Facebook claims that if every company adopted a React-like license, that software patents as we know it would basically die. It's worth noting that both Google and Facebook's patent lawyers are generally of the opinion that software patents are net bad, but differ in their opinions of how to express that intent without exposing their companies to additional risk from patent trolls.
If you want to be acquired, then this is the opposite of what you want. You file patents for every part of the product you can; you audit your dependencies to avoid copyleft (AGPL and GPL) and React-like licenses, so your software can be folded into a 100% closed source product or shut down or whatever your acquirer wants.
If you run a start-up, and you're worried about the React license, you should be speaking to your own legal counsel about the best way forward.
And be careful: if Facebook has any patents related to React, they could very well cover also the React alternatives: I seriously doubt that eg the author of Vue.js researched if they were violating and FB React-related patents.
Edit: here the link to the patent grant https://github.com/facebook/react/blob/master/PATENTS
> A "Necessary Claim" is a claim of a patent owned by Facebook that is necessarily infringed by the Software standing alone.
This should mean that the patent grant only covers you from being sued for any patents covering React technology, and that is the only protection you lose if you sue Facebook.
I analysed 75+ OSS projects from 35 companies, and Facebook is practically alone.
And even if you do, the revocation takes effect in 60 days, which is pretty friendly IMHO.
(PS: i have no plan to be acquired or raise a VC round or file any patent)
Open source software shouldn't have any restrictions on who can use them and who can't. While this license don't specifically exclude a class of people explicitly, even you agree that big companies can't use these projects. So these projects effectively exclude hundreds of thousands of software developers (who work in >small orgs) from using this project and therefore contribute to it. This greatly hurts the project itself, while projects no using this kind of license won't have a problem.
Except it says that you're not serious about your startup's long term future.
If the current license problems came to light before, React would be an inferior project compared to others because the others will have more development. So the ecosystem around other popular project (VueJS?) would be bigger and more robust (because of the number of people providing feedback and filing bugs)
My understanding is that Facebook's long term vision is that no productive entity can assert its software patent rights, which should then make it politically viable to lobby for laws to be changed to invalidate all software patents altogether.
Seriously, stop this. Sometimes you just need to admit you have no idea what you're talking about and shut up.
The author honestly thinks using Preact or Inferno could protect them from patent lawsuits. Oh, wait, maybe "Facebook holds any software patents on the Virtual DOM or the React APIs" so better use Vue and Cycle.
Unless you actually know
1) which patents Facebook holds and
2) which patents are relevant to each framework/library (i.e. React and various its alternatives)
stop giving people legal advice about which library they should be using.
The cosmic irony would be if Facebook didn't hold any patents covering React to begin with but DID hold patents covering parts of Angular, Ember, Vue and Preact, over which they can sue who they like because Facebook never gave them a patent grant for those. Sounds far-fetched? It isn't because we don't know which actual patents these could be and who holds them.
Or for all you know Google might sue you. Or Apple.
This isn't a discussion, this is literally just a bunch of nerds ranting on the Internet about problems they don't sufficiently understand, playing Three Blind Men with the elephant that is Software Patents.
Following your words, you should not be even allowed to comment:
Seriously, stop this.
> 2) which patents are relevant to each framework/library (i.e. React and various its alternatives)
Facebook needs to come out and give us these answers. There are two scenarios:
1) They have "secret" patents, and the reason they hoard them is to use them as offense when being sued, forcing the suing party (whether "meritless" or meritful) significant monetary loss to rewrite their software with the goal of killing the suit, or,
2) They do not have any patents pertaining to the technology, and so if this is the case, why is the patents clause even present? Why all this hush-hush and incredible resistance to change?
It's dodgy as heck. From Facebook's POV of 1, it's fantastic, but _only to Facebook_ - that's why it's there, it's great strategy. For everybody else? Not so much. Either way, they are being immoral and unethical, especially towards their foundations (free and open source software) and user community and ultimately leads to fragmentation as people try to escape the clause (see Preact, Inferno, et al).
Edit: I see how my reading was wrong. The LICENSE file is still the same old 3-Clause BSD. The PATENTS file is what's new and different.
It's excusable if English is not your native language, but "license" doesn't have to mean "copyright license".
- other people will stop saying bullshits about computing;
- nerds will stop learning new things by trials and error.
None of those will ever happen, so make peace with the fact it will happen more and more.
The reason I'm saying "nerd" is that it's clear he has some expert knowledge about some things but apparently no grasp of the fact that this does not mean he has expert knowledge about all things.
Actual lawyers have come out on the patent grant and how it's basically harmless and pointless. It doesn't even require an actual lawyer to understand this. It just requires not being ignorant about intellectual property law.
The only valid argument against React is open source purism, which is why the Apache Software Foundation has banned it. They're not concerned about people suing people, they're concerned that it doesn't mix well with projects released under a pure Apache license. That argument is valid.
Every other argument boils down to "I don't understand the difference between patents and copyright". Even when the author shows a glimpse of self-awareness by saying "maybe Preact isn't safe either" he goes on to recommend other libraries as if they were 100% certified patent free.
Saying "I don't understand this, please explain" is okay. Saying "this is my expert opinion on something I don't understand and you should take this as advice" only spreads FUD.
