What Open Source license should you use?

is CJ. What's up, CJ? Hello. Not much. Doing good.

Definitely.

Definitely.

Yeah. And and I I've seen that misconception a lot in that people hear open source, and they think, oh, just that means it's free. Like, especially working with, like, nontechnical people, they're like, oh, it's open source. Must mean it's just free. It's free software. But Yeah. I'm gonna read you and and the listeners the definition from Wikipedia and then kind of, like, dive into what it's talking about there. So on Wikipedia, it says open source software or OSS is computer software that is released under a license in which the copyright holder grants the users the right to use, study, change, and distribute the software and its source code to anyone and for any purpose.

And so the key point here is that the software has a specific license applied to it, and that license is an open source license. The common thing that you'll you'll hear people talk about is, open source is, like, free as in free speech, not free as in free beer. Not like you're getting something for free, but you're you're getting, like, the the ideas are free in in in a way. I don't know if that's the, like, the best analogy. Hey, though. That's good. I I I think that makes sense. Everybody likes a a free beer, but that's not what this is. Right? No. Yeah. And I think another disclaimer before we talk about all this stuff, we are not lawyers. Like, this deals with copyright law, and, this isn't legal advice. So if you're worrying about this stuff for, like, a company or your project, you should definitely seek legitimate legal advice. We're just gonna tell you what we know as as developers. So Yeah. Yeah. Totally. And and definitely, it could be seen as

Yeah. And, so with that idea, this idea of source available is not necessarily open source. So, like, you can you can go on GitHub and you can see millions and millions of projects and actually look at their source code. On a surface, like, that is source available.

But specifically looking at the license itself is gonna tell us what we can actually do with that source code. A really good website to learn about this stuff is choosealicense.com.

And they have a breakdown of, if you're deciding to choose an open source license for your project, what do you care about? And they talk about that and tell you which licenses you should choose. But at the bottom of the site, they have this section that talks about what happens if you don't choose a license. And so if you ever come across a GitHub repo that doesn't have a license applied to it, technically, and Wes guess according to US copyright law, if there is no license applied to it, it actually is under an exclusive copyright by default. So the the website choosealicense.com talks about the the scenario where you come across code that doesn't have a license on it. And if you're a user and you come across this repo, it actually means that you technically don't have permission from the creators to use that software, modify it, or share it. Lack of permission is not permission is what you're saying. Exactly. Okay. Yeah. And and and it does get a little more technical because there is a terms of service on the GitHub website, and they do have things they do say things like, well, if you're putting your code here, then you're allowing people to fork it. So it gets a little more complex than that, but all of this to say,

is available. Right? That is under the original license. Yeah. That's my understanding as well. So that's why I think it's a great point that if you plan on building a business with your software, like, if you wanna try to make some money from it, that's definitely when you need to start to think about the different types of licenses and potentially not even I mean, I guess it depends on your business and what you're trying to do, but you might not even publish it to GitHub until you're really ready and until you've really, like, added a license on it and that kind of thing. Yep. And and one of these licenses that we'll get into a little bit down the line is something that Century uses because they're a business. They run on open source software, but you can't just steal Century's code base. So we'll we'll talk all about what that means. Definitely. And, with that in mind so earlier in the episode, Scott mentioned open dot century. Io. It actually is a great entry into learning about open source as well because they talk about how Sentry, a very successful and awesome, product in business, how they can be open source and still be profitable. And so they talk about the licenses that they use. And, specifically, there's a section on benefits. So I think I'll just talk about really quick some of the things that I like about open source and and some of the reasons why I apply the MIT license to all of my my code repos. So aside from syntax, I also have a channel called Coding Garden. And every single project I've ever created for CodingGarden, every example code, everything I have released under the MIT license. And so we'll talk about types of licenses next, but the MIT license is a very open license. And this is one of one of the benefits listed on this Sanity site about open source is, for educational purposes. And so the reason I liked to release my software under an open source license is I I want to educate people. I wanna show examples. I want people to be inspired by the things that I've done. And so for me, that's that's a really big benefit is being able to teach through source code. And so that's one benefit of of open source as well. Yeah. Totally. Yeah. Another one that, I guess well, it Sanity can be a double edged sword, but this idea of being more secure. So lately, you've probably seen in the news a lot of stuff about software vulnerabilities and exploits and things going wrong, that, basically put businesses and people at risk.

