Open source protocols identify and avoid potential risks, did you know?

2024.03.28

In today's software development industry, every developer has come into contact with open source projects, so have you noticed the existence of open source agreements, and do you understand these agreements and their accompanying terms and usage restrictions? The answer is not always. However, as open source software becomes more widely used in various industries, it becomes increasingly important to understand and comply with open source protocols. This article will introduce the 10 major open source protocols in detail to help developers better use these protocols to practice and customize their own open source policies and management specifications.

First of all, open source agreements are an important part of open source software. They stipulate the rules and conditions for using open source software. These agreements include not only license terms for using the software, but also rules for contributing code and ways to resolve disputes. Knowing and understanding open source protocols can help developers better take advantage of the benefits of open source software while avoiding potential risks and problems.

Secondly, there are many types of open source agreements. Some of the most common open source licenses include: Apache License 2.0, BSD License, GPLv2, LGPLv2.1, MPLv2, MIT License, etc. Each of these agreements has its own unique terms and conditions, and developers need to choose the most appropriate agreement based on the needs and goals of the project.

By looking at the open source protocols that can be selected on GitHub, we focus on 10 common open source protocols.

If you don’t have time to read the following content, you can first understand the overall comparison chart. The picture comes from the Internet.

1.GPL(GNU General Public License):

  • Official name:  GNU General Public License (GPL)
  • Type:  Strong version, strong derivatives authorization
  • Main features:  Users who use, modify and distribute software must open the code under corresponding conditions and retain corresponding copyright information.
  • Scope of authorization:  Allows free use, modification and distribution of software, including commercial use.
  • Copyright Requirements:  The copyright notice and license notice of the original software must be retained.
  • Limitation of Liability:  Sets forth the liability and obligations arising from the use and distribution of the software.
  • Derivatives licensing:  Requires derivatives built on the original software code to follow the same open source license.
  • Scope of application:  Widely applicable to various software projects, suitable for protecting the freedom of open source software.
  • Well-known projects:  Linux kernel, GCC compiler, etc.
  • Advantages and Disadvantages:  The advantage is to protect the freedom of the software, but some companies may think that its derivative license is too strict.

GPL is a well-known open source agreement that emphasizes the protection of software freedom and the sharing of open source code. According to the GPL, any individual or organization that uses, modifies and distributes software must comply with the agreement and make its derivatives open source in the form of GPL. This means that users of GPL-licensed software are free to view, modify, and distribute the source code, and even use it for commercial purposes.

The GPL requires that the copyright notice and license notice of the original software be retained when using and distributing the software to ensure the integrity of the author and license of the open source code. In addition, the GPL also stipulates the responsibilities and obligations in the use and distribution of software.

Well-known projects such as the Linux kernel and the GCC compiler have adopted the GPL license. The success of these projects proves the broad applicability and feasibility of the GPL.

However, it is worth noting that for some commercial companies, the GPL's derivative product licensing may be too strict because it requires derivative products to use the same open source license. Therefore, when choosing to use a GPL license, you need to carefully consider its impact on business models and derivative products.

2.MIT

  • Official name:  MIT License
  • Type:  Loose, weakly binding authorization
  • Main features:  Allows free use, modification and distribution of software without requiring the same license for derivative products.
  • Scope of License:  Allows freedom to use, modify and distribute the software in almost all circumstances, including commercial use, without paying a license fee.
  • Copyright Requirement:  Require that the original copyright notice be retained on all copies or substantial portions of the software.
  • Limitation of Liability:  There are no specific limitations of liability and no express warranties provided with respect to the use and distribution of the software.
  • Derivative License:  Allows the license to be changed in derivatives and used with closed source software.
  • Applicable fields:  Suitable for almost all types of software projects, especially projects that require maximum freedom of use and distribution.
  • Well-known projects:  Node.js, jQuery, etc.
  • Advantages and Disadvantages:  The advantage is that it is simple, flexible, and has a wide range of applications; the disadvantage is that it may cause the code to be used as a closed source, and the improved source code cannot be obtained.

The MIT license is a very flexible open source license that allows the free use, modification and distribution of the software, including commercial use, without paying license fees. Unlike many other open source licenses, the MIT License does not require derivatives to use the same license, nor does it limit liability and responsibility for the use and distribution of the software.

