itsdrike.com/content/posts/changing-license.md

---
title: Changing a software license
date: 2023-10-12
tags: [programming, licensing]
changelog:
  2023-12-10:
    - "Publishing this post (was written earlier, but it was waiting for other posts that it refers to)"
---

Figuring out how to properly and legally change the software license of your project can be a difficult task, and yet
it's incredibly important that you do this right, as you might run into some legal issues otherwise, which I'm sure
you'd like to avoid. For that reason, I wanted to write something explaining this process in detail, and demystify it a
bit.

{{< notice  note >}}
This article assumes that you already know the basics of how software licensing works, and that you're familiar with
the different types of licenses (permissive, (weak and strong) copy-left, public domain). If you aren't sure you're
familiar enough with these topics, I'd strongly advice you to learn read about these before going through this article,
as you will likely not end up understanding a lot of what I'm talking about here.

But don't worry, I actually have an article explaining these basics right here, [check it out!]({{< ref
"posts/software-licenses" >}}).
{{< /notice >}}

{{< notice warning >}}
Even though I did a lot of research into software licenses, it is important to mention that I'm not a licensed lawyer,
and this is not legal advice. Ideally, you should consult a lawyer if you need to get the licensing right. This article
is here purely to give you a general understanding of how the relicensing process works in various cases.
{{< /notice >}}

## Licenses stick around

So you've decided that you want to relicense some of your projects (or add a license to previously unlicensed
projects), good! There is however an important consideration that you should be aware of when doing this.

In most cases, if your code already had some kind of license, it is very likely that that license will remain in effect
even after the relicense. This is because most open-source licenses will give out "perpetual" and "irrevocable" rights
to the code licensed under them.

By relicensing your code, all you're doing is adding yet another license in combination with that original one to all
of your existing code. This will then mean that the code you had will now be available under either the terms of the
original license, or the terms of the new one, and anyone who'd like to use your code will be able to pick whichever of
those 2 licenses that they prefer.

So, while you can remove the first license from the repository, the code that was originally licensed under it will
remain available under those terms. That said, any new code you write after the removal of the first license will then
only be available under the new license.

This is why it's very important to really think about which license you want to use before publishing your code under
it, as otherwise, you risk making your code available to anyone under very permissive terms, which you may end up
regretting in the future.

## Relicensing public domain code

This is certainly the easiest of the cases. If you want to add a license to any code attributed to the public domain,
you can do so without any worries about legal issues, as this code's license doesn't impose requirements on you, and
simply gives anyone rights to do essentially anything with that code.

## Relicensing permissive code

Using permissively licensed code under a different license is still pretty easy, as that is their intention. That said,
this time there will be at least some requirements for you to meet.

Generally these will just be simple things such as having to mention the original source, state changes, a clause
preventing you from making software patents of this code, etc. These requirements will differ from license to license
so you should understand them first before trying to use such code, however the relicensing process here will generally
still pretty straightforward.

## Relicensing copy-left code

This case however won't be as easy. The whole point of copy-left licenses is to ensure that the code will stay open,
and to guarantee this, they're designed to prevent most sublicensing. That said, they don't necessarily prevent all
sublicensing, as you'll see in the following section:

### Compatible licenses

All copyleft licenses will by design have to prevent you from removing (freeing up) restrictions in the license, at
least to some extent, otherwise they wouldn't be copy-left (they'd be permissive). Copy-left licenses then also prevent
imposing further restrictions on the freedoms these licenses do give out, because without that, one could for example
relicense the project under a technically copy-left license, but one that only allows a single person/entity to use
this code, essentially making it proprietary. Once again, there may be some leeway here, and perhaps some additional
restrictions can be imposed, but it's generally not going to be much, and in most cases, this leeway is essentially
non-existent.

This means that even though in some (rare) cases, you might actually be able to find a compatible license that you
could relicense to without any issues, this license will then likely be almost the same, often making this transition
pretty much useless.