But with software that is open source, it can have a lot of different eyes on it. And so with a lot of different eyes on it, you have, potentially, very smart people, very technical people that can go in and audit that source code and find bugs or find vulnerabilities and and fix them. And so this is one of the things that that Century benefits from as well is the source is open, so anybody can go in and look. And if they find a bug, Century also has a a bug bounty program. So, if you're out there and you're looking at the source and you actually find something that could could have caused a vulnerable vulnerability issue or or something like that, Century will actually pay you for that. And so that's another really cool thing about open source is that it creates more secure code. I don't know, Scott, if you've looked at this page, Open dot century. Io, are are there any of the benefits that kind of, like, you identify with in your code? Yeah. I I mean, I think a lot of the ones that you've already talked about, you know, given the fact that I I've done so much

Definitely. And I think for people that are wanting to get into open source for whatever reason, like wanting to become an open source contributor, that's typically where it starts JS you're using some piece of software, and then you come across a bug or a feature that you would like, and you just work on it. So I did this when I was using and learning about Coolify.

So there were some, like, bugs in the UI that I came across, and I was like, might as well I mean, I'm using it. Might as well try and fix it. So that got me to pull the repo down, make a PR. And I think I had, like, 4 different PRs that got merged into COOLIFY just because I was using it, and I found some some ways to improve it. Yeah. That was that was pretty neat of you, by the way.

Yeah. Of course.

Yeah. And the first Node and and probably most popular is the MIT license, and it's very simple and and readable. And, honestly, I'm just gonna read the first first clause in it because you've probably seen this before. So it says, permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files to deal in the software without restriction, including without limitation, the rights to use, copy, modify, merge, publish, distribute, sublicense, and or sell copies of the software, and to permit persons to whom the software is, furnished to do so is subject to the following conditions. But, basically, when you put this license on your software, you are saying, anyone is allowed to take my source code and do anything they want with it. They could take that source code and then close source it. They could make it so that Yep. Any changes they make, no one gets to see. They could take that open source repo and literally just start a business off of it. Like, they could create commercial software. They don't even have to modify the source code. They could literally take that repo, decide to host it somewhere, and start making money off of it. With that also is the, like, the last clause here that basically prevents the creator of the software from being liable for anything. So let's say you had some software that you didn't, put the MIT license on, but maybe, you did allow people to use your source code. If they started a business with that software and then something went wrong, maybe somebody got hurt or maybe it lost them money or something like that, If you didn't have this little clause here on the MIT license that says, like, I have no liability for what you do with my software, then you potentially would be liable. You could get into some some legal trouble there. So that's another reason you would apply this license to your software is because if somebody decides to go use it in maybe a way you didn't intend or something goes wrong, this license basically says that you're not liable for for what happened there. Yeah. And, the the MIT license is fairly straightforward. It's, like, just 3 tiny little paragraphs, and it's permissive in that way. It says, do whatever you want, but if something goes wrong, I'm not liable. Yeah. I think there is a common misconception that,

Definitely. And another one that falls under permissive is the Apache license.

And a lot of companies like the Apache license more because it basically has more it's it's a bit longer and more verbose than the MIT license, and it has more wording around liability and trademark use. And so if you look at the Apache license two point o, it's a little bit longer, still very readable. Yeah. But, one of the reasons people might choose this instead JS they still want their software to be open to people, but they wanna make sure they have certain

Yeah. So it's the opposite of copyright.

And I actually don't know if copy left is is is a I don't know if it's a dig on on the licenses themselves.

