Add post about software licenses

This commit is contained in:
ItsDrike 2022-01-24 00:50:21 +01:00
parent 9083668838
commit b213a68787
No known key found for this signature in database
GPG key ID: FB8CA11A2CF3A843

View file

@ -0,0 +1,505 @@
---
title: Software Licenses
date: 2022-01-23
tags: [programming]
---
I wanted to talk a bit about what are software licenses, what different types of these licenses are there and why are
they really important to know about and to know which one you like the most. Not choosing a proper license for your
projects may lead to your code being used by others in ways you don't like and depending on the license you chose, you
may not even have a way to really do anything about it. It is also important so that you personally won't misuse any
code. Stealing code is illegal and you may get in trouble for it, so it is always good to know what you can and can't
do with the code of others.
## Why are licenses important
Whenever you publish essentially anything, not just source code, you automatically gain copyright over that content (at
least in most countries, there are some which don't really respect the copyright law, but that's very rare). This
copyright imposes pretty big legal restrictions on that content. Essentially, this means that even though you may have
decided to publish your code on a website like GitLab or GitHub, you only made it "source-available", not
"open-sourced". This is because for a project to be considered open-sourced, it must meet some very specific criteria,
namely, it needs an open-source license. The reason we don't call source-available code open-source is because even
though the author of these projects as the copyright owner have published his work for anyone to look at, this doesn't
give others the legal permission to actually re-use this code or alter it in any way.
This means that everybody who would be interested in improving this code, or making derivative works from it would
actually be breaking this copyright law. Even if they made no changes to it, just creating a "fork" is already a
violation of this law. Think of it as if you were keeping a copy of some movie on your machine, or even hosted on the
internet somewhere without any permission from the company that made this movie. Obviously, you can't do that, it's
illegal, and so is doing the same with source-code without a license from the copyright owner that allows it.
Most people interested in making their source code available are actually also interested in getting others to use
their project in their own source-code perhaps integrated as a library, or in any other way, and more importantly, they
are looking for others to help them with their projects and contribute to them to make these projects better for
everyone. This is precisely what an open-source license allows. There's countless amount of these licenses, and many of
them are written by individuals without any legal knowledge, which may be dangerous. For that reason, the Free Software
Foundation (FSF) has a curated list of [FSF approved
licenses](https://software.fandom.com/wiki/List:FSF_approved_software_licenses) out of which all of them are guaranteed
by the FSF to legally make sense and to indeed allow this source code sharing, so you should really only pick one of
these licenses unless you have a good lawyer who can confirm that the license you decided to use, even though it wasn't
on this list does make legal sense and is legally enforcible.
But there are many types of licenses that allow others to use your code with different kinds of permissions and
restrictions imposed on them while using this code, most commonly for example the need to mention the usage of the
original project in a derivative work.
## License types
Learning about different licenses may be a bit confusing at first, and I would always suggest to do your own research
as I am not a lawyer and I do not offer any legal advice here. All I will do is try to explain the basic categories of
the open-source licences and explain what these categories represent, but once again, don't just blindly trust some
random guy on the internet, do your own research before picking a license and ensure it will really be exactly what you
want it to be.
### Copy-Left licenses
These licenses allow others to use your code, whether it means building a derivative project that can do certain things
differently from your original code, but still uses a lot of the original code-base, or just utilizing a few snippets
of your code-base for example just a single function, or even just using this project as a library, being integrated in
some bigger scoped project which needs the logic of your project internally.
But the main point of this type of licenses is that they require all projects using work that's licensed under them to
also use that same copy-left license. This is called propagating a copy-left. This basically means that if some other
project would like to include some part of your code into their code-base, no matter how big the part is, or if it's
the whole project, used as a library, they would need to license their code under the same license that your original
code code has, or at least a compatible license (propagate the copy-left).
This is a way to enforce that your code will always stay under the same licensing terms and every other project using
it will need to be open-sourced along with your code. If any other project contains any parts from copy-left licensed
project(s) without itself being copy-left licensed, it is in violation in this license causing it to no longer apply.
But this license was the only thing giving that project a legal right to use code of some other copyrighted code,
without it, that project is now using copyrighted code without permission, making it violate the copyright law and any
of the copyright holders who had their code used by this other project without following the terms of this license can
sue the authors of such project.
