In the last months of 2018, open source licenses took center stage when Redis Labs and MongoDB made changes to the open source licenses of some of the most beloved open source databases around, causing quite a stir in the community and across the software industry.
A lot of the time, open source licenses are viewed by developers as the dreary compliance bits that legal advisors have to take care of while they are creating the innovative software products of tomorrow. However, developers tend to get quite passionate when it comes to their favorite database projects, not to mention the emotions that arise around talk about the future of cloud infrastructure. Combine that with the open source community’s uproar when they feel an open source product’s license has been compromised, and you’re in for quite a bout of fireworks.
While it still remains to be seen what the future holds with this new wave of open source licenses and clauses, as this year comes to a close, it is a good time to take a look at the trends of open source license usage in 2018 and compare them to previous years.
Our research team has collected the information from the WhiteSource database, which includes over 3M open source components and 70M files, covering over 200 programming languages, to learn which were the most popular open source licenses in 2018, compared to 2017 and 2016. Results show that use of permissive open source licenses continues to rise, while usage of copyleft licenses, and the GPL-family in particular, continues to decrease.
Use of permissive, or “Anything Goes” open source licenses is still on the rise, continuing the trend we saw in 2017. MIT and Apache 2.0 licenses once again take first and second place in our list of top 10 most popular open source licenses of the year.
Permissive open source licenses, lovingly referred to as “Anything Goes”, place minimal restrictions on how others can use open source components. This type of license allows varying degrees of freedom to use, modify, and redistribute open source code, permitting its use in proprietary derivative works, and requiring nearly nothing in return.
According to this year’s data, 64% of open source components have permissive licenses. That’s an 8% rise from last year’s 56%. Only 36% of the top 10 most popular open source licenses are copyleft, compared to 40% last year. The numbers show that developers and organizations continue to choose permissive licenses.
This can be explained by the continuous rise in open source usage. Open source has become mainstream, and the open source community is embraced and supported by the commercial software community. With companies like Microsoft and Google actively participating and contributing heavily to the open source community, the “Us” vs. “Them” mentality that ruled in the early days of open source is long gone. In the interest of this widespread cooperation, and encouraging open source usage, permissive licenses are winning.
Users, in turn, are choosing the components with the licenses that seem to have fewer strings attached. Open source components with permissive licenses seem to offer them all a solution, helping to ease the challenges of open source licensing compliance for legal departments.
The MIT license remains at the top of the popular open source licenses list, at 66%. This shouldn’t come as a surprise, as it’s been trending on GitHub since 2015. Ben Balter, attorney, open source developer, and Senior Manager of Product Management at GitHub, said then that developers choose the MIT license because “It’s short and to the point. It tells downstream users what they can’t do, it includes a copyright (authorship) notice, and it disclaims implied warranties (buyer beware). It’s clearly a license optimized for developers. You don’t need a law degree to understand it, and implementation is simple.”
Top 10 Open Source Licenses in 2018
According to GitHub’s choosealicense.com, The MIT license “lets people do anything they want with your code as long as they provide attribution back to you and don’t hold you liable.” Last year Facebook very publicly replaced the contentious React license with an MIT license.
Last year, the permissive Apache 2.0 license shook things up by making a leap to 2nd place on our top 10 open source licenses list, replacing the copyleft GPL 3.0 license. This year, the rise in Apache 2.0’s popularity continues, as it gains another one percent and comes in strong at second place with 22%.
According to GitHub’s choosealicense.com, The Apache 2.0 license’s main conditions require preservation of copyright and license notices, providing an express grant of patent rights, and allowing licensed works, modifications, and larger works to be distributed under different terms and without source code. Apache 2.0 is the license for quite a few popular open source projects, including Kubernetes, Swift, and PDF.js — to name a few.
GPLv3 and GPLv2 both took another hit this year. GPLv3 still came in at number three, but lost two percent, coming in with 16%, compared to 18% in 2017. GPLv2 also kept its fourth place, but lost 1%, going down from 11% last year to 10% in 2018.
Last year, 35% of all open source components were using one of the GNU GPL family’s licenses. This year GPL v3.0, GPL v2.0, and LGPL v2.1, which all came in at top 10, got a combined 32%, which marks another significant decrease in popularity for the GNU GPL family of licenses. We suspect this trend will continue in years to follow.
The GPL was a trailblazer at the start of the open source revolution and is a prime example of the copyleft or viral license. This means that when users incorporate a component licensed under one of the GPL licenses, they must release its source code, as well as the rights to modify and distribute the entire code. Not only that, but they are also required to release their source code under the same GPL license.
Back in the early days of open source adoption, the GPL license posed a real conundrum for businesses thinking about adopting open source or participating in the open source community. Many chose a dual licensing approach in an attempt to bridge the gap between the GPL license and their commercial needs.
While mountains of code have been open sourced since then, the numbers show that GNU GPL is avoided by many commercial entities that are taking a much more central place in the open source community year over year. With the wealth of open source licenses out there, it appears users are choosing the more permissive ones, that contain fewer requirements and restrictions.
While they didn’t make it to our 2018 list of top ten open source licenses, or even top 20, this past year has seen a rumble in the open source licensing world. Changes to licensing in leading open source projects like Mongo DB and Redis are reminders that as open source usage grows, organizations are in the process of figuring out how to both embrace the open source community and update their business models to stay ahead.
According to Tidelift’s Luis Villa, the future of licensing clauses like the commons clause, or Redis’s new open source license remain to be seen. But perhaps many years after attempting to curb the issue of open source license proliferation, the open source community will be required to address these new licensing initiatives.
As Michael DeHaan, the creator of the extremely popular Ansible points out, open source developers and open source users may require a new open source licensing solution to ensure that the community continues to evolve.
One thing is certain from both the open source licensing headlines that we saw this past year, and from our research: both developers and commercial organizations continue to adopt the open source components that enable them to create products that can thrive in the open source ecosystem. The community is doing its best to make sure open source is easy to adopt and comply by. It’s up to organizations to keep up their end of the bargain and make sure that they know which open source licenses they are using and that they are keeping up with their requirements.