Also Pedro Paulo explained what the content of the talk was:
> Mostly standard talk. Importance of free software, GPL v3, GNU vs Linux. However, he had a list of "small requests": make Github push users to better software license hygiene, make hardware manufacturers to publish their hardware specs, make it easier to workaround Secure Boot.
I'm not sure exactly what he meant by software license hygiene, but if it's what I imagine, it's a significant problem. Often people don't quite understand the licenses they choose and they get into trouble as a result. For example, there is a free software game that I follow which is licensed under the GPL. The author made a passing statement that the game is under the GPL, but none of text of the game is (it's an RPG, so there is a significant story). When I looked, they had mistakenly added the GPL to all the files that contained the story! They thought that since it wasn't source code, it couldn't be covered by the GPL.
It's clearly a well intentioned mistake, but it's the kind of thing that can bite you later because someone will accept the license and use it for something you never intended. At that point it's a really big headache.
It gets even more complicated when people try to mix licenses that are incompatible -- it works fine until somebody challenges it. At that point it's an absolute pain. The last thing you want on your project is to have someone say they are going to sue you because you don't have permission to use their code. It's really, really important for people to follow the licenses correctly and GitHub is in a wonderful place to help with that. It's a win for everybody. I would say even if people realise that they can't use GPL for some project because it is incompatible with the license for other code they are using, it's better than going for years and having a problem!
It’s also people thinking an open license is a free-for-all. I put out some simple scripts some time ago to move data across a couple of sites, under MIT - super liberal license, “just keep the credits” and you can do anything you want. Simple, right? After a few years I checked the forks and the first (and often only) thing they were doing was to strip attribution everywhere. I mean, it’s github, you forked right from my repo, everyone can see it. And why would you do that anyway, if you’re after publicity just add your name on top! I opened issues and most of them halfheartedly apologized and put back my notices, others ignored me, others pulled down the repo altogether. I bet they’ve all re-stripped it back, by now.
It would be cool if the license metadata currently existing on GH could be extended to carry names, in a way that makes it impossible to strip attribution (depending on the license, of course).
> It’s also people thinking an open license is a free-for-all. I put out some simple scripts some time ago to move data across a couple of sites, under MIT - super liberal license, “just keep the credits” and you can do anything you want. Simple, right?
This seems like a reasonable enough place to ask: if you have a project under MIT, and I pull a function out of one file to use in my project, where exactly do I owe credit? In a comment above the specific function? At the top of the file? In the main license file for the project (even if the whole project is under e.g. GPL)? Some combination of the above?
IMHO the safest option is to drop it in the about screen or somewhere in the documentation, like Microsoft does, "This software includes portions of XYZ...". It doesn't really matter which line is what, imho, at the end of the day an actual trial would run some automated comparison analysis and pull out the relevant bits anyway. It's mostly about the spirit.
Does anyone here on HN know of lawyer companies that would follow up on license violation requests in bulk?
E.G. there are services like small claims court in the UK that _mostly_ automate the billing on unpaid invoices, is there something like that for licensing?
DMCA takedowns are a remarkably heavy-handed way to deal with software licensing, which is often something that can often be resolved with some good-faith discussion.
Aren't most concerns with companies who exploit open source software without contributing their changes back?
If we have source code and can determine it is derivative of open source but improperly licensed, does it matter? At that point we have the code and we know it's derivative and thus can infer the license. It's not like the publisher could come back at us for taking it back.
I don't see the value in such a tool other than to abuse people who shared incorrectly. And if I ever shared code incorrectly and got slapped on the wrist for it, that might just be incentive for me to never bother to share again.
> Aren't most concerns with companies who exploit open source software without contributing their changes back?
Companies get away with this because developers don't understand licensing in the first place. Pushing a false message that "once it's out, anything goes" is detrimental to that state of things.
> If we have source code and can determine it is derivative of open source but improperly licensed, does it matter?
Of course it does, a license is a license, you cannot selectively apply only some of it. And yes, if the license is not followed, the original author can revoke consent to redistribution and usage. Have you actually read an open license? The GPL is very explicit on this matter.
> if I ever shared code incorrectly and got slapped on the wrist for it, that might just be incentive for me to never bother to share again.
