Has Open Source Licensing Reached Its End of Life?

by Joe Honton

Recently, I finished working on a software project that I'm especially proud of. It took months of effort to complete, and the final result was something that perfectly fit my needs. It was a labor of love.

It's not important to reveal the purpose of the software here, or the technical details of its inner workings. Simply allow me to say that it's something that I will use right away, and that other programmers may find useful as well.

When the project was complete, there were a few important decisions that I needed to make. How do I share what I've created? How can I get fair compensation for my efforts? And how do I protect what I've created from unscrupulous profiteers?

I've been developing software for a long time, so I'm familiar with all the options. Still, I was ambivalent about my choices this time around: do I go the popular open-source route and hope for the goodwill of others, or do I go in the opposite direction and try to create some sort of copy-protection scheme with obfuscated code.

On the one hand, the software industry as a whole has reaped the benefits of open source. I don't need to recount all the success stories, or all the naysayers who eventually went on to become proselytizers of the open source creed.

But sadly, the benefactors of the open source movement haven't always been the original creators. The creativity and hard work of individual programmers is seldom rewarded in a pay it forward utopian world.

On the other hand, the closed-source approach to software isn't a panacea. It seems that dishonorable users will still try to get something for nothing. And it's a certainty that determined pirates will always find a way around any technical scheme we devise to safeguard our intellectual property.

For my just-completed project, I wanted to find a middle ground between open source and proprietary.

In the past, it's been a standard practice of mine to always place a copyright notice at the head of each source code file. I do this at the time it's created. Copyright is easy. In the United States there's no longer any requirement to submit work to the US Copyright Office for registration. Placing a copyright on my source code tells others that I am the one who created it. But unless I take it a step further, a notice by itself doesn't adequately inform others what they can do with it.

The standard approach for most developers is to add a small license file to the project package describing the terms and conditions governing its use. For me, that file usually contains the MIT license. For some developers, it may contain the GPL license.

For the project I just finished, the classic open source route wasn't going to work. I didn't want someone else to clone or fork my project, put a wrapper on it, and compete with me on the open market.

The MIT license clearly didn't fit because it says anyone may ". . . use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the software". In other words, I'm giving it away for free.

And the GPL license was a non-starter for me because it ". . . is intended to guarantee [the user's] freedom to share and change all versions of a program". (Somehow, after all these years, I still have a hard time swallowing that pill.)

So that led me to the various Creative Commons licensing options. The most restrictive one, CC-BY-NC-ND, was closest to what I needed. The "NC" section says that licensed users are not allowed to use the software commercially, so at least that part fit my needs. And the "ND" section says the licensed users are allowed to make modifications for their own use, ". . . but otherwise you have no rights to make Derivative Works," so that also seemed about right.

But unfortunately, as written, the CC license allows licensees to "incorporate the Work into one or more Collections" (which didn't fit my needs), and upon closer examination we see that the wording of the license is geared towards literary, artistic, and performing arts, making it a poor fit overall for any kind of software.

I'm curious to know what other software developers are doing about this. What considerations go into the decision-making process? What works and what doesn't?

Getting fair compensation for our individual efforts is part of the equation here. Yes, I'm aware that GPL licensing makes a distinction between “Free as in Speech” and “Free as in Beer”. Yes, I know that I can charge a fee for my efforts.

Unfortunately the marketplace that we've set up for ourselves does not support this. All of the package managers and dependency management tools that we've created for ourselves ignore the question of fair compensation.

No computer language has addressed this problem: not Java (Gradle and Maven), not PHP (Composer), not Python (pip), not JavaScript (NPM). And to add insult to injury the brand new GitHub Packages facility goes one step further: it may actually end up costing you to share your code if it's popular and if storage and transfer limits are exceeded.

Only the app world has a ready marketplace for our labor: iOS App Store, Google Play Store, Microsoft Store, and Amazon. It seems that money only enters the equation when it leaves the software developer's realm and touches the open marketplace.

Compare this to the other arts operating in the digital space: movies, music, podcasts, writing, and photography all have marketplaces to facilitate the commercial use of digital intellectual property, through royalties, subscriptions, and other types of licensing.

Lately I've begun to wonder if open-source licensing has failed to keep up with technology. The first version of GPL debuted in 1989, and was updated soon after in 1991. The most recent revision of GPL was in 2007. That was 14 years ago!

Consider the landscape of 2007 — Node.js and NPM didn't exist, while JavaScript was still at version 3; git version control software was only two years old and GitHub was just a feeble startup; Stack Overflow wouldn't arrive for another year.

The GPL was written with a world view based on compiled C++ and bytecode Java. Code sharing meant searching Yahoo! (yup, that was still a thing) for a suitable library that was hosted on SourceForge, downloading it, validating its checksum, scanning it for viruses, and hoping that it had a README file that said something intelligible.

Our ability to share code has come a long way in terms of packaging, publication, discovery, distribution, and use. It's time for our licensing and compensation model to be updated to reflect that.

I haven't figured out where to go from here, but it feels like something needs to change.

Has Open Source Licensing Reached Its End of Life?