Understanding Open Source Licenses
Summary
This post explores the various types of open source licenses, highlighting their core requirements, use cases, and key differences. It provides a quick selection guide to help readers choose the most suitable license for their projects, emphasizing the importance of understanding the freedom spectrum, patent handling, and compatibility of each license type.
1. Types of Open Source Licenses
Open source licenses can be broadly categorized into two main types:
Copyleft Licenses (e.g., GPL)
- Requires derivative works to remain open source
- Enforces “share-alike” principle
- Examples: GNU GPL, LGPL, AGPL
- Ensures software freedom propagates
Permissive Licenses (e.g., MIT, BSD, Apache)
- Allows derivative works to be either open or closed source
- Minimal restrictions on code reuse
- Popular in commercial projects
- Maximizes adoption flexibility
2. Major Open Source Licenses
| License | Core Requirements | Use Cases | Example Projects |
|---|---|---|---|
| MIT | Retain copyright notice | Personal/commercial projects | React, Node.js |
| Apache 2.0 | Retain copyright + patent notices; document changes | Enterprise projects, patent protection | Android, Kubernetes |
| GPL-3.0 | Derivative works must be open source | Enforce community contributions | Linux kernel (GPL-2.0) |
| LGPL | Allows dynamic linking with closed-source code | Libraries + closed-source integration | GNU C Library |
| BSD 3-Clause | Retain copyright + no endorsement by authors | Academic/lightweight projects | Nginx (early versions) |
| MPL 2.0 | File-level open source; allows closed-source mixing | Balance commercial and open-source | Firefox, Rust |
| AGPL | Requires open-sourcing network service code | Cloud/SaaS applications | MongoDB (early versions) |
3. Key Differences
Freedom Spectrum
MIT ≈ Apache 2.0 > BSD > MPL > LGPL > GPL > AGPL
(Increasing restrictions from left to right)
Patent Handling
- Apache 2.0: Explicit patent grants and litigation protection.
- MIT/BSD/GPL: No explicit patent clauses; potential risks.
- Compatibility
- GPL Family: “Infectious” license; incompatible with many others (e.g., GPL code cannot be used in MIT projects).
- MIT/Apache: Freely combinable with other licenses.
Quick Selection Guide
- Maximize flexibility → Choose MIT (personal) or Apache 2.0 (enterprise).
- Enforce open-source derivatives → Use GPL (strict) or MPL (flexible).
- Avoid AGPL for cloud services unless willing to open-source service code.
It is recommended that you use the Choose a License tool to further match requirements.