Why the restrictive license?



  • Why the restrictive GPLv3 license? This is very unusual for the Node ecosystem, which strongly prefers the perfect MIT license.

    For pacifist philosophical reasons, I would never use anything that came with legal threats backed by force. This position is increasingly common, especially for Node developers. The anti-market ideology that was behind the GPL fad has only hurt the Free Software movement, and thankfully it is now in decline.

    Just one example, quoting a top node module dev:

    I have zero dependencies on GPL modules for that reason and won't use any npm modules that are under the GPL licence. If you like collaboration or want people to use your code you should licence it as MIT, because it's virtually the community standard. (Meteor released with GPL a while back and was hitting back by the community and changed to MIT)

    Furthermore, as FreeBSD.org puts it (the modern BSD license being nearly identical to MIT):

    Since the BSD license does not come with the legal complexity of the GPL or LGPL licenses, it allows developers and companies to spend their time creating and promoting good code rather than worrying if that code violates licensing.

    You can Google for "copyleft harmful", "GPL sucks", "GPL hurts free software", etc to find a lot more arguments from people of many different philosophical backgrounds. You are alienating a significant and growing fraction of your potential users and contributors, many of whom have switched to NodeJS exclusively due to licensing!

    No disrespect intended. I hope you won't respond with hostility... It's just such a shame to see a great piece of software not live up to its potential. Obviously the NodeBB devs can do whatever they want, but I (and I'm sure many others) will not use (and thus perhaps seek to rewrite) NodeBB because of this issue. 😢

    See the copyfree.org whitelist for a large selection of licenses that are genuine Free Software.


  • GNU/Linux

    First of all IANAL.
    I have to respond to a few sentences as objective as I can. I'm not an expert on this manner, but some sentences might get one on wrong ideas.

    This is very unusual for the Node ecosystem, which strongly prefers the perfect MIT license.

    It is definitely not the complete Node ecosystem that prefers any license, it's at most the node community. The Node ecosystem by definition contains node.js, npm, community, etc. and they might use MIT but node.js and npm treat all licenses the same.

    For pacifist philosophical reasons, I would never use anything that came with legal threats backed by force.

    So you wouldn't use MIT either? It does contain "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software". So you'd have to give all your work to public domain in order to fulfill this philosophy - you in person seem to at least advertise this within your linked conversation. I think for this discussion MIT vs GPL it's just a matter what violates it and not whether it's possible to violate it.

    This position is increasingly common, especially for Node developers.

    Sorry, but your link just shows an NPM package. In it's README it shows examples of usage and yes, there are many MIT licensed projects shown. This only proves that MIT is a common license, it does not show anything meaningful about the position of their authors. It might as well be that their authors didn't spent much time with a decision. They may also respect GPL but don't use it for that particular project due to any kind of reason. Licensing one project MIT does not mean you license all of your projects MIT.

    If you like collaboration or want people to use your code you should licence it as MIT, because it's virtually the community standard.

    If you understand GPL, you may as well use GPL code and for sure depend on it. Just because it's "standard" doesn't mean it's the only option. And I wouldn't call MIT a standard just as I wouldn't call any license a "standard license". Licensing is always up to the copyright owner, thus I wouldn't try to influence him by any buzzword like "standard".

    Furthermore, as FreeBSD.org puts it (the modern BSD license being nearly identical to MIT)

    So there are more people using MIT, this does not have any relevancy to anyone else's license choose. Plain popularity does not change license content.

    Since the BSD license does not come with the legal complexity of the GPL or LGPL licenses, it allows developers and companies to spend their time creating and promoting good code rather than worrying if that code violates licensing.

    I think this is a good point for libraries, since GPL is not clear about whether dynamically depending on a GPL-licensed library is a violation if your project is not GPL compatible. For standalone or huge projects (like NodeBB) it's not likely anybody will depend on it. So it would only affect modifying its code. If you'd like to publish the result open source you can just stick with GPL and be fine. You however could not use the modifications unpublished (GPL compatible) in private AFAIK. So this only harms people not willing to open source their code, which clearly does not harm the open source community. Additionally I don't think that the "legal complexity" should have any influence on the process of license selection.

    You can Google for "copyleft harmful", "GPL sucks", "GPL hurts free software", etc to find a lot more arguments from people of many different philosophical backgrounds.