Want to know whether you are at risk of being sued over software patents? Here's a simple checklist:
1) Are you using or writing source code?
If you answered "yes", congratulations, you're at risk of being sued over software patents.
1) I am not a lawyer, and my article simply analyses the compromises a company makes when adopting React (and other OSS projects licensed under the same terms), without going into Patent Law.
Some lawyers think that the patent-related legal provisions are not enforceable anyway, but then it begs to ask the question. If they are not enforceable, why is Facebook so adamant about keeping this license model? Surely there's something else behind this, some motivation.
2) Facebook claims their motivation is reducing patent litigation. And they claim that making this model widespread would benefit the entire industry.
Let's put that in context. They adopted this license in 2014 and, in the last 3 years, no other company aside from Palantir has followed suit.
I analysed 75+ projects from 35 companies (link: ), and none uses this license model. What's going on?
As I argue in my article, this kind of license may hurt the Open Source industry, more than it will benefit it.
3) No, I do not know (a) what applicable patents FB holds with regards to React, nor (b) those that may be in the works, nor (c) those they intend to apply for. Likely neither do you.
And that's the whole point of the article.
Most people and startups don't have access to an expert patent lawyer. Even if they did, would it be a good use of resources to engage them to evaluate the adoption of a frontend UI layer? No.
So just stay away of problematic stuff.
4) And as a result of the above, my stance is that I prefer to use a stack that grants me any patents unconditionally, or maybe with weak patent retaliation like the ASLv2 license, that's OK, i.e. I sue the holder over patents covering only the work I am using, I lose the patent grant for the work I'm using. Simple and symmetrical
5) Here's some food for thought. Would you rather relinquish your IP assertion rights with this "BSD-3 + strong patent retaliation" model, or would you rather pay $99/dev for a commercial license on React and not give Facebook any control?
6) Facebook exists thanks to Open Source. Zuck implemented it using the LAMP stack back in 2004. Would he have used LAMP if it entailed relinquishing any rights to initiate patent litigation?
As I said, I am not giving people legal advise, I'm just voicing out my opinion. But I do see a lot of React fans like you (based on your Github ) trying to diminish the arguments appealing to lack of authority and what not, without understanding the logic behind my argument.
Picking an OSS UI view layer should not require involving your legal advisors, don't you think?
EDIT: added point 6.
No, your article is literally FUD. "I don't know what their goals are with this, so let's assume the worst". What could that be? Nobody knows, so let's assume it's really bad and you don't want it. F, U and D.
> I analysed 75+ projects from 35 companies (link: ), and none uses this license model. What's going on?
You're feigning surprise that no other company than Facebook provides a Facebook Open Source Patent Grant along with their BSD-licensed projects?
The only major licenses that contain patent grants are Apache 2 and GPL. As I'm not going to touch the GPL debate with a ten foot pole, that only leaves Apache 2 or no patent grant whatsoever. Turns out most projects just don't bother with patent grants.
There are good arguments for Apache 2. BSD+Patents seems to be a good compromise if you want a patent grant, but not one as unconditional as Apache's. This is not nefarious. This is literally more than the nothing 99.999% of non-GPL, non-Apache projects give you.
The only thing the PATENTS file does is remove the Heisenberg-esque "maybe a court finds this license implies some kind of patent grant or not" limbo the BSD would otherwise put the project in and replace it with a fixed set of legal certainties you can give your informed consent to or not.
> As I argue in my article, this kind of license may hurt the Open Source industry, more than it will benefit it.
I thought the point of your article was that startups shouldn't use it if they want to be acquired, oh wait, that's just the clickbait title to sell your opinion on.
Your entire "it's bad for OSS" argument boils down to a slippery slope of chilling effects. This is entirely conjecture. By your logic Microsoft would never have published ReactXP and React Native Windows. Google, Twitter, Amazon are actively using React in their products. Your argument falls flat if you even bother looking at the reality.
You defend your article by saying you don't want to be involved in flamewars because you're not a frontend developer. You're using intentionally provocative language to make a point about something you admittedly have no stake in.
Your article is trying to argue about open source purity but abuses a clickbait premise to garner attention in places like HN.
> So just stay away of problematic stuff.
Again, this shows you don't understand patents. ALL software is "problematic stuff". BSD+Patents, like Apache2 or GPL, provides certainty about a subset of patents. All other licenses provide only a vague sense of "probably the author won't sue me because that kind of fishing seems obviously unethical".
If you want to write an article about why React should be using Apache 2, write that fucking article. Don't try to cover it in startup-relevant buzzwords.
> 4) And as a result of the above, my stance is that I prefer to use a stack that grants me any patents unconditionally, or maybe with weak patent retaliation like the ASLv2 license, that's OK, i.e. I sue the holder over patents covering only the work I am using, I lose the patent grant for the work I'm using. Simple and symmetrical
Yes, you're an ASF contributor. Maybe you should lead with that instead of pretending you're impartial.
The world would be a better place if everyone used Apache 2. But what does that have to do with startup valuation? Stop spreading FUD.
> Would you rather relinquish your IP assertion rights with this "BSD-3 + strong patent retaliation" model, or would you rather pay $99/dev for a commercial license on React and not give Facebook any control?