This behavior of copy-left licenses propagating themselves and prohibiting being licensed under any other
(non-compatible) license is called forbidding sublicensing. Some copy-left licenses do actually allow you to change the
license, but only to a selection of a few other copy-left licenses with similar terms, even though they wouldn't
necessarily be "compatible" licenses legally, as they may enforce different set of rules, they can still include a
clause allowing for such sublicensing. This is often done to allow for easily updating the license to a new version of
it. As without a clause like that, changing licenses may get tricky, I will talk about this in another section later as
it is pretty involved process. However be careful with this as even though one license may have a clause allowing you
to sublicense your content under another, that other license may not have the same clause allowing you to go back.
Usually, if your project is compilable into a single executable file (or multiple of them) copy-left licenses often
also require shipping the license and the entire source-code (or at least the parts covered by this license), or at
least a link to a website on which this source-code is hosted along with that executable. This ensures that there is no
way the code could go closed-source, because it can't even be shipped without the source-code.
Note that they don't however usually forbid the software from being commercialized and sold for a profit, but whenever
someone would decide to buy this software, they would receive it along with it's source-code and the copy-left license,
and after that they could simply make their own derivative works and distribute those for free if they wanted to, since
the license allows that. This makes it really easy for anyone to just buy the software and then distribute the exact
same copy of that source-code for free to anyone, making it mostly pointless to even sell it in the first place,
however it is important to mention that it's possible nevertheless.
What's perhaps a bit unintuitive though is the fact that it actually is possible for a copy-left licensed software to
be kept private for example just to a company that's using that software internally. However keeping it private is
quite difficult as by being copy-left, the source code and the license will have to be shipped with the executable,
even internally. This means that any employee could just take a look at that source code and decide to publish it as
the license allows them to do that. Though there are some licenses which actually prohibit even something like this,
but because of that, these licenses can end up being really hard to follow.
There can be many little caveats to these licenses and you should always make sure you understand what that license is
allowing/denying before you decide to use them.
The most popular copy-left license is the GNU General Public License version 3 (GPL v3), but also the version 2.
Another a bit less commonly used is the Mozilla Public License (MPL).
### Permissive licenses
Similarly to copy-left licenses, this type of licenses allows usage of the original code in almost any way
(derivatives, using small chunks, using code as library, ...), however unlike licenses in the copy-left category,
permissive licenses do allow almost any form of sublicensing. While there can be some licenses which are still
considered permissive even though they forbid sublicensing to certain kind of licenses, this is pretty rare and can
only go so far. Licenses that do this may be considered permissive, but they're usually refused to be accepted as "free
software licenses" because of these restrictions which may limit the freedom of others to truly use and do whatever
they may want to with that software.
This said, even though sublicensing may be allowed, it doesn't mean there aren't any conditions which may need to be
met before the code can be sublicensed. Most notably the requirement to mention the original copyright holder(s) and
perhaps to ensure the original author won't be held liable for any issues with the source or clauses which can forbid
things like patenting.
This means that permissive licenses give others a lot more freedom because they allow changing the license of a project
that's using parts of your code, but this means that anybody could simply take your entire project, change it a bit and
close-source it, while just respecting the terms of your license (most likely just being the original author mention),
after that the person/company utilizing your code could easily release the product as a payed software without having
to show what the code is actually doing at all. This means they could improve the software a bit, add all kinds of
trackers constantly sending everything you do with their software to them and perhaps even some nefarious things such
as integrating a full-blown crypto-currency miner that's running in the background at all times while you're using this
project sending the mined profit to them. Things like these are unavoidable with a license allowing this much freedom,
and even though it may require that project to mention the source, this mention can easily be lost along with thousands
of other mentions because the project may rely on many other things too.
However the proponents of this license like this fact because even though it may mean their software will be used along
with these non-privacy respecting things added on top, at least it means that a big part of this new project is
open-sourced and it may even bring the companies/people using this open-sourced software to contribute back to it,
therefore helping it to grow and improve the features it supports. While they could do this on their own in their
versions of that software, they usually don't do that simply because it gives them more code to maintain, while
contributing it to an open-sourced project that they will then use will mean others will maintain that code for them,
whether that's other people, or even other companies following the same logic.
The most commonly used permissive licenses are the MIT License and the Apache 2.0 License. Another really popular
set of licenses are the BSD licenses, most notably the BSD 2-Clause license.
