[FEATURE] Please consider a copyright license that protects the users of this software. #145
Comments
|
Thank you for your detailed explanation! MIT license is one of the most widespread licenses currently, that's one of the reasons we picked it-simple but good. MIT license just sets basic rules to be followed by everyone, while GPL licenses, as I know, are way too strict, and have a lot more conditions. Basically, why I think the MIT license should be left: it allows anyone to modify (i.e. fork and maintain their version), use and redistribute the app. Ah and also, there is no organization existing, it's just another open source project with volunteers doing it. I understand what do you mean, but many open source projects, even quite big, including many payment processors, all use MIT license, and that's actually the first time I hear about this problem. |
It is by far the most used license if you count something as simple as packages software for a linux distro. So if you wonder who uses GPL, you just look at your local linux distro. Also things like the Linux kernel, OpenOffice, KDE, mysql, git and literally 10s of thousands of other large projects. The point is that GPL license protects the users and it protects contributors.
This is the case for all open source licenses (see OSI).
Ditto. That is the basis of all open source licenses.
A lot of people are not aware of the issues surrounding this, and the two examples where this went wrong are real and are painful to users. The simple point is that GPL is nearly the same as MIT (or any BSD like license) exept for the points where MIT can be used against you and your users. So GPL allows you to do all the things you described, as those properties are the basics of all open source projects. There would be no difference to you or your users in freedoms you have. The only difference is that should you go for GPL then users are not allowed to close source it or to put a different license on it which forbids you to take their improvements. The premise of this being a volunteer project makes it harder to sell to merchants. The ability for you to just close-source this is the part that really makes the risk very high. |
So that's what I want to avoid, restricting the projects using bitcartcc in choosing license or anything.
Well, one day it might become my full-time job, who knows (: The reason above is the only thing why I am against GPL. I will check GPL in-detail and think more But what if, for example, I want to change license. I heard this is a painful process and every contributor should agree on this? Or that's not so? Also there are lots of GPL flavours (GPL, AGPL, GPLv3, v2, etc.)-which one is better? |
|
Thank you for keeping this discussion open! As I wrote on Telegram the usage of MIT allows everyone to do anything. It is like you starting to work for a company with an agreement that they can do anything. Its nice, you get paid. Until it is not nice, they can fire you or make you do work you don't want to do. The GPL (and other copyleft licenses) are thus restricting what people can do with the code in order to protect you and your users. Sometimes this isn't worth it: the I'd change these to GPL:
The places where merchants would clone and modify the git repo is likely easy to keep MIT. Major features created by those merchants will then not be something you can ask them to share with you, at the tradeoff that people feel more secure that way. From a legal perspective there isn't much difference. Repos publishing docs, websites etc really don't need the GPL protection either.
I have to admit I didn't understand the bitccl repo, I'm not sure about the details. Maybe LGPL would be best. But I didn't look deeply enough into this one.
|
|
Thank you your ideas! |
I suggested a slightly different one the LGPL. The Library-GPL (or officially called the 'lesser'). https://en.wikipedia.org/wiki/GNU_Lesser_General_Public_License This one is a middle-ground between an MIT style license and the GPL. It allows people to use it in closed source software, it als allows people to sell that closed source software which uses your library. |
|
Ok, I see. And if I add a new component, it would also be MIT. But if I add a new library, it would be LGPL. But no new repo will be GPL, it'll be just for the main one. |
|
Also, about LGPL being in the middle between MIT and GPL, that you said it allows people to use it in closed source software and it also allows people to sell closed source software which uses the library-doesn't MIT also allow this? |
|
I was also suggested to take a look at this license: https://github.com/tdlib/td/blob/master/LICENSE_1_0.txt |
This is a copyright law requirement. This is similar between any license you pick. Check wikipedia. What you want to do is update the year whenever you change the file.
What I wrote was about how the LGPL is different from the GPL, indeed in ways that makes it closer to MIT license.
That is up to you. I personally say that GPL is fine as it protects the merchants and I think that is the benefit adopting the GPL brings to your project: better protection for your users.
