as I know whether or not those apply in the case of free software and make licenses like MIT and BSD irrevocable.
If you use BSD or MIT licensed patented software that does not come with an explicit patent grant, you'll have to deal with these arguments if the patent owner decides to go to court:
1. There is no implied patent license,
2. If there is an implied patent license it is revocable and they revoked yours,
3. The copyright license is revocable, they revoked yours, and that implicitly revokes the implied patent license (even if it is irrevocable normally).
It's so much safer to try to stick to licenses that say they are irrevocable and include an explicit patent grant.
Sadly, although Facebook includes an explicit patent grant, it does not claim to be irrevocable. They even list one specific case where it can be revoked.
Though I use Angular in my day-to-day, I would really love to be in React land for that reason alone. I've had too many interface bugs due to simple template typos
I've contributed to React before and will continue to do so. I haven't seen a single reason why not to. Just because React doesn't use your favorite license? Well this may shock you but I also use and help develop closed source software. In my view there is nothing morally wrong here. What's more, it's not even clear which morals you think I would be failing by continuing to contribute to React.
That's not really the problem here. The problem is that by using React, even in a closed source context, you are potentially setting yourself up to not successfully make an IP claim against facebook, even for unrelated technologies.
You give up your right to sue facebook with ALL your patents while facebook only gives up the right to sue you with their REACT patent. We don't even know if there is such a thing as a "react patent".
If you live in a jurisdiction where the concept of software patents are void, as the GP indicates, the patent clause in the license is meaningless because there cannot be any patents on React in that jurisdiction.
The way I understood this conversation was that BMW (continuing your example) cannot sue facebook if facebook infringes them on an of their car patents but it's not a right or a grant or even a license of any sort.
No, that's not the problem for many(most?) of us. The problem is that Facebook has decided to throw out innovative extra conditions to an old and established license. Innovation is typically not a good thing with open source licenses. It just throws a lot of uncertainty and confusion onto the situation, and for what gain? In fact, no one has any clue how this patent grant will work in practice.
If we believe the minimalist interpretation that some people are proposing here, Facebook has gained virtually nothing here. And that fact in itself makes people suspicious, because why would they dig in for almost no gain?
Why do you even care? It's a great framework and if you don't want to use it under the license then don't. But why ranting about they should change the license?
I can understand why FB is licensing the way they do. I also would be pissed off if I would get sued for some nonsense all the time and would take an opportunity to potentially reduce that.
I'm going for Preact (https://github.com/developit/preact) for React alternative.
The most likely thing for Facebook to patent is the concept of a virtual DOM that's diffed to apply updates to the real DOM. IF they have such a patent (and apparently they don't), then any library that has a vdom implementation infringes, including Preact.
Of course, if they DON'T have such a patent (which seems to be the case), then Preact is safe, but so is React. :)
This would cause mass alienation in the community for little gain, and force many previously neutral parties to align against them for attacking a completely separate project.
And for little damage as well....
If we rewrote our sites to use React coming from Backbone, JQuery and Angular... it won't be too much of a hardship to rewrite our sites to no longer use React in the future. Heck considering the 5-year churn of JS frameworks, I'm already penciling in the rise of a new framework in 2022.
It would likely be a company suing FB for infringing a patent who happens to also use Preact in a site. FB presumably wouldn't have access to the site source code (pre-suit), but would be looking at the compiled, minified public site. I don't know how Preact and React look when compiled compared to each other, but given their similar structures it might be hard to tell them apart. FB would identify the offending bits of code or code structure. They wouldn't need to even use the word "Preact" (or "React") in the suit.
If the underlying suit was a patent troll suing FB, FB's use of React patent clause might actually be celebrated in a enemy-of-my-enemy kind of way by the broader developer community.
It would require FB to finally disclose the patent numbers applicable to React. I've spent a few hours attempted to review FB's patents to find anything related to React technology, but it's a needle in a haystack challenge and I failed. There are tens of thousands of patents and impossible to know what keywords to search for. (If someone else has done this work, would be great!)
Why? Why is the API relevant at all?
The implication is if you use react now you give away rights.
The same is not true for angular, vue or mithril. Some argue if you use vdom there might be issue. But at least with those you/your dev is not giving away rights willingly...
But come to think of it; That is the way fb started :/
The patent grant from FB grants you strictly more rights than BSD alone (though admittedly, you could lose those extra rights).
Not at all.