### Public domain licenses
There are also the so called "public domain licenses", which are actually technically a subtype of permissive licenses,
however when we talk about permissive licenses, we generally don't really refer to the public domain ones, even though
they technically meet the definition of a permissive license. This is why I separated this category since it's quite
different from the general permissive licenses.
Public domain licenses essentially strip the copyright away completely. This basically gives everybody the rights to do
pretty much anything with the code. They don't impose any extra restrictions (such as mentioning the original
source/author) and they obviously allow sublicensing.
Depending on the country you're in, these licenses may act a bit differently as not all countries allow "removing" the
copyright from your work, instead you can "assign" the copyright to the public domain on an equivalent of that in other
countries. This could basically mean that everyone is the copyright holder of said work giving everyone the rights to
do absolutely anything with that work as they're basically considered as the owners of that work.
The most notable public domain license is the "Unlicense" license.
### Strong and weak copy-left
These are subtypes of the wide copy-left licenses category. I didn't initially include it in the copy-left section
because it was already quite big and I wanted to just describe the category itself before getting to some specifics,
also I wanted to describe the permissive licenses before getting to the definition of this subcategory as it does rely
on this definition.
Basically, the "strength" of a copyleft license is determined by the extent of the license's provisions on the
different kinds of derivative works. This sounds complex, but the difference isn't actually that hard to understand.
Simply the "stronger" the copy-left license is, the less exceptions are there for a derivative work to not inherit that
copyleft and with it the requirement of propagating the license.
In other words, the "weak" copy-left licenses are those where there can are exceptions to inheriting a copy-left and
there can therefore be some derivative works made which won't actually fall under the copy-left guidelines of that
license. For these derivatives, the license actually becomes permissive and they can be sublicensed. As opposed to
"strong" copy-left licenses, which don't carry any exceptions like these and every single derivative work, no matter
how little of the original project's code was used, or in what manner it was used, will inherit the copy-left and will
be forced to license under the same (or compatible) copy-left license.
This makes weak copy-left licenses somewhat of a compromise between strong copy-left and permissive licenses where you
may want to allow sublicensing if a derivative meets some criteria (such as if someone just wants to use your work as a
library), in which case they could sublicense and use your code as if it were under a permissive license, but in other
cases (such as someone wanting to make a full-fledged alternative where they're going to be making changes to your code
and building on it) they will be required to inherit the copy-left and use the same license.
Another way a weak copy-left can behave is a file-based copyleft. This means that any file containing copy-left code
will inherit that copy-left and will therefore need to be licensed and distributed accordingly to the terms of that
license, however your derivative project may only include one file out of thousands in a codebase under this weak
copy-left license, this would mean instead of you having to license the entire project as copy-left, you'd only need to
license that file(s) in which that copy-left code is present, everything else can still stay permissive, or even closed
sourced in this project.
Do note that this could end up causing some legal "gray zones" when that copy-left license isn't clear about when the
copy-left should propagate, and when it can be permissive, and it is important to say that these weak copy-left
licenses weren't yet tested in court.
- The most commonly used weak copyleft licenses are the
- **Lesser General Public License (LGPL):** Libraries are treated permissively, major derivatives inherit copy-left
- **Mozilla Public License (MPL):** File-based copy-left that ensures all of the copy-left licensed parts remain
copy-left licensed, even though they could end up being a part of a proprietary closed-sourced project. It also
allows the project's contributors to terminate the license for their copyright code only (the code that was
contributed by this author under this license) by sending a written notice to the projects using this MPLed code,
but only to the parts of the MPLed code copyrighted by that author. This license treats files as the boundaries
between MPL-licensed and proprietary parts, meaning either all code in a file will be MPL licensed, or none of it
will. (i.e. using just a bit of MPLed code in a file makes the whole file fall under MPL).
- The most commonly used strong copyleft licenses are the
- **General Public license (GPL):** The license that defined copy-left
- **Affero General Public License (AGPL):** Extension of the GPL (an even stronger copy-left) that enforces source code
publishing even for a "service" use case (I won't get into details about that here, look it up if you're interested)
- **Sybase Open Watcom Public License:** One of the strongest copy-left licenses which prevents the "private usage"
loophole of the GPL (which allows source-code modification when you "deploy" the software for private use only,
even for testing while developing a project covered by this license.) and requires source code publishing in any
use-case. However this can be way too limiting and basically makes it really hard to even develop the software
covered by it because each time an executable is built, the srouce-code has to be made available, which lead to
FSF not accepting this license as "free software license". Therefore usage of it, while making the project
"open-sourced", does not make the project a "free and open-sourced" project.
