2 Comments

Checking Your Derivers’ License

Recently, an OEM contacted me about a problem with heatshrink. They said that it worked well for their needs, except there was a snag with the license. Huh? I had released it under the 3-clause BSD license, not the GPL or something. Isn’t the BSD license as commercially permissive as they get? It turns out that there’s a clause in the BSD License that is problematic for anything distributed solely as hardware:

“Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.”

I am not a lawyer, but their objection makes sense to me. As an OEM, they don’t usually provide documentation or other disclaimers for end-users with their hardware — it just gets installed in other vendors’ products. (Do you know, or necessarily care, who supplied the brakes in your car? The GPS in your smartphone? The controller in your thermostat?). That clause would put an extra burden on their customers, who would have to print and distribute an extra disclaimer just to indicate that an upstream vendor was using my library. Looks like I found another leaky abstraction.

I open-sourced heatshrink specifically so it could be used in cases like this, so I decided to change the license. The BSD-style ones still fit for my intent, so looked at the others. I settled on the ISC License because it’s simple and OpenBSD uses it (which I consider a strong technical and philosophical endorsement!), though the MIT or zlib licenses would have also worked. (Again, IANAL, but unlike the GPL or Apache license, I feel reasonably confident I understand those.)

This also reminded me that some licenses are quite specific about technical details — the LGPL‘s definition of linking, for example, seems to assume a C-like language. It doesn’t really apply to Lisp, so there is a variant of the license (the LLGPL) with different legal language regarding linking. Details like these are easy to gloss over, but they can have a major impact on whether open-source projects can actually be used by others.

Have any of you had surprising issues come up with your license choices?

PS: I am going to be speaking at QCon New York in June and at Strange Loop in September. See you there!