Help me choose a license for my project

My project: gatorcat is in some ways an activist project.

I created it in reaction to the existing closed system of industrial controls.

Industrial controls is plagued with closed, ancient tooling. If you want to be productive, you need to pay an existing manufacturer (like Rockwell Automation, Allen Bradley, Beckhoff, Siemens…) 10s of thousands of dollars to purchase a license for their IDE.

The IDE will store the code you write as a single binary blob. You will have to pay extra for a half-baked git plugin (that outputs your code as JSON riddled with UUIDs).

The IDE/compiler will only run on windows. You won’t be able to integrate it into your CI pipelines.

You won’t be able to write unit tests. You won’t be able to write a simulator. You won’t be able to collaborate with other engineers because of the binary blob. You won’t be able to review the code with others.

And the code you compile will only run on the manufacturers licensed hardware, which will be 10+ years old.

And then your choice of programming language will be IEC 61131-3, which includes graphical programming languages and structured text (similar to pascal), or purchasing a C++ 11 SDK for an additional 10s of thousands of dollars.

You will do this because the manufacturers provide you with excellent hardware. Hardware that will last for decades and can be replaced with next-day lead times. Hardware that enables you to get your work done and not worry about the complexities of electrical engineering. Hardware that adheres to safety standards you might not even know about and survives for 10 years at 55C beneath 3 layers of oil and sawdust.

So anyway… I hated this status quo and decided to download the EtherCAT standard from the IEC (because you have to register an LLC to get one from the EtherCAT technology group…), and set about writing my own implementation of this simultaneously stupidly underdefined, complex, and purpose-built highly efficient protocol. Collecting wiresharks of other implementations to see what they do, reading way too much 20 year old C code from another implementation.

I would like to choose a license. The existing license is MIT, I have written all the code, but there is a lot left to do. I would like to contribute to a more open industrial ecosystem. What license should I chose?

Some examples of what I am considering:

1. remain MIT (zig is MIT, rust core utils is MIT)

2. Apache 2.0 (zenoh is this, and I really admire what zenoh has accomplished, tigerbeetle)

3. LGPL (software freedom includes the ability to make money sometimes?)

4. GPLv3 (need I say more?) too restrictive for commercial users

5. Unlicense

6. Eclipse Public License 2.0 (I also admire a lot of the projects from the Eclipse Software Foundation, see the real-time stuff coming out of software defined vehicle…)

And no, I will not be putting the license at the top of every file because screw that noise.

I think I would exclude GPLv3 from the list of candidates.

It is too restrictive to be actually used in / from commercial code, and I think contributions can only come from commercial usage in your case.

I agree, I’ve stricken it from the list.

you might find https://choosealicense.com/ helpful
specifcally their general list of licenses Licenses | Choose a License

My 3 step process for choosing a license:

1. Do you need to actively prevent businesses from interacting with your code but still want to open source? Then use the GPL. Legally, this prevents someone from taking your code and building a product out of it without also sending their code. Practically it means companies won’t touch the codebase with a 10 foot pole. Heck, I won’t touch GPL code with a 10 foot pole. Almost no projects need this, but I have met one person who I agreed should use this.
2. Do you care about patents? First, talk to a lawyer. Second, choose Apache.
3. None of the above? Choose MIT. MIT is very compatible with other licenses, so it’s easy to switch from MIT to something more restrictive if desired. The other direction means tracking down everyone who has contributed to get their to permission for the copyright the own.

Never: CLA. Contributor license agreements are for big companies who have lawyers that are given too much freedom.

Generally avoid: Anything else, IMO. I haven’t seen any reason to use anything else, and businesses and their lawyers will be most familiar with the above 3.

Basically, I’ve always chosen MIT.

Also, depending on your project, getting a trademark is a practical step. Basically, the code can be open source while still limiting how people use the name. This can weaken others making money with the projects clout, and can defend in some aspects against hostile forks. Honestly probably not worth it for most projects, but it might be relevant.

I’ve also seen projects dual-license under both the MIT and Apache, which I’ve heard is done since it helps projects be used in corporate environments where there’s a single statically approved list of allowed licenses in dependencies.

I, however, am not an active contributor to a project like that, so, if you see one, you may want to ask them about how they reached their conclusion to license like that.

My favorite license reads: “Do whatever you want with it”.
Philosophically speaking money and digitalization are prisons humanity is unable to escape from. We need to evolve as a species.
Sorry for this anarchistic reaction. These things trigger me

Curious if that was that your intention with chessnix? I noticed it doesn’t have a license file, however as Github states “You’re under no obligation to choose a license. However, without a license, the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work.”

Instead of doing whatever I want with it, I can’t really do anything.

I’d say, pick a well-established license.

For my stuff I usually decide between MIT and zlib/libpng.

The main difference is that MIT requires attribution (not that anybody cares though), while zlib/libpng does not.