- **Design Science License:** The interesting thing about this license is that it can apply to any work, not just
software/documentation, but also literature, artworks, music, ... (however it became irrelevant after the creation
of "creative commons" licenses.)
## How are these licenses enforced
It is important to understand how exactly the open-source licenses actually work. How does simply having a text file
with some legal gibberish allow others to use that project and contribute to it?
Essentially, these licenses extend the copyright of the person who submitted some code under that license. By doing so,
they and allow using of said code in other places, it's modifications, and other things, depending on the actual
license. But that license is usually the only thing that give others the right to use that code in these ways.
These licenses are therefore able to enforce themselves, because the moment you violate the terms of that license, it
no longer applies to you. At that point, you still have the copyright law to consider. It's entirely possible that you
could've had a permission from the original author to use the code in the way you did, even if it isn't following that
project's license. This is because that person explicitly gave you some rights to do certain things with their
copyrighted work, so basically, they extended their copyright of that work to give you some additional rights. But if
this agreement also didn't happen and you were in violation of the main license, you don't have any other legal
permission allowing you to use the copyrighted work, which puts you in violation of the copyright law.
Whenever you're in such copyright law violation, the significance of such violation will depend on where you live. Some
countries don't even respect the copyright law, allowing you to use whatever code you want as there's no law to violate
if your country doesn't actually have the copyright law at all, however most developed countries do respect copyright.
If you live in one of those countries, you'll just need to learn how they handle copyright violations. It may be the
case that before any legal case can be made, the author must send you a copyright violation letter (so called: ciese
and desist). However if your country doesn't require that, you may simply find yourself facing a lawsuit for copyright
infringement without any prior warning.
As you can see, you can't actually "violate" an open-source license, rather if you do not meet the conditions of said
license, then the license doesn't apply to you and you do not acquire the permissions granted by it. Unless you've
acquired these permissions by some other means, you are violating copyright, but you aren't violating the actual
open-source license as it isn't a license that you've signed or anything like that, it's just something giving you the
possibility to use that work, if you follow it. That said though, in practice you often hear about a license being
"violated", but what's really meant by that, in fact what they mean is that since you didn't meet the conditions of
that license, you're violating copyright.
So remember, a software license can only ever give the recipient of the creative works additional rights, it can never
takes away rights.
## Picking your license
While you aren't required to add a license of any kind to any of your source-available projects, it's a bit weird to
have a project's source code available without any license giving others rights to actually improve it and use it. At
the moment, all of the contributors to such projects are actually breaking the copyright law which isn't ideal (unless
they live in a country which doesn't respect copyright, but again, that's very rare). Even though I'm sure most people
with projects like these don't actually have the intention to sue it's contributors, authors of these projects
technically could. That's a bit unexpected for the contributors and it could make contributing to projects like these a
bit scary, and it would certainly discourage many people from not just contributing, but possible also using this
project.
**Some great websites:**
- There is a [page from GitHub](https://choosealicense.com/) that may help you pick the correct license for your
project.
- Another website to help you pick a license is the [license picker from heathermeeker](https://heathermeeker.com/open-source-license-picker/).
- You can also check out a post in the GitHub docs about licensing projects
[here](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository)
- Yet another wonderful site you should check out is <https://tldrlegal.com>, which can quickly show you the details about
what a given license requires from others when they use your code, and what rights it gives them.
## Limitations
Before picking your license, you should be aware of the limitations it may create for your project. While you can
obviously pick any license for your projects whatsoever (including no license at all), if you pick a permissive
license, you immediately loose the right to use any copy-left licensed code (unless it's a weak copy-left and you're in
the exception). It is therefore very important to know your dependencies and the licenses of the code you're using in
your codebase directly.
You as the author of that project still need to follow the licenses of the other projects you're using in your project.
Even with permissive licenses, there may be certain terms you need to follow in order to meet the conditions of that
license and be allowed to use the code from that project. Most commonly this will be the requirement to mention the
usage of said code/mention it's copyright holder/mention the original source repository/... In vast majority of cases,
if you're using a packaging system (such as pip for python, npm for node, cargo for rust, ...) these will create
dependency listings, which will often fulfill the requirement and it's possible to get it's source url because of that
package manager. Luckily, most libraries are generously licensed under weak copy-left or permissive licenses, and they
don't really have any other terms that would make things more complicated apart from just a simple mention, even if
that's just done by the package manager in the project's dependencies. However it may not always be the case, and for
those cases, you may need to do something special apart from/other than just a mention like this to fulfill that
license, and if you aren't willing to do that, you simply can't use that project.