But the the whole I so the idea with copyright is you're locking down restrictions and profiting what people can do with your stuff. Copyleft is you're trying to open it up. Mhmm. And, one of the the main licenses here is the the GNU GPL, the GNU public public license. And, one of the things about it is it says so if you apply this license to your software, it says if someone makes modification to your software, they must release it under this exact same license. So, it it technically can be used for commercial use.

But if a company decides to use this software to to start a company, any changes they make, they also have to release into the public. They can't keep those those closed source. And so one of the main benefits here is it makes sure that any changes that are made, any improvements or whatever Vercel, have to be rereleased into the world. And there are successful businesses that have, been established that, like, even use this license, but it does prevent some big corporation from coming along and basically just saying, oh, we're gonna reuse this and then not share any of the modifications or changes that we make. Yeah. But you do have to be careful with these licenses because of that very reason. So I I worked at a large enterprise and every single dependency that we decided to use, our legal team had to look at the license. And because we were a company that had intellectual property and wanted to make sure we could profit off of any changes that we make, any library that was under this license, we were not allowed to use. Basically, we we couldn't touch it because by simply even using one of these libraries in our in our own project, there's potential that we would have to relicense our entire proprietary source code. So that's something to look out for. When I worked at Ford,

And, the the interesting thing there is, though I mean, I I guess I don't have the exact wording here. And, again, I'm not a lawyer, so, like, don't take me on this. Go read all the licenses yourself. But is there is this idea of, like, linking software as well. And so linking in the world of JavaScript is literally like just doing an import for a library. You're technically linking to that source code. In other languages and and run times, you might be linking to, like, a compiled code or something like that. But I do believe there JS a clause in GPL that that is if you link, that's the same thing as, like, using the software itself. Again, I may not may may not be completely right on that, but that is something you have to look out for and, why there are other types of licenses that exist that are copy ESLint, but also somewhat permissive. And so, this this leads ESLint, one of the licenses I found, which is called the Mozilla public license. So it's by by the Mozilla Foundation.

And it is very much inspired by the Gnu GPO, but it says you can link to it without applying this license to your own software. And so for I I believe, like, the Firefox web browser is under the MPL license. And so if for whatever reason you wanted to use the Firefox code Bos but then create some sort of, like, closed source commercial software, you wouldn't then have to go put the the GPL in it. It could be a a a secondary license.

Yeah. Those are the the main licenses that you're gonna come across, especially, like, if you're at a smaller company or just, like, working on your own hobby projects. You basically have permissive, meaning you just wanna limit your liability but let anybody do anything, or copy left. I will say the the other term that was used when I was working in enterprise, I think it's also, like, not a positive term, but it was called a viral license.

Because, like, with the the Gnu GPL, it's viral in that any software that uses this will will try to spread that license to it. So, yeah, those are the 2 types, super permissive or, super open in in in sharing. And then you have things in the middle as well. Yeah. But that kind of leads us into business licenses. So, I know, that Century has created their license. Can you can you talk a bit about that, Scott? Like, why would why would a company want a different license than the ones we've talked about? What's what's involved there? Yeah. So the the this new Sanity license is called the FSL,

Yeah.

And, I think one of the key points there is that after 2 years, it becomes permissive open source. And so the whole idea here is it basically forces pnpm any software that applies this license to innovate. Right? So Right. Basically and so like Scott was talking about earlier, you if you license a piece of software and then you try to change the license, the license that was applied to the software at any given point in time applies to all the software before it. Right? And then the, like, the new license that you applied only applies to the to the changes. So what we're saying here is that after 2 years have elapsed, that old source code, basically, the commit from 2 years ago, technically, is now open source under Apache 2.0 or MIT, and you technically could start a business using that older version of the software. But that now forces Sanity and, and the company based on the software to innovate and make sure that in the past few years, we have added new features and and new things that people would wanna use that basically give us a a business advantage and and would make sense for us to keep running this this as a business. So it's it's a pretty interesting concept there, and and I believe the so this is getting into territory I don't know as much about, but I believe the the business source license or the BUSO, it has a similar clause. The Bussel.