It's been discussed a ton, the plain language of the license makes that clear, Facebook even covered this in their official React license FAQ (https://code.facebook.com/pages/850928938376556).
Please stop spreading FUD.
>> Does the additional patent grant in the Facebook BSD+Patents license terminate if I sue Facebook for something other than patent infringement?
>> Does the additional patent grant in the Facebook BSD+Patents license terminate if Facebook sues me for patent infringement first, and then I respond with a patent counterclaim against Facebook?
> No, unless your patent counterclaim is related to Facebook's software licensed under the Facebook BSD+Patents license.
My interpretation of that is if I use React I can't sue Facebook for any patent violations lest they pull their React patent licenses and immediately sue me for infringement.
Of what? Patents are public; link me the patent you think they'd sue you for infringing. :)
If they really want to crush little ol' me, I'm sure their legal team can find something in their existing patent warchest that would apply to React.
Plus we don't know if they have applied for patents that would apply to React that are still under review.
Yes, but also to your non-React code, right?
Like...seriously, what patent do you think they might have that somehow only applies to React and not all the other modern frameworks that have been busily copying React?
In short, if you get into a patent dispute with them, your license to use React does not terminate.
So when someone says "if you sue you will lose your rights to use react" this is wrong. My rights to use React come from the BSD license, not from the patent grant.
It's not so much they're "digging in" in the face of criticism, as they simply haven't noticed the criticism, because it has no relevance to Facebook at the level where corporate policy is set. Or so I believe. :)
I disagree. There are clearly a lot of people who evangelize React and other open source projects. It helps a lot with recruitment and Facebook's public relations among devs. I just don't think the attorneys grasp how much this is affecting other parts of the company.
I don't want a non-standard license... It's just more complexity we don't need.
Make it LGPLv3 or something if you want a patent clause, don't invent your own.
The patent issue is really not a big deal with React; the real concern is philosophical.
They won on a fair use claim. And that win is still subject to an ongoing appeal.
did we? I think the jury is still out on this, i.e. we had one verdict for google, one for oracle, one for google again, and now there's another appeal.
npm i -S preact preact-compat
If you're starting from scratch pretty easy though, sure. But that assumption is all too widespread in the JS ecosystem these days : (
- Yahoo Mail
- NY Times
If they're ok with the license, you probably shouldn't worry too much. Basically, if you don't own any patents or if your company is smaller than any of the above, you should be ok.
I assume they were.
This license is likely to protect facebook against patent litigation that a startup might claim facebook is in violation of.
It's not too hard to imagine a scenario where the next snapchat-like-startup is using react native. Facebook is then in a super leveraged position against them legally.
Snap stories are now facebook stories, instagram stories, and whatsapp stories. It's not such a big leap that it'll happen again.
Once your 'professional lawyer' agrees that the license is enforceable it's up to you to decide whether giving Facebook an effective grant of all your patents it worth it.
my understanding is that this isn't the case - react isn't itself covered by patent, and the bsd license remains in effect.
Anyway, it's not up to me, it's up to the legal team and they are saying "No".
Turns out that forking a somewhat recent version of React that uses Apache is possible while still retaining any relevant patents (esp pending vdom patents) and API compatibility.
Maybe we need groups who can push to lobby for legislation to remove software patents in more countries?
So, Facebook, lets assume, isn't being malicious and genuinely feels this is the right approach to deal with what they consider to be "meritless" lawsuits... but at the same time, if this response-- genuine as it may be-- gives them abusive power, don't abide it.
Similar principle for politicians-- never support Obama/Trump having a power you wouldn't want Trump/Obama wielding.
For any aspect of power, assume the most abusive historical figure has it-- should they have it? IF not then don't grant it to even people you like.
At most situations you might be assigning improbable risks to things. If you have a reason to believe someone is not going to abuse power, then giving them said power should be okay in real life
Edit: May I add that you're swinging from one extreme to the other. Things need not be black/white. It's a fallacy all on its own
Everyone in this whole thread is saying the same thing. For anyone not up to speed, I found the following explanation of the issue (analysis of the license) very good and short:
This lets you know why we have 300+ comments saying the same thing.
Oh, come off it!
If you went to some company and got a patent license, and then proceeded to sue that company for patent infringement on an unrelated patent, they would terminate your license. (That's what cross licensing prevents.) So FB is granting React users a patent license free. Why wouldn't they revoke the license if you were suing them? There's no difference from the normal state of affairs except the patent license is free. Now, if you are worried about FB infringing on your patents, it's wisest not to use React, but that's no different than licensing a patent from someone else.
