We're all using open source components, but do we understand what makes open source code open source? It's the open source license! But did you know around 80% of the code published on GitHub doesn't have a license? Do you know what that means? That the code isn't actually open source!
So, without further ado, let's dive into the wonderful world of open source licenses and find out what they are, why they're important and what the open source community is doing to promote their use.
Think of an open source license as a contract between the author and user of a component. The ‘contract’ basically says that as long as you follow its term and conditions, you can change, distribute and share the component as you want.
So, what does this mean for the 80% code published on GitHub? Are they really open source? The short answer is ‘no’.
At the end of the day, public code without an open source license isn’t open source.
Without an open source license which tells you the terms and conditions of using a component, the component is still under copyright. And when we consider how many unlicensed components there on GitHub, you understand the risk of your developers using unlicensed components.
As we can see, tons of developers are sharing and using unlicensed components, and this is a real problem for companies such as yours.
Therefore, you and your team need to make sure the components you're downloading from GitHub and other online repositories like RubyGems and Maven Central are indeed open source. But without automated tools in place controlling which components your developers are using, which most of us don’t have, can you really be sure of this?
Ok, we know there’s a whole load of unlicensed components out there, meaning there’s a high risk of your developers using them. So, why can’t we just all forget about open source licenses, and use any component we want?
It’s because open source licenses are good for us. They bring order to the open source bazaar. And without them, major open source contributors, such as commercial companies, wouldn’t have the confidence to share their code, as they would have no control over how it's used.
So, now we know the importance of open source licenses, what is the open source community doing to promote their use?
GitHub and other companies related to the open source community also understand the importance of open source licenses and the problematic situation of having so much unlicensed public code pretending to be open source.
That's why many companies are trying to promote their understanding and use by releasing some great tools and resources. To name a few, there’s GitHub’s choosealicense.com (which does what it says on the tin), tldrlegal.com (which explains open source license in plain English), ifosslawbook.org (which gives country-specific open source legal analysis) and creativecommons.org (which helps people to legally share their knowledge and creations). However, your company also has a role to play in promoting open source licenses.
At the end of the day, if your company is using or contributing to open source, then it’s part of the community. Therefore, it’s your role to ensure your developers know about the pitfalls of public unlicensed code and make sure they’re only using and contributing code which has a license. Because if they’re not, you’re risking the bazaar turning into a jungle.
So now you know the importance of open source licenses, your developers can now look for authentic open source components. Meaning you can share your code, and benefit from the open source community, worry-free.
Do you have a favorite open source license? Which open source licenses does your enterprise permit? We’d love to find out!