Getty Images

The future of open source licences is changing

The Open Source Insider blog on Computer Weekly recently asked industry experts for their views on the future of open source licensing

One of the pillars of software development is: never reinvent the wheel. Why invent a new algorithm or write a piece of code to achieve a particular objective, if something already exists? To adapt a well-known metaphor: new code should ideally be built on the shoulders of giants. Libraries filled with amazing functions, written by world-class software developers, can and should be the basis on which new projects and new pieces of software functionality are engineered.

These are among the concepts that have helped to make open source software development the most efficient way to create new code. As Computer Weekly has previously reported, some open source companies are finding that their business models, based on deriving a revenue stream from managed services, are being eroded by the public cloud providers offering rival hosting services. The result has been amendments to licensing clauses to prevent such services from being able to use the source code freely. Does this spell the end of open source?

“The modern software deployment landscape is worlds away from what was predicted when the first free software project was released over 40 years ago,” says Justin Reock, chief architect at OpenLogic. Since that time, he says, advances such as cloud-native applications have presented challenges to the altruistic obligations that complement free software. 

A definition of free

Before delving further into open source business models, it is worth exploring a few key concepts, such as what does free, open source software actually mean? Peter Zaitsev, CEO of open source database management and monitoring services company Percona, says: “The terms of free and open source software are not trademarked, like organic labels are for food products.

“There is a general understanding of what open source software is, along with a few published (and respected) definitions: The free software definition by Free Software Foundation, Open source software definition by Open Source Initiative (OSI) and Debian free software guidelines. Out of these, only OSI takes an active role in this – you can submit a licence to OSI for evaluation and receive an OSI badge of approval for your licence.”

But in recent years, the black-and-white nature of free and open source software definitions is being rewritten by some open source businesses. GitHub chief operating officer (COO) Erica Brescia says there is now an “increasing tension” between open source projects and those that are building services on top of open source, such as cloud suppliers with their database services. 

As with other industry experts Computer Weekly contacted, Brescia notes that licences applied to open source projects a decade ago did not consider the possibility of a cloud supplier delivering an as-a-service SaaS layer using the project without contributing back to it. This, she says, leaves some open companies in a difficult position. 

On the ethical side, free and open source software is not placing any restrictions on how software can be used, which can be for good as well as for evil, a concept that some activists find repugnant, says Zaitsev. The OSI frequently-asked-questions document states: “Giving everyone freedom means giving evil people freedom too,” but Zaitsev says: “It is the more nuanced cases that expose the cracks in the system.”

A question of licensing

According to Rhys Arkins, director of product at open source licence management and security solution company WhiteSource, there has been a shift in open source licensing away from the original GNU Public Licence (GPL) style, which was quite restrictive.

In effect, contributors are required, under GPL, to make their code available to the open source community. This is called “copyleft”, and some experts believe it has inhibited many enterprises from becoming major open source contributors.

He believes that as open source becomes more mainstream, there is a shift away from copyleft to a more permissive form of licensing.

Open source activism

In August 2018, Jamie Kyle, a maintainer of the open source Lerna Javascript tool, amended the licence terms for the tool to prevent any company that collaborated with the US’s Immigration and Customs Enforcement agency from using it. The change was fairly quickly reverted amid doubts about its efficacy and whether most authors of the project had agreed to it.

Despite the u-turn, open source licensing can be used by activist developers to put pressure on organisations they want to influence, says Luis Villa, co-founder of Tidelift. He writes:

“Free software, as advanced by Richard Stallman and the Free Software Foundation, has always been about ethics – a very specific set of ethics that held that source code access was the key to human freedom and used licensing to achieve that goal.

“But since those early days, the open source movement has become bigger and broader. In particular, it has gone from a niche interest of a handful of developers to a mandatory skill for everyone who participates in the software industry. This means that participants are now much more diverse, many with very different ethical perspectives than early participants.

“As software eats the world, much like Marc Andreessen predicted, it becomes inextricably linked with everything – including political headlines and moral challenges. One thing is certain: no matter where you fall on the political spectrum, there are now FOSS [free and open source software] developers who hold different views than your own.

“This combination has led us to the current moment – where many developers are participating in FOSS while questioning traditional FOSS beliefs – in particular, the historical belief that any use that complies with the terms of traditional licences, like MIT and GPL, is unquestionably ethical.”

Arkins says: “Open source has become an integral part of business, so the question isn’t whether an organisation will use open source, rather how to ensure that an open source component is accessible and easy to share. When we look at the types of open source licences that organisations choose, we see that most users choose permissive licences – the open source licences with the fewest strings attached.”

Research into open source licensing trends from WhiteSource in 2019 found that permissive open source licences are gaining popularity, while the use of copyleft licences, especially the GPL family, continues to decrease. “Permissive MIT and Apache 2.0 licences remain first and second on our list of top 10 popular open source licences of the year, each continuing to trend,” says Arkins. “According to our data, 67% of open source components have permissive licences, while only 33% of the 10 most popular open source licences are copyleft, compared to 59% in 2012.”

The old open source licence agreements were there to protect contributors from the big commercial software firms. But, as Arkins points out: “With companies like Microsoft and Google behind today’s most popular open source projects, the ‘us versus them’ mentality from open source’s early days is no longer relevant.” 

An open source business model

This raises the question of how open source businesses can actually make money. Nigel Kersten, field CTO at Puppet, says: “If you have authentic community engagement, an open source platform that is not deliberately impoverished with an environment that enables individuals to healthily interact as they build novel workflow solutions that benefit the collective group and nurture contributions that are more than just code, then it’s far more difficult for an external party to come in and negatively impact your business model.”

On the other hand, if an open source business just focuses on the code and uses licences as a defensive weapon, then its defences are weak, says Kersten. “The greater threat is the massive amount of people capital and brain power locked up inside large enterprises when it comes to open source,” he adds.

But Kersten acknowledges that large enterprises often create significant institutional barriers to make various forms of open source contribution challenging. “If you look at the 2018 Puppet state of devops report, you see that even at the highest levels of DevOps evolution, only 4% of respondents are sharing best practices and patterns outside their organisation,” he says.

“I see this over and over again as I work with enterprise customers. They waste significant time and resources reinventing the wheel in slightly different ways to accommodate existing teams, instead of accepting standardised solutions and focusing their energy on true differentiators. More importantly, the workflow and business processes that sit on top of all these new IT capabilities are being developed in isolation rather than collaboratively.”

Read more from the Open Source Insider blog on licensing

Kersten urges open source business to work with users inside large enterprises, work out how to minimise the barriers they face to external contribution and sharing, and get them engaged in wider open source communities. By collaborating with enterprises, he says: “The opportunities in front of us all will dwarf any of the supposed threats the cloud providers may pose to the future of open source.”

Looking beyond this enterprise opportunity, while the rise of SaaS and cloud suppliers that use open source without giving back obviously upsets people with the share-alike mindset, such actions do not really hurt the open source movement, says Rod Cope, CTO at Perforce Software. “Developers are still free to work on what they like, scratch their own itch, innovate, experiment, fail and try again,” he says.

“They can still use any tools they like, take as much time as they like and not worry about a business manager asking them to go in a direction contrary to the developer’s vision. Developers will continue to be creative, earn respect from their peers and know that they have made something good that is improving the lives of their users, even if those users are paying a third party for a service based on their work.” 

Read more on Open source software

Data Center
Data Management