I'm surprised at how many companies are willing to embrace frameworks that they believe come from Facebook and Google but are not truly backed by those companies. Aurelia has commercial backing and community contributors and a decent license.
You can. What's stopping you?
A few things:
1. If you want to suggest you are doing this as part of an attempt to avoid meritless litigation, you really should give concrete examples of that happening. Otherwise, it comes off as a smoke screen.
2. The assertion is that if widely adopted, it would avoid lots of meritless litigation. This is a theoretically possible outcome. Here's another theoretically possible outcome of wide adoption of this kind of very broad termination language: Facebook is able to use other people's technology at will because nobody can afford to not use their stuff, and no startup that they decide to take technology from, and say "no more facebook/react/etc for you" could realistically launch an effective lawsuit before they died.
Assume for a second you think Facebook is not likely to do this. If widely adopted, someone will do it.
Nobody should have to worry about this possibility when considering whether to adopt particular open source software.
(there are other theoretical outcomes, good and bad).
It's also worth pointing out: None of this is a new discussion or argument. All of the current revisions of the major licenses (Apache v2, GPLv3) went through arguments about whether to use these kinds of broader termination clauses (though not quite as one sided and company focused), and ultimately decided not to, for (IMHO good) reasons. I'm a bit surprised this isn't mentioned or discussed anywhere.
These kinds of clauses are not a uniform net positive, they are fairly bimodal.
If it's the case that these startups wouldn't have the resources to mount an effective lawsuit, then that's true regardless, no? Whatever the React terms say are moot. (I might be misunderstanding; the sentence is one that's hard to parse.)
> All of the current revisions of the major licenses (Apachev2, GPLv3) went through arguments about whether to use these kinds of clauses (though not quite as one sided and company focused), and ultimately decided not to.
When MPL2 was being drafted, I pointed out that a strong, React-like approach to patents would be better, because the protection that Apache 2.0 offers against patents is very narrow. My takeaway was that the reason not to do so was because it wouldn't have been politically expedient at the time—it would just result in people rejecting the MPL. If Facebook is now taking that approach, then run with it now; it suggests the idea should be opened back up for reconsideration in future revisions of these licenses because they can capitalize on the momentum.
This isn't only covering Facebook - this covers subsidiaries or subsidiaries etc..
Untrue. They couldn't sue Facebook (or subsidiary) without immediately losing their right to use any patents Facebook may-or-may-not have on React. Their right to use React would be untouched.
So, are there any patents? People have looked; so far none have been found. More to the point, what JS lib do you think our hypothetical firm should have used instead? Preact? Vue? Angular? Backbone? Why do you think Facebook doesn't have any patents on those?
Google is able to use other people's technology at will because nobody can afford to not use their stuff, and no startup that they decide to take technology from, and say "no more Google/Angular/Closure Library/etc for you" could realistically launch an effective lawsuit before they died.
That would work incredibly well to neutralize patents, actually, and would be a huge win for free/open source software.
It's surprising not to have seen anyone point out the logical conclusion of a world where every major license includes a React-like stance on patents: it's a world where no one is able to bring patent suits against anyone, because it means they are now violating the licenses of every piece of FOSS they're currently using. (I'm relying on the assumption that there's no entity that could perform an audit right now and conclude that there's not a single piece of FOSS underpinning their products/services/infrastructure.)
Licenses like Apache 2.0, MPL2, etc all have a "MAD" policy wrt patents, but they all have a gaping hole in their strategy. The React license patches this hole in a really clever way--probably the cleverest thing since the GPL's invention of copyleft to hack copyright law by using it against itself. It's really disappointing to see people's sense of disdain for Facebook overpower their ability to appreciate how clever the React license is.
Addendum from the last time  I commented: "FWIW, I don't use React, I don't want to, I'm not a Facebook employee, and in fact I think the world would be a lot better off with Facebook having less influence than they do today. But that doesn't change how weird it is to keep seeing comments like [those that frame the React terms in a negative light]".
If you use project A that was written by one or two developers in their spare time (and they included a BSD+patents) clause, would Facebook fear being sued by them? Probably not -- but new companies that get anywhere close to what Facebook does (increasingly, that's everything these days) definitely live with the real possibility of facebook suing them.