Under the MIT license, users must include the original copyright notice in all copies or significant portions of the software. However, the MIT License does not specify the responsibilities and obligations during the use and distribution of the software, nor does it provide an explicit warranty.

The MIT license is suitable for almost all types of software projects, but is especially suitable for projects that require maximum freedom of use and distribution. Well-known projects such as Node.js and jQuery adopt the MIT license.

However, some disadvantages of the MIT license are that since it allows derivatives to be used in closed source software and does not mandate disclosure of the source code, it may result in the code being used in closed source without access to improved source code.

3.Apache License:

  • Official name:  Apache License
  • Type:  Loose, medium-binding authorization
  • Main features:  Allows free use, modification and distribution of software, while requiring the same license for derivative products.
  • Scope of License:  Allows freedom to use, modify and distribute the software in almost all circumstances, including commercial use, without paying a license fee. Require the same license for derivatives.
  • Copyright Requirements:  Require that the original copyright notice, along with an express statement of any modifications, be retained on all copies or substantial portions of the software.
  • Limitation of Liability:  There are no specific limitations of liability with respect to the use and distribution of the Software, but express warranties are provided, and any other warranties, express or implied, are expressly disclaimed.
  • Derivative licensing:  Requires the same license for derivative products, but allows inclusion of components from other licenses in derivative products.
  • Applicable fields:  Suitable for many types of software projects, especially projects that need to be freely used and distributed while maintaining code compatibility.
  • Well-known projects:  Hadoop, Lucene, Kafka, etc.
  • Pros and cons:  The Apache License is flexible and interoperable, making it suitable for a variety of open source projects, but requiring the same license for derivatives may limit its scalability.

The Apache License is a widely used open source license that allows free use, modification and distribution of software, including commercial use. Unlike some other common open source licenses, the Apache License requires the same license in any derivative products to ensure code compatibility and interoperability. In addition, this license also permits the inclusion of components from other licenses in derivative products.

Under the Apache License, users must include the original copyright notice and an express description of any modifications in all copies or significant portions of the software. This license provides express warranties and expressly disclaims any other warranties, express or implied. At the same time, the license does not specify the responsibilities and obligations during the use and distribution of the software.

The Apache License is suitable for many types of software projects, and is especially suitable for projects that require free use and distribution while maintaining code compatibility. Well-known projects such as Hadoop, Lucene and Kafka all use the Apache License.

However, the Apache License requires the same license for derivatives, which may limit its scalability because some derivatives may require different licenses. Additionally, the license is somewhat binding and may impose restrictions on the use of the code compared to more relaxed licenses.

4.BSD License

  • Official name:  BSD License
  • Type:  Loose, more flexible authorization
  • Key Features:  Allows free use, modification and distribution of software without the need for the same license for derivatives, while retaining the original copyright notice.
  • Scope of License:  Allows freedom to use, modify and distribute the software in almost all circumstances, including commercial use, without paying a license fee. The same license is not required for derivative products.
  • Copyright Requirements:  Require that the original copyright notice be retained in all copies or significant portions of the software, and allow modification and redistribution of the original code.
  • Limitation of Liability:  There are no specific limitations of liability and no specific warranties provided with respect to the use and distribution of the software.
  • Derivative licensing:  Derivative products are not required to be licensed under the same license, allowing inclusion of components from other licenses in derivative products.
  • Applicable fields:  Suitable for various types of projects, especially those that require flexibility and wide availability.
  • Well-known projects:  FreeBSD, NetBSD, OpenBSD and other operating system projects use the BSD License.
  • Advantages and Disadvantages:  The BSD License has great flexibility and freedom, is suitable for various projects, and does not require the same license for derivative products, which increases its scalability. However, some believe its less restrictive nature could lead to abuse, such as closing code.

The BSD License is a more flexible open source license that allows free use, modification and distribution of software without the need to apply the same license to derivative products. This license requires that the original copyright notice be retained in all copies or significant portions of the software, but does not specify responsibilities and liabilities for the use and distribution of the software. In addition, the BSD License allows the inclusion of components from other licenses in derivative products without requiring the derivatives to adopt the same license.

The BSD License is suitable for all types of projects, and is especially suitable for projects that require flexibility and broad usability. Some well-known operating system projects such as FreeBSD, NetBSD and OpenBSD have adopted the BSD License as their open source license.

