What license should I use for the codebase in order to protect it and still be open?
---
Hey guys,
I'm about to open-source my product in the summer and I want to build something great, with the help of the community, out of this and the main goal is to make the code available somewhere (it will end up in Github, 98% sure). I know that it might sound crazy, but I really want to give something back to the open-source community.
This has been proved to be a good strategy (Sentry rings a bell here, also Wordpress), I guess.
I'm trying to figure out what is the best license to my product/codebase. Some guidance would be nice.
Thanks in advance.
If you want that, then you can use licenses like MIT or BSD. (Notice how MIT and BSD are universities, where the people who worked on those software, initially, had alreay been paid, by the american tax payer, thru university salaries or DARPA grants; in this setting, it makes perfectly sense that the american tax payer be able to use the code he already paid for, and possibly to integrate it into proprietary commercial products).
On the other hand, if you want to ensure that people who use you code to make and distribute derived works provide their own contribution and share their own software too, then you will want to use a GPL license. (An intermediate license is the LGPL, better reserved for libraries that should compete with other libraries already under MIT or BSD). Notably, nowadays a lot of people build services accessible thru the network without distributing any software, but having it just run on their own servers. For this situation, the AGPL3 licence is indicated: if they use your code to make such a remote service, they will still have to distribute their modifications and sources, which will then allow users to verify that your code and their code is not used for nefarious purposes (like, forwarding private data to the NSA), notably allowing those users to run the server code on their own servers. (Cf. eg. opencloud vs. dropbox).
So my advice is to use the AGPL3 license by default, and only upon very special circumstances, release your code under another license.
For example, if such a commercial corporation wants pay you for a MIT license so they can use your code, as the right owner, you still can provide them with such; if they don't then they can always hire you, unless most probably they just expected free work from you?
You will hear complains about the GPL and the AGPL, but only from selfish people or corporations.
I guess I'm just overthinking about this problem instead of focusing in the real deal. I have the product in place, I'm preparing a paid plan for the future and after that, release the source code. Shouldn't be that hard to decide. Damn.
Check this out for more info: http://opensource.org/licenses/
Those who prefer the GPL license like it because it places the fewest restrictions on users down the line, by restricting developers from doing things that are against user freedoms.
If your view is on the first link of the chain then GPL is certainly restrictive. Though I suggest you look at the AGPL to see something which is more restrictive under that viewpoint.
That said, you are certainly correct that the three major approaches are MIT, or Apache for bigger projects where patents may be an issue, or GPL. These are also the main three listed at http://choosealicense.com/ .
It comes down to what why the OP wants to "protect" the software. What shouldn't people be able to do with the software?
I've tended to avoid copyleft licenses due to the potential complications caused by license incompatibility when trying to combine code with other code; since I'd prefer my code to be as useful to as many open-source projects as possible, I consequently prefer something as relaxed as possible.
My one exception (other than when required to make an exception by an employer or client, of course), however, is when I'm writing Perl code (particularly Perl code that's meant to be reused, such as something on CPAN); in these cases, it's standard convention to use either "the same license as Perl itself" (Artistic License / GNU GPL dual-license) or the Artistic License 2.0 (or later), so I just stick to convention.
-----
Those are my needs, however. Everyone has different needs for a license.
If your priority is ensuring that your code doesn't make its way into proprietary projects, the most surefire way to do this is with a "copyleft" license. The GNU General Public License (version 2 or later) is probably the most common such license. When I use the GNU GPL (aside from with Perl packages), I tend to use version 2 with an "or any later version" statement; version 3 includes anti-TiVOization language that - while useful if I'm an extremist - is a bit excessive for my tastes. Other options here include the GNU "Lesser" General Public License (basically the GPL, except that it allows non-free software to dynamically link against your software; useful for libraries, for example), the Mozilla Public License 2.0 (allows integration with differently-licensed software, so long as the MPL'd parts remain MPL'd), and the Artistic License 2.0 (derived works may be distributed either under the same license (to either everyone or just the original author, at the new author's discretion) or under a different license but forbidden to use the original name or interfere with the installation of the original version); the MPL2.0 and AL2.0 are both compatible with the GPL (though the MPL has an optional "Exhibit B" that can disallow that compatibility), and are better classified as being "partial" copyleft licenses (in the sense that they aren't as strict as even the LGPL).
If your priority is instead just to make sure you're credited for your work, pretty much any non-public-domain-dedicating free software license will do in practice, though the BSD license is the most explicit about this in the copyfree camp (the 2-clause or 3-clause is recommended; the 4-clause is frowned upon). The ISC and MIT (of the Expat or X11 varieties) are also suitable here, though they're not as explicit about attribution in binary distributions of derived works.
If you're concerned about patents, the Apache License 2.0 and GNU General Public License version 3 provide some protections regarding patents that might be useful. The Apache License has some other nice features as well (trademark protection, proper attribution, non-copyleft, default contribution agreement, etc.).
It's difficult to provide a more specific suggestion without clarification regarding what, exactly, about your code you intend to "protect".