In theory the "no one is able to bring patent suits against anyone because they're violating licenses" is a good outcome (mostly the no patent suits part), but it doesn't quite stand up in practice because patent suits cost money, and bigger companies can sue you longer than you can sue them. I don't want a world where MAD is the default, because the large companies carry nukes, and I carry a peashooter.
I will no longer use react on any new projects.
As pointed out by Dennis Walsh in (https://firstname.lastname@example.org/react-facebook-and-the-revok...), it would take millions to bring a patent suit against Facebook.
At it's best this is like some sort of warped "you infringe on my patents and I'll infringe on yours" kind of thing, assuming MAD means it doesn't become a very-uneven suing war. This case is also bad news, because larger companies are much more capable of infringing on your patents and competing with smaller companies in a conglomerate style.
Amazon is a conglomerate. Alphabet/Google is a conglomerate. Somehow, everyone in the government who manages anti-trust (whether that should be a thing is another debate), seems to be asleep at the wheel, literally everyday.
Also, guess who has lots of resources to rebuild a shitty copy of ingenuous software they found online? Big corporations do. All the starry eyed CS grads who want to go work for Big Conglomerate Co. are going to be rearing to re-implement Redis in 50K LOC, but it's harder for some small company (or just random open source project) to re-build the parts of their app that used react in some other framework.
The PATENTS file is red herring. If you're a small player and you launch a patent lawsuit against Facebook you stand no chance of winning. Facebook has thousands of patents in its portfolio, and software patents being broad as they are, you're invariably infringing one of them.
You know what, scrap that. Even if you were a somewhat large player with your own respectable patent portfolio, and Facebook had almost no patents you could never win. Why? Because this already happened, dear internet:
TLDR: Yahoo sued Facebook before their IPO with 10 infringed patents (not just 1), trying to scare Facebook into giving them money. Facebook only had 56 patents, but they had money, so they bought up 1400 more patents, and countersued with just 10 of them. Yahoo realized they don't have the money to win a lawsuit against Facebook, and meekly submitted and cross-licensed the patents to Facebook.
Now imagine trying to copy cat the Yahoo move with two guys in a garage who own just a single patent against a stronger and more prepared Facebook that has thousands.
To give this comment meaningful content:
In that case, you have two other options:
* Quietly swap out your frontend before you file
* Continue using React and dare Facebook to produce a patent they can actually claim
This, of course, is based on the assumption that your frontend is a significant portion of your product. If your frontend is a trivial portion, then "rewrite your frontend code base as fast as you can" is also trivial.
Edit: fixed formatting
Large companies carry massive war chests of patents, such that anyone who makes software is most likely violating several of them without knowing it. They defend themselves from patent lawsuits with countersuits from their war chests. (Trolls are immune, though, because they don't make software and therefore aren't infringing in the first place.)
As for the problem you're focusing on, the particular problem is that to actually your patent defensively (the original purpose), you must litigate. To litigate, you must have lawyers, and quite a bit of money. If the other side is capable of buying better lawyers, or lawyers for a longer time, you lose.
They should be. Many popular open source projects are supported by a 'community' of large companies, or are invested into a widely respected foundation like Apache.
Additionally, many projects that started off as simply a few developers, grow to the point that a company is founded to handle support and customization. An example of this would be Redis Labs---started by the originator of Redis.
If even tiny patent trolls can be 'dangerous' to multinationals, I expect most would steer clear of declaring a patent war on the community at large.
What if Postgres had a retaliatory patent clause?
What if Linux did?
Also, you're right except for the fact that lots of very very useful projects are not backed by large companies or foundations like apache. What you describe a solution is precisely the world I don't want to live in. I don't want the MAD state of things to be held in check by large organizations -- humans kind of forget themselves in large organizations, far too easily.
Redis is a great success story, but again, that organization is way way weaker than facebook. They just have more money in the bank, and MAD only works if EVERYONE has nukes. It doesn't work if one side is carrying rifles and only one side has nukes.
Maybe we should fix the patent system instead -- I'm aware it's hugely nuanced, but for all the griping that tech does, surprisingly nothing has changed -- the tech companies that make it just don't seem to be trying to change the system once they're established (someone please correct me if I'm wrong).
Instead of forming organizations to fight patent wars, just put effort towards fixing the patent problems.
It's also a world where entrenched companies can feel free to use whatever technology they want from smaller competitors without fear of lawsuit, and use it to further entrench themselves :)
I'd put a lot more money on that happening than "happy fun kumbaya singing".