The advantage is that the BSD License has great flexibility and freedom, is suitable for various projects, and does not require the same license for derivative products, which increases its scalability. However, some believe its less restrictive nature could lead to abuse, such as closing code.

5.Mozilla Public License (MPL)

  • Official name:  Mozilla Public License (MPL)
  • Type:  Permissive Open Source License
  • Main features:  MPL is characterized by allowing developers to use, modify and distribute source code, while also allowing the code to be embedded into commercial products as components. In addition, MPL also emphasized the requirement for source code confidentiality and the licensing method for derivative products.
  • Scope of authorization:  MPL allows the use, modification and distribution of software, including private and commercial purposes, but requires strict compliance with the terms of the license agreement. Additionally, if MPL code is embedded as a component into a commercial product, the source code needs to be made public.
  • Copyright requirements:  Modifications and distributions of source code must include a copyright statement and a license agreement.
  • Limitation of Liability:  MPL does not specifically emphasize responsibilities and obligations in the use and distribution of software, but requires that when modifying or distributing source code, the author and license information of the original code must be noted.
  • Derivatives License:  MPL allows the use, modification, and distribution of derivatives built based on the original software code, but they need to follow the same license terms as the original code.
  • Applicable fields:  Suitable for various projects, especially those requiring source code confidentiality and commercial closed source software.
  • Well-known projects:  MPL is adopted by some well-known projects, including Mozilla Firefox browser, Thunderbird email client, Komodo IDE, etc.
  • Advantages and Disadvantages:  The advantage is that it allows commercial use and closed source, while also protecting the copyright of open source software and the confidentiality of source code; the disadvantage is that strict licensing terms need to be followed, which may cause a certain burden on developers of commercial products.

6.Creative Commons Licenses (Creative Commons License)

  • Official name:  Creative Commons Licenses
  • Type:  Flexible Open Source License
  • Key Features:  Creative Commons Licenses are a series of open source licenses designed to provide creators with a simple and flexible way to authorize others to use, modify and distribute their works. It allows creators to choose different licensing conditions according to their own wishes to meet different needs and goals.
  • Scope of authorization:  Creative Commons Licenses allow creators to grant others the right to use, modify and distribute their works. Creators can choose different licensing conditions according to their own needs, such as whether to allow commercial use, whether to allow modification, whether to require signature, etc.
  • Copyright requirements:  Creative Commons Licenses require the licensor to clearly indicate the copyright ownership when licensing the work and provide a copy of the license. Additionally, the licensor may require attribution or specify other specific licensing requirements.
  • Limitation of Liability:  Creative Commons Licenses do not expressly specify any liability or responsibility for the use and distribution of software. However, it requires users to comply with the conditions of the license and respect restrictions specified by the licensor.
  • Derivatives License:  Creative Commons Licenses allow the creation of derivative works based on the original work, but require that the derivative works must comply with the same licensing conditions as the original work.
  • Applicable fields:  Creative Commons Licenses are applicable to various creative fields, including literary works, music, pictures, videos, etc. It provides creators with a flexible way to share and protect their work.
  • Well-known projects:  Creative Commons Licenses are widely adopted, and many well-known projects and platforms use this license, such as Wikipedia, Flickr, Jamendo, etc.
  • Pros and cons:  The advantage of Creative Commons Licenses is their flexibility and ease of use, which allows creators to choose different licensing conditions according to their own needs. However, due to its flexibility, it may cause inconsistency in authorization conditions and may not be able to adapt to certain business models or needs.

7.Eclipse Public License (EPL)