Let me repeat what I just said: you don't understand patents. React works because it's open source. If React were closed source, it would be about as relevant as Sencha Ext. Not very. Try forking Preact/Inferno with a $99 "I bite any patent lawsuits levelled against you over this" license and see what happens. People don't care about patents.
> Would he have used LAMP if it entailed relinquishing any rights to initiate patent litigation?
Probably yes? He created Facebook as a one-off stupid thing in college. He might have migrated to something else afterwards. He might have open sourced that. Who knows? Who cares?
Again, none of this seems relevant to the headline: React supposedly being bad for startups because it hampers acquisition. You address this in a single section and the entire argument is a single pie-in-the-sky fictional scenario. None of your "empirical" claims back this argument up.
> React fan
Rich, coming from an ASF fan. Based on your logic I should assume you don't like BSD+Patents because it's incompatible with the ASF's purity requirements.
If you spent more time internet stalking me you would have noticed most of my work goes to Apache 2 licensed projects, not React. But that would not make a very good _ad hominem_.
I would love it if React switched to Apache 2. I would also love to see a lot of MIT/BSD projects switch to Apache 2. If it doesn't happen, I'm not losing sleep over it and neither should you.
I didn't stalk you: you include a link in your HN profile to your Github page, I only clicked on it. Consider removing the link if you don't want people visiting your Github profile, and learning what you engage in.
Many of your statements are imprecise/incorrect.
1. Patent grants are good. Many licenses, including ASLv2, MPL, CDDL, not only include a patent grant, but also a “weak patent retaliation” clause. A minor reprimand if you adopt a project and then decide to sue THAT VERY SAME PROJECT for patent infringement. That’s a pretty fair deal. Some licenses like CDDL are quite relaxed, e.g. they even give you a 60 days grace period after you initiate the litigation to migrate away from the software under dispute. Others like MPL not only remove the patent grant, but also the copyright license as well — which depending on the project could be assumable.
2. Facebook could’ve done the same (simply by adopting ASLv2, like they did with RocksDB when they wanted to allow Apache Cassandra to use it), but they decided to introduce a “strong patent retaliation” clause, where they protect all of their patents by immediately revoking all current (hypothetical) or future patent grants of ALL SOFTWARE with that license (which also includes Jest, immutable.js, draft.js, Flow, Infer, etc.).
3. As I said in my second article, aside from Palantir, no other corporation has adopted Facebook’s “BSD-3 + strong patents retaliation clause” since 2014 (when it was first released) – based on my examination, which I linked to in my previous comment. Meanwhile, FB claims wide adoption of this license would decrease “meritless patent litigation”. If it were true, companies should be running towards this license model. So how do you explain that no one else (aside from Palantir) has adopted it, over the course of 3 years? Something doesn’t add up. I’m sure they will explain at some point.
4. You do seem to complain a lot about my style. But with regards to content, aside from you trying to lecture me in several areas where you make mistakes yourself, your main point seems to be that the scenarios I paint are conjecture. Well, yes. They are conjecture. You see: people need to imagine possible outcomes in order to take decisions and act accordingly. If it had already happened, it wouldn’t be a blog post, it would be news.
5. Yes, I am an ASF contributor. I use GNU, ASLv2, MIT, MPL, CDDL-licensed software, and that also makes me versed (not an expert, of course) in the licensing field. I am impartial to licenses as long as they work for me and the purpose of the software I'm building. Is there anything wrong with that? Please stop making camps in your head. There is no React vs. ASF conspiracy nor battle taking place. Everyone is entitled to have their own opinion, and to study the consequences from their own angles.
6. Large companies who have adopted React, like Amazon, Microsoft, Airbnb, etc. have enough manpower to migrate away if they need to file a patent infringement lawsuit against Facebook. For them, adopting React could be a good deal. Startups don’t tend to enjoy that amount of manpower; I have already answered this several times.
I could be wrong in many of my statements, I acknowledge that. But the truth is that the license creates legal provisions whereby the scenarios I envisioned would be possible, even if several conditions would have to align. Hence, what is left? Trust that FB won’t go after you? Goodwill statements from FB’s team? Sorry, mister, but those are worthless. Especially when there are legal terms mediating.
We could keep going on forever, but my time is finite so I’m going to close this discussion with you here. Good luck!
Edit 1: changed the order of some points for better flow.
Edit 2: minor changes in PS.
P.S.: BTW - you will find that OSS developers who are affiliated to some Foundation (Mozilla, Apache, Eclipse, etc.) tend to be versed in licensing, without needing to be lawyers. Everybody can understand the terms. You only have to be a lawyer if you're going to enforce them.
> Patent grants are good.
So you're not upset with Facebook providing a patent grant but with the terms of that patent grant, fair enough.
> Facebook could’ve done the same
The projects using this patent grant are almost 100% sponsored by Facebook. They're not tied to any particular ecosystem or using Facebook services. If Facebook makes the use of the relevant patents contingent on you not suing them, I'm having a hard time feeling upset about it.
Yes, this isn't as permissive as Apache2 but "you get to use all my stuff as long as you don't sue me for stealing your ideas" sounds fairly benign.