This is among the many reasons that apache, et al chose not to use them when revving their licenses.
It's totally worth reading the discussions that happened around these issues back then.
As a friend said WRT to this issue: "Everything old is new again"
I agree, but software patents are arguably bad enough that doing away with them entirely is worth the collateral.
A legislative solution might exist to have the best of both worlds, but, in the absence of that, suppose there's a copyleft-analogue hacky way to undermine software patents indiscriminately without requiring an Act of Congress. (and that's not a sure thing at all, but suppose.) Wouldn't you press the button?
It would be a huge win for companies with large software patent portfolios, which is the opposite of what the free software movement is about.
This is backwards. Those are exactly the companies that would be harmed, because their hopes to be able to wield those patents offensively have been nixed.
So, here's how the real conversation will happen at MegaCo of your choice, should this play out:
Alice: We want to sue for patent violation against XYZ Co. But we use XYZ Co's software. If we file suit, we'll have to stop using it due to the license.
Some top-level guy with a three-letter title named "Joe": Okay. How big is their company and what software do we use?
Alice: <MegaCo has more money than God so the only meaningful comparison is "cockroach" at best, and the software is in no way something they cannot acquire elsewhere>
Joe: Okay. Assign 50 engineers to just recreate whatever stupid software of theirs we use, in-house. Or buy another version from someone more reliable. Then assign a billion dollars to legal to destroy them.
And that's it. They're done. That strategy was all cleared up before lunch. Keep in mind of course Facebook will probably have enough money to litigate you into the ground so long that probably won't even be able to actually tell them to stop using your software, until they've already replaced it completely and also ruined you at the same time.
It turns out when you have effectively unlimited engineering resources and money (to wage legal battles), things like "Use a new virtual DOM library" or "Replace RocksDB" don't matter at all. They can just do it and crush you anyway.
If you assume that MegaCorp is evil, the startup has no life whatsoever, whatever open source license is picked. If instead assume that MegaCorp is good, the patent grant has a positive effect on the ecosystem.
> We believe that if this license were widely adopted, it could actually reduce meritless litigation for all adopters, and we want to work with others to explore this possibility.
This would only neutralize patents of actual companies that have something to create.
The only ones left to hold patents would be patent trolls. This would just massively empower patent trolls, and harm everyone. Because patent trolls don’t have to license patents there’s no risk for them.
It just leaves them as clearly the only enemy left, with massive corporate lobbies against them, and widespread public distaste weighing them down.
The current situation is mixed---companies aren't fully in favour of patents, but support the status quo.
Against each other only, right? They could still use their patents against patent trolls.
Even if the entire FOSS community decided to adopt a patent termination clause right now, it cannot retroactively apply to whatever fragments of FOSS code that has found its way into proprietary products so far. So I'm safe as long I don't install any new software until I'm done trollin'.
Your idea would make sense If all the FOSS that was ever written came with a patent termination clause. But that's not the world we live in.
But what prevents everyone from becoming patent infringers in this scenario?
However, in such a world I don't think the courts would approve of this 'hack' and kill the enforceability of these clauses precisely because they render patents useless.
I believe that contracts that terminate if you sue the other party are fairly standard, and in court these licenses would be considered fairly similar to those contracts.
I don't really know what a court would say, but if I sign a contract that says "I will not sue X for any patent infringement under the condition they don't sue me for patent infringement" I would be surprised if a court found that contract unenforceable. The right to file a patent suit is not a fundamental human right after all, why would signing it away not be possible?
Any project with such a license would be non-free, so I'm not sure how that would be a win for free software.
I'm inclined to say you're mistaken. The FSF hasn't published an analysis of the React terms, but if they did, it seems pretty much assured that they'd deem it a "free software license, but incompatible with the GPL".
Recall that Apache 2.0, MPL2, and GPLv3—all free software licenses—have patent termination clauses as well, but they're comparatively weak. In fact, GPLv2 didn't have one, and this was the reason why Apache 2.0 is labeled as free but incompatible with GPLv2. The FSF's solution to this was to include it's own patent termination in the next update to the GPL, which is why Apache 2.0 and GPLv3 are compatible today.
> I'm inclined to say you're mistaken. The FSF hasn't published an analysis of the React terms, but if they did, it seems pretty much assured that they'd deem it a "free software license, but incompatible with the GPL".