This is what the FSF writes about it:
The protection you get for yourself and your users is generally speaking called copyleft, a smart name as it turns copyright (which protects only the author) on its head and instead protects the users. This is not a copyleft license, but you can copy code published under that license into GPL applications. The boost license has various of question marks in table on the license-comparison chart on wikipedia. That doesn't sound good to me. |
|
So if I change the license I should use current year? Or leave the copyright year as is? Also about GPL itself, I heard it requires a COPYING file. May I put the GPL license text in LICENSE file? Also the license doesn't contain the copyright notice. I don't want to add copyright comments to every file, so could I just create NOTICE file and put it in there? |
You don't change copyright years, copyright is the basis for all licenses (even closed ones) and changing license has no effect on things like the year. I have things like "2016-2020".
Oh, I'm sorry, that was not what I wanted to say at all. The LGPL allows users to do more things with the project than GPL.
Yes, that is suggested. This makes github auto-detect your license. Browse around github for plenty of examples.
Absolutely! Just please make sure that people that contribute a non-trivial amount of code add their email address there to make clear they also have a copyright claim. |
|
Ok, I see. Will probably use a time interval like 2019-2020 and update once a year (: About encouraging contributors-check our readme, we have a list of every contrubutor there And about LGPL in the libraries, should it be like a LICENSE file, and a LICENSE.lesser file for LGPL? As it requires both license texts to be there. |
|
sounds great. The law says that every non-trivial content any person writes is their copyright. It would be useful to register that, especially if you don't assume that the git history is going to be there always.
You can have multiple license files in a single repo, if you have multiple licenses in that repo. But if you have multiple licenses, you need to have the specific license stated in each file. Which repo needs two licenses? I thought each repo would have only one license. |
|
Ok then, then I'll not change the copyright line. But contributors are already listed there: |
|
I have created a poll in our official group. |
Ah, right, yeah, thats a bit weird. But there are nice instructions. I always look at the FSF as they originally wrote the thing. They write:
I saw the polls, awesome! |
Yes, that's what I was talking about. Could I name the files LICENSE (with gpl text in it) and LICENSE.lesser (with lgpl text in it), or is it not widespread? |
|
Done. Thank you for your suggestion and help. Looking forward to seeing more feature requests from you in the future (: |
|
@zander Hello! Sorry for bringing up an old issue. When moving the SDK to the LGPL license I exactly wanted this not to happen, to not restrict users in any way. |
|
There is unfortunately a lot of push by companies like Microsoft and others to create conusion around open licenses. I wrote a comment on the most recent thread explaining that their basic assumption of LGPL being incompatible is simply wrong. General rule; anyone not altering your sources can use your LGPL stuff. If they say otherwise they are 99.9% likely wrong. |
|
I have read it, thank you for clarification. Then it is probably fine unless some issue occurs in the future. For now we can just focus on new updates just like the today's one (: |
|
The Apache Software Foundation policy doesn't allow a project to have GPL code or a GPL dependancy, so by changing this license to GPL would stop any ASF project from being able to use this code. For more details see: More permissive licenses like BSD and MIT are compatible with the Apache license. |
|
Hello @justinmclean! Just wondering: is Apache Software Foundation considering the use of BitcartCC in one of its' projects, or did you find this issue by some automated tools? Could you please clarify what's the main issue with GPL license? I mean you can re-use the software in any way possible, but from my understanding GPL license protects the original (this) software from a case when some company takes it's code, then sells this as a different project (with same code) without opensourcing it, which is bad for the project & OSS community. Also don't get me wrong, I just don't like licensing at all. I want is to be protected by that license and not limit the users in any way, and just focus on improving the project itself. Why can't I just say that? :D |
|
There's no ASF projects that I'm aware of that use BitcartCC, but there's lot of projects and I'm not familiar with them all. I found this as it was linked to a similar issue that did involve an ASF project because of the chardet license issues. The main issue is that the GPL license in not compatible with the Apache license as it places more restrictions on the software than the Apache license does. The Apache license is compatible with the GPL3 license, so for instance this project would use Apache licensed code, but the reverse is not true, and an Apache licensed project can't use GPL(v3) licensed code. It looks like your community has agreed that the GPL license is best for them (and that's great), but just be aware that the license has more restrictions over a more permissive license like MIT or the Apache license. Depending on your point of view that may be a good thing, but it does mean that some projects won't be able to use your software. |
This is a fair observation, though the wording is a bit biased. Is it really a "restriction" that the author and copyright holder grants themselves more protections against known attacks? I think you are on the wrong side of history here, arguing that others are not willing to give you stuff for free and THEY are somehow wrong. You are, in actual fact, completly free to use this software and the millions of pieces of software out there released under the GPL range of software. You writing here is not shining a good light on you after you got the explanation how GPL is protecting authors better.