    You can always use the search engine of your choice to search anything and in most cases you will find results matching the search phrase. For example try searching for "GPLv3 is great" and you'll find matching results. In fact for me I got 651,000 results for "GPLv3 is great" and just 107,000 for "GPLv3 is bad" on google. Since google uses a filter bubble, even this doesn't mean anything. I just don't see any relevancy within the sentence quoted above. Why don't you just post specific arguments of situational importance?

    TL;DR:
    Some of your statements don't matter to the license selection of NodeBB. GPL has appropriate use cases and in my opinion software like NodeBB is one of them.

    Please correct me if I'm wrong with anything.
    No offence, but I (probably) won't take any more part of this conversation since I'm not an expert and I don't like taking part on licensing discussions ;-) I however am pretty interested in other opinions...


  • Community Rep

    To be fair, you could always just ask them for a less-restrictive exclusive license. I think it even says that on their readme.



  • @frissdiegurke said in Why the restrictive license?:

    I have to respond to a few sentences as objective as I can. I'm not an expert on this manner, but some sentences might get one on wrong ideas.

    Thank you very much for your reply. :)

    It is definitely not the complete Node ecosystem that prefers any license, it's at most the node community. The Node ecosystem by definition contains node.js, npm, community, etc. and they might use MIT but node.js and npm treat all licenses the same.

    Obviously I don't speak on behalf of everyone in the Node ecosystem. I merely meant that the vast majority of licenses fit the Copyfree definition (ex. MIT). It would be great if this was more widely recognized, and then we'd never have to waste time worrying about licenses.

    I never met anybody with a legitimate argument to use restrictive licenses. "Evil corporations" are not going to closed-source NodeBB - in fact companies like Google, Microsoft, Facebook, Apple, etc are now giving away huge quantities of code, and usually (when they have a choice) it's under permissive licenses. The only ones who benefit from injecting restrictive licenses into the Free Software ecosystem are communist zealots and Intellectual Property lawyers concerned about job security...

    So you wouldn't use MIT either? It does contain "The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software". So you'd have to give all your work to public domain in order to fulfill this philosophy - you in person seem to at least advertise this within your linked conversation. I think for this discussion MIT vs GPL it's just a matter what violates it and not whether it's possible to violate it.

    The Copyfree Standard is the definition of genuinely Free Software (as in freedom) that we go by. I didn't write it, but I think it's a very reasonable standard. I hope that everyone interested in software licenses will read that site.

    Insisting on "public domain" would be hugely impractical - many jurisdictions don't recognize the concept, and also impose all sorts of "implicit warranty" BS. The author of SQLite had to waste time dealing with this, and he now recommends using "a license like BSD" (i.e. a Copyfree license) instead.

    A Copyfree license simply says: do what you want, but (1) don't hurt me, and (2) don't pretend you wrote it. The first part is simply legal self-defense against the "implicit warranty" insanity. As for the second part - I think plagiarists should be exploded through non-violent means (ex. public shaming and ostracism) instead of calling in the lawyers, but I don't think it ever really comes to this in practice.

    This position is increasingly common, especially for Node developers.

    Sorry, but your link just shows an NPM package. [...]

    Yes, that is demonstrating that it's increasingly easy for people to audit their dependencies and get rid of restrictive licenses. It's not as easy to do this with most OS or dev package managers. People are no longer indifferent to software licenses.

    So there are more people using MIT, this does not have any relevancy to anyone else's license choose. Plain popularity does not change license content.

    You have to look at the big picture to understand what is happening...

    People have been exchanging ideas freely without lawyers since the beginning of time. Then GNU/Linux came to the marketplace and "went viral" just about a year before FreeBSD got its act together, and that's how restrictive licenses got their hooks into the Free Software ecosystem. Sometimes programmers used restrictive licenses because their dependencies forced them, sometimes it was merely because they mistakenly thought they were obligated to, and sometimes out of sheer herd mentality. A lot of people thought "free" / "open source" software had to be GPL'd, because everyone was doing it, and then the viral nature of the license took over.

    Socialist ideologues were overjoyed to jump in front of the Free Software parade and claim ideological credit for other people's work - that only their statist licenses kept the "eeevil capitalists" at bay and made all this possible. This created much angst in the software industry, causing much practical and ideological harm. A dozen companies had to reinvent the wheel, resulting in incompatible implementations, because the "free" / "open source" implementation was restrictively licensed...