Even if you're licensed under a copy-left license and you're using some copy-left repositories code licensed under the
exact same license, just sharing the license may not be enough to fulfill it's terms, in fact in most of the cases it
won't be. You will often need to mention the original source (again, if it's a dependency, a simple listing may be
enough for this), not make any software patents with that license, not use the project's trademark, state the changes
from the original project, etc. So no matter if your licenses are permissive or copy-left, there may be other terms and
you need to make sure they're followed, otherwise you may be violating that license.
If you wanted to, or if the license of a project you're using requires it, you may want to make a file that
explicitly mentions which parts of your codebase aren't actually licensed under the main license but instead belong to
someone else and are licensed differently. You'll often want to include full text of that other license and then below
(or above) the copyright holders/links to original sources/other stuff which said license requires. This can make it a
lot easier to keep track of which parts of your code-base aren't actually covered by your main license, but are instead
using some other license. It can also keep you from making mistakes if you wanted to change a license as you'll
immediately see if you have some code that isn't compatible with some new license you'd like to relicense to (more in
the changing license category).
## Changing the license
If you initially licensed your code under a certain license, and after reading this (or really for any reason and at
any point) you decided you want to change that license, you may run into some problems.
### The easy part
If nobody else owns the copyright to your code and you don't have any internally used incompatible code with the new
license (copy-left dependency or code), you can relicense, your code is yours to do whatever you like with. But once
other contributors are added to the equation, things get a lot more complicated. If that's the case, follow the messy
part below.
If your code was initially licensed under a permissive license, you're usually fine as you can sublicense because of
that permissive license, no matter if the next license is going to also be permissive, or if it will now be copy-left,
or even a proprietary license. Of course the licenses of all of your dependencies are most likely also permissive if
your main license is permissive so they should also be compatible, but again, permissive licenses may have some
exceptions to relicensing and while this is pretty much never the case with FSF approved ones, you should always make
sure.
### The messy part
However if you've licensed under copy-left, you will more work to do. First of all, check if you have some copy-left
licensed dependencies/parts included in your codebase, and if you do, ensure all of them will be compatible with this
new license (most likely they won't be as just a slight change to a copy-left license usually means it's no longer
compatible, but there may be some compatibility clauses in your license allowing this). Note that even if the license
you're switching to is compatible with your main project's license, it doesn't necessarily means it's also compatible
with the copy-left dependencies, since they could've only been compatible with your current (old) license because of
some compatibility clauses, which however don't also extend to your new license, even though your current license has a
compatibility clause with it. This can sometimes get really complicated, however luckily most people usually stick to
only a few common copy-left licenses and compatibility questions about them were already answered, just look them up.
If some of your dependencies aren't compatible though, you'll need to remove them dependencies and use something else,
or write it yourself. Otherwise, the next step will be to check if your main project's license is compatible with the
new one, if it is, it is completely safe to change the license, just like it would be with a permissive licensed
project.
However, if the main license isn't compatible, which will basically always happen if you're going from copy-left to
permissive, but often also if you're just going to different copy-left license without an explicit compatibility
clause, you will face some issues. If you are the sole copyright owner and all of the dependencies/code parts are
compatible, you can just switch as an owner of that code, but that's probably not the case since you'd have stopped
reading as I've already said that. So the other option is that you have some other contributors, which hold the
copyright to certain parts of your project. Each line of code added by someone else will mean the copyright will belong
to them (unless it's explicitly stated otherwise) and you can't simply change the license as these other copyright
holders originally submitted their code under the terms of the main project's license, which didn't allow you to change
it.
Don't worry though, there is a way around that, but it's not particularly easy to achieve. Your next step now will be
to find a legal way to still change the license, which is only achievable in 2 ways. First way is to just remove all
of the code by any other contributors, which will most likely mean you'll need to rewrite a lot of the project yourself
without using any of the code from those contributors, or you'll need to get their written consent that allows you to
sublicense. This can be done by either them assigning you their copyright to that code, or by giving you a one-time
consent to just relicense to certain license you asked for. This won't be easy as you'll need to find out some way to
contact all of these contributors, and even if you can achieve that, getting their written consent to relicense won't
be very easy.