That said, a copy-left license can contain a list of some specific licenses, to which relicensing is explicitly
allowed, even though they otherwise wouldn't be compatible. This is mostly done just to allow updating this license,
such as for going from GPL version 2 to GPL version 3.

In many cases, these licenses provide a version without this clause, for people who consider it potentially dangerous
though (for example with GPL v2, these versions are often called `GPL-2.0-or-later` vs `GPL-2.0`). It's very rare for
this clause to allow completely different licenses though, and generally it will really only be for this "upgrade" use
(downgrading usually isn't possible either, so once you update, you can't go back).

### Incompatible licenses with full code ownership

As you see, it's very unlikely that if you'd want to relicense, you'll be able to do so simply, by just moving to a
compatible license. This therefore brings us to moving to incompatible licenses, and doing this can be incredibly hard.

However there is a simple case here, for when you own all of the code in the project yourself. In this case, as a
copyright holder, it doesn't really matter what the license says, you own the full rights to your code. The license is
just a way to give out some of those rights to others. You, as the owner, don't need to follow it though, and that
means it's literally as simple as deleting the old license, and putting in a new one.

### Incompatible licenses without code ownership

The real issue only arises when you're trying to relicense a project that actually has some contributions from others,
and you don't have the rights to relicense their code. This is because when they made their contribution, they
submitted it to your project only under that original copy-left license.

At that point, you don't really have that many options. The simplest one is to just rewrite the code that you don't
own, so that you will then have the copyright over all of the code. Once 100% of the codebase is owned by you, you can
relicense, as we're essentially just back to the first case. Obviously though, this might be a huge task for bigger
projects, and it might simply be infeasible to rewrite that much.

The other option is to get permission from the original contributors, allowing you to relicense their code. This works
because you don't actually need to follow the original license, if you have some other agreement with the contributor,
that allows you to use the code in a less restricted way. (This is pretty much also why the first case, where you own
100% of the code is so easy.)

The issue with this one is also pretty obvious though, as not only do you need to find a way to contact the
contributors, you also need them to actually agree to this license change. Contacting contributors alone can be a very
difficult, and perhaps even impossible. Many contributors use no-reply emails from GitHub/GitLab in their commits, and
their accounts don't list any way to get in touch with them. Even if you can find the email, they might not be using it
anymore, or simply choose to not reply. But it gets even worse! It's possible that the contributor has died, in which
case their copyright got transferred to their relatives, or to the state, and you'd need to obtain permission from
them instead.

Let's say you were able to contact the contributor though, now you'll need them to agree to give you the rights that
allow you to use their code in a different way, than that which they originally agreed to. This is no easy task,
especially when the contributor wants their code to stay open, and they just aren't comfortable with the change you're
trying to make. In many cases, when companies attempt this, they end up convincing people by offering to pay for these
rights.

But even with contributors that wouldn't mind giving you those rights, you will still need them to sign a document
(usually this will be a [CLA]({{< ref "posts/licensing-documents" >}})) confirming that they're granting you these
rights, and generally, people just don't like signing things like that, even if the wording isn't that difficult to
understand. In some cases, it is even possible that the code in your project was written by someone that is too young
to be able to legally sign such a document, in which case, you would need to get their parents/guardians to do so
(you'd be surprised just how many open-source developers are minors).

## Relicensing proprietary/unlicensed code

Projects without any sort of license are automatically considered proprietary, as the original owner(s) automatically
get the copyright to what they wrote and they didn't give out the rights to use this code to anyone via a license.

### Intentionally proprietary

If you're dealing with a source-available code-base without a license, and you'd like to use some of it's code in your
own project, or to fork it and license under some open-source license, the only choice you have is to contact the
author, and get their permission to do so (often by paying the author to get it).

This is a pretty common thing for companies, who write code for clients, who only have usage rights, but not
modification rights. So when the client wants to migrate to another company, they'd need to start over, or purchase the
rights to modification.