    It's been a long and on-going struggle to liberate Free Software from restrictive licenses and socialist ideology. It's an up-hill struggle, because restrictively-licensed projects not only had the momentum but could also import and re-license genuinely free code. Legal threats hang over the entire software industry for the possibility that anyone's code may resemble some piece of code out there that's been restrictively licensed. Instead of a gift, restrictively licensed "free software" became a Trojan Horse!

    But, nevertheless, despite these difficulties, slowly but surely, genuinely Free Software has been catching up, and is now finally starting to gain the upper hand - to everyone's benefit. As free market proponents like me had predicted, software companies gave back lots and lots of great code, acting in their own rational self-interest. The NodeJS ecosystem is one of our champions, and I see a bright future ahead, with (for example) an ElectronJS-based desktop environment of Copyfree apps leapfrogging the dominance of restrictively licensed apps based on GTK, Qt, etc.

    NodeBB stands on the shoulders of Copyfree-contributing companies like Google (V8), Joyent (Node), VMware (Redis), Nginx, GitHub, and many others. NodeBB also depends on almost 600 other packages from the NodeJS ecosystem, almost all of which are Copyfree! (There are a few slightly flawed licenses there, but the only thing that's Copyleft is NodeBB itself.) Yes, the NodeBB devs can use whatever license they want, but there are consequences to using GPLv3 - and those consequences are entirely negative.

    Thanks to the rest of this ecosystem, NodeBB could have been the #1 freest message forum in the marketplace, leapfrogging all others! Copyfree advocates like me would love to be advocating for NodeBB (even over the likes of SMF, which is BSD licensed but has non-Copyfree dependencies). But, due to NodeBB's own choice of GPLv3 licensing, it stands as one of the most restrictively-licensed message forum options instead!

    And so, as herd mentality is no longer an excuse to use restrictive licenses, what excuse is there? What does this say about the people who benefit from genuinely free software, but insist on throwing pages and pages of legal threats at their users for no practical benefit?

    [...] Additionally I don't think that the "legal complexity" should have any influence on the process of license selection.

    This makes no sense to me. You are making a threat that your users are expected to read, understand, and obey. There are costs to reading and understanding those threats. In the case of NodeBB's GPLv3 license, this is 5,644 words of legalese. (Compared to the Magna Carta being 3,575 words; U.S. Declaration of Independence being 1,339 words; U.S. Constitution: 4,400. Should kids be taught GPLv3 in school instead?!) That's a lot of time taken out of people's lives for no practical benefit! I'm a pretty smart guy, but I still can't understand all of GPLv3 without a lawyer...

    If I make a Copyfree NodeJS-based message forum that even accidentally resembles NodeBB, the NodeBB devs will be able to sue me for license violation, and I will be forced to go to court and defend myself. If I refuse to go to court, the government will send me more and more threats, and eventually men with guns will come to my house...

    This is not what Free Software should be about!

    You can always use the search engine of your choice to search anything and in most cases you will find results matching the search phrase. For example try searching for "GPLv3 is great" and you'll find matching results. [...]

    My point was to introduce you to the various arguments against GPL. I know there are a lot of misguided people (and greedy IP lawyers / political opportunists) who like GPL, and most of them are "the old generation", not a part of the NodeJS community.

    What's important is that there is no rational argument in which using GPLv3 benefits NodeBB in any way. I've never met zealots who refuse to use software that isn't restrictively licensed (every Linux distro core contains plenty of Copyfree code), but I've provided many examples of people who won't use NodeBB unless it changes its license.


    Quoth ESR's Licensing How-To:

    What keeps most projects open-source isn't the threat of lawsuit, it's that taking open-source code closed is an expensive way to lose lots of money as your handful of salaried in-house developers tries to keep up with a much larger pool of open-source contributors.

    Licenses function as social contracts among groups of developers. Whether or not a license is legally enforceable, your choice of an open-source license conveys a message about the development practices you want to use, the community you want to be part of, and the intended audience of your software.



  • Unless anyone is going to start ripping other people off there's unlikely to be any doors being burst open by feds.

    As a British Scottish person, that felt odd saying "feds".


Log in to reply
 


Looks like your connection to NodeBB was lost, please wait while we try to reconnect.