> If it were true, companies should be running towards this license model.
This is literally an argument from popularity. Despite all appearances, IT can be mindnumbingly slow to adopt new ideas, especially ones involving politics. Most people don't care about patents -- heck, as can be seen from 90% of the people commenting on React's patent grant, most people don't understand patents.
In the JS ecosystem MIT and BSD are among the most popular licenses. The reason they're popular is that they're short and don't contain much legalese. Does that make them good licenses? Hell no, but it makes them appear easy to understand and simple. Adding a patent grant to that makes it "not simple". It's also something you have to do intentionally.
But that's beside the point. Let's just assume Facebook is wrong and having this be the standard wouldn't bring about world peace and the death of patents or what have you. Let's go with that. How does your assessment that this is evil and bad follow from that?
> Well, yes. They are conjecture.
Thank you. Then stop wrapping them as quality advice to trick people into reading your opinion.
> Please stop making camps in your head. There is no React vs. ASF conspiracy nor battle taking place.
You tried to dismiss my opinion by portraying me as a React fanboy. I pointed out why that is bullshit and you're throwing bricks in a glass house. Now you're accusing me of being the one who tries to make this about camps?
> Startups don’t tend to enjoy that amount of manpower; I have already answered this several times.
Your entire point is that startups shouldn't use React because bigcos might acquire them. Now you're literally arguing that bigcos don't have to worry about migrating away from React. Doesn't that seem entirely contradictory?
Sure, you could argue that bigcos will still factor in this cost into acquisitions but if they already pay that cost for their own projects it can't be so prohibitive to result in bad deals. And how do you rationalise Microsoft actively encouraging outside developers to use React to build on their platform? Surely this would make any resulting acquisition unnecessarily costly.
> Hence, what is left? Trust that FB won’t go after you?
Are you worried Facebook will go after you? Are you worried Google will go after you? Are you worried Apple will go after you? Software patents are already a minefield. You're far more likely to be sued by a non-operating entity.
A patent lawsuit can easily kill almost any startup. You seem to be obsessing over how many nukes you're going to be hit with while operating at a scale where being caught in the blast radius of even a single one would end you.
Oh, wait, this is completely irrelevant. The patent grant does not terminate when you get sued. It doesn't even terminate if you countersue. The patent grant ONLY terminates if you proactively sue Facebook or sue (or countersue) any user of React over React (including Facebook). If Facebook sues you and you countersue Facebook over your smart fridge patent, you still get to use React.
> but my time is finite
So is mine. But protecting people from unsubstantiated FUD is worth it.
> you will find that OSS developers who are affiliated to some Foundation (Mozilla, Apache, Eclipse, etc.) tend to be versed in licensing, without needing to be lawyers
Good, as every developer should be. But if your mischaracterization of how the patent grant can terminate isn't based on a lack of comprehension or absentmindedness, what am I to read into that?
PS: I meant what I said. You should have written an article entirely about the issues you have with the BSD+Patents issue from an aspect of open source purity. Without the conjecture and clickbait angle to it. I would have read that, too. I would probably have disagreed with some of it even if I would have upvoted it. But at least it would have provided the grounds for an honest discussion.
The argument is valid to be had. There's no point to dressing it up as if it were about startups.
You're not an idiot. You know very well that your article won't convince startup developers to drop React, it will only influence non-technical people who are risk-averse and see your headline without understanding any of it.
Instead of playing this game and claiming you "don't want to start a flame war" after writing an obviously inflammatory article, please salvage those ideas you buried in it and write that article properly.
The PATENTS file is an additional patent grant. The BSD license contains no patent grant, it's just a copyright license.
You can even distribute React as part of an Apache2 project. The Apache2 patent grant explicitly only covers relevant patents the contributors hold.
Please reflect on how you are hurting everyone, not helping.
What's hurting people is self-proclaimed experts writing authoritative blog posts about what technologies people should chose and presenting it as if it were legal advice.
This entire drama is a 100% repeat of what pops up on almost a monthly basis because some random developer finds out about Facebook's open source patent grant and decides he has an opinion without even understanding the basic underlying concepts.
There are legitimate issues worth discussing, especially around the notion of open source purism (i.e. whether React should migrate to the Apache license to make it more compatible). But instead of having these discussions we get ridiculous unfounded opinion pieces by yet another "dude with an opinion" who didn't even bother validating his basic premises.
Regardless, spreading misinformation or at least doubtful information is only going to hurt a cause. Blindly lashing out at things you don't truly understand is foolish. Encouraging others to do so is dangerous.
There are several issues with the article itself, but I think one of the most damning actually comes from the updates/notes at the top. Namely, that the author is "neutral and unbiased". Nobody is completely without bias. Especially if you feel so strongly as to write an article.
Bad advice has consequences and bad legal advice often doubly so. The law is nuanced, convoluted and often unintuitive. People really are better off going to an expert!
This isn't highly relevant but it can be a probable cause for bias.
I've also been writing code since 1995 and participated in web standards discussions during the XForms days landing me in the HTML Acknowledgements: https://html.spec.whatwg.org/multipage/acknowledgements.html
I'm also a contributor to a number of Apache 2 licensed projects.