Richard Stallman said it is non-free :
> React.js is nonfree because of its patent license restriction.
And after actually reading it he said it's okay to use for GNU projects: https://lists.gnu.org/archive/html/directory-discuss/2017-01...
Not the most impartial person to define "free" and "non-free".
Anyway, even if you dont line Mr. Stallman, the set of licenses he deems as free software is pretty much 99.9% compatible with the set of licenses deemed "open source" by the OSI or licenses acceptable by Debian (the other authorities you might Sant to look to when it comes to this)
The thing is, I agree with your premise that we should always push for licenses that (in the long term) will result in a better free software world where threats such as software patents and draconian copyright are effectively neutralised. All three GPLs did this to copyright (as you noted), and Apache helped step forward on the patent front. I would love to say that the React license helped further this cause. Unfortunately I don't agree, and it's for several reasons.
* This may sound like a minor point, but the React patent license only applies to Facebook's patents, and relies on Facebook retaliating. Code contributed by anyone else may not be giving you the same protection, which means that if they sue someone other than Facebook the target has no real protection. Apache and GPLv3 both tackle this problem because the copyright license is terminated if anyone sues a copyright holder (and GPLv3 even more so because it's copyleft). By only terminating the patent license, you're relying on Facebook suing the offensive party.
* As with almost all patents, Facebook makes it exceptionally explicit that independent discoveries will not be protected. While this is to be expected because it's the default patent law position, it's not exactly what you want if you're going to try to sell me on this being "an ingenious, anti-patent license".
* The patent license clearly favours protecting Facebook over the wider software community. The fact that suits "(i) against Facebook or any of its subsidiaries or corporate affiliates," will result in termination means that the license is incredibly asymmetric in it's protection. The problem is that the "more free" stance of extending this protection to every user of the software would be too strong of a stance for companies to take (it would mean that no company could sue any other over patents in fear of being vulnerable to Facebook's patent portfolio). Not to mention that it still wouldn't solve the patent problem, you'd need to fix my first point and make it apply to all patents by all users. And then it would be seen as an incredibly risky business decision.
* By definition the patent grant cannot be used against Facebook, because of the above protections are not provided. If Facebook sues you over a patent unrelated to React, you cannot counter-sue them for any patents they may be infringing because then you'd be giving them more ammunition. This is where your comparison to the GPL falls flat for me. The GPL does protect users in this situation.
I understand that these might seem like "perfect being the enemy of good", but you have to consider that Facebook's dominant position is what makes these sorts of discussions critical. Sun made some mistakes in the CDDL, and we're still living with those mistakes to this day thanks to the whole Oracle OpenSolaris fiasco (though it went better than we could've hoped). We need to be far more careful in how we evaluate software licenses, and thinking about doomsday scenarios is crucial. If Facebook became a bad actor, would this patent license be better or worse for the community than Apache 2 or GPLv3?
> Apache and GPLv3 both tackle this problem because the copyright license is terminated if anyone sues a copyright holder (and GPLv3 even more so because it's copyleft).
This is not true of Apache 2.0. Filing a patent suit against someone over a piece of Apache licensed software means the plaintiff loses the grant to patents held by other contributors to that software, but that's the extent of it.
> If Facebook sues you over a patent unrelated to React, you cannot counter-sue them for any patents they may be infringing
This is also untrue. Your ability to file a countersuit for other patents is explicitly protected by the React grant. This has been the case ever since version 2 was published.
> If Facebook became a bad actor, would this patent license be better or worse for the community than Apache 2 or GPLv3
Either better or the same, depending on your values, but definitely not worse. The license termination clauses in Apache 2.0 and GPLv3 are so narrow they don't offer any greater protection against bad actors.
Right, but the "right to use" permission is granted as part of the patent license not the copyright license. You're right that I misspoke and the copyright license is not touched, but the effect is similar AFAICS.
> This is also untrue. Your ability to file a countersuit for other patents is explicitly protected by the React grant.
Ah, you're right. I did read the latest version of the document, I guess that sentence must've just slipped by me. My point about asymmetry still stands though.
> Either better or the same, depending on your values, but definitely not worse.
I believe that the asymmetry does not make it better. You could argue it's the same, but I still am not sure I agree.
I'm pretty sure they'd be thrilled. That seems to be their aim.
> I bet it would deter them from enjoying much of the code they built their business on.
Why? Serious question; I just don't see why Facebook would care.