Pain and Confusion with Open Source Licenses

Pain and Confusion with Open Source Licenses

Kyle Mitchell, an open source-savvy, lawyer/developer, just published an interesting blog titled Open Source License Business Perception Report.

He rates a list of popular licenses along two dimensions: Pain - how inconvenient they are to use; and Confusion - uncertainty in the meaning of their terms. He also includes some concise “Key Points” about each. And, conveniently, he provided a link to the text of each license in the SPDX License List. (Kyle is an active contributor to the SPDX Legal Team.) The framework provides an interesting way to think about licenses and as input to developing an open source use policy or selecting a license for a project.

A Visual View of Open Source Licenses

My modest contribution is putting Kyle’s ratings in a table. I’m not an expert — it would be interesting for others to weigh in — but I would tweak a few. For example, I would have said the GPL2 is more painful, and the LGPL2 is less well understood (more confused). Karen Copenhaver told me she thought it was one of the least understood licenses. But this is not to take away from Kyle’s effort. I’m sure he’d welcome good discussion spurred by his work.

Pain & Confusion Open Source License Chart Have your own ideas on where open source licenses should fit on this chart? Please share them in the comments. 

AGPL: Out of the Shadows

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


No Nukes Licensing, the Real Question

| May 23, 2017

  A number of licenses have clauses stating that the software is not for use in a nuclear facility. The implications have never been completely clear to me. This has been a recent topic of interesting discussion and debate on the Apache legal list. Black Duck tracks about 2700 licenses in our

| MORE >

New Research Reveals Wisdom of Due Diligence

| Apr 25, 2017

Last week Black Duck released the 2017 Open Source Security and Risk Analysis. This is a great piece of research that should be of interest to anyone involved in tech M&A. The theoretical risks associated with open source are clear: most companies use a lot of open source but don’t sufficiently

| MORE >