May 8, 2014
Yup, we had several lengthy discussions, spats on the social networks with a big banner GPL vs BSD. We used the terms GPL and BSD, while the discussions were more like Free License against Lesser-Restrictive License. Yet again, I come with another article but this time it’s more of an observation from current happenings.
In a previous blog article I detailed our discussions during LUGM’s Software Licensing meetup. The article also includes videos of the meetup.
Heartbleed, the OpenSSL bug has been very much covered by media lately. Many criticized the development team for having poor code quality while others pointed finger at the developers for not finding the bug earlier. Is that justified? The development team of OpenSSL comprises of eight members. Wait! Eight … Is that all? The team that produces code to be used in appliances around the world, manufactured by several Fortune 500 companies, has a development team of eight people. Okies, let’s have a look at funding now. Ahaan! Only one platinum sponsor: NOKIA. While some may have opted to remain anonymous, I am still perplexed at the lack of funding as noted throughout various articles citing Heartbleed.
Let’s come back to the topic of software licensing and we see if it may have affected “funding”.
Software licenses such as BSD, MIT, Apache 2.0 License etc, are considered to be business-friendly. Software companies can include the code & re-package with their own solutions with no obligation to contribute back in whatever form. Sounds ideal as business model, right. You get a piece of code for free, you improve, you sell and you’re not obliged to contribute back (either in terms of code itself or monetary).
On the other hand, software released under “copyleft” licenses such as GNU GPL, will oblige the companies to release back source code of improvements (should they make their software available to public or any third-party). Does this ensure continuous development? Yes, it does. Other projects have considered the dual-licensing way, which provides a community version with a free license as well as a proprietary version that could be included in corporate solutions. Users may pick which license to use. Major software projects following this model are MySQL, Berkeley DB, Asterisk, Sendmail, Netbeans, Qt etc.
OpenSSL is dual licensed under Apache License 1.0 and the 4-clause BSD License. However, it looks like the major companies who benefited from the OpenSSL code for years did not bother contributing much to the project itself. In a bid to collect enough funds for the project, the developers formed the OpenSSL Software Foundation (OSF) which provides paid support. This has been meagre funding though.
My two cents: I’d rather go Free as in GPL, my project either flourishes or fails, than going a BSD way and having tons profiting on the hard work with no contribution at all.