Please Stop Inventing New Software Licences
Terence Eden critiques the Cyph app's proprietary license, which complicates community contributions and collaboration due to ambiguous terms. He urges developers to prioritize clarity in open-source licensing.
Read original article
Terence Eden's blog post critiques the proliferation of new software licenses, particularly focusing on the case of a cryptography app called Cyph. Despite being labeled as "Open Source," Cyph employs a proprietary license that complicates contributions from the community. Eden highlights the challenges posed by the Cyph Reference Source License (CYPH-RSL), which restricts users to "reference use" and limits their ability to distribute or modify the software. This creates barriers for potential contributors, as they must navigate unfamiliar legal language and may require legal approval from their employers. Eden expresses frustration with the ambiguity of the license terms, which hinder collaboration and community building. He ultimately decides against contributing to the project due to these complications, emphasizing that while innovation is valuable, it should not come at the cost of clarity and accessibility in licensing. The post serves as a call for developers to avoid creating new licenses that add confusion rather than facilitate open-source collaboration.
- New software licenses can create barriers to community contributions.
- Cyph's proprietary license complicates the process for potential contributors.
- Ambiguous license terms can hinder collaboration and understanding.
- Clarity in licensing is essential for fostering open-source communities.
- Developers are encouraged to use established licenses to avoid confusion.
Related
Playing the Open Source Game (2021)
Open-source projects like Zig and Redis face challenges with big tech influence. Rust project forms non-profit to tackle talent retention and corporate sway. Concerns raised about integrity compromise. Call for user-centric "software you can love."
So you want to compete with or replace open source
The article delves into open source software's evolution, business challenges, and emerging movements like "post-open" and "Fair Source." It questions their ability to balance commercial interests with open source collaboration.
Fair Source licensing is the worst thing to happen to open source-definitely ma
The article critiques Fair Source licensing for contradicting open source principles, introducing complexity for developers, and suggests a shift towards service-based models as software sales decline.
- Many commenters express frustration over companies mislabeling their software as "open source" when it does not comply with OSI-approved licenses.
- Non-standard licenses are seen as barriers to adoption, particularly for larger organizations that prefer familiar open-source licenses.
- There is a call for clearer, standardized licenses that allow community contributions while protecting companies' intellectual property.
- Some users advocate for the need to educate developers about proper licensing to avoid confusion and misrepresentation.
- Concerns are raised about the potential for companies to exploit the open-source label for commercial gain without genuine community engagement.
27 commentsClearly any business can license their software any way they like.
What caused the poster some confusion is that it was marketed as an "open source" product. Once he determined it was not an OSI approved license then that should be the end of it. It's not Open Source. period.
By all means call them out on that - lots of people and companies are not licensing experts, and need guidance. I've helped people with this in the past and encouraged them to change to actual Open Source licenses that are compatible with their goals, and the goals of their community.
If anything the real headline should be "stop calling your product open source when it doesn't have an open source license".
[To be clear - I produce commercial software under not-open-source licenses. I've got no objection to folk doing that. I even ship the source with the product, and accept contributions back. But I don't call it "open source" because it's not "Open Source". It's something, sure, but it's not Open Source.]
Most organizations understand common open source licenses and there's usually a blank statement that allows teams to use GPL/MIT/whatever-licensed software.
Anything outside that subset of licenses (even if they're permissive, open source or whatnot) requires a legal review and a lot of people won't go through the pain of that process just to use a library/service/app. It's easier to just choose something else.
AFAIK that's irrelevant per GitHub's TOS, which users agree to:
By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).
If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking).
AIUI you therefore always have the right to fork something on GitHub.
https://docs.github.com/en/site-policy/github-terms/github-t...
What businesses in particular want is a "Yes, you can read the code and yes you help if you want to, but you can't use the code to make your own product" source-available license (because they have devs to pay, and being able to keep doing that is the first thing they need to protect).
I think such licenses do sort of exist but they're fragmented.
The root of this particular argument seems to the definition of Open Source meaning unconstrained use of source code, instead of source-available.
Something standard and vetted enough that projects like these could adopt instead of having to write themselves.
~20 years ago I stumbled across the "Ё" license, that granted you all rights you can dream of with one condition, you must use the letter "ё" in its right place all the time. It is a Russian story, with some people loving "ё" and whining that outside of children books you can't find it, and other people trolling the first group by arguing that "ё" was a stupid addition from the very beginning, and even more stupid now.
Sadly I cannot google the text of the license now.
There’s just too many licenses, each with different (sometimes incompatible) requirements, so one advantage to being so opinionated is that you can add automatic checks to ensure you’re in compliance. For instance, if your library is MIT (only), you can’t use GPL dependencies. Most people probably don’t know this, so having tooling that helps enforce this ought to make things more compliant overall.
Only half jokingly, I wanted a couple months ago to change the license of a Javascript project I made to allow anyone to do anything with it, except train LLMs on it [1]. I couldn't find anything, so I cobbled together something which I'm sure is not in proper legalize. What were my options otherwise?
If there's an alternative license to the Cyph-RSL that meets our needs, I'd be happy to consider it, but I don't see any particular problem with the fact that we authored our own.
> What does "intended" mean here?
I don't understand what problem the author have. We have lots of law and case based on intention.
There are lots of projects that claim to be open source, and either are lying/don’t have free software licenses (CapRover, for example), or don’t work like an open source project is expected to (VS Code, Chromium), denying patches being integrated even if they fit project standards and provide benefit to users.
(BTW their filters work funny)
[1] https://web.archive.org/web/20200517031524/https://www.cyph....
We should support and reward the real companies that are actually open source, and who care about the community and transparency!
> We're a small startup with a significant amount of time and money invested into the development of Cyph. We recognize the need for anyone to be able to review the code and verify our production build against it from a security perspective, but at the same time it would be problematic if an unrelated third party could just stand up their own instance of Cyph and directly compete with us at this stage. We would be much more inclined to fully open source Cyph at a later stage of the business.
I disagree with the philosophy of forbidding any contributions just because they are not fully open-source for commercial purposes.
This seems like a very common scenario for software that is almost "open source" except for not allowing commercial deployments. I would be surprised if there is no existing licence to cover this use case, but it will not be fully open source of course. Which again doesn't mean that all contributions need to be forbidden.
I beg your pardon!?
Related
Playing the Open Source Game (2021)
Open-source projects like Zig and Redis face challenges with big tech influence. Rust project forms non-profit to tackle talent retention and corporate sway. Concerns raised about integrity compromise. Call for user-centric "software you can love."
So you want to compete with or replace open source
The article delves into open source software's evolution, business challenges, and emerging movements like "post-open" and "Fair Source." It questions their ability to balance commercial interests with open source collaboration.
Fair Source licensing is the worst thing to happen to open source-definitely ma
The article critiques Fair Source licensing for contradicting open source principles, introducing complexity for developers, and suggests a shift towards service-based models as software sales decline.