Even seasoned open source software (OSS) developers and compliance professionals can have trouble keeping track of the many OSS licenses and their specific requirements. To help the creators and users of open source software navigate this tricky but important topic, we’re diving into the terms, conditions, and use cases of some well-known license options.
In today’s post, we’ll explore the details of a popular permissive open source license: the Apache License 2.0. While the MIT license and the Apache License 2.0 are quite similar, there are some key differences. Read on to learn more about the license, how it compares to potential alternatives, and what users are permitted to do with the licensed code.
Apache License 2.0: The Basics
Open source licenses come in two flavors: permissive and copyleft. The Apache License 2.0 is in the permissive category, meaning that users can do (nearly) anything they want with the code, with very few exceptions.
However, unlike that of the MIT license, the text of the Apache License 2.0 is quite dense and difficult to read. You can read it here, but be warned — it’s fairly heavy on the legal terminology. Below, we’ll break it down into more digestible language.
Anyone who uses open source software licensed under Apache 2.0 must include the following in their copy of the code, whether they have modified it or not:
- The original copyright notice
- A copy of the license itself
- If applicable, a statement of any significant changes made to the original code
- A copy of the NOTICE file with attribution notes (if the original library has one)
The third requirement listed above is a major differentiator between the Apache License 2.0 and other permissive licenses. If you make any major modifications to the licensed code, you must disclose those changes in any updated version that you distribute.
However, you do not need to release the modified code under Apache 2.0. Simply including any modification notifications is enough to comply with the license terms.
Using the Licensed Code
The Apache License 2.0 outlines what users are allowed to do with the licensed code. Under this license, users can:
- Use the code commercially: Companies can include the licensed code in proprietary software that they then sell to customers.
- Alter the code: Developers are permitted to make modifications to the original code.
- Distribute any copies or modifications of the code: An individual or organization is allowed to copy and/or update the code, then make that version available to others (even commercially).
- Sublicense the code: A company can distribute their reworked version of the code under a stronger license.
- Use patent claims: Under the terms of the Apache License 2.0, contributors to the code explicitly grant patent rights to users (although experts believe that the language of other permissive licenses also grants such rights).
- Place warranty: Users of the open source code can place a warranty on the licensed software.
And while there are no restrictions on the code, there are a few caveats to keep in mind. For example, the license states that users cannot hold contributor(s) legally liable for any reason. Also, the license does not grant you any rights to use the trademarks of the licensor.
Apache License 2.0 vs. Other Permissive Licenses
So, what are the major differences between the Apache License 2.0 and other well-known permissive licenses? Let’s compare Apache to two popular alternatives: the MIT license and the BSD license.
Apache License 2.0 vs. the MIT License
These two OSS licenses are extremely similar. One exception is that Apache 2.0 requires users to state any significant changes they make to the original code. They don’t need to reveal their source code, but must include modification notifications.
Legally, the main difference between the two is the express patent license. While there is some ambiguity about whether a non-explicit patent license exists under MIT, there is none when it comes to the Apache License 2.0. The language of the license makes the grant of patent rights extremely clear.
Apache License 2.0 vs. the BSD License
Here’s a bit of interesting history: An earlier version of the Apache License (Apache License version 1.1) was virtually identical to the BSD License. In 2004, however, the current 2.0 version came out, with two key additions: the explicit grant of patent rights and clear definitions of each term (“Work,” “Contributor,” “Licensor,” etc.). The resulting license leaves less room for ambiguity than both the MIT and BSD licenses.
Use Cases for the Apache License 2.0
The Apache License 2.0 offers a number of permissions and protections that make it appealing to developers and software companies alike.
Why might an open source developer select the Apache License 2.0 for their project? Like the MIT license, the Apache License 2.0 is easy to add to your code, letting you get your OSS out into the market ASAP. Plus, companies are able to use your code in their commercial applications without major disruption, meaning you could get your project into the hands of big-time software companies.
Another major incentive is the clear grant of patent rights, which gives users a sense of security and comfort. The license is also backed by the well-respected Apache Software Foundation. The name alone gives potential users peace of mind, and the license’s popularity means that your target audience likely already understands and trusts the protections it affords. Finally, the thoroughly defined terms of the license lay out exactly what one can and can’t do with the software, fostering confidence and clarity for users.
The main reason developers choose permissive licenses other than Apache 2.0 is a controversy about whether it is compatible with GPL v2. When developers create code to be used in a GPL2 product, they usually choose MIT instead.
Companies incorporate OSS licensed under Apache 2.0 for several reasons. One is the explicit grant of patent rights, which provides additional legal protection and reduces the risks of lawsuits. For startup companies that can’t afford an expensive legal challenge, this is especially important.
And, of course, the Apache License 2.0 does not require a company to release their code modifications, just list the significant changes. Most organizations want to keep their software’s “secret sauce” out of competitors’ hands, and this license allows them to do so.
Well-Known Uses of the Apache License 2.0
The Future of the Apache License 2.0
Permissive OSS licenses like the Apache License 2.0 are growing in popularity, while stronger copyleft licenses are losing ground. The Apache License 2.0 in particular is being adopted quite frequently. In 2020, for example, 18.2% of GitHub projects were licensed under Apache 2.0.
With such a high usage rate, both developers and companies would benefit from learning the ins and outs of this particular license. For more information, visit the Apache Software Foundation’s FAQs page.