This is why in most realistic scenarios, if you will be relicensing with a lot of contributors, you'll end up having to
go with a mixture of those two options and rewrite the code of the people you weren't able to reach/didn't give you the
consent to relicense, and use the written consent of the rest.
It's probably clear by now that changing a license of a copy-left licensed work is really hard, but that's very much
intentional, after all copy-left is here to prevent license changes unless the contributors agreed to it, either via a
clause in that license directly stating that it allows sublicensing to some other license (usually next version of
itself), or via an explicit permission from said contributor.
## Common legal documents about licensing
In many projects you'll find out that before you're allowed to contribute something to an open-sourced, you'll be
required to sign a document stating certain things. This is mostly the case of contributing to projects maintained by
big companies, but what are these documents for, and should you be signing them?
### Contributor's license agreement
Following the relicensing category, it should be clear that any copy-left licensed project wishing to relicense won't
have it easy and it may take years to gather the consents of all of the contributors to actually achieve that
relicensing. Because of this, many companies chose to instead just get this consent beforehand, with what's called a
["CLA"](https://en.wikipedia.org/wiki/Contributor_License_Agreement), which is a short for "Contributor's License
Agreement".
CLA is a legal document that each contributor is required to sign before the company will allow any code from said
contributor to get into their (usually copy-left licensed) codebase. This agreement states that all code contributed by
the person who signed it will have it's copyright transferred over to that company. Making this company the single
copyright owner and therefore making it really easy for them to change the project's license if the current license
became inadequate.
But know that signing an agreement like this is very dangerous if you care about that code staying open-sourced. The
copy-left licenses are great because they're enforced by the combination of various small copyrights present in that
codebase, but the holders of these copyright each agreed to distribute their work, so long as the conditions of given
copy-left license will be followed. But when there is a single owner of the entire project, as I said before, it's
their work, they can relicense under anything they want. This includes closing down the project and licensing under a
proprietary license, and you as a contributor, even if you wrote over 50% of that code, because you've assigned your
copyright to that company, won't be able to do absolutely anything about this relicensing.
This is why if you're going to be signing a CLA, you should at least make sure that they include a "transfer
back/nullation" clause that doesn't allow them to relicense the code under any closed source proprietary license, so
you at least make sure the code-base will always end up being open-sourced, even though it may not end up being under
the same license. These nullation clauses can be as specific as desired and can even enforce staying on copy-left
licenses, or staying on some specific type of open-sourced licenses. But most companies wont' actually include clauses
like these in their CLAs and while you can ask them to include it, you most likely won't have much success with that
and instead your contributions will just be declined.
So just be aware what signing a CLA really means and that after you do so, you've given that company the rights to do
absolutely anything with your code, no matter the initial license that code was released under.
This is also why it is very common for employees to have a clause in their contract that states that all of the work
they do while inside of that building, or while using the companies computers, or while contributing to company-owned
source code, by signing it you as an owner of whatever creative work you create that meets these criteria sign over the
copyright you automatically gained as it's owner to that company, therefore giving them the rights to be the sole
owners of all of the source-code (and other things) maintained by them even though it wasn't written by them. This is
basically a CLA, except it's usually way more involved, i.e. not just including the work you submit to companies
projects, but also personal work, if you worked on it on their machines/in their building/... This is often the reason
why many people who developed their own projects which grew a bit bigger got legally transferred over to some company
they once worked in, just because they wrote even just a single line of that project on that companies computer,
immediately giving your copyright to that project over to that company. So be careful to inspect the terms of your
contract when getting a job as a programmer, and make sure if you're working on some personal project to not do so
while on the job.
### Developer Certificate of Origin
A ["DCO"](https://en.wikipedia.org/wiki/Developer_Certificate_of_Origin), or Developer Certificate of Origin is a legal
document that deals with ensuring that all of the code you submit to some codebase is indeed owned by you, or you have
a legal right to use it and contribute it to that codebase. It also requires you to have the right to assign this
contributed work to the license of that project, which extends the copyright of that code accordingly to the terms of
that license.