### Unintentionally proprietary

In a lot of cases, the lack of license actually wasn't intentional, and the author actually intended for their code to
be open-sourced, but they just weren't aware that to do so, they need to add a license.

What's even worse is when someone actually makes a contribution to this kind of project, and the author accepts it. The
thing is, that contributor was never authorized to even make a contribution, as it's a modification of the code-base,
which the copyright prohibits by default. But the contributor didn't realize that, and neither did the author, so now,
that code-base contains proprietary code hunks, some owned by the original author, and some by the contributor.

This is incredibly problematic, as it means even the original author now doesn't have the rights to edit the code
written by that contributor, in their own project. They pretty much just legally locked themselves out of access to
their own project.

The simplest thing the author could do now is to just revert this change, add a license, and ask the contributor to
make another PR, offering the code under that new license. (You could also get the contributor to sign a CLA, which
will give you rights to their code that they've already submitted, but this leads to the same issues as in the
copy-left relicensing case, and getting people to sign something is much harder than to have them just redo the PR).

That said, this process gets exponentially more difficult with the number of contributors, as the amount of reverts to
be done might get really high, to the point where you can't reasonably do it without going back to a really old
version entirely, when all of the code was written only by you.

In that case, you should do your best to contact the contributors and get the appropriate permissions, but if you can't
do so, either revert and rewrite any code that isn't yours, or if that's not viable, just delete the project entirely
to avoid getting into legal trouble.
Rewrite software-licensing & publish pending posts 2023-12-09 23:55:16 +00:00			`---`
			`title: Changing a software license`
			`date: 2023-10-12`
			`tags: [programming, licensing]`
			`changelog:`
			`2023-12-10:`
			`- "Publishing this post (was written earlier, but it was waiting for other posts that it refers to)"`
			`---`

			`Figuring out how to properly and legally change the software license of your project can be a difficult task, and yet`
			`it's incredibly important that you do this right, as you might run into some legal issues otherwise, which I'm sure`
			`you'd like to avoid. For that reason, I wanted to write something explaining this process in detail, and demystify it a`
			`bit.`

			`{{< notice note >}}`
			`This article assumes that you already know the basics of how software licensing works, and that you're familiar with`
			`the different types of licenses (permissive, (weak and strong) copy-left, public domain). If you aren't sure you're`
			`familiar enough with these topics, I'd strongly advice you to learn read about these before going through this article,`
			`as you will likely not end up understanding a lot of what I'm talking about here.`

			`But don't worry, I actually have an article explaining these basics right here, [check it out!]({{< ref`
			`"posts/software-licenses" >}}).`
			`{{< /notice >}}`

			`{{< notice warning >}}`
			`Even though I did a lot of research into software licenses, it is important to mention that I'm not a licensed lawyer,`
			`and this is not legal advice. Ideally, you should consult a lawyer if you need to get the licensing right. This article`
			`is here purely to give you a general understanding of how the relicensing process works in various cases.`
			`{{< /notice >}}`

			`## Licenses stick around`

			`So you've decided that you want to relicense some of your projects (or add a license to previously unlicensed`
			`projects), good! There is however an important consideration that you should be aware of when doing this.`

			`In most cases, if your code already had some kind of license, it is very likely that that license will remain in effect`
			`even after the relicense. This is because most open-source licenses will give out "perpetual" and "irrevocable" rights`
			`to the code licensed under them.`

			`By relicensing your code, all you're doing is adding yet another license in combination with that original one to all`
			`of your existing code. This will then mean that the code you had will now be available under either the terms of the`
			`original license, or the terms of the new one, and anyone who'd like to use your code will be able to pick whichever of`
			`those 2 licenses that they prefer.`

			`So, while you can remove the first license from the repository, the code that was originally licensed under it will`
			`remain available under those terms. That said, any new code you write after the removal of the first license will then`
			`only be available under the new license.`

			`This is why it's very important to really think about which license you want to use before publishing your code under`
			`it, as otherwise, you risk making your code available to anyone under very permissive terms, which you may end up`
			`regretting in the future.`

