Open-Source Needs a Reckoning
I grew up learning Linux during the late 90s, getting into OSS through the usual proponents. I remember the BSD vs GPL wars, the continual back-and-forth on Slashdot about which license was “more free”, what the GPL’s virality meant for users. And every year was the Year of the Linux Desktop.
These licenses were products of a different time, purpose-built weapons refined to take down exactly one target: Microsoft — the 800lb gorilla in the software industry, on the warpath with their “Embrace, Extend, Extinguish” philosophy. So the FOSS licenses were pared down to stop one thing: someone sells you a disk and you install the contents, but do you know what’s in it?
It worked, in a certain sense, but that’s because the battle never actually had a winner. It just shifted to a new environment, one which neither side was really able to deal with. There was the Tivo-ization debacle that lead to GPL 3.0, but this was merely loophole closing rather than a re-evaluation of the license itself. Meanwhile the BSD license has shed clauses until it’s a oneliner, making it an easier pill to swallow for potential users.
If you’re picking an “open” software license, you have a myriad of choices, but they all basically boil down to the same thing: your code is out there, anyone can use it, they may or may not have to give back their changes. That’s it — essentially the only meaningful difference between any “free” license is this last point.
See, the core problem with all “free” software licenses is this: they are aimed at only protecting the Product, and not the People who make or use it. The goal is to produce the best software, not the best community.
Is that what is really important? Good code? That’s the extent of what we should care about, as developers and users?
Here are modern problems that FOSS licenses have no answer for:
- Cloud providers scooping up software and building zillion dollar industries without sending a dime back to the devs
- Ostensibly “open” hardware riddled with closed-source blobs and drivers, making the device completely useless despite its “open” components
- Software running on a remote server, where your web browser is merely a FOSS portal to some non-free megazservice, thus eliminating any of the transparency, security, or control that FOSS is supposed to provide
- Governments using FOSS software to build facial recognition technology to target dissidents, immigrants, or other people or groups
- Governments incorporating FOSS software into military technology, weapon systems, hacking of foreign entities, etc
- Individuals using free software to wire up a program that makes fake nude pictures of anyone from just a photo
- White supremacist groups using free software to run web servers that host hate speech and violence
- Problem (racist, sexist, etc) contributors to the project itself — developers yes, but also community outreach, documentation writers, testers, literally anyone involved with the project — driving away dozens of other contributors by their actions
- Eternally long copyright and trademark protections, e.g. allowing vultures to swoop in after your death and monetize your product
- No handoff plan for devs who lose interest, such that vital projects start shipping with adware and bitcoin miners
Many years ago I needed a license for a project that offered me more control, and I actually found one I liked (specifically, it was Creative Commons Non-Commercial). However, everyone I’ve talked to about this license tells me it’s “too complicated” to link with or include with their software. It’s not “GPL Compatible”, so, it’s not taken seriously.
What this tells me, instead, is that the GPL is now incapable of protecting my freedom as the software author. It didn’t evolve to keep up and it’s still fighting Microsoft in the 90s.
I don’t have answers for how to fix all these issues, but it’s clear to me that the traditional choices are falling way short. You can see it in action, because big projects are having to bolt on things to cover these gaps. Things like the Code of Conduct / Contributor Covenant, or individual developer licensing agreements, etc. These are all great initiatives! But they’re not given NEARLY the same gravity as Picking a License, so they’re neglected until it’s too late, and one of the issues above causes real damage to a community.
Yes, it’s important to have source available. But there also need to be sensible controls put back in the hands of the people who write, and use, the software. GPL and the rest aren’t cutting it.