Both are extremely liberal though, e.g. I don’t really care if anybody is using this code for AI training, military applications and other unethical use cases. I guess though that you can always stack such specific restrictions on top of a generic license.

There’s also the less strict LGPL which allows dynamic linking against closed source applications as long as the application user can replace the LGPL’ed code by building their own DLLs (for instance it’s legal to build a closed source application with Qt as long as Qt is linked dynamically).

One other option to throw in the ring:

Licence it under some toxic-to-business licence like AGPL (or something even explicitly non-commercial, but then you can’t be on Codeberg!) and sell commercial licences, or else give them away to people you deem suitable.

At first this might seem to go against your wholesome motivations, but I would guess that the single strongest bet your project has of making a significant dent in the ecosystem is if you get paid for it.

Consider this world:
A single company pays you (what to them is a rounding error) for a licence, you work full time on this, and it becomes very motivating for you to keep going.

At any time in the future you can /still/ swap the licence and give it all away for free to anyone if you fancy.

[Missing from this fantasy is a strategic analysis, it might be very very hard to get that first licence.]

I’ve been pondering these same licensing questions regarding the future of my Zig based phone OS, and ended up feeling a little lost and paralyzed.

We also have to accept that any code we publish now gets immediately sucked up by LLM training bots, regardless of license choice.

My problem is that I have a fundamental and moral opposition to supporting our rush towards human irrelevance (AGI). Even if LLMs are not the multi-trillion $ step along that path, I refuse to contribute to that risk.

For me sharing code was for the good of humanity, and our fellow hackers. We are mostly solving difficult problems, and I liked that there was a culture of sharing solutions with other hackers. A healthy give-and-take balance.

That dynamic has changed. Sharing code now disproportionately benefits SaaS/BigTech and our elite overlords. Open Source is also under attack from a push to ‘know you developer’ (legal liability) and next year CRA will introduce more risks for Open Source here. In response I deleted my github earlier this year.

So now I’m left pondering how to achieve the same level of altruistic contribution to our fellow hackers and humanity. When our code can be tokenized and regurgitated as original via a monthly subscription fee, it makes me question the whole future of Open Source.

Apologies for a less than helpful answer, but I hope a wider discussion with fellow hackers might also give me some clarity.

When it comes to embedded systems LGPL is in a very similar position as the GPL since on embedded systems you often have to statically link everything (I am not talking about something like a single application Linux), and if you statically link LGPL code it’s practically the same as GPL code.

I don’t know if you project aims to be usable on these levels too, but it sounds like it does.

I did not think about that one

Did not know that. And fixed that.

I mentioned the other day that I am actually using gatorcat as a dependency right now. I am using it for the raw socket implementation, for an application that is meant to be used in an educational competition environment. I will be licensing my application as GPLv3, and none of the licenses you have mentioned would be prohibitive for my use case.

I’m obviously not the target audience for your application, but I will say that if your goal is to use this project to push for a more open industrial ecosystem, I would not cross of GPL style licenses so quickly. The GPL does not restrict people from making money, it only restricts people from limiting the freedoms of people downstream of themselves. If you are afraid that the GPLv3 will limit adoption, you can also consider a dual license with a permissive license, and then stop distributing under the permissive license when you feel you have reached an appropriate level of adoption. Note: if you go this route, your only options are to keep both licenses indefinitely, or remove the permissive license at some point. This path will not let you remove the GPL in favor of just using the permissive license

(IANAL, just someone who reads an above average amount of copyright licenses :P)

It’s also worth noting this from the FSFs recommendations on picking a license:

If developers are already using an established alternative library released under a nonfree license or a lax pushover license, then we recommend using the GNU Lesser General Public License (LGPL).

It seems like you are competing with existing proprietary software, in which case simply going with the LGPL is a reasonable choice.

I often think GPL and commercial use is misunderstood. A company can use GPL code. A company can write code that integrates GPL code. What a company can’t do is include GPL code in something they license to somebody else without providing whatever modifications they’ve made to the GPL code.

Basically somebody can’t make a product from it without making their changes available in source form.

So using your code for internal tooling to run industrial machinery would be fine. However, it scares the hell out of a lot of companies, so if you go GPL you may restrict it’s uptake for imaginary reasons. The key part is:

A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an “aggregate” if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation’s users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate.

(Emphasis is mine)

That’s not the only problem with GPL. I’ve seen internal company guidance to never look at GPL code without specific permission. Essentially, any developer seeing GPL code creates a liability risk where they may learn from the GPL code and (intentionally or not) duplicate portions of the code.

This isn’t all theoretical risk, either. Google did a clean room implementation (only using devs who had never looked at Oracle’s Java code) for running Java. When Oracle sued Google, one of their pieces of evidence were functions that were implemented similarly. It took the (awesome) judge going and learning Java to come back and dismiss that claim, because the functions were simple enough that implementations being identical was a reasonable coincidence. (as far as I understand, this wasn’t part of what actually went to the supreme court, that was more about copyright of the API surface, not function implementation.)

