Open source licenses dictate the terms and conditions that come with the use of open source software (OSS). Open source licenses serve as a legal agreement between open source author and user: authors make OSS available for free, but with certain requirements the user must follow.
Generally, open source license terms kick in upon distribution of your software — if you only use an open source component for an internal tool, for example, you probably won't be bound by requirements that would otherwise apply.
Understanding open source software licenses is extremely important for both OSS authors and users. If you use an open source component, you are legally responsible for complying with the terms of its license. If you author a piece of open source software, selecting the wrong license may allow companies to leverage your project in ways you don't approve of.
Types of Open Source Licenses
There are two main types of open source licenses: permissive and copyleft. Permissive licenses tend to have fewer restrictions on use of the licensed code than copyleft licenses. Here's a full breakdown.
Permissive licenses generally allow for use of the licensed code with few restrictions. Users can take the permissive-licensed software, make it their own through changes or additions, and distribute that modified program with only a handful of conditions.
For example, the most commonly used permissive license (the MIT License) only requires distributed programs that use the licensed code to include a copyright notice and copy of the license text. Another popular permissive option, the BSD 3-Clause license, is similar to the MIT License, but with an additional condition that prohibits using the name of the author or its contributors (of the BSD 3-licensed code) to market or promote a derivative work without express written permission.
The Apache License 2.0 is also similar to the MIT License, but it mandates distributed programs that use the licensed code to a) state any major changes made to the original, and b) include a copy of the NOTICE file with attribution notes (if the original library has one), along with the copyright notice and license text requirements. It also includes an explicit grant of patent rights and a defensive termination provision. (To be clear, Apache 2.0 does not require source code disclosure, only that "any modified files [must] carry prominent notices stating that you changed the files.")
So, while different permissive licenses do impose slightly different conditions on use of the licensed code, OSS under a permissive license can generally be modified, copied, added to, subtracted from, etc., and then distributed with relatively few restrictions.
In contrast to permissive licenses, copyleft licenses generally require that any derivative work of the copyleft-licensed software be released under the same license as the original. In other words, the modified code has to be exactly as “open” as the original.
Copyleft licenses come in two flavors: strong copyleft and weak copyleft. Strong copyleft licenses require anyone who distributes derivative works of the licensed code to make available the corresponding source code under that same license. Strong copyleft licenses apply to the entire software program, including linked libraries and other components. GPL v2, and GPL v3, and AGPL are examples of strong copyleft licenses.
Weak copyleft licenses (like the LGPL License and Mozilla Public License 2.0) have similar requirements, but they apply to a narrower set of code. If a user modifies and distributes code covered by a weak copyleft license, they would need to release the modified version under the same license as the original. However, if a program simply uses a weak copyleft-licensed component (and keeps it in a separate file), they can then combine it with additional and/or modified code and distribute that larger work under a different license.
Popular Permissive Software Licenses
The MIT License is one of the most commonly used and permissive open source licenses. Under this license, you can essentially do anything with the software as long as you include the original copyright and license notice in the copy of the software. It is also compatible with many copyleft licenses, including the GPLs.
The Apache License 2.0 is another commonly used permissive open source license. With this license, you have the freedom to do what you want with the software, with the exception that you must include the original copyright and license notice, state any significant changes, and include the NOTICE file if there is one. It's also important to note that while the Apache License 2.0 is compatible with GPL v3, it is not compatible with GPL v2.
The BSD License, short for Berkeley Software Distribution, allows the freedom to use, modify, and distribute the software as long as the copyright notice and license text are included in the copy of the software. There are several different variants of this license; the difference between these versions is the number of clauses, or restrictions, included. The BSD 3-Clause License (also known as the "New BSD License" or "Modified BSD License") is the most popular variant. The BSD 3-Clause is very similar to the MIT Licenses, with the key exception of the BSD 3’s non-endorsement clause, which prohibits distributed derivative works from using the name of the original code's author or contributors for promotional purposes.
Popular Copyleft Software Licenses
The GNU General Public License family, or GPL for short, includes two of the most commonly used copyleft licenses: GPL v2 and GPL v3. (GPL v1 is no longer widely used.) The GPL License states that if you write and distribute a program using a GPL-licensed component, you must also release the full source code while giving your users the same rights you received. This license was created to protect software from becoming proprietary, or private, which is why many programmers like this license. They get the assurance that the restrictions with the GPL License will keep their work free and acknowledged.
The Mozilla Public License 2.0, also known as MPL 2.0, is a weak copyleft license maintained by the Mozilla Foundation. If a distributed program modifies code licensed under MPL 2.0, those modifications must also be licensed under MPL 2.0 and made available in source code form. However, if a distributed program simply uses (as opposed to modifies) MPL 2.0-licensed code and keeps it in separate files, they can combine that code with non-MPL code to create a larger work.
Applying an Open Source License
Check out our post "How to Apply a License to Your Open Source Project" for step-by-step guidance on adding a license to your creation, along with insight on:
- Copyright notices
- Warranty waivers
- Contributor licensing agreements
We are not lawyers, and if you are seeking legal advice we suggest you speak to a legal team that specializes in open source licensing.