I think its clause is, like, something like 4 years or maybe there's another license that's similar to this, but they they say 4 years. But I think one of the one of the reasons that the functional software license was created was to kind of, like, shorten that timeline

And that was, like, the one of the reasons they did it is because people were basically profiting off of their software. Like Totally. People had, services where you could pay them to host your your Redis database. And Redis basically wanted to make sure that they could profit off of that. Now, I mean, you could get into the ethics and business of, like, should they be doing this? But as a business trying to make money, that's one thing they wanted to do is if you're a business that's gonna be hosting Redis software, you should and you're gonna be charging your users, they want you to potentially pay a licensing fee back to Redis because you are technically using using their software. So that's why they they started doing this. They still do use some open licenses. One of the ones I came across was the server side public license, which actually originated at MongoDB.

But I believe this is like a forked version of the GPL. So the we we talked about the Gnu GPL earlier. It's like a forked version of that that has a few differences. And so one of the major reasons that the SS, LPL, the Vercel side SSPL, the Vercel side public license was created, was to kind of, like, close some gaps in the the GNU GPL license. And so under the Gnu GPL, I have a Stack Exchange, answer pulled up here.

But, it's legal to create a proprietary program b that uses a GPL license program over a local network.

So, basically, if it's using the program over a network, so like a MongoDB or like a Redis, technically, it was legal to to do that and keep it proprietary even with the GNU public license. Interesting. Another thing in GNU public license is, it's legal that program b provides a service to an end user over the network. And so this gets into one of the main reasons Redis adopt this adopted this is anyone, wanting to host Redis would, be able to do that without having to pay any licensing fees or anything like that. And then the last Node here is it's legal to modify program a without sharing changes since a is connected to, the network and the end user is provided with the service under a different network. So, like, there's some weird wording in there that basically makes it so that, you could create proprietary versions in in certain scenarios. And so the SSPL basically closes up those gaps and makes it so that any any changes or anything else completely have to be

If you've got your own server set up somewhere, it's pretty trivial to spin up a Redisense since. Definitely.

And, so yeah. Those are the types of licenses. I think one of the last things we'll we'll talk about here is choosing license and then also, like, acknowledging licenses.

So if you use software that is under the MIT license, technically, the MIT license states that you have to include this license in your own software whenever you rerelease it. Yeah. So it says the above copyright notice and this permission notice shall be included in all copies or substantial portions of the software. And so you may be wondering, alright. I'm using a library that's MIT. What does that mean? A really good example of this is Discord. So if you go to discord.com/licenses, they have every single dependency listed here that they use, like, in the Discord mobile app or the Discord desktop app and the associated licenses. So things like Babble are listed here.

Yeah. There's just a whole bunch of, like, Babble dependencies, and they literally have the MIT license from Sebastian McKenzie listed on this page here. And then, yeah, there's some other Babble licenses.

And then we get into, like, AWS libraries and stuff like that. These are under the Apache license, and so you see that listed here. And so this is like a really good example in the wild of you have some software that people are using, but you should according to those licenses, you should have a page that lists the soft the dependencies that you use and and the licenses that are applied to them.

Yep. And then once you've chosen a license, you need to add it to your app. And, one of the things that I really like to use for this is a package called license. It's on npm. You can do an npm install dash g. And then in any directory, you just say license space and then the name of the license. Mhmm. And it will generate that license file in that directory and, like, put your your name on it. So I use this for all my projects.

Like Scott mentioned earlier, when you're creating a new repo on GitHub, you can technically just choose MIT, and it'll generate that for you. And then the other thing is if you're in the world of Node. Js and and JavaScript, your package dot JSON has a license field there, and so you would you would wanna list the name of the license that you're using there as well.

That's all I got. Thanks for watching, everyone. Pnpm. Peace.