I think i will go with EPL-2.0 since I like the copyleft provisions for modifications to the source, but is still friendly to private users, including static linkers.

Many people already mentioned a lot of different ways to choose a license, so I am not going to tell you which license can do what. I believe that you are already know about them.

I would like to present another way to think about choosing a license: to think in a way like “what are the good guys and bad guys gonna do?“

Many people don’t like GPLs, simply because their companies told them not to use GPLs, and MIT and Apache have been overwhelming the Internet since the “full stack frameworks” bubbles during 2010s, (before the big layoff recently). Nowadays, it’s calming down and GPL is even more relevant than before.

If your software is a big integrated software, and your future users and sponsors (good guys) will most likely stay around with you and your project, unless significant forks happened, you may consider GPL. Staying with you means that 99% of them will install your software and use it as a whole, not to generate another software. When they see problems, they know you can fixed it. If they have some improvements, they are willing to open their source codes because they want you to merge. Examples are Linux, Blender 3D, GIMP, Inkscape, Libreoffice (MPL, will talk about this later), and video games. Think about the bad guys. If you have an AAA game that is MIT, let me know. I can “help you to sell it on Steam, Google Play, Apple Store, and their China’s equivalences tomorrow ”, and you are welcome…(bad guys)… Those platforms always require you to re-license, and they require that you must be the copyright holder or have a permission to do so. They also require you to insert some binary parts to your project to “protect your copyright“. GPL not only prevents you from somebody else to re-license your software and sell it on those binary based open source unfriendly platforms, it also protects the end-user’s right, and ensure everyone use the copies which are open source, line by line, piece by piece.

MPL, LGPL and EPL are very similar to GPL, but they are more flexible. If your program is like the previous paragraph, but it is very likely that some users (good guys) may have some significant improvements and big deviations from your original brand, and they want to sell their own copies on their own name (even in binary), because it is totally different things now, you may want to allow them to do that, so you may consider MPL, LGPL and EPL. Firefox is one of the most famous program licensed under MPL. Tor browser is one of the big deviations from the original Firefox. You can find both of them on Apple Store. MPL allow people to do that. Let’s talk about the bad guys. What if a bad guy try to steal your program and directly sell the binary copies on the platforms I mentioned above? It’s hard to do that, even without the GPL’s protection, because people can find tons of much better forks on those platforms, which are made by the good guys and maybe yourself, and people all know that they are your program’s forks. They all respect your and some of them will donate or pay you.

MIT, BSD, and Apache are for the projects that they don’t care about the bad guys, or in some cases that anyone re-upload and re-license your programs will automatically and instantly become a loser. loooooooool. Remember, 99.99999% of libraries, crates, or something like that are MIT, BSD, Apache, and 99.99999999% of them don’t get a penny from no one… and even worse, 99.999999999% of them don’t even get a single merge request… If your programs are small pieces of libraries, can’t be used as a whole, or used to generate other programs, then you may consider MIT, BSD, Apache.

Are you care about the bad guys? Apparently yes, otherwise you won’t post this “I would like to contribute to a more open industrial ecosystem“. So MIT is a no.

Is your program a big integrated project that most people will stay around with you and your project, and their improvements are most likely in open source, and they are unlikely to have own binary? Are your program’s end users benefited from the source codes, not the binary? In your case, I guess no. Because your program is installed in routers, and people will use the routers as whole, and people will sell or rent the routers .Users and sponsors may want to have their own binary only software to improve the router but still link to your program. So in this case, I guess GPL is not good for you.

Now you can choose between MPL, LGPL, EPL, depending on files based or links based. If your user will have a lot of C like links to your programs, LGPL and EPL will allow their programs to link to your program without open their own source codes, but if they expend your program into multiple files, they will need to open the source codes. MPL is file-based. So if your users are more likely to expend your programs into multiple files, but not C-like linking, and still want to sell or use only binary, like the routers, then MPL is a good choose.

You need to be very very careful when using LGPL and EPL in modern programming languages like Zig, Rust, and something like that. Modern languages are not encourage you to use C-like ABI linking. Zig Build’s addModule function and Rust’s Crates work more like copy and paste your source codes to users programs. So users may hesitate when they see LGPL and EPL in Zig’s modules or Rust’s crates.

I am not a copyright lawyer, and I can’t explain everything in every license, but this is just my ways of thinking.

My interpretation of EPL-2.0 is that it explicitly allows importing the code how modern programming languages do:

Modified Works shall not include works that contain only declarations, interfaces, types, classes,
structures, or files of the Program solely in each case in order to link to, bind by name, or subclass
the Program or Modified Works thereof. 

I would interpret Zig’s @import or build.addModule to be “bind by name” and explicitly allowed, not considered modification. After all, the EPL-2.0 was created for the java ecosystem, which has modules, imports, etc.

But I think you are right about LGPL. Its got some c-specific details in there about caring about dynamic vs static linking.