Here’s a question, “Does open source software (OSS) have an owner?” This question is a little tricky, but the answer is usually “yes.” Some software is released as Public Domain, which you might argue has no owner. But in general, each piece of OSS has an owner. It may be a person, a group of people, or an organization. We might like to ignore this fact, but it is true.
Here’s another question, “Can the license for a piece of OSS change?” Hopefully, you answered “yes.” This is, however, one of the last things we think about when we decide to use OSS in our software products. We like to think that once we have reviewed a piece of software, we never have to review it again. Wouldn’t that be nice!
So, if OSS has an owner and the owner can change the license, do we need to be concerned? The answer is “It depends on how you use the software and terms of the new license.” Let’s look at a number of examples:
Take the example where an OSS license changes from one version to another version of the same OSS license. For instance, moving from GPL v2.0 to v3.0 or Apache 1.1 to 2.0. In this example, the software is moving from one license version to another, but within the same license family. This may seem simple, but you have to ask, “What’s the difference in the licenses?” Your attorney provides the most complete answer. Most license authors provide you with a summary of changes and aren’t looking to hide anything. But attorney’s have different opinions on how to interpret each license. Because of this, you want to seek legal advice from your trusted attorney. What should developers do when they notice a change in a license like this? Hopefully, they inform your business team and wait for an approval before proceeding to adopt the new software module. If the new software is adopted before approval is received, you might have agreed to something you didn’t expect, regardless of what the different blogs say.
Here’s a similar example, except we’ll change the OSS license from Apache 2.0 to GPL v3.0 – exchanging one OSS license for another. Should you still use the software? How you use the software may be a major contributor to your attorney’s opinion. In this situation, the license is changing from what is generally perceived to be a business friendly license to a non-business friendly license. If you use the software to support your data center, you may not see much difference. However, if you embed the software in your product that you sell to others, there may be a significant difference. Legal advice is required to avoid unintended consequences (like giving your software away to your competition).
One final example: the license changes from an Apache 2.0 license to a commercial license. Does this affect you? Likely. You are still free to use the older version of the software under the Apache 2.0 license, but to take advantage of any of the new features of the software, you need to comply with the commercial license. This is a situation where the software owner has decided that they no longer want to give their software away. While this is not a common event, it has happened. For instance, when Oracle acquired Sun Microsystems, Oracle changed the license on Open Solaris to be a commercial license – killing Open Solaris as an evolving open source operating system. You can still find Open Solaris, but it is aging compared to the newer versions of Oracle Solaris.
Do license changes matter? Certainly. You need to monitor these changes, analyze the impact in the light of how you use the OSS component, and act accordingly. This is part of what I call a hidden cost of using OSS and one of the events that a responsible OSS management process monitors. One such management process is outlined in my book, Open Source Software: Implementing a Successful OSS Management Practice. Check it out on Amazon!
—Jeff Brown, SilverStream Consulting