LRX.wiki

License and Right eXchange Knowledge Base

MIT License

The most popular open source license

The MIT License is a permissive free software license originating at the Massachusetts Institute of Technology. It is one of the most widely used licenses in the open source community, known for its simplicity and minimal restrictions on reuse.

Key characteristics: permits commercial use, modification, distribution, and private use. The only condition is that the license and copyright notice must be included in all copies or substantial portions of the software.

SPDX: MIT

Compatible with: GPL-2.0, GPL-3.0, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, Unlicense.

Apache License 2.0

Permissive with patent protection

The Apache License 2.0 provides an explicit grant of patent rights from contributors to users. It allows unrestricted use, modification, and distribution, while requiring preservation of the copyright notice and disclaimer.

SPDX: Apache-2.0

Notable users: Android, Kubernetes, TensorFlow, Swift.

C

Copyright Basics

Copyright is a form of intellectual property protection granted to the authors of original works. It applies automatically upon creation of the work in a fixed, tangible form.

Duration: Life of the author plus 70 years (in most jurisdictions).

GPL License Family

Copyleft licenses by the FSF

The GNU General Public License (GPL) is a series of copyleft licenses authored by Richard Stallman for the Free Software Foundation. Copyleft requires that derivative works also be distributed under the same license terms.

GPL-2.0: Requires source code distribution for binaries. No patent clause. Used by Linux kernel.

GPL-3.0: Adds patent protection, anti-tivoization provisions, and compatibility with Apache-2.0. Used by GCC, GIMP, bash.

LGPL: A weaker copyleft that allows linking from proprietary software. Used by glibc, GTK, Qt (historically).

AGPL-3.0: Extends GPL-3.0 to network use -- if you modify AGPL software and let users interact with it over a network, you must release the source.

SPDX: GPL-2.0-only | GPL-3.0-only | LGPL-2.1 | AGPL-3.0

Creative Commons

Licenses for creative works

Creative Commons licenses provide a standardized way for creators to grant permission for others to use their creative work. The system uses a modular approach with four conditions:

BY (Attribution), SA (ShareAlike), NC (NonCommercial), ND (NoDerivatives).

Six main combinations: CC BY, CC BY-SA, CC BY-NC, CC BY-NC-SA, CC BY-ND, CC BY-NC-ND. Plus CC0 (public domain dedication).

SPDX Identifiers

SPDX (Software Package Data Exchange) provides a standard notation for expressing license information. Each license is assigned a unique short identifier.

Example: MIT, Apache-2.0, GPL-3.0-only

Fair Use

Fair use is a legal doctrine permitting limited use of copyrighted material without permission. Four factors are considered: purpose and character of use, nature of the copyrighted work, amount used, and effect on the market.

BSD Licenses

Simple permissive licenses from Berkeley

The BSD licenses are a family of permissive licenses originating from the University of California, Berkeley. Key variants:

BSD-2-Clause (Simplified): Requires copyright notice in source and binary redistributions.

BSD-3-Clause (New): Adds a non-endorsement clause preventing use of the author's name for promotion.

SPDX: BSD-2-Clause | BSD-3-Clause

License Compatibility

License compatibility determines whether code under different licenses can be combined in a single project. Permissive licenses are generally compatible with copyleft, but copyleft licenses may conflict with each other.

Public Domain

Public domain works are not restricted by copyright. Works can enter the public domain through expiration of copyright, failure to renew, or deliberate dedication (such as CC0 or Unlicense).

Software Bill of Materials

SBOM: Inventory of software components

An SBOM is a formal, machine-readable inventory of software components and dependencies, including their licenses. Formats include SPDX, CycloneDX, and SWID tags. Required by US Executive Order 14028 for government software procurement.

OSI Approval

The Open Source Initiative (OSI) reviews and approves licenses that meet the Open Source Definition. OSI-approved licenses guarantee the four freedoms: use, study, modify, and redistribute.

Copyleft vs. Permissive

Understanding the two philosophies

Permissive licenses (MIT, BSD, Apache) allow almost unrestricted use, including incorporation into proprietary software. The only common requirement is attribution.

Copyleft licenses (GPL, AGPL, MPL) require derivative works to be released under the same or compatible license terms. This ensures that improvements remain free and open.

Weak copyleft (LGPL, MPL-2.0, EPL) applies copyleft only to modifications of the licensed component itself, not to the larger work that links to it.

The choice between these philosophies often reflects organizational values: permissive for maximum adoption, copyleft for ensuring community benefit.

Patent Rights

Some open source licenses include explicit patent grants (Apache-2.0, GPL-3.0) while others are silent on patents (MIT, BSD). Patent clauses protect users from patent infringement claims by contributors.

License Scanning Tools

Automated compliance checking

Tools for automated license detection and compliance: FOSSA, Snyk, ScanCode, FOSSology, WhiteSource (Mend). These tools scan codebases, identify licenses in dependencies, and flag potential conflicts.

History of Free Software

The free software movement began in 1983 when Richard Stallman launched the GNU Project. Key milestones: 1985 (FSF founded), 1989 (GPL v1), 1991 (Linux kernel), 1998 (OSI founded, term "open source" coined).

Dual Licensing

Dual licensing offers software under two different licenses -- typically a copyleft license for open source use and a commercial license for proprietary use. Examples: MySQL (GPL + commercial), Qt (LGPL + commercial).

TM

Trademark in OSS

Trademark rights are separate from copyright and license terms. Open source licenses do not grant trademark rights. Projects often use trademark policies to control use of their names and logos (e.g., Firefox, Linux).