Open source licenses are usually viewed by developers as the dreary compliance bits that legal advisors have to take care of while they are busy creating the innovative software products of tomorrow. However, as organizations across all industries and verticals have embraced open source usage, some open source projects have become big business, bringing the debate over open source licensing once again to the forefront.
While the business of licensing might seem dreary to most developers, they tend to get quite passionate when it comes to their favorite database projects, not to mention the emotions that arise around talk about the future of cloud infrastructure. Combine that with the open source community’s uproar when they feel an open source project’s license has been compromised, and you’re in for some fireworks.
As this year comes to a close, it is a good time to take a look at the trends of open source license usage in 2019 and compare them to previous years.
Our research team has collected information from the Mend database, which includes more than 4 million open source packages and 130 million open source files covering over 200 programming languages, to learn which were the most popular open source licenses in 2019. Results show that use of permissive open source licenses continues to rise, while usage of copyleft licenses, and the GPL-family in particular, continues to decrease.
Use of permissive open source licenses is still on the rise, continuing the trend we saw in 2018. MIT and Apache 2.0 licenses once again take first and second place in our list of top 10 most popular open source licenses of the year, both rising by one percent as compared to last year.
Permissive open source licenses place minimal restrictions on how others can use open source components. This type of license allows varying degrees of freedom to use, modify, and redistribute open source code, permitting its use in proprietary derivative works, and requiring nearly nothing in return.
According to this year’s data, 67% of open source components have permissive licenses. That’s a 3% rise from last year’s 64%. Only 33% of the top 10 most popular open source licenses are copyleft, compared to 36% last year and 59% in 2012. The numbers show that developers and organizations continue to prefer permissive licenses.
This can be explained by the continuous rise in open source usage. Open source has become mainstream, and the open source community is embraced and supported by the commercial software community. With companies like Microsoft and Google stand behind some major open source projects, the “Us” vs. “Them” mentality that ruled in the early days of open source is long gone. In the interest of this widespread cooperation, and encouraging open source usage, permissive licenses are winning.
Users, in turn, are choosing the components with the licenses that seem to have fewer strings attached. Open source components with permissive licenses seem to offer them all a simple solution, by minimizing the challenges of open source licensing compliance for legal departments.
The MIT license remains at the top of the popular open source licenses list, at 27%. This shouldn’t come as a surprise, as it’s been trending on GitHub since 2015. Ben Balter, attorney, open source developer, and Senior Manager of Product Management at GitHub, said then that developers choose the MIT license because “It’s short and to the point. It tells downstream users what they can’t do, it includes a copyright (authorship) notice, and it disclaims implied warranties (buyer beware). It’s clearly a license optimized for developers. You don’t need a law degree to understand it, and implementation is simple.”
According to GitHub’s choosealicense.com, The MIT license “lets people do anything they want with your code as long as they provide attribution back to you and don’t hold you liable.” Two years ago Facebook very publicly replaced the contentious React license with an MIT license.
Two years ago, when we rounded up the numbers for 2017, the permissive Apache 2.0 license shook things up by making a leap to 2nd place on our top 10 open source licenses list, replacing the copyleft GPL 3.0 license. This year, the rise in Apache 2.0’s popularity continues, as it gains another one percent and comes in strong at second place with 23%.
According to GitHub’s choosealicense.com, The Apache 2.0 license’s main conditions require preservation of copyright and license notices, providing an express grant of patent rights, and allowing licensed works, modifications, and larger works to be distributed under different terms and without source code. Apache 2.0 is the license for quite a few popular open source projects, including Kubernetes, Swift, and PDF.js — to name a few.
GPLv3 and GPLv2 both took another hit this year. GPLv3 still came in at number three, but lost another three percent, coming in with 13%, compared to 16% in 2018. GPLv2 also kept its fourth place, remaining with 10% from 2018.
This year GPL v3.0, GPL v2.0, and LGPLv2.1, which all came in at top 10, got a combined 28% out of all top 10 licenses, which marks another significant decrease in popularity for the GNU GPL family of licenses. We expect this trend to continue in years to follow.
The GPL was a trailblazer at the start of the open source revolution and is a prime example of the copyleft or viral license. When users incorporate a component licensed under one of the GPL licenses, they must release its source code, as well as the rights to modify and distribute the entire code. Not only that, but they are also required to release their source code under the same GPL license.
Back in the early days of open source adoption, the GPL license posed a real conundrum for businesses thinking about adopting open source or participating in the open source community. Many chose a dual-licensing approach in an attempt to bridge the gap between the GPL license and their commercial needs.
While mountains of code have been open sourced since then, the numbers show that GNU GPL is avoided by many commercial entities that are taking a much more central place in the open source community year over year. With the wealth of open source licenses out there, it appears users are choosing the more permissive ones, that contain fewer requirements and restrictions.
While they didn’t make it to our 2019 list of top ten open source licenses, or even top 20, this past year we continued to hear rumbles from the community about the open source licensing approaches. Changes to licensing in leading open source projects like Mongo DB and Redis are reminders that as open source usage grows, organizations are in the process of figuring out how to both embrace the open source community and update their business models to stay ahead.
As Michael DeHaan, the creator of the extremely popular Ansible has pointed out, open source developers and open source users may require a new open source licensing solution to ensure that the community continues to evolve.
One thing is certain from both the open source licensing headlines that we saw this past year, and from our research: both developers and commercial organizations are choosing the open source components that enable them to create products that can thrive in the open source ecosystem. The community is doing its best to make sure open source is easy to adopt and comply by. It’s up to organizations to keep up their end of the bargain and make sure that they know which open source licenses they are using and that they are keeping up with their requirements.