			`## Relicensing public domain code`

			`This is certainly the easiest of the cases. If you want to add a license to any code attributed to the public domain,`
			`you can do so without any worries about legal issues, as this code's license doesn't impose requirements on you, and`
			`simply gives anyone rights to do essentially anything with that code.`

			`## Relicensing permissive code`

			`Using permissively licensed code under a different license is still pretty easy, as that is their intention. That said,`
			`this time there will be at least some requirements for you to meet.`

			`Generally these will just be simple things such as having to mention the original source, state changes, a clause`
			`preventing you from making software patents of this code, etc. These requirements will differ from license to license`
			`so you should understand them first before trying to use such code, however the relicensing process here will generally`
			`still pretty straightforward.`

			`## Relicensing copy-left code`

			`This case however won't be as easy. The whole point of copy-left licenses is to ensure that the code will stay open,`
			`and to guarantee this, they're designed to prevent most sublicensing. That said, they don't necessarily prevent all`
			`sublicensing, as you'll see in the following section:`

			`### Compatible licenses`

			`All copyleft licenses will by design have to prevent you from removing (freeing up) restrictions in the license, at`
			`least to some extent, otherwise they wouldn't be copy-left (they'd be permissive). Copy-left licenses then also prevent`
			`imposing further restrictions on the freedoms these licenses do give out, because without that, one could for example`
			`relicense the project under a technically copy-left license, but one that only allows a single person/entity to use`
			`this code, essentially making it proprietary. Once again, there may be some leeway here, and perhaps some additional`
			`restrictions can be imposed, but it's generally not going to be much, and in most cases, this leeway is essentially`
			`non-existent.`

			`This means that even though in some (rare) cases, you might actually be able to find a compatible license that you`
			`could relicense to without any issues, this license will then likely be almost the same, often making this transition`
			`pretty much useless.`

			`That said, a copy-left license can contain a list of some specific licenses, to which relicensing is explicitly`
			`allowed, even though they otherwise wouldn't be compatible. This is mostly done just to allow updating this license,`
			`such as for going from GPL version 2 to GPL version 3.`

			`In many cases, these licenses provide a version without this clause, for people who consider it potentially dangerous`
			though (for example with GPL v2, these versions are often called `GPL-2.0-or-later` vs `GPL-2.0`). It's very rare for
			`this clause to allow completely different licenses though, and generally it will really only be for this "upgrade" use`
			`(downgrading usually isn't possible either, so once you update, you can't go back).`

			`### Incompatible licenses with full code ownership`

			`As you see, it's very unlikely that if you'd want to relicense, you'll be able to do so simply, by just moving to a`
			`compatible license. This therefore brings us to moving to incompatible licenses, and doing this can be incredibly hard.`

			`However there is a simple case here, for when you own all of the code in the project yourself. In this case, as a`
			`copyright holder, it doesn't really matter what the license says, you own the full rights to your code. The license is`
			`just a way to give out some of those rights to others. You, as the owner, don't need to follow it though, and that`
			`means it's literally as simple as deleting the old license, and putting in a new one.`

			`### Incompatible licenses without code ownership`

			`The real issue only arises when you're trying to relicense a project that actually has some contributions from others,`
			`and you don't have the rights to relicense their code. This is because when they made their contribution, they`
			`submitted it to your project only under that original copy-left license.`

			`At that point, you don't really have that many options. The simplest one is to just rewrite the code that you don't`
			`own, so that you will then have the copyright over all of the code. Once 100% of the codebase is owned by you, you can`
			`relicense, as we're essentially just back to the first case. Obviously though, this might be a huge task for bigger`
			`projects, and it might simply be infeasible to rewrite that much.`

			`The other option is to get permission from the original contributors, allowing you to relicense their code. This works`
			`because you don't actually need to follow the original license, if you have some other agreement with the contributor,`
			`that allows you to use the code in a less restricted way. (This is pretty much also why the first case, where you own`
			`100% of the code is so easy.)`

