License: Why Apache 2.0? - simplepie/simplepie-ng GitHub Wiki

With all of the different Free Software and Permissive licenses out there, why am I selecting Apache 2.0 for this project?

I have worked with a lot of engineers in my career who didn’t understand the first thing about software licenses. I even had one co-worker once tell me that “software licenses really don’t matter, so don’t worry about it.”

/me facepalm

We had been talking about it, and his belief was that GPL only matters if you redistribute. He was half-right. GPL and LGPL licenses do have specific rules around redistribution, but they are far from the “only” thing that matters.

Short and Permissive

Many projects use short, permissive licenses such as MIT, BSD-2-clause, BSD-3-clause, PHP, zlib/libpng, WTFPL, etc. These license are fine¹ for small projects, and their brevity is often seen as a positive quality. But this same quality leaves things legally murky.

Corporations can use these licenses without fear of lawsuits because most of them have been around a long time, and are understood well-enough by IP lawyers.

SimplePie “OG” went through a few license changes in the earliest days, back before I understood anything about software licenses. Since I either owned all of the code in its entirety, or Geoffrey and I owned the code jointly, we were able to tweak the license unilaterally while we came to understand them better.

I started with GPLv2 because I associated “GPL” with “open source”. Then someone emailed me to let me know that GPL was bad (I don’t remember who it was, but they used the phrase “cutting off my nose to spite my face”), so I changed it to LGPLv2.1. Then it was one of the Creative Commons licenses before I learned that they were not designed for software so much as creative works like art, photography, and music.

Finally we ended on BSD-3-clause. We briefly considered zlib/libpng and MIT, but decided that the difference between those and the BSD license weren’t enough to warrant another license change.

¹ IANAL

GPL, LGPL, AGPL, and “Free Software”

The first thing to understand is that the license is pushed and promoted by Richard Stallman. If you take the time to understand his politics and agenda, you’ll understand why the GPL is the way that it is.

NOTE: I’m going to be up-front about my dislike for Richard Stallman, GPL licenses on the whole, and the way that the Free Software Foundation handles its business. I have a fundamental philosophical opposition to the GPL because it takes away my freedom as a creator. Copyright is both good and fair when it’s not being grossly abused by Disney or the RIAA.

It is a viral license. What this means is that if you are writing code, and you pull-in some GPL’d code, your code is now required to be released under the GPL. It infects the code that it touches, as it were. The GPL is written in favor of the freedom of the end-user to use it however they want, and not the freedom of the creator to decide how it can be used. From the perspective of the creator, the GPL is as restrictive as any proprietary license.

LGPL is designed to be slightly less restrictive, in that LGPL code stays LGPL, but it doesn’t infect your codebase. AGPL is a variation of the GPL which says that if you modify or integrate any AGPL code, you are required to release the source code. How does this impact usage by corporations?

Well, in nearly all cases, corporations won’t touch *GPL code with a 10-foot pole. Unless they themselves are forking GPL code (see Amazon Linux), they will keep any usage of *GPL code completely separate from all other code.

Lastly, the language in the GPLv2 is intended for compiled software, which SimplePie is not. This legal murkiness led the Free Software Foundation to develop GPLv3 (and LGPLv3), but in doing so, they also changed the language around patent rights, making GPLv3 a hard no-go for corporations.

NOTE: This is precisely why Apple doesn’t ship Bash 4.x or newer versions of Samba with macOS. Those projects changed their licenses to GPLv3.

So, why Apache 2.0?

The Apache 2.0 license has a few specific qualities that I was looking for:

  • It is well-understood and defined, legally.
  • It is corporation-friendly.
  • It is Permissive and supports copyright (as opposed to copyleft).
  • It is broadly compatible with other Permissive licenses.
  • It is in wide usage in the industry.

Learn more about the Apache 2.0 license: