Open Source Licenses From A Consumer Perspective

There are many articles discussing open source licenses and business models targeting investors or open source creators. If you are interested in these topics, I recommend that you read Forbes and Medium. I will not repeat various licenses from investors’ perspectives. Rather, I would like to focus on how you should evaluate open source licenses from a user’s perspective. See the above open source selection flowchart.  If you want to learn about the technical aspects of choosing open source software, read Jeff’s blog.

After selecting candidate software packages, I would highly recommend evaluating your software distribution model against their licenses. Different distribution models (e.g. internal IT project vs. hosted public SaaS) have different implications for your business. Next, you should check whether or not the license is one of the approved licenses from Open Source Initiative. If it is not one of approved licenses, you probably want to review it with your legal department. All things being equal, I recommend that you pick projects with the Apache 2.0 license. Not only is this a permissive license, but also it contains a patent license from the contributors of the code. While BSD and MIT are permissive, neither contain patent licenses from the contributors of the code. The potential risk is that you may be sued by the patent holders. The following table shows the most popular OSI approved licenses and their usage permissions.
Licenses vs. Distribution Models
Distribution Models
License TypeInternal IT ProjectsHosted Public SaaSRedistributed Commercial SoftwarePatent Covered License
Apache 2.0YesYesYesYes
GPLYesYesYes (Disclose All Source)Yes
Eclipse Public License 2.0YesYesYes (Disclose Linked/Modified Source)Yes
The latest trends of open source business models are Hosting and Open Core. For example, MongoDB has a Server Side Public License, which is not an OSI approved license. It specifically prohibits a user to host MongoDB as a service. MongoDB’s license is a typical example of the Hosting business model.

Finally, let’s look at the Open Core business model. InfluxDB’s core source code is under the MIT license while its horizontal clustering feature is closed source. InfluxDB is a typical Open Core project.  If you don’t need a scalable time series database, you can probably live with the open source. You might think of Open Core projects as trial software — you can evaluate them as much as you want, but if you deploy in production, you probably need the commercial license. Whatever solution you consider, as a consumer of open source projects, you should ensure that your choice’s license aligns with your business.