I don't have financial ties to Facebook. In fact I'm opposed to the idea of working at Facebook.
I'm not sure what conclusions you want to draw from any of this, but feel free to do so.
I'm just annoyed to see this clickbait article on the frontpage of HN after far more knowledgeable people have had far more insightful things to say on the issue.
Yes, I want to see React succeed because I think it's honestly a good tool and the maintainers are doing a great job. But the reason I'm so obviously angry about this particular discussion is that it's spreading Fear, Uncertainty and Doubt over what is a total non-issue for any project that doesn't have to adhere as religiously to a single open source license as the Apache Software Foundation does.
This discussion lends itself to people who don't even grasp the difference between a patent grant and a copyright license patting each other on the back for agreeing on how horrible Facebook is. I don't like Facebook either, but the only people who should tell you whether you should be using Facebook open source software are your legal department or your lawyer.
Deciding against React because you might at some point in the future have a patent you want to use to actively sue Facebook is like deciding against buying a pack of tissues because you might at some point in the future decide to set your house on fire. It's mostly irrelevant and at the point at which it becomes relevant your house is on fire.
Different developers and companies might use Open Source for different reason, included but not limited to: reduce Q&A, brand relevance, increase hiring power, strategic positioning, ideals that code should be _libre_, etc. Some companies and devs might even want several of those!
In this line, Facebook is a private corporation who I think we all agree their main reason for releasing React.js or any code at all doesn't seem to be purely idealistic. I would say strategic position (the best tool in the dev world, notably against Angular) and increasing their hiring power are really high within their reasons to release Open Source.
It is patently absurd to tell companies what to do and patronizing to tell developers what to do. Also, something that I don't see anyone arguing for/against is why so many big companies, even ones competing with Facebook, can use React.js freely and without worries? It's a point that anyone arguing against React is conveniently ignoring but I'd love to hear about.
It was quite clear from the discussion around the recent github issue asking them to consider relicensing that there are many parties internal to Facebook with a say in the decision, and it's unlikely they all agree on everything. The React developer's motives for releasing React as open source are probably more along the lines of "creating communities to build better software together", and there are obviously others within Facebook who are motivated by protecting Facebook from lawsuits. What we see on the outside is the resulting compromise. See Dan Abramov's comments in the issue, particularly  & 
So what do I do? I trust certain organisations and I don't trust others.
No-one in their right mind can trust Facebook. You might as well trust the Ocean.
a) build a small library that encourages modular code, has tons of escape hatches to use other libraries and has so few concepts it actually encourages learning the language and solving problems outside the library instead? Or
b) build a large monolith that comes with dozens of idiosyncratic concepts and its own way to solve every problem so you build your entire application inside of it?
If I was a patent troll, I would create Angular, not React.
I don't trust Google, I don't trust Facebook, I don't trust Tilde, I don't trust Evan You. But at least with React I'm not deeply invested in non-transferable knowledge and have easy migration paths if I ever need to move away from it.
Or any other part of your applications?
However, I can exercise judgement on the source. And my judgement on Facebook is that I never saw them do anything I liked.
Has anyone seriously explored forking React from the last Apache v2 version?
This whole shebang has nothing to do with React itself, or the "technology" that React uses or anything, but more about the way many FB's open source libraries are licensed, one of which is React.
The license specify that you are free to use React as you would use a BSD licensed software, provided that you never sue FB for a patent. That means, if you use React, and you happen to own a patent for something that FB utilises, you can't sue FB without losing your React license. So, your option is either suck it up and let FB use your patented thing for free, or rewrite your software to take React out of it, and then proceed with the lawsuit.
Correction: Without losing your license to use any patents on React. Which...
> As far as I can tell nothing about React is patented...
I agree. Which means the entire issue is a huge paper tiger; you lose your right to use something that doesn't seem to exist.
I'm neither a native English speaker nor a lawyer to really understand the wording in the legalese, or if it only cover software patent or patents in general, but I think that clause is pretty broad.
If you have a potential patent claim against Facebook (or any other large entity) you know that they will, as a matter of course, dig through their enormous stockpile of patents looking for some counter-claims to make the second you file. Given the size of that stockpile, they're probably going to end up with a sizeable stack, so you need to engage in some serious due diligence before filing to evaluate the strength of your claims and the strength of their likely claims.
All the React patent grant means is that, IF this happens, they can add any React-based patents to the pile, if any exist. I rather suspect that there are no React-based patents, but it doesn't really matter if they are, because statistically speaking, it's not going to materially change the size of the stack. (Not using React entirely also won't materially change the size of the stack; any hypothetical React patents probably apply to whatever hypothetical non-React tech you used instead.)
> it also discourage you from exercising any patent you have against Facebook
No, what discourages you from exercising a patent against Facebook is that they're Facebook, and they have vastly more money, lawyers, and patents than you do. The potential React patents are the least of your worries.
Only if something in React is patented. As I read it, only the patent license is revoked if you sue Facebook, so if nothing in React is patented then the patent license is superfluous anyway and you should have nothing to worry about.
The issue with the Apache license seems to be that the Apache license itself contains a similar patent license with a similar revocation clause (if you sue anyone, but only if you sue them over the Apache licensed software). I presume (not a lawyer) this means the licenses are incompatible, and Facebook's software can't be used in an Apache licensed product.