  • Official name:  Eclipse Public License (EPL)
  • Type:  Weak authorization open source license
  • Main features:  EPL is an open source license for Java development designed to promote the free use and distribution of software. Its main features include:
  • Wide applicability: EPL is suitable for various software projects, especially Java development projects.
  • Business Friendly: Allows commercial software to be integrated and distributed with EPL-licensed code.
  • Share Improvements: Requires contributions of modified code back to the original project to promote common progress throughout the community.
  • Legal protection: Prosecution and liability limitations for infringements are clearly stated.
  • Scope of authorization:  EPL authorized users have the following rights and obligations:
  • Rights of use: Free to use, copy, modify and distribute the software.
  • Derivative requirements: Software that will be derived from EPL-licensed code must comply with the EPL license and provide source code.
  • Note: When distributing software you need to include a copy of the copyright notice and license.
  • Copyright Requirements:  The EPL requires that a copyright notice and a copy of the license be included with the software.
  • Limitation of liability:  EPL does not explicitly stipulate the responsibilities and obligations in the use and distribution of software, but reserves the right to pursue infringements.
  • Derivatives licensing:  EPL requires that derivatives built based on the original code must also comply with the EPL license and provide source code.
  • Applicable fields:  EPL is suitable for various projects in Java development, especially those projects that want to combine their own code with EPL-licensed libraries.
  • Well-known projects:  Some of the well-known projects adopting the EPL license include:
  • Eclipse IDE: A well-known Java integrated development environment.
  • Jetty: A lightweight Java web server.
  • BIRT: Business intelligence and reporting tool for Eclipse.
  • Advantages and Disadvantages:
  • Advantages: EPL allows commercial software to be integrated and distributed with EPL-licensed code, promoting the combination of open source and business models.
  • Limitations: The EPL requires the same license for derivative products and the provision of source code, which may increase the openness requirements of commercial software.

8.GNU Lesser General Public License (LGPL)

  • Official name:  GNU Lesser General Public License (LGPL)
  • Type:  Weak authorization open source license
  • main feature:
  • The LGPL is an open source license designed to protect the freedom and openness of software.
  • The LGPL allows users to use, modify, and distribute software, but there are some special rules for derivative software using LGPL-licensed libraries.
  • Authorization scope:
  • The LGPL allows users to freely use, copy, modify and distribute the software.
  • Software derived from an LGPL-licensed library may be released under any license, but must meet the conditions of the LGPL.
  • Copyright requirements:
  • The LGPL requires that a copyright notice and a copy of the license be included with the software.
  • For software derived from libraries licensed under the LGPL, the source code of the corresponding library must be provided and users must be allowed to modify and recompile this part of the code.
  • Limitation of Liability:
  • The LGPL does not clearly stipulate the responsibilities and obligations in the use and distribution of software.
  • Users need to abide by the terms of the license and respect the rights of the original author.
  • Derivatives Authorization:
  • The LGPL allows software derived from LGPL-licensed libraries to be released under other licenses, but still needs to meet the conditions of the LGPL.
  • For derived software, the LGPL requires that the source code of the corresponding library be included in the source code of the derived part and allows users to modify and recompile it.
  • Applicable fields:
  • The LGPL is suitable for a variety of software development projects, especially those that wish to use their own code with LGPL-licensed libraries.
  • Notable projects:
  • GIMP: GNU Image Manipulation Program, a free image editing software.
  • LibreOffice: A free office software suite that includes word processing, spreadsheets, presentations, and more.
  • VLC Media Player: A popular open source media player.
  • Advantages and Disadvantages:
  • Advantages: LGPL allows users to flexibly combine with LGPL-licensed libraries while protecting the freedom and rights of developers.
  • Limitations: Software derived from LGPL-licensed libraries may need to meet some special requirements in some cases, such as providing the source code of the corresponding library.

9.Common Development and Distribution License (CDDL)

  • Official name:  Common Development and Distribution License (CDDL)
  • Type:  Weak authorization open source license
  • Main features:  CDDL is an open source license that mainly provides clear regulations for the use, modification and distribution of software. Features include:
  • Business Friendly: Allows commercial software to be integrated and distributed with CDDL licensed code.
  • Allow private derivatives: CDDL allows private derivatives to be built based on code under this license without making the source code public.
  • Retained patent rights: CDDL retains patent rights, allowing open source projects to be protected from patent infringement.
  • Embeddability: Allows CDDL-licensed code to be embedded into other software without forcing that software to also adopt CDDL.
  • Scope of authorization:  CDDL authorized users have the following rights and obligations:
  • Rights of use: Free to use, copy, modify and distribute the software.
  • Derivative requirements: Software that will be derived from CDDL-licensed code must comply with the CDDL license and provide source code.
  • Note: When distributing software you need to include a copy of the copyright notice and license.
  • Copyright Requirements:  CDDL requires that a copyright notice and a copy of the license be included with the software.
  • Limitation of liability:  CDDL does not explicitly stipulate the responsibilities and obligations in the use and distribution of software, but reserves the right to pursue infringements.
  • Derivatives License:  CDDL requires that derivatives built based on the original code must also comply with the CDDL license and provide source code.
  • Applicable fields:  CDDL is suitable for a variety of software projects, especially projects that want to allow the integration of commercial software and open source code.
  • Well-known projects:  Some well-known projects using the CDDL license include:
  • NetBeans IDE: An integrated development environment for Java development.
  • GlassFish: An open source Java EE application server implementation.
  • Advantages and Disadvantages:
  • Advantages: CDDL allows commercial software to be integrated and distributed with CDDL-licensed code, while retaining patent rights, and is suitable for projects that combine commercial and open source.
  • Limitations: The requirements for derivative products may increase the openness requirements of commercial software, which has certain restrictions.

