back to article Study: Most projects on GitHub not open source licensed

Code-sharing website GitHub has grown so popular that it and open source are practically synonymous for many developers. But new research shows that most of the projects now on GitHub are released under license terms that are unclear, inconsistent, or nonexistent, leaving their legal status as open source software uncertain. …

COMMENTS

This topic is closed for new posts.
  1. Charles Manning

    Copyleft... bullshit

    Copyright is what gives GPL its teeth.

    Take away copyright and GPL would be unenforceable and would basically becomes more like BSD.

    MIT is an open source license, so is BSD. What really gets up my nose about FSF is that they feel entitled to redefine, and limit, the use terms like freedom.

    1. Anonymous Coward
      Anonymous Coward

      @Charles

      "What really gets up my nose about FSF is that they feel entitled to redefine, and limit, the use terms like freedom."

      Uhm, don't shoot the messenger ?

      The FSF only provides the means, its fully up to the author(s) themselves to use or ignore a certain license.

      1. JDX Gold badge

        Uhm, don't shoot the messenger ?

        Don't the FSF and other bodies attempt to push GPL as the "right license"? Or am I mixing FSF with Torvalds?

    2. vagabondo
      Headmaster

      Re: Copyleft... bullshit

      Take away copyright and everything becomes public domain, ergo no requirement for GPL or any other type of licence for creative works.

      1. Wize

        Re: Copyleft... bullshit

        "Take away copyright and everything becomes public domain, ergo no requirement for GPL or any other type of licence for creative works."

        So you want to work for free then? What is the point of writing any code if someone bigger is going to come along, take your code and sell it?

        1. Keep Refrigerated
          Holmes

          Re: Copyleft... bullshit

          So you want to work for free then? What is the point of writing any code if someone bigger is going to come along, take your code and sell it?

          This is a good question and I'm going to attempt to answer it...

          * If everything is public domain - people can take your code and sell it, but you can also take their code and

          a) sell it,

          b) use it,

          c) improve it,

          d) merge it back into your own source.

          * Even if they take your code and produce none of their own for you to take, users will tend to focus on brand and trust. You can trade on your

          a) brand - companies will come to you for original code.

          b) trust - people will prefer to get source from you direct (free and supported), rather than pay a reseller.

          And for those that still want to pay a reseller for your free public domain code, well they deserve to go bankrupt and probably soon would.

          1. Hein-Pieter van Braam
            FAIL

            Re: Copyleft... bullshit

            * If everything is public domain - people can take your code and sell it, but you can also take their code and

            Except that with the BSD-style licenses, and if everything was public domain there is no requirement for that code to be there for you to do those things with.

        2. Anonymous Coward
          Stop

          Re: Copyleft... bullshit

          > So you want to work for free then? What is the point of writing any code if someone bigger is going to come along, take your code and sell it?

          So what's wrong with that?

          Selling free code is not incompatible with the GPL in any sense and is part of the freedom granted by it.

          RMS is most emphatic about that.

          Free in this sense is not free as in $0, but free as in bird.

    3. tom dial Silver badge
      Linux

      Re: Copyleft... bullshit

      Read the license and its preamble. The GPL is concerned with freedom of those who acquire and use software and similar products, not yours, assuming you are a developer. Most other licences I have struggled through are concerned to ensure that those who buy and use software have as little freedom as possible, retaining as much as possible. I think it fairly clear which approach maximizes freedom.

      The argument for *GPL* is that maximizing global freedom also will maximize global utility. Economists may argue about that, but I rather suspect it is true on some definitions of utility. What it does not do is maximize the utility, defined generally as profit, of individual developers or their employers. That doesn't bother me a lot.

  2. Gagol
    Headmaster

    "I see so many companies where, when an unlicensed thing comes in, it gets deleted. And I just think that's a waste of effort from the open source community."

    When I volunteer time yo write code, I first and foremost want to help the community, not fatten the big cats by default.

    1. Destroy All Monsters Silver badge
      Facepalm

      Some dude in some company of unspecified sized that might find something useful? Fat Cat. Not "The Community".

      How's life in the nasty&ugly collectivist hippie commune today?

  3. Anonymous Coward
    Anonymous Coward

    @Article

    "People looked up to Linus and the Free Software Foundation and were following their example in how they were licensing their software...Indeed, Williamson's data bears that out. Of the 1.7 million GitHub projects he analyzed, the largest portion – 21 per cent – were written in JavaScript. Coming in second with 12 per cent was Ruby, a language most often associated with the Rails web framework. JavaScript developers, in particular, are prone to ignore software licensing concerns"

    Well because the "kids these days" are not following Linus and FSF, they are following Mark Zuckerberg with billion dollar dreams but have no money to host their own SCM servers. So the committers on github are not OSS proponents, they are wannab billionaires with no money to afford servers and lawyers. And hence they don't care about licenses (atleast not until they find some banker masquerading as VC/Angel).

  4. loopy lou

    And what's the problem?

    If you happen to use a publicly visible source code repository for a hobby project, it seems pretty sensible to leave license terms unclear. In the unlikely event someone is interested in your code, they get in touch and you can decide how to handle it.

    1. Ru

      Re: And what's the problem?

      I use my github account as a junk pile of sorts... all kinds of litter gets chucked on it without any expectation that it is anything other than fleeting use or interest to me. There's little point wedging license information at the top. There's a lot of this sort of stuff in public repositories, and checking it for licensing isn't really very productive.

      If I set out with the intention of making reuseable code, it gets a license header, but more out of habit than anything else. I don't care about pandering to businesses so much... plenty won't care about anything I ever publically release, because"we won't use anything we just find for free, because it might expose us to liability" (thankyou, US software patent law) and plenty more will just thin "we'll use anything we find regardless of license, because no-one will know we're using this stuff and even if they did we're far richer than they are" (thankyou, legal systems across the world).

  5. Anonymous Coward
    Anonymous Coward

    My license is "Do what the hell you want".

    I get requests, (and sometimes demands) from employees of large companies that I spend my time making a "proper" license file for them.

    Tough.

    I offer them a commercial license, for money. Very few (ie 1) have taken up the ($150) offer for a company wide, perpetual site license.

    "I see so many companies where, when an unlicensed thing comes in, it gets deleted. And I just think that's a waste of effort from the open source community."

    Not a problem from where I sit.

    I think it is more Darwinian evolution. Hopefully they just do that little bit extra harm to themselves.

    The efficiency of small companies (and the complete inability of big ones to innovate) is the basis of 90% of my families income.

  6. jtaylor

    No license = no permission

    I'm involved with an open source project (which happens to be hosted in github).

    We use the GPL. We respect others' licenses, and we hope that others respect ours.

    If you do not give us a license to your work, we cannot use it. If we use software without any license to do so, that's piracy. If we include unlicensed work in our project and release that under a license, that's fraud. Not only are those unethical, they could jeopardise our entire project.

    We have no money and no paid staff. We're not "fat cats." We're just honest.

    1. Anonymous Coward
      Anonymous Coward

      Re: No license = no permission

      If we use software without any license to do so, that's piracy.

      How so? If someone offers you software via download, and allows you to use that software, then you have an implied contract for the use of that software, and it's not piracy.

      Your *real* problem is that you use a viral contract whose sole purpose is to to restrict the freedoms of anyone you distribute your software to. Clearly, you're going to find it difficult to incorporate someone else's permissive software into this steaming edifice.

      1. Anonymous Coward
        FAIL

        Re: No license = no permission

        > then you have an implied contract for the use of that software, and it's not piracy.

        What is the legal status of this "implied contract"?

        Is that really a proper legal term or are you just making it up.

        "Offering" someone your software has no legal basis whatsoever unless you specify the terms officially of that offer.

        You can't take a verbal "offer" into court to defend yourself.

    2. Anonymous Coward
      Anonymous Coward

      Re: No license = no permission

      @jtaylor you can always ask for permission if you want to use some of the software from a project irrespective of what license is given, or indeed if there is no formal license attached to a project.

  7. jake Silver badge

    Unclear on the concept ...

    "One theory proffered was that the acceptance of licensing best practices among open source developers is changing simply because the community itself is changing. It's already dramatically different from how it was in its early days, when the open source community and the Linux community were practically synonymous."

    Uh ... Linux came about long after open source ... Anyone who thinks that "Linux" and "the open source community" are synonymous clearly doesn't have a clue.

    Linux is a later-day variation of open-source. And one I use. Daily. But it's still a bastard step-child of Minix.

    1. Phil O'Sophical Silver badge
      Thumb Up

      Re: Unclear on the concept ...

      Yes, "free" software has been around for years, since the days when user groups like DECUS made it easy to share anything people found handy for their PDP. Most manufacturers had some equivalent. The whole concept of "open source" really came about from Stallman & co's attempt to distinguish between the "free beer" and "free speech" aspects. GPL brought the lawyers in, and everything got needlessly complicated after that.

      I would say that most people who program for fun tend to go with the "whatever" model of licensing, with perhaps a few restrictions on use in nuclear/defence/pharma depending on the political leanings of the coder in question. I doubt if that has changed much over the past 50 years, it seems to be what the github survery is showing, anyway.

      The WTFPL is probably the simplest and most honest one around: http://www.wtfpl.net/about/

      1. Brewster's Angle Grinder Silver badge

        Re: Unclear on the concept ... @Phil

        The WTFPL is probably the simplest and most honest one around

        Or you could put it in the public domain, like the sqlite guys do. It doesn't seem to have harmed their cause.

  8. Charlie Clark Silver badge

    Move along, nothing to see here

    GitHub's position is absolutely right: if there is no licence file then all rights are reserved. That should be the end of it.

    Apart from that the dominance of the very liberal MIT and BSD licences indicate to me that those who do add a licence choose the least restrictive. Good, thought I suspect this reflects the underlying preponderance for "webby" projects if JS and Ruby are the top two languages.

    1. JDX Gold badge

      Re: Move along, nothing to see here

      Not everyone even intends to use GitHub for OS projects - many use it as a great tool for developing proprietary software. Although presumably they would not make their projects public... so maybe making your project public should have some automatic license - GPL or github's own license or something?

      1. Anonymous Coward
        Anonymous Coward

        Re: Move along, nothing to see here

        Best to leave as is with default of all rights reserved. Can you imagine the outcry if GPL was the default?

        1. Anonymous Coward
          Anonymous Coward

          Re: Move along, nothing to see here

          As long as the site's terms are clear on this point, then I don't see an issue.

          That default could be "public domain" or GPL or no license to use whatsoever.

      2. SecularVoice

        Re: Move along, nothing to see here

        "maybe making your project public should have some automatic license - GPL"

        Please for the love of God no. GPL is the deathknell license nobody wants around. Apache/BSD/MIT if you want open-source.

  9. jb99

    My projects

    I have a few projects on there, but they are mostly things like a theme for the phpbb website I use and some direct3d11 code I wanted to share with someone. In both cases I gave separate permissions to the people who needed the code to use it, and I seriously doubt there will be any other interest so it really doesn't matter.

    The source is visible on github not because I want to open source it but because I don't really care. If anyone asks me I'll happily give them permission to use it, if lots ask I'll create a proper license. But the default suits me just fine

  10. T. F. M. Reader

    All these licenses are free software licenses

    All the licenses in the bar chart in the article are free software licenses, and only the Eclipse license is not GPL-compatible, according to FSF (http://www.gnu.org/licenses/license-list.html) and, I presume, to Software Freedom Law Center.

    So it looks like the only problem is that lots of kids who put some JavaScript or whatever on GitHub have not taken a moment to even think of whether they need/want to consider the terms under which others are allowed to use their code (assuming anyone wants to)? Hey, it's the Facebook generation - most of them don't even consider the issue of their uploaded code being accessible to others, which is, I'd say, a prerequisite to considering a license.

    Those who do think of a license choose free software licenses - and GPL-compatible licenses - overwhelmingly, or so the research seems to indicate.

  11. JimC

    Whose Freedom... Payforward

    I think that's the point. GPL, and most especially GPL v3 is a license representing a highly politicised point of view concerned with Stallman et al's world view. It contains a lot that the creators see as vital freedoms for users, but at the price of heavily restricting what fellow developers can do with the code.

    In my case, when I release my pathetic little snippets of code on line, I use the very liberal University of Illinois/NCSA license which puts almost no restrictions on other developers. You see I believe in payforward. Most of what code I produce I can only produce because other developers have posted examples and snippets on line. I can't pay them back for what they've done for me, but I can payforward by making the code available to anyone else who's after examples, snippets, inspiration whatever. To be quite honest I'm not remotely interested in user freedoms, and all the Stallman political stuff: all I'm interested in is to put a little something back to try and balance what I've received.

    1. Charlie Clark Silver badge
      Thumb Up

      Re: Whose Freedom... Payforward

      Payforward and peer review. Always nice to be able to get even the occasional improvement on code and I know that I often browse other's code to see how a particular problem has been approached. I tend to do this less if there is a GPL attached.

      Forcing developers to make choices about licences forces them to think about politics. Something which is not top of anyone's mind when they are programming.

  12. rhdunn

    There are several things going on here:

    1. GitHub uses and encourages the use of the Jekyll static site generator. This is written in Ruby and any shared Jekyll plugins will be in Ruby as well.

    2. There are a lot of projects that are the code for various websites of the people/organisations running them. These tend to be liberally licensed (MIT, BSD, CC-BY, CC-BY-SA, Public Domain).

    3. The website projects tend to get detected as either JavaScript (if the site makes heavy use of JavaScript) or Ruby (if the site makes use of Jekyll plugins). Same with other HTML/text only projects -- GitHub detects these as JavaScript, Ruby, Python, Shell, etc.

    4. GitHub attracted the Ruby and Ruby on Rails communities, so there are proportionally more Ruby projects than others. Most of these tend to be licensed under liberal licenses (MIT, BSD, Public Domain).

    5. The website projects do not necessarily have an explicit LICENSE/COPYING file, but specify the license in either the README/README.md file or in a HTML footer or layout file that gets pulled into the pages when the site is generated by Jekyll. Or to put it another way, do any of the websites you visit have a COPYING/LICENSE file?

    6. Some projects have a LICENSE.txt or LICENSE-MIT/LICENSE-APACHE file. It is unclear if these were detected in the study.

    7. There are a lot of forks of various projects -- GitHub actively encourages this. It is unclear if the number of repositories examined were the primary repositories or if it also included forks.

    8. There are mirrors of other projects like Firefox and LLVM/Clang hosted on GitHub. It is unclear what proportion of projects this is from the study.

    It would also be useful to show the correlation of license types to languages used.

    Also, this is like studying the licenses on projects.apache.org and finding that there are no GPL/LGPL licensed projects.

  13. Another Justin

    GitHub is "project hosting" rather than "open source project hosting"

    Although I didn't do an exhaustive search, having done a basic run through of the homepage and sign-up process I couldn't find anything that suggested GitHub was exclusively for open source projects (although it did say "The world’s largest open source community").

    I suspect that a significant number of the repositories on GitHub are just "pet projects", a convenient place to put source code so that you can share it between multiple PCs and possible a couple of friends. Do these sorts of projects really need proper licensing?

  14. McBread
    Alien

    It makes sense for the important, signature projects to be under give-something-back style GPL licences. They're high value and value to many. You can maximise the total value by using this to really push the code ever forward and produce a quality program.

    But most projects are small-time niché works; they're never going to end up with any army of people/organisations contributing code, and nobody is ever going to enforce the terms of any licence. You might as well just throw it open to the world and see what may.

  15. Anonymous Coward
    Facepalm

    From a company perspective...

    Company lawyers get *very* twitchy when there is no licence attached to something you're using. At a previous employer, we had the inevitable exercise two builds or so before release where the lawyers would send around a sheet asking for confirmation that licences applicable to the previous release/project involving components from t'Interwebs were still applicable, and if any new components were added, what the licences for those were.

    If you didn't have a licence for it, you had to explain yourself, and it had to run the gauntlet of being discussed by the legal team. Even shared components from Microsoft etc had to be checked and the appropriate licences found, annotated and documented.

    It's all a risk-management exercise, especially with commercial software.

  16. Anonymous Coward
    Anonymous Coward

    Kids these days, they just don't care ?

    I wrote my first program 40 years ago and primarily see open source as a way for us developers to share, not as an excuse for lawyers to get involved or to promote some specific agenda. Naturally I therefore try to avoid the GPL where possible and use no license or as permissive a license as works.

    As someone else commented, if anyone wants to use the license-ambiguous code they can always email a request. This may be a problem for companies like google who want to use other peoples code for commercial gain without telling them and therefore prefer an explicit license but why should I care?

    Being no 'kid', I'd be interested to read why this attitude is seen as a "young developer" thing, and indeed whether this is actually the case.

    1. Dan 55 Silver badge

      Re: Kids these days, they just don't care ?

      Facebook generation - anything on the Internet is for public consumption, no strings attached. If you put it on the Internet you want it to be used by other people and likewise you'll copy and paste code code uploaded by other people.

  17. Brewster's Angle Grinder Silver badge
    Windows

    ESR revisted

    I'm paid to write code. But my employer ain't gonna pay to license yours without a major argument. If you put your code under the GPL or another copyleft licence, then I can't use it; I have to find an alternative or write something myself. This results in more shit code being deployed to the world (and robs your of any contributions I might have made).

  18. Anonymous Coward
    Anonymous Coward

    Pick the license that suits

    And if you want your project to be adopted far and wide, pick a permissive license. Not the GPL.

    Even Linux has said he wouldn't use the GPL today and refuse to move to the GPLv3 as it would destroy Linux.

  19. Anonymous Coward
    Anonymous Coward

    I think a lot of small projects are people who just want to code and aren't interested in understanding licences or legal issues; we want to be programmers not lawyers

  20. Anonymous Coward
    Anonymous Coward

    It should come as no surprise the GPL is being shunned. Kids these days aren't the wide-eyed idealists of the 60s and 70s. We've grown up in a world dominated by high-grossing tech companies that not only make fortune out of software, but provide value to everyone else by re-investing their work in the communities they came from. Why would someone who came of age in the time of massive tech companies changing the world use a license written by a pseudo-anarchist squatter whose sole intention seems to bugger you out of making any money from your work?

  21. SecularVoice

    Backwards Conclusions

    It's amazing that the collected data could be so wildly misconstrued to conclude that current generation of developers does not care about open source. The data shows PRECISELY THE OPPOSITE. Developers have been so plagued by GPL licenses that taunt you, with their supposed "open-source"ness, but then turn around and bite you in the ass the moment you try to use them for anything meaningful. The current generation has realized licensing models such as MIT and Apache style licenses are what open source really needs to be. Again, I'm utterly amazed someone could so wildly misinterpret that data. Amazed.

    1. Anonymous Coward
      Anonymous Coward

      Re: Backwards Conclusions

      OpenSource Software != Free Software. The fact you don't understand the difference is not the fault of the license.

  22. Richie 1

    Where you store your licen[cs]e

    > 28 per cent only announced their licenses in a README file, as opposed to recommended filenames

    > such as LICENSE or COPYING.

    R packages allow many standard licences to be described in the DESCRIPTION file. A separate LICENSE file is only included for non-standard licences.

This topic is closed for new posts.

Other stories you might like