That's not a problem. Opensource doesn't run on generosity, but on publicity - a currency that can be converted into actual cash. If you don't share your "left pad", sooner or later someone else will share his own version and reap the rewards. The time when we had to beg companies and individuals to share, is long gone.
> Companies get away with this because developers don't understand licensing in the first place. Pushing a false message that "once it's out, anything goes" is detrimental to that state of things.
So, for example, when a Router manufacturer consumes GPL code and doesn't contribute their changes back it's a failure of the developer who GPL'd the code they used? Why is the person sharing responsible for policing and enforcing? That burden encourages developers to either not share, or to share without restrictions.
> Of course it does, a license is a license, you cannot selectively apply only some of it.
Yes you can selectively enforce your own license. But enforcement isn't the point. Developers don't necessarily want the burden of enforcement that you're mandating they must do as part of sharing.
My point was that, if you can determine someone's code is derivative of GPL'd or MIT'd code but with a license stripped, you can still use it. If the person who stripped the license tries to come down on you, you're still protected by the original license that they stripped away.
> That's not a problem. Opensource doesn't run on generosity, but on publicity - a currency that can be converted into actual cash.
I would argue that your perspective is the problem. Open source is or isn't just about money. People who share aren't necessarily trying to do it for currency, social or monetary.
While I freely admit my contributions are limited, I have never sought any currency with them. My contributions fall into two categories, the first was to make a consistent problem I had with some code I consumed go away and the second was to share tools or utilities I made to solve my own problems because I thought someone else might like them.
Your opinion of open source puts unnecessary burdens on people who just want to share and results in much of the drama we see. Look no further than uBlock or WiringPi for examples of developers trying to move away from the burdens you're imposing.
Some people just want to share something they did without burden but you're basically saying "no, sharing comes with obligations like license enforcement, currency, or user support that you're required to invest in"
Yes that is a common problem. I could see GitHub creating tools to help you select a license and inform you how to use it properly, as well as having systems that show you how the license affects your project.
It's not under the github.com domain, but they did create it. IIRC they link to it somewhere when you go to create a new repo, along with a drop down to select what license you want (Assuming you're not just pushing an already created repo).
I don't think Microsoft/GitHub would have any issue with doing a wizard-y license picker/builder (well, boiler plate existing licenses with fill in the blank for attribution, project name, and the like). They did add that little table at the top of LICENSE pages that checks off what rights and responsibilities the consumer has under the license so it seems they're fans of making the various licenses understandable.
I think it is a good request though. I'm fond of MIT, but with the right wizard, I may also find that GPL or something else may be a better fit for what I'm working on.
Data definitely belong in the repository, not only because you want to version your assets too, but also because chances are your code at time T is also meant to work with your data at the same time T - so you don't even attempt to do stuff like trying to figure out when some bug was introduced with current data (that could cause or hide the bug or your older code not even working with the current data).
You could try to put your data in some other repository, but since you are versioning that data anyway, that introduces additional pointless complexity and besides the code is useless without the data to work with - so just stick them together and be done with it. If your VCS cannot handle that, instead of having it dictate your workflow towards an inferior solution, change your VCS.
At least as far as games are concerned, data and code are interwoven and any other approach is guaranteed to either fail or produce unnecessary and easily avoidable complications.
I certainly wouldn't fault them for putting the story under source control/versioning or even the location they did it, but there'd be benefit in separating them into two different projects/solutions as you could essentially have a separate "engine" project that could be reused for future games and then different projects with assets/story/etc for any game that comes down the pipe.
Now, if the intent is a one off and they have no intention of drinking from the same well so to speak, go nuts.
If you need it version controlled there are two options. Use somthing that does versioning in the database (like django-reversion f.ex.) or separate the story into it's own repo and use it as a sub-module. There are other ways, these are just the two that jump immediately to mind.
Meh, it's not really black and white - kinda like saying translation files shouldn't be in the repo.
I've put them there a bunch of times, they were (at least initially) edited by the same people as the rest of the code and they were required for the app to compile.
You are being downvoted because you're preaching a terrible game programming mistake as the only reasonable approach.
I didn't downvote you, but I wrote enough games to hope no young programmer takes your advice.
Games, as iteratively developed creative products, always interweave engine with content. Trying to write a generic engine in parallel to your game is a surefire way to never release a game.
