If your business sells software, including software-as-a-service (SAAS), odds are good that you have used one or more open source packages in the course of development. In some fields, open source modules are fairly ubiquitous. Software companies that are working with computer vision might use the open source library OpenCV, which is offered under a license called Apache 2. AI companies might use TensorFlow (Google) or PyTorch (Facebook). TensorFlow is also offered under the Apache 2 license, while PyTorch is offered under a BSD license. 

Permissive Licenses 

Apache 2 and BSD are so-called “permissive” or “lax” licenses. Both of these licenses require a future user/copier to provide a copy of the license and a copyright notice with their software. Beyond that, both licenses require relatively little of a future user, and largely serve simply to shield the open source licensor from liability. 

Copyleft Licenses   

But many open source libraries are not licensed under such permissive terms. The term “copyleft” is applied to attempts to reduce the restrictions imposed by copyright on copying and sharing. Licenses such as GNU GPLv3 and the Eclipse Public License include “copyleft” requirements, such as the requirement to make source code publicly available. For a company that wants to keep its innovations secret, this can mean jeopardizing trade secrets.  

License Incompatibility 

An even more difficult issue is license incompatibility. Many copyleft licenses require that any source code that is using or is a derivative of the licensed code must be licensed on the same terms. This can be fine if all of the licensed source code is subject to the same copyleft license. But where a software project mixes code from multiple sources under different copyleft licenses, the provisions of the underlying copyleft licenses are generally incompatible with each other.  

In other words, if I write software incorporating open source code licensed under both GNU GPLv3 and the Eclipse Public License, my new software would have to be offered under both licenses – but that can’t happen, because the GNU GPLv3 and Eclipse Public Licenses each have different requirements. My only recourse is to eliminate one of the two sources of source code from my project, or ask the licensor to change their license. 

If you need help reviewing your software licenses, or choosing an open source license for your own project, please get in touch!