License License License! Sometimes it feels like licensing is the only thing anyone ever talks about in FOSS. Despite its popularity as a topic of conversation, relatively few FOSS participants have a good understanding of what licenses are and even fewer know how to apply them correctly to a FOSS project. In just the few minutes needed to read this article you, too, can become one of the few, the proud, the license literate.
First things first: let's all get on the same page about what exactly a license is. Above all else, licenses are legal documents, and, like all legal documents, they should be written and maintained by legal professionals. Laypeople like you and I are unlikely to know the specialized language required to create a good and valid license. There's a very good reason why people receive years of training to do this sort of thing. It's complicated and if done wrong you (or the people who agree to the license terms) can end up in a lot of hot water. Like rewiring your house or removing your gall bladder, some things are best left to the professionals. License writing is one of those things.
It All Depends on Copyright
If licensing is the pin around which all FOSS pivots, copyright is the engine turning that pin. Almost everything that's the expression of a creative idea falls under copyright, including writing, music, graphic art, and software among many other things (usually called works). This means that just about everything you create is covered by copyright. You can check out this talk from All Things Open in 2020 to learn all about copyright, but basically copyright is exactly what it says on the tin: the right to control the copying, use, repurposing, or distribution of a copyrightable work.
Part of the magic of copyright is that as soon as a work is created, it's already protected by copyright. From that moment on, the owner of that copyright is the only one legally allowed to do anything with the work. This is called All Rights Reserved. If someone else repurposes the art, reprints the writing, uses the software, but they do not have permission from the copyright owner, then they are infringing on the copyright and can be subject to legal proceedings. Which is to say, use something without permission and you can get sued. It's messy and expensive, but it's also preventable: don't use a copyrighted work for which you don't have a license.
Licenses Make Permissions Explicit
Why is that license needed? A license is the document that explicitly sets out permissions, terms, and conditions for using that copyrighted work. The copyright holder says, in essence, "you may use my work but only in these ways, under these conditions, for this length of time," and various other terms that they think are appropriate. By providing this license, they're able to control how others use their work. Without a license, the work remains All Rights Reserved and cannot be used by anyone except the copyright holder until and unless they give permission.
This is precisely what a license does for FOSS: it allows the copyright holder (usually the creators of the software) to give blanket permission for anyone to use it under the terms of the license.
Some licenses, like MIT, are very permissive in their terms. The MIT License says that people are free to do anything they want with the software with the sole condition that they include the copyright and permissions (license) in all copies of that software. Other licenses, like GNU General Public License version 3 have more terms and conditions with which any users of the software must comply, including requiring that any copies or modifications to the software be provided to others under the same terms as those the one using, modifying, and distributing the software themselves had. This ensures reciprocity and that everyone will benefit from the software under the same terms forever.
As someone who creates software and wants to share it with the world, you'll need to make sure the software you release not only has a FOSS license but also that the license is applied to your project correctly before you release it. Adding the license ensures the software is no longer All Rights Reserved so people are allowed to use and repurpose it, and adding the license correctly ensures that people will always know under what terms and conditions they can use the software. Applying a license incorrectly can make it really hard for people to know where the software came from, who the copyright holder is, or even what they're allowed to do with the software. In some cases—such as if they want to use the project at work—they may even be prevented from using the software at all if the copyright and license isn't clear.
How to Apply a FOSS License to Your Project
So how do you apply a license correctly? It's pretty easy, actually! At the bare minimum, there are three steps:
- Choose a license: While more than one hundred FOSS licenses are available, it's unlikely you'll need anything beyond one of the most popular ones listed on the Open Source Initiative license page. If you don't find a license you like in that short list, you may need to consult a lawyer because you may have a more complex problem on your hands. If you're having trouble deciding between licenses on that short list, give the Choose a License tool a try.
- Add the license text to your project repository: This text should be in a file named
LICENSEat the root directory of the project (or named
COPYINGif you're using one of the GPL licenses). It's important that you not change a single word of the license beyond the copyright statement (if the license includes one). To make this easier, you can cut and paste the Text section for the license from the SPDX License List. SPDX is a license standardization project, so it maintains canonical texts of every FOSS license. You can't go wrong getting the license text from SPDX.
- Add a copyright and license statement to every source file in the project repository: Adding the license file to the repository isn't enough, because it's very easy for an individual source file to be used separately from the rest of the repo. In a case like this, there's no way to tell the copyright and license of that file, which can put someone at risk of legal troubles. Having the copyright and license statement in every file all but removes that risk. This statement should include at least two lines. The first should be a properly formatted declaration of who holds the copyright for the file, and the second should be the SPDX Identifier for the license you've chosen. These lines should be added to the top of each file, along with any of the other leading frontmatter you usually have there (this varies by programming language, project, and preference), and it should be commented out. For example, if I were to release a Python script under the MIT license, the copyright and license statement would look like this:
# Copyright (c) VM Brasseur # SPDX-License-Identifier: MIT
Some licenses, such as Apache version 2 or the GPL may have additional instructions for how to use the license. You can place that information after the
SPDX-License-Identifier line. The Mbed project provides an excellent example of how this looks for the Apache license:
/* Copyright (c) 2017 ARM Limited * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * @section DESCRIPTION * * Parser for the AT command syntax * */
And that's it! You've not only applied a license to your FOSS project, but you've done it correctly. This small effort makes the use and reuse of FOSS components much easier and helps to continue the spread and adoption of free and open source software.