Even if you set out in advance to write an engine, you should do like most market leading engines and develope a game first, then extract the engine out from it (Quake, Half Life, Unreal, Far Cry... the only counterexample I can think of is Unity, wait no wiki says "Over the Edge released its first game, GooBall, in 2005.[4] The game failed commercially, but the three founders saw value in the game development tools that they had created to simplify game development, and so they shifted the company's focus to create an engine for other developers.")
Thank you for making the point. I find it utterly silly that something that is taken from granted as Best Principles (tm) in other fields is considered harmful in game programming. I've programmed a few small games, never with features grand enough to have any sort of assets management but I would think that the scope of any AAA game would be such that assets and code were kept separate. Watched the Blizzcon video from the WoW classic team and they talked about the 3 pillars of their product being Code, Data and Assets. It's an interesting story. I recommend watching it.
Wikipedia page for the company behind Unity. In general, when someone quotes something exactly and I want the source I google the quote, google is quite good at finding exact quotes :-)
I get that this comment is downvoted. I honestly didn't understand the other one. I don't care about the points. I don't even know how they are used except for killing comments. I've also read discussions on voting on the site that I adhere to. If I downvote, I also leave a reason why in an answer to give the poster context (except if it's an obvious troll which I hardly think I qualify for).
Someone posted what they think is a reasonable answer to what I proposed and I didn't agree. I could expand on the discussion and haven't changed my mind. I thought we all came here to do that.
I fully sympathize and agree that downvotes shouldn't be used (here or any other site, generally) to signal disagreement. But they are, and I (mostly) agree with the guidelines about it not being fruitful to ask about it when it happens.
I'd willingly dock myself points if I just got feedback to the why. This isn't Instagram or Twitter. This site is supposed to be about exploring viewpoints different from yours coming from wicked smart people.
He didn't comment on it, he asked a question, to which he received an interesting and constructive answer. Your comment on the other hand didn't do any good, and it made boring reading.
He asked a question in the form of a comment – I'm pretty sure that's what 'comment' is referring to in the guidelines; not the content of the comment itself.
And you seem to be wrong about by comment about the guidelines. The other user was informed or reminded about the guidelines and we even had a nice little 'comment chat' about them.
Any kind of online forum inevitably requires participants to remind each other of the rules as it's the principal means of enforcing them.
I believe he's referring to the fact that many if not most projects hosted on github have no license conditions at all. No license means no one except the original author can use the software, and anyone who even looks at the code runs the risk of being sued for copyright infringement.
RMS is not saying "make everything GPL" (or at least, not in this context). He's just saying if you're going to publish source code, please make clear the condition under which it can be read or used.
Technically, all GitHub repos have at least one license. That is the GitHub license:
> If you set your pages and repositories to be viewed publicly, you grant each User of GitHub a nonexclusive, worldwide license to use, display, and perform Your Content through the GitHub Service and to reproduce Your Content solely on GitHub as permitted through GitHub's functionality (for example, through forking).
> You grant us and our legal successors the right to store, parse, and display Your Content, and make incidental copies as necessary to render the Website and provide the Service.
What's so objectionable about that. Honestly one of the more annoying to find problems with GitHub (and npm) is MIT licensed software with GPL dependencies, and even if you want to have closed source software on GitHub, having a "this software is closed source" UI element is still better license hygiene without forcing everything open source.
I think honestly this is something other providers (Google code when it was around, gitlab now) are much better at.
Once you statically like that MIT licensed code to GPL licensed code, you have a GPL licences executable. If the source is provided, I think you're in compliance with the GPL. IANAL and that is a very interesting situation.
That type of thing is why I think people need to choose one of: GPL, LGPL, MIT, BSD (isn't that essentially MIT?). I dont see the point in other "open source" licenses, they primarily create compatibility issues.
According to Stallman, MIT is compatible with GPL but the reverse isn't true. You can freely use MIT code (including linking) in a GPL project so long as the source is available.
In Rust most code is dual licensed as MIT or Apache 2. You can pick which one to use although IIRC Apache 2 is considered the "primary license" because it provides protections from patent trolls and an explicit contribution licensing clause. However Apache 2 isn't compatible with GPL.
> According to Stallman, MIT is compatible with GPL but the reverse isn't true
What are you talking about? Let say we have code A licensed as MIT and code B licensed GPL.