This seems to support your point. But it's pretty obscure legalese.
In other words: if you don't sue us, you don't need to care if we have a patent that covers some React mechanism. If you want to sue us, you should first check if we have any React-related patents we could use against you.
Also more importantly, the conditions don't apply to the BSD license. The patent grant is a separate patent license on top of the copyright license. The license the patent grant refers to is the patent grant itself.
Facebook re-licensing React doesn't create prior art, any more than an inventor manufacturing a new product using a patent they own would create prior art.
Apache v2 has an patent clause which explicitly waives the rights of the licensor over the patents they might have on the licensed code. So, presumably, it doesn't matter if the current project has a patent because it was once licensed under Apache v2, and the so those patents can't really be exercised. Unless, any new additions since changing the license are patented. Since you can say the only code you've used with the current license is the diff from since it was Apache licensed.
But all of this is moot since you can't even take the risk of getting sued over a case which cannot be thrown out, because you might be bankrupt by the time the case is over.
Also the current discussion isn't just about the current codebase. It is about using any of FB's projects using this license and problems over suing FB (and its affiliates) for any patent infringement. (Oculus comes to mind because it presumably has tons of important patents)
They want to see a world where software patents no longer exist. So they write a term into their licensing that makes it really difficult for people who do like software patents to use their stuff.
I think I will move my projects over to a similar license. The only thing I would change would be to broaden it to invalidate if your company sued anybody over any patent.
If everybody did that, maybe software patents would finally go away.
If you think patents shouldn't exist then why is the purpose of the license to protect a single company from patent lawsuits. Why isn't the license covering any patent lawsuits of any kind to any party like the ASL does? Why does the license only protect facebook? What if there are patents that apply to react that facebook doesn't own? Patent trolls can't sue facebook but they can still sue users of react and continue to use react.
>If everybody did that, maybe software patents would finally go away.
No because facebook can still sue you for other software patents for internal software they didn't release.
Facebook's patent grant is a halfassed solution. They are either outright malicious and merely acting in self interest or blatantly incompetent. But since they are unwilling to change the license and patent grant I'm betting on the former.
However, no other company other than Palantir has adopted this model. Not even in the Valley. The truth is that they are essentially alone.
Here's the follow-up article: https://medium.com/@raulk/list-of-companies-and-popular-proj...
There are, AFAIK, no known patents on React. This means you can go ahead and sue Facebook for patent violations to your heart's content. The license they granted to you to use any of their patents applied to React (of which there are none) is terminated, and you can merrily continue using React.
If this is incorrect, and Facebook actually do hold patents on React, then all of the popular alternatives almost certainly infringe on them as well. So, the worst-case scenario is no different.
Really? That's your argument? If there are no public patents today, does it mean there's none in the works?
What tells you there won't be a patent tomorrow?
Let me ask differently. Assuming you're a software engineer, do you pick your stack based on the status quo? Or do you pick a future-proof stack, based not only in its position today, but its projection tomorrow?
What CAN happen today is not as important as what COULD happen tomorrow, based on the legal provisions you're agreeing to by adopting React.
> If this is incorrect, and Facebook actually do hold patents on React, then all of the popular alternatives almost certainly infringe on them as well. So, the worst-case scenario is no different.
This is absolutely incorrect. It depends on the content of the patent. For example, if FB filed a patent for React Mobile, it would not affect Preact and Inferno, as these frameworks do not deal with mobile rendering.
Nothing. But that applies regardless of whether I use React, or I use any other piece of software that Facebook may or may not take a patent out on in the future. Except, in the former case, I at least had a license to begin with.
There is a small outside chance that Facebook might patent a particular thing that React does that no other view framework does. It's unlikely to be the case, since most frameworks accomplish the same things in the same way.
Should I tell that to my investors? That AFA matthewmacleod on HN knows, we are good?
> then all of the popular alternatives almost certainly infringe on them as well.
But the lawsuit would be against those alternatives directly and not my company? I'm not sure about this, but I'm not also sure why we should be taking advice about this issue from non-experts.
"Disclaimer: As with everything in law, I reserve the right to throw every word out like yesterday’s newspaper if presented with new information or a recent decision by a non-caffeinated judge. Hubris and the law make for bad bedfellows. If you have information or arguments that I didn’t consider, make them below! I will update this blog if any new information changes my opinion."
But the lawsuit would be against those alternatives directly and not my company
We are explicitly talking about a situation in which you lose the right to use patented technology in React because you sue Facebook for violating your patents. But if you don’t use React, you don’t have a license to use those patents at all in the first place. You’re in no worse position than you were.
Having said that your argument appears to have missed the point, since this has nothing to do with patents on React itself.
Can you explain this? It's precisely about that.
The worst thing that happens if you use React and subsequently sue Facebook is that you lose the license to any patents they hold on React. If there aren't any, then you literally lose nothing.
I thought it removed the grant for a broader range of FB patents, but I see now that isn't the case.
The fridge example was a case in point of how ridiculously low the odds of any company getting into patent litigation with Facebook are. To go to battle with FB you're gonna need millions and it's going to take years. That's not a light decision.