			`The issue with this one is also pretty obvious though, as not only do you need to find a way to contact the`
			`contributors, you also need them to actually agree to this license change. Contacting contributors alone can be a very`
			`difficult, and perhaps even impossible. Many contributors use no-reply emails from GitHub/GitLab in their commits, and`
			`their accounts don't list any way to get in touch with them. Even if you can find the email, they might not be using it`
			`anymore, or simply choose to not reply. But it gets even worse! It's possible that the contributor has died, in which`
			`case their copyright got transferred to their relatives, or to the state, and you'd need to obtain permission from`
			`them instead.`

			`Let's say you were able to contact the contributor though, now you'll need them to agree to give you the rights that`
			`allow you to use their code in a different way, than that which they originally agreed to. This is no easy task,`
			`especially when the contributor wants their code to stay open, and they just aren't comfortable with the change you're`
			`trying to make. In many cases, when companies attempt this, they end up convincing people by offering to pay for these`
			`rights.`

			`But even with contributors that wouldn't mind giving you those rights, you will still need them to sign a document`
			`(usually this will be a [CLA]({{< ref "posts/licensing-documents" >}})) confirming that they're granting you these`
			`rights, and generally, people just don't like signing things like that, even if the wording isn't that difficult to`
			`understand. In some cases, it is even possible that the code in your project was written by someone that is too young`
			`to be able to legally sign such a document, in which case, you would need to get their parents/guardians to do so`
			`(you'd be surprised just how many open-source developers are minors).`

			`## Relicensing proprietary/unlicensed code`

			`Projects without any sort of license are automatically considered proprietary, as the original owner(s) automatically`
			`get the copyright to what they wrote and they didn't give out the rights to use this code to anyone via a license.`

			`### Intentionally proprietary`

			`If you're dealing with a source-available code-base without a license, and you'd like to use some of it's code in your`
			`own project, or to fork it and license under some open-source license, the only choice you have is to contact the`
			`author, and get their permission to do so (often by paying the author to get it).`

			`This is a pretty common thing for companies, who write code for clients, who only have usage rights, but not`
			`modification rights. So when the client wants to migrate to another company, they'd need to start over, or purchase the`
			`rights to modification.`

			`### Unintentionally proprietary`

Fix typo 2023-12-13 13:57:58 +00:00			`In a lot of cases, the lack of license actually wasn't intentional, and the author actually intended for their code to`
			`be open-sourced, but they just weren't aware that to do so, they need to add a license.`
Rewrite software-licensing & publish pending posts 2023-12-09 23:55:16 +00:00
			`What's even worse is when someone actually makes a contribution to this kind of project, and the author accepts it. The`
			`thing is, that contributor was never authorized to even make a contribution, as it's a modification of the code-base,`
			`which the copyright prohibits by default. But the contributor didn't realize that, and neither did the author, so now,`
			`that code-base contains proprietary code hunks, some owned by the original author, and some by the contributor.`

			`This is incredibly problematic, as it means even the original author now doesn't have the rights to edit the code`
			`written by that contributor, in their own project. They pretty much just legally locked themselves out of access to`
			`their own project.`

			`The simplest thing the author could do now is to just revert this change, add a license, and ask the contributor to`
			`make another PR, offering the code under that new license. (You could also get the contributor to sign a CLA, which`
			`will give you rights to their code that they've already submitted, but this leads to the same issues as in the`
			`copy-left relicensing case, and getting people to sign something is much harder than to have them just redo the PR).`

			`That said, this process gets exponentially more difficult with the number of contributors, as the amount of reverts to`
			`be done might get really high, to the point where you can't reasonably do it without going back to a really old`
			`version entirely, when all of the code was written only by you.`

			`In that case, you should do your best to contact the contributors and get the appropriate permissions, but if you can't`
			`do so, either revert and rewrite any code that isn't yours, or if that's not viable, just delete the project entirely`
			`to avoid getting into legal trouble.`