6.1. License

What is a software license?

A software license is a legal document that dictates what others can and cannot do with your code. It is the official rulebook for how your project is used, shared, and modified, protecting both your rights as a creator and the rights of your users.

Licenses are generally categorized by their permissions:

Permissive (e.g., MIT, Apache 2.0): These licenses, often called "attributional," allow for great freedom. Others can use, modify, and even sell your work as part of their own proprietary software, as long as they give you credit.
Copyleft (e.g., GPLv3): These licenses ensure that any derivative work remains open source. If someone uses your copyleft-licensed code in their project, they must release their entire project under the same license.

What happens if I don't include a license?

If you don't include a license, your code is automatically protected by exclusive copyright. This means that, legally, no one else has the right to use, copy, modify, or distribute your work, even if you've published it on a public platform like GitHub. To allow others to use your code, you must provide a license that grants them permission.

Why is a software license essential?

A software license is crucial for turning a private project into a public resource. Here’s why it’s essential:

Defines Clear Boundaries: It removes ambiguity by explicitly stating the terms of use, preventing legal disputes.
Protects Your Work: It safeguards your intellectual property from unauthorized use or distribution.
Encourages Contribution: A clear license gives potential contributors the confidence to participate in your project, knowing their rights are protected.
Limits Liability: Most licenses include a clause stating the software is provided "as is," without warranty, protecting you from liability.

In an organizational setting, always choose a license that aligns with your company’s policies. Consult with legal and management teams to ensure compliance.

Example: MIT vs. GPLv3

The MIT License and the GNU General Public License v3 (GPLv3) are two popular open-source licenses with different philosophies:

MIT License: A highly permissive license. Its motto is essentially, "Do whatever you want with this, just keep my name on it." It allows use in proprietary projects.
GNU General Public License v3 (GPLv3): A strong copyleft license. Its motto is, "If you use my code, your project must also be open." It ensures that the software and its derivatives remain free and open source.

Case Study: Elasticsearch vs. OpenSearch

Elasticsearch, originally under the permissive Apache 2.0 license, switched to a more restrictive dual-license model. The change was driven by concerns that cloud providers were profiting from their software without contributing back. In response, Amazon Web Services (AWS) forked the project to create OpenSearch, keeping it under the Apache 2.0 license to ensure it remained open for community use. This case highlights how licensing is a strategic tool that can shape a project's community and commercial future.

How do you choose the right software license?

The right license depends entirely on your goals for the project. Ask yourself these key questions:

Simplicity and Permission: Do I want anyone to be able to use my code for any purpose? → MIT License
Concern About Patents: Do I want to provide an express grant of patent rights from contributors to users? → Apache License 2.0
Enforcing Openness: Do I want to ensure that any software that uses my code is also open source? → GNU GPLv3

For a guided experience, use tools like ChooseALicense.com to find a license that matches your goals.

How do you add a license to your project?

Adding a license is straightforward:

Choose Your License: Select the license that best fits your project's needs.
Create a LICENSE file: In your project's root directory, create a file named LICENSE (or LICENSE.txt).
Copy the Full License Text: Visit opensource.org to find the official text for your chosen license. Paste the complete, unmodified text into your LICENSE file. Do not summarize or alter it, as the full text is legally binding.

Are there special licensing considerations for AI/ML?

Yes, licensing in AI/ML is more complex because you're often dealing with three distinct components: the code, the model artifacts (the trained weights), and the data. Each may require its own license.

Licensing the Code: Standard software licenses like MIT or Apache 2.0 work perfectly well for the source code that trains or runs your model.
Licensing the Model: This is an emerging area. You must decide if you are licensing the use of the model. Can others use it commercially? Can they build upon it? Specialized licenses like OpenRAIL (Responsible AI Licenses) are designed to restrict the use of models in certain sensitive or unethical applications.
Licensing the Data: Data licensing is critical. You must ensure you have the right to use the training data and clearly state how it can be used by others. Creative Commons licenses are a popular standard for datasets, allowing you to specify whether commercial use is allowed or if derivatives must be shared.

How do you manage licenses for your dependencies?

Your project is a "derivative work" of its dependencies, so you must comply with their licenses. Incompatible licenses (e.g., using a GPL-licensed library in a closed-source commercial product) can create significant legal risks.

Audit Your Dependencies: Generate a list of all third-party components and their licenses. You can use tools like pip-licenses for Python or npm-license-crawler for Node.js.
Check for Compatibility: Ensure that your project's license is compatible with the licenses of all its dependencies. For example, a project with an MIT license can use dependencies with MIT or Apache licenses, but using a GPL dependency would force the entire project to become GPL.
Automate Compliance: Integrate license-checking tools into your CI/CD pipeline. Tools like WhiteSource or Black Duck can automate this process for enterprise environments.