This seems like a reasonable argument, but it doesn't seem to have deterred several big name companies from using React. Airbnb, netflix, and dropbox for example.
Airbnb, Netflix, and Dropbox? I guarantee you all of those companies have lawyers that reviewed the license.
React, the library, is at its core a glorified templating system. It provides plenty of escape hatches that make migration as well as inclusion of foreign UI components and libraries a breeze. It's stupidly simple to migrate away from.
If you are a high valuation startup looking to get acquired for your technology (rather than acquihired) I find it extremely unlikely your valuation hinges on your frontend code. And even if it does I find it extremely unlikely your frontend is tied so closely to React you won't be able to spend, say, 1MM replacing React with Vue or what have you (maybe at the cost of a little pizzazz).
If your frontend is animation-heavy, that likely doesn't live in React land. If your frontend is mostly static, it should be trivial to replace React as well.
If your startup is valuable, being sued over some frontend library is probably the least of your concerns. If the company looking to acquire you has enough cash in the bank to sue Facebook, they have far more than enough cash in the bank to replace React.
Amazingly enough, this recommendation is also beneficial if it turns out there are patents covering Angular, Vue or Ember.
Now it seems that the same sort of people advancing the anti-patent argument are angry about FB's licence. This seems like pretty muddled thinking.
Now, it appears there are many people thinking they will at some point get filthy rich with their patents. And I've frequently seen the GPL being derided as some sort of communist plot.
It's good to see that at least the large companies are still on the side of openness, although I fear what will happen when today's commentators become tomorrow's CEOs. Imagine something like the nodejs ecosystem, except now you'll have to buy a $1000/year subscription to the "node modules starter edition".
"But don't you want to know what technology we built it with?"
I see most of this article as a dangerous way of thinking, but especially the above.
The mentality I get from this quote (especially combined with its context) is basically: I should only open source something I'm working on if I can build a community around it (that I control/influence/benefit from).
Open sourcing your software should be the default. If I make a tool or small library/function, I would more look for a reason NOT to open source it. When I can't think of one, I will open it up, regardless of whether or not there is a "chance of igniting a community".
Because if they're revoking patents that don't cover react then there should be no problem to continue using react right?
- I use React for my startup's dashboard
- I sue facebook for violating my startup's patent without removing my react dashboard first
Now, what patents can facebook use to counter sue me that they couldn't sue me with anyway had I not used react?
Facebook can't take away your rights to use React under the BSD license, no matter what you do.
This is not a behavior of free software.
The only thing that happens when you sue FB over patents is that your patent grant covering React is gone, reducing your license to a regular BSD license. If you use Angular, vue or whatnot open source products covered by licenses without patents grants, there is NO guarantee whatsoever that this piece of software is free from patents of Google, FB, Oracle your favorite patent troll from around the corner. Yet people seem more fine with using software which comes without any patent grants whatsoever, and declare that hell would come over us if the FB patent grant on the software would be revoked.
Btw, clauses that revoke patent grants when you sue a party are pretty regular and present in the Apache License v2 and the (L)GPLv3, no one is crying about it and says that those licenses are not open source anymore. The GPLv3 goes even further and invalidates your right to use the software at all if you start sueing people who created that software.
Gosh, I am so happy to live in the EU where we do not have to deal with this kind of BS and can just use the best technology that solves the problem.
While rescinding the patent grant does not remove your license to use the product, I've seen some lawyers argue that Facebook's license is weaker than a "regular BSD license". The argument goes that a "regular BSD license" has an implicit patent grant that is stronger than what the React license offers through its explicit patent grant. Thus, you are not reverting to a "regular BSD license", you are reverting to a "regular BSD license MINUS the implicit patent grant".
(IANAL so I have no particular understanding whether this is a good legal argument, but assuming it is, it seems like a strong counterpoint).
What do you mean by:
"Gosh, I am so happy to live in the EU where we do not have to deal with this kind of BS and can just use the best technology that solves the problem."
My only point was Free Software (in spirit) does not take away (patent)rights once they've been granted.
He goes from this:
> The instant you sue Facebook, your patent rights for React — and any other Facebook ‘open source’ technology you happen to use) — are automatically revoked.
> If you use React, you cannot go against Facebook for any patent they hold. Full period.
"Full period", really? Because the first does not imply the second. This is now how patent law works.
Now, I'm not a lawyer either, but broad assertions like these should tell you that there's emotion at work here, not reason. In his fourth update, he made a list of companies that add something about patents to their open source licenses, implying that somehow that that proves something.
So the thing that people confuse here is patents and copyrights. The BSD license grants you the right to use works copyrighted by Facebook people and contributors. The patents clause, further, promises that should Facebook hold any patents that cover the OSS, they won't use them against you, unless you sue them first.
There is the whole idea floating around the internet that a BSD license somehow ensures that nobody will sue you for patent infringement. I really don't understand where this comes from. Hell, Android is Apache Licensed (which includes a patent grant) and still anyone who makes an Android phone has to pay license fees to all kinds of patent trolls (Microsoft most notably). These things are totally separate.