You can combine A with B and distribute it. You can combine B with A and distribute it. AB or BA is both a legal combination that a distributor can do. In both cases the distributor need to follow the condition of both MIT and GPL. You can not distribute AB and only follow GPL, or combine BA and only follow MIT.
There is two ways to look at copyright licenses. The slightly incorrect but slightly easier way is to see them as a contract. In order to distribute you need to follow the conditions. If you have two contracts then you have two sets of conditions. Three contracts and three sets of conditions.
The second way, which lawyers prefer as the more "true" perspective, is to see a copyright license as a list of permissions. Copyright law dictate that as a distributor you have no rights, so the license is the specific conditions in order to gain permission. It is like a airplane ticket where in order to travel you got to follow the rules and conditions or the airline. Countries can also have conditions and rules like visas, passports and enter/exiting laws. Thus in order to have permission to travel between countries you need to follow both sets of rules and conditions.
Incompatibility occur when the rules and conditions of two or more licenses demand something impossible, like the case where one condition require an action and the other forbid said action. Both conditions can not be met at the same time and thus the licenses are incompatible.
Okay, so we have A licensed as MIT and B licensed as GPL, your example. Let's specify that B is licensed under GPL3 so it's clear:
Under MIT, Microsoft can take code from A and put it into the source code of Visual Studio, provided that they keep the copyright and license with the code they've copied. Visual Studio can then be licensed however they want.
Let's say that project A takes code from project B. Now because they have GPLed code, A has to be distributed with terms at least as open as the GPL3's terms, due to copyleft.[1]
This might not matter to the maintainers of project A, but it certainly matters to Microsoft, because now if they use code from project A, they also have to distribute it with terms at least as open as the GPL3's terms. So if they use code from project A in Visual Studio, they've effectively licensed Visual Studio under the GPL3.
The GPL3 is "infectious" in this way--once you use GPL3 code in your project, your project is effectively licensed under the GPL3.
> Under MIT, Microsoft can take code from A and put it into the source code of Visual Studio
In that case we have three licenses. We have the MIT licenses, the GPL license, and the license of Visual Studio owned by microsoft.
If the MIT licensed project have a relation with Microsoft which they value higher than the code from the GPL project then the GPL code will be incompatible with the goals of the MIT project.
The incompatibility depend on the relationship and can only be answered based on defining said relationship.
It's been a while since I read the GPL3, so I just read it again.
I'm no lawyer, but if I'm understanding correctly, yes, it does have to be licensed under the GPL3, but it doesn't have to be licensed only under the GPL3. With a license like MIT, the could apply a second license which would, for example, amend the MIT license to require you to pay for the software.
However, the "No Further Restrictions" paragraph in the GPL I think puts a much stronger set of requirements:
> You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it.
This is why I think Stallman often uses the language "licensed with terms at least as open as the GPL" instead of saying "licensed under the GPL"--yes, it has to be licensed under the GPL3 but that doesn't quite capture the whole story. Someone can apply another license (i.e. Apache 2, to explicitly grant patents) so their licensing might not be just the GPL3, but further licenses can only expand freedoms, not restrict them.
I would encourage anyone who is interested in this sort of thing to read the license for themselves. Don't get intimidated and assume it's all in legalese: while I'm hesitant to think I understand it since the law is not my area of expertise, the GPL is written in what seems like fairly straightforward English.
I mean you can very easily add MIT code in a GPL licensed project because MIT is more permissive. However adding GPL code to an MIT licensed project means you now have to comply with GPL's more restrictive "list of permissions" when you weren't before.
If we imagine a project with only MIT code that want to add GPL licensed code, the only significant additional legal action needed to be compatible is that you now need to give a patent grant that covers the combined work, and in the case of GPLv3 not distribute the combined work in hardware devices that use access control to prevent the installation of modified versions by the owner.
If neither aspects is an issue then the additional work needed to add GPL code to an MIT licensed project is practically zero.
There are however naturally implication for downstream which in combination of additionally third licenses (such as proprietary licenses) can cause real issues, and the relationship between such downstream and the MIT project could as a result lead to reasons why the MIT project feel like they can not include GPL into their code. There might even be contractional reasons involved which mean not only do you now have three different copyright licenses to follow but you also have contract law involved in order to follow the law and have a legal right to distribute the combined work. I can see how the permissive licenses in those kind of situation feel simpler since they do not interact much with the other legal stake holders.
If a project with only MIT code adds GPL licensed code, then they can't distribute the "merged" new set of code under the MIT license.
Previously, someone could use your MIT code in a closed source product and distribute the resulting executables to their customers without including the source. In the future, that someone would have to start following the GPL rules or stop using your not-MIT-anymore project.
Sure, but that doesn't mean the two are incompatible! It just means that you also now have to comply with the terms of the GPL if you use GPL-licensed code in that project: something that the MIT license is flexible enough to allow.
I guess my post wasn't clear that I was referring to two issues - I assumed the original poster took RMS's comment as "ban closed source from GitHub", and was pointing out that being clear on licensing is not the same thing as being open source only, and that an actual issue this causes for open source software is not-actually-MIT software.
GPL code is essentially "don't-touch-with-a-39-and-a-half-foot-pole source" to most people who want any control over their project or are developing in a professional setting.
I think it's mostly unfounded, but companies do avoid this for reasons other than wanting to directly control their users. I worked for a company where everything was Apache 2, BSD 3-clause, MIT, or similarly licensed. Since we distributed source regardless, this means less control over the users, even though it means they have the freedom to not pass it on to their own users. Our lawyers absolutely lost their shit at the suggestion that we include the GPL. Because a bunch of our customers absolutely lost their shit at the slightest hint of GPL, because they don't want to be sued for unintended virality.
Hear that, folks? In a world that's increasingly focused on sustainability and funding for software development, programmers with business aspirations should take note:
If you're working on something that you hope to (eventually?) make money from, but you also want to benefit from the collegial atmosphere of open source, then choose the GPL. This simple decision instantly eliminates a whole subset of would-be competitors, who you now don't have to worry about undermining your business or otherwise threatening your source of income while they rely on being able to use your own work against you, since the GPL automatically places your work in their do-not-touch category.
The GPL grants significantly more freedom to users. Users of MIT-licensed software don't necessarily even have the freedom to see the source code! All they're guaranteed is the ability to see a credit.
Developers are also users of a piece of software. GPL 3 restricts developers in insane ways where they are forced to contribute back any changes and even worse then that it basically infects all code that it touches. It's almost impossible for a commercial product to use GPL 3 licensed software at all. This is basically tyranny.
> Developers are also users of a piece of software.
This is true, and yet your conversation partner still has the winning answer. The point is that, notwithstanding these restrictions on developers—some of whom have the desire to be able to take without reciprocation—the freedom guaranteed by the GPL to users more than makes up for it. We're essentially talking about local versus global maxima here.
> It's almost impossible for a commercial product to use GPL 3 licensed software at all.
On the contrary—GPL is very beneficial, for the reasons I just laid out in another comment[1]. GPL-licensed code is not ipso facto any harder to commercialize than if you were to make the end result available under MIT. It's arguably even easier, since your competitors will have a more difficult time competing with you than if you'd chosen MIT. As Eben Moglen once put it, if you're trying to decide on a license, then by all means you should go with a permissive one—if you're what you're looking for is "a really good license for your competitor to use"[2].
You need only look to history then compare and contrast it with the industry's current preoccupation with funding the development of free and open source software. Red Hat/Cygnus were largely built on top of GPL code. Meanwhile, today's developers entrenched in the GitHub culture, with its permissive-first obsession with licenses like the MIT, have been bamboozled into working against their own interests by giving away their strongest bargaining chip when they decide to go with the flow instead of choosing the GPL.
Software, in general, has a lot more people using it than writing it. Successful software, anyway.
And super permissive licenses like MIT hurt developers too, because it means I oftentimes can't see the source code that someone else has modified, even though it would help me a lot to be able to do so. With GPL-licensed software, I am always guaranteed this freedom.
Those modifications would probably never have been made if the license was GPL because they would have just rewritten their own entire thing from scratch or licensed something else.
Forcing your users to have to GPL any of their code based on your code is controlling them more than releasing under a more sane permissive license. It's ironic that GPL is the true restriction of freedom for all the virtues it touts.
Also Pedro Paulo explained what the content of the talk was:
> Mostly standard talk. Importance of free software, GPL v3, GNU vs Linux. However, he had a list of "small requests": make Github push users to better software license hygiene, make hardware manufacturers to publish their hardware specs, make it easier to workaround Secure Boot.
https://twitter.com/pedrovc/status/1169616695935172608