This is not true, everyone can choose to use Free/Libre Software, provided they are honest and follow the values of FOSS. So companies that have no intention of giving back are out of lock. This is about creating a lasting community, not about enrichiching leaches. If this confuses you, please read the issue history as it expains the checks and balances many believe are needed in open source. |
|
I'm not confused, its ASF policy to not allow a dependancy or code with the GPL license in one of it's projects. I should know as I have reviewed 100's of ASF releases and I'm a long time volunteer at the ASF including helping out with license issues. The GPL license is a great open source license, and if it works for this community that is also great. I certianlly don't want to cause offence or get into an argument on which open source license is "better". I'm just pointing out that some people or projects can't use software under a GPL license, as it's not compatible with some other open source licenses. |
Fixed that for you. There are a lot more companies out there writing software today compared to 20 - 30 years ago. And this is great, and for them a BSD style license is wonderful. And it benefits the open source community as a whole. It should, however, not be any surprise that volunteer projects doing open source may prefer a license that disqualifies those companies that demand a license like the Apache one from benefitting from the work of these volunteer developers in a way that hurts those volunteers. So you are missing the point by digging in and saying that some people can't use it. They can, it is their choice. Probably not under your foundation, but that is not a discussion that belongs here. |
|
I assume you're aware the ASF is 20 year old non profit charity for the public good run entirely by volunteers? Is the Apache License compatible with the GPL license? Sure you can freely mix the code that's released under these two licenses. The resulting software, however, must be released under GPL license not the Apache one. So if an Apache license project wanted to use GPL licensed code it would need to relicense itself as GPL and would no linger be an Apache licensed project. A guess that's a choice of sorts. Anyway you don't have to take my word for it, here's a good summary on the topic https://www.gnu.org/licenses/license-compatibility.en.html |
|
Hi @justinmclean! Sorry for raising such an old issue, I just wanted your thought about some license. I am currently re-educating myself on the licensing topic (amazing book by Heather Meeker), and now I understand why the ASF for example disallows GPL licenses in the code, and I would probably do the same. Now I know how exactly GPL is limiting our users (: By the way, what's the main difference between MIT and Apache 2.0? Apache 2.0 includes more protection of patents rights? |
|
What you choose a license is really going to depend on your community values or business model or objectives. In general, the ASF doesn't mind if people don't contribute back, and the Apache 2.0 license allows that. The ASF is a charity for a public good so you can see why that approach may work for them but it may not suit some other businesses. Licenses like the Business Source License are not compatible with the Apache 2.0 license so cannot be used in an Apache project. (See https://www.apache.org/legal/resolved.html#category-x.). As you say the OSI doesn't recognise the Business Source License as an open source license and IMO would be unlikely to approve it. One of the issues with a license like that is that 2 to 3 year old software may include multiple known security issues. Re MIT and Apache 2.0 they are both permissive licenses but yes Apache 2.0 includes more protection of patents rights is the main difference. TLDR = Use what license works for you. |
and others
Your project is labeled to use the MIT license, which is an open source license but it has the strict allowance that code under this license can be re-released by anyone later as closed source.
The direct effect is that while todays release is open source, there is no way to know that next month your organization does not decide to relicense to a closed source version. We just have your promise to not do that.
This is a huge risk to merchants. Merchants that would use this product want to receive updates, may want to pay someone to build features and generally want to make sure that they don't lock themselves into a dead-end project.
Maybe also relevant for your own motivation is that any competitor can come and fork your project and compete against you with a closed source project using your own code as a basis.
Describe the solution you'd like
Please consider relicensing your project to use a so called "copyleft" license which disallows you or anyone else from using this code against the userbase. I personally prefer GPLv3 for this.
Additional context
In Bitcoin Cash we had several cases where companies did follow the route I explained, which cost the community a lot.
The first is that the company nchain has relicensed their fork of one full node to no longer be open source. Code that goes in there can not be copied by others, they had some rule about the code being limited to their chain only.
The second is that the Bitcoin,com wallet was forked from another and after a year of development and getting a lot of people using their product, they stopped posting sources. They effectively made it closed source.
Neither of these actions is possible with any of the GPL licenses. Please consider protecting your users by adopting a GPL license.
The text was updated successfully, but these errors were encountered: