Pain and Confusion with Open Source Licenses

Pain and Confusion with Open Source Licenses

Kyle Mitchell, an open source-savvy, lawyer/developer, just published an interesting blog titled Open Source License Business Perception Report.

He rates a list of popular licenses along two dimensions: Pain - how inconvenient they are to use; and Confusion - uncertainty in the meaning of their terms. He also includes some concise “Key Points” about each. And, conveniently, he provided a link to the text of each license in the SPDX License List. (Kyle is an active contributor to the SPDX Legal Team.) The framework provides an interesting way to think about licenses and as input to developing an open source use policy or selecting a license for a project.

A Visual View of Open Source Licenses

My modest contribution is putting Kyle’s ratings in a table. I’m not an expert — it would be interesting for others to weigh in — but I would tweak a few. For example, I would have said the GPL2 is more painful, and the LGPL2 is less well understood (more confused). Karen Copenhaver told me she thought it was one of the least understood licenses. But this is not to take away from Kyle’s effort. I’m sure he’d welcome good discussion spurred by his work.

Pain & Confusion Open Source License Chart Have your own ideas on where open source licenses should fit on this chart? Please share them in the comments. 

AGPL: Out of the Shadows

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


How an Open Source Software Audit Works

| Mar 20, 2017

Most of our readers understand that an open source software audit involves expert consultants analyzing a proprietary code base using Black Duck tools. The deliverable is a report that identifies open source in the code as well as associated risks. If you’d like to understand our process — what

| MORE >

Auditing Code Quality: A Broader Picture

| Mar 2, 2017

Black Duck is well-known for open source audits, but that is only a piece of the technology due diligence puzzle. Auditing code quality assesses other aspects of a company’s software assets and completely complements an open source audit. Both audit types dive into issues that impact the valuation

| MORE >