10. Bring the General Public License (AGPL)

  • Official name:  Affero General Public License (AGPL)
  • Type:  Strong authorization open source license
  • Main features:  AGPL is a variant of the GPL agreement, which makes up for the loopholes of GPL in the network environment. Its main features include:
  • Applicability to network applications: AGPL stipulates that for network-based applications, if they are provided as services to others, the source code and modified parts of the source code must be disclosed.
  • Protecting users' freedom: AGPL protects users' freedom and stipulates that users have the right to obtain the complete source code of the software and can freely copy, modify and distribute it.
  • Copyright protection: AGPL stipulates copyright statements and retention requirements to protect the copyright of software.
  • Embeddability: AGPL allows AGPL-licensed code to be embedded into other software, and also requires that if the software is provided as a service, the source code of the entire software must be disclosed.
  • Scope of authorization:  AGPL license authorized users have the following rights and obligations:
  • Rights of use: Free to use, copy, modify and distribute the software.
  • Derivative requirements: Software that will be derived from AGPL-licensed code must comply with the AGPL license and provide source code.
  • Note: When distributing software you need to include a copy of the copyright notice and license.
  • Web Services Requirements: If software is provided as a Web service, the source code of the entire software must be disclosed.
  • Copyright requirements:  The AGPL license requires that a copyright statement and a copy of the license be included in the software, and that the source code of modified parts be annotated.
  • Limitation of liability:  The AGPL license stipulates that the software author is not responsible for losses incurred during the use and distribution of the software.
  • Derivatives Authorization:  The AGPL license stipulates that derivatives built based on the original code must also comply with the AGPL license and provide source code.
  • Applicable fields:  AGPL is mainly suitable for network applications. If you wish to provide software as a service to others, the AGPL is an option worth considering.
  • Notable Projects:  Some of the famous projects adopting the AGPL license include:
  • GitLab: A web-based Git warehouse management tool.
  • Mattermost: An open source enterprise-grade instant messaging system.
  • Advantages and Disadvantages:
  • Advantages: AGPL protects users' freedom and mandates the disclosure of the source code of the entire software, which is suitable for the open source needs of network applications.
  • Limitations: The strong authorization feature of AGPL may cause restrictions on commercial use, so careful selection is required.

Open source agreements may bring some restrictions and risks to business models and intellectual property rights:

Copyleft effect: Some open source licenses, such as GPL and AGPL, use "copyleft" clauses, requiring derivative works based on the open source software to be released using the same open source license. This means that if open source software is used with copyleft effects, derivatives must also be distributed in an open source manner. This may impose limitations on certain business models, especially if one wishes to keep the code closed source or adopt other business models.

Usage fees: Most open source software is provided free to users, but some open source licenses allow authors to charge usage fees. This could have an impact on the business model, especially if there are plans to offer paid services or support based on open source software.

Intellectual property protection: Open source software often requires the source code to be disclosed, which may pose risks to intellectual property. If some core code or algorithms are trade secrets or protected by patents, you need to consider carefully when using open source software.

Legal Compliance: Different open source licenses have different regulations and restrictions. Failure to fully understand and comply with the terms of your chosen open source license can result in legal disputes and intellectual property issues.

To avoid these risks, consider the following:

  • Carefully research and choose an open source license that fits your business model. Understand the terms and restrictions of your license and make sure they match your business plan.
  • Before using open source software, evaluate your intellectual property situation and ensure that you are not infringing on others' patents or intellectual property rights.
  • Consider customizing open source software to suit your business needs and, if needed, working with a team of lawyers to ensure compliance.

Graphical analysis, how to choose

Editor in charge: Jiang HuaSource: Toutiao