This kind of document is pretty important because without it, it would be the owners of that repository who would face
legal issues if their project contained some code it wasn't allowed to use and especially for bigger projects, but for
smaller ones too, it can be very difficult to verify that the code a contributor wants to add is actually their code to
begin with. Making all contributors sign this document before allowing them to contribute to the repository is a way to
ensure that the project's maintainers won't be the ones facing the legal issues for having code that they didn't have
right to use in their project, but instead it will be the person who contributed it who will be held liable. Of course,
this code will still be required to be removed from this project, even though it wasn't the fault of the maintainers
that it got included, but at least they won't be facing any fines or things like that and instead it will be the
contributor facing these.
This solution isn't full-proof and the project maintainers may still be the ones held liable even though a DCO was in
place, however it will at least mean that the maintainers themselves can then hold the contributor liable which usually
does a good enough job of scaring anyone who'd want to add a code they don't have the rights to into a codebase as
they'll now know that they could be facing lawsuits after doing so.
I think it makes sense for projects to include this document and you generally shouldn't be afraid to sign it (so long
as you're not submitting any stolen code, which you really shouldn't be doing even if there isn't a DCO in place). It
gives the maintainers at least some level of certainty that the submitted code isn't stolen and unlike a CLA, it
doesn't really do anything with your copyright rights to that project, it just confirms that you do in fact hold them.
## My personal preference
In my opinion, to truly support open-source as much as possible, I try to stick with copy-left licenses, because it
prevents my code from ever becoming proprietary as anyone wanting to use my copy-left licensed code will need to
distribute it's source-code along with the executable and they will need to follow the exact terms of the license which
I've picked.
In most cases, I go with strong copy-left, specifically with the simple GPL v3 license, as it meets all of the things
I'd want from a license, however when I'm making libraries which I know many people may end up using, I don't want to
discourage that usage by propagating the copy-left and requiring these projects to also use GPL as many people don't
like licensing their code under something copy-left, so I use weak copy-left there, specifically LGPL. Although to
truly support open-source, it can sometimes make sense to use strong copy-left even on libraries, as it forces everyone
using it to also keep their project open, and therefore this could really help grow the open-source community even
more. Also, do keep in mind that LGPLed code isn't GPL compatible and therefore if you do make an LGPLed library, you
won't be able to use any GPLed code/library in it!
Another great license to consider is the Mozilla Public License which came up with the very interesting file-based
copy-left propagation and therefore enforces all of your code to always stay open, even if it lives in an otherwise
proprietary codebase. I also find the clause allowing individual copyright holders being able to withdraw all code
covered by their copyright licensed under MPL from a given code-base simply by sending a written notice to do so really
interesting, however it could also be somewhat risky, both for people deciding to use your MPL code in their codebase,
as that project could basically immediately be destroyed by someone owning the copyright to a lot of the code of that
project but also to your project specifically because of the same reason. If you have someone interested in your
project who has already contributed a lot of code into your codebase suddenly change their mind (perhaps because they
now want to make their own competing project, or really any other reason), suddenly you may be forced to take out all
of their code from the code-base of your own project, which is why I'm hesitant to use it in many places, however it
remains very interesting to me and I may change this opinion over time.
I'm generally against permissive licenses though as in my opinion, they well .. give out too many permissions. I get
the people who license their code under these licenses, interested in bigger companies using their code/libraries in
their projects and perhaps getting some contributions from these companies back into your codebase, improving your
project, I feel like it's too much of a threat to open-source. The thing is, if we didn't use any permissive licenses
and instead only used strong copy-left everywhere, these companies with their proprietary code-bases would either need
to write and maintain everything from scratch, which would be near impossible even for really big companies, or simply
be forced into also using these copy-left licenses and make their code open, which would be, at least in my opinion, a
really nice thing, as it would allow us to make derivatives of those works because of these freedom respecting
copy-left licenses, allowing us to make alternative versions to basically all software out there that's completely for
free and without any telemetry at all. Of course, this is quite unrealistic to actually happen anytime soon, but if you
think it's a nice idea, you can at least do a little bit by keeping your code copy-left licensed.
Then again, this is purely my stance on this and you should make up your own mind and decide what works best for you,
I'm not here to force my opinion on anyone, but I did want to express why I feel the way I feel about permissive
licenses and what I like using, in hopes that someone will perhaps not have considered these arguments and may be
persuaded to also use copy-left and expand the open-source community by it, but again, I wouldn't want to force that on
anyone, it's your work and you can license it any way you want.