So first, if you sue Facebook for patents, you lose their patent grant (so they can sue you back, which everybody always does anyway - it's the only defense companies have in patent wars). But you don't lose the BSD license or anything. That's not how it works. All you lose is Facebook's promise not to sue you because you use React.
Secondly, and this is the core point, patents don't cover code, they cover ideas. Any patents that Facebook might have that, right or wrong, cover React, will surely be written broad enough that they also cover Preact, Inferno, Vue.js probably, and I bet also Angular. Not using React but one of these other libraries therefore makes no difference - in both cases, Facebook can use their React-ish patents to sue you.
To my understanding, patent lawsuits rarely get to the nitty gritty details of actual patents in reality. It does not matter whether a Facebook patent written broadly actually covers Vue.js or not - in practice, more often than not, companies will compare the height of the patent stacks they have, and agree on a settlement based on that.
All this patent grant says is that Facebook gets to use their patents that cover OSS to make their stack of paper a bit higher. Like they would if they hadn't made a patent grant at all.
So, repeat after me: using open source does not shield you from patent infringment lawsuits.
LICENSE is a pretty common convention and you could argue I should seek out this file in every one of my dependencies' dependencies - but how would I know to look for PATENTS?
Are all statements in the code base legally binding? Could they be hidden in a source file somewhere?
The BSD license contains no patent grant. You'd be on very thin ice expecting a court to rule that the BSD copyright license also implies a patent grant. And in this specific case that defense would likely never hold because the PATENTS file even if it weren't binding would signal the intent.
Ignoring (wilfully or otherwise) the PATENTS file doesn't make you any better off.
In the Netherlands, somebody was recently fined for using an image she got from a "free photo's" website. It was a picture that was illegally published on that website, and the judge said she should've checked whether it was actually royalty free. The fine was even higher than expected because she also cropped the picture, which was another breach of copyright, apparently.
I personally find it unhelpful that the program never clarifies that it is a display of binding arbitration instead of a decision by a judge. I've seen the layman confuse the two quite a few times.
Also, while I agree that they don't have to follow the law, they usually do. In the end, the 'judgement' is still based on the law and legal precedent, like in an actual court case.
My React project has 1,015 dependencies (directories in node_modules). If I didn't have locked versions then every minor automatic update could bring in more dependencies without me knowing.
Can anyone honestly say they've done such due diligence?
That seems doubtful.
And that's a real and potentially serious problem, because IP laws typically don't contain any exemptions for code you're using that infringes someone's IP rights just because it was contributed by a third party.
That said, the amount of dependencies you have locally installed is likely to be a multitude of the number you'd get if you'd exclude devDependencies, which I'm guessing don't count.
Yes, I think there are problems with the license, and I'm not using React. But do I really think those problems will result in some scenario where you have an overnight show-stopper of your business because of it? Extremely unlikely.
Startups need to stop fearing the law and start understanding it.
I mean probably FB got patents.
Probably they have at least one that covers things React can do.
Almost every framework moved to components and virtual DOM.
So there is a big chance that any framework out there could infringe some of these React patents.
So their either can
revoke your React license when you sue them
Sue you over patent infringement if you don't use React
> revoke your React license when you sue them
Incorrect; all they can do is revoke your patent grant and then sue you for patent infringement. They can't "revoke your React license".
So the difference is, if you use React they can only sue you for patent infringement if you sue them first; if you use something else they can sue you no matter what...
...if they have a patent on React. Despite your breezy assertion, patents are public, people have looked, and none have been found.
And it doesn't matter that FB terminates the patent grant if you sue them, because there were no patents to start with?
If you have code, you're at risk of being sued over software patents. In the end if you do get sued it likely won't be Google or Facebook, it will be some patent troll you've never heard of that randomly extorts companies into bankruptcy and can't be countersued because they're a non-practicing entity (i.e. they don't have code).
Maybe Facebook has patents for React. Maybe Facebook has patents for other libraries. Maybe other companies have patents for React. You won't find out until it's too late, so stop worrying.
But consider this: Facebook do something disastrous, like leak a bunch of private or financial data and it affects you really badly. There's a class action against Facebook. Now you can't join it, because you don't wanna rewrite your app without React to ensure Facebook can't counter sue over a patent that may or may not exist on React.
They take free-to-use stuff (Disney is cheap ripoff of Hans Christian Anderson's fables), and create "magical" stuff that they protect with their arsenal of lawyers.
If Facebook is able to pull the wool over our eyes this time... OSS is gonna be in a bad place in the next century just like how Disney single-handedly lobbied to change public domain laws in America.
My understanding is, if I sue FB for some patents, they can sue me back with any patents they may hold on React. We do not know of any such patents they own. So practically I am no safer if I use preact/vue or even Angular, since they may own some patents that cover those tech.
tldr; Do not sue FB unless you have muscles.
Businesses should shun AGPL, period.
"We're also not very enthused about you building on Amazon - surprised you'd take a risk like that, it doesn't indicate much business sense."
"Sorry to say, but your business, due to the ReactJS decision, is worth $0."
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
As I understand it, Angular in general doesn't contain a patent grant at all. Believing that that is superior to a grant that is removed in certain circumstances requires some contentious legal argument that as far as I know has not been demonstrated to stand up in court.