CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Discussion »
  • Extensions (Moderators: mathieu, totten, kasiawaka) »
  • Extension Licensing
Pages: [1]

Author Topic: Extension Licensing  (Read 687 times)

kreynen

  • I post occasionally
  • **
  • Posts: 105
  • Karma: 8
Extension Licensing
September 11, 2013, 11:27:41 am
I know everyone *loves* getting into the details of open source licensing, so I'll try to keep this conversation very focussed.  Also, I'm not a lawyer.  These are just my opinions based on several years of working with open source licenses and advice that's been given to several projects from the Free Software Foundation.

Drupal core is licensed at GPLv2 or later.  The Drupal Association considers modules to be derivative works of Drupal core and requires them to be distributed with the same license as core when being distributed on Drupal.org.

https://drupal.org/licensing/faq/#q7

For Drupal modules, it is the act of committing the code to Drupal's git repo that adds the GPLv2+ license.  GitHub doesn't have the same licensing requirements so you can write a module that's maintained on GitHub using an MIT license and distributed it on Drupal.org with a GPLv2 license because the MIT license allows that. 

During the recent DC CiviCamp, the team working on CiviVolunteer clarified that it would be maintained as an extension and that all extensions developed by that team would be licensed as AGPLv3, but we didn't continue the conversation to address whether extensions are consider derivate works of CiviCRM and require an AGPLv3 license or whether developers are free to choose alternative licenses. 

Clarifying this at the policy level before extensions grow too much further is really important for a number of reasons.

CiviCRM uses the AGPLv3 license which closes the SaaS loophole that exists in GPLv2 and GPLv3.

First, the "loophole" isn't necessarily a bad thing.  In Drupal's case, the contributions to the project from companies  that have locked up features and functionality that improve Drupal in a SaaS offering in many case contribute far more code back to the project than companies that share everything.  As more improvements are made to CiviCRM at the extension level and an AGPLv3 license isn't required, the SaaS loophole is opened UNLESS the extension is distributed.  Someone could host a version of CiviCRM improved by extensions and not be required to share those improvements.  That may be OK or it may not, but it should be clear.

I'm not sure if http://civicrm.org/what/licensing was written before extensions, but this sentence is troubling...

The following guidelines cover project guidelines for licensing and copyright for patches and code contributions to be accepted into the core codebase.

Because the guidelines specifically target patches and code contributions for CiviCRM core, this would imply that these guidelines do not apply to extensions.  If the goal is that all improvements made to CiviCRM will always be available to everyone, the AGPLv3 license needs to required for extensions. 

CiviCRM doesn't require use of a specific repository where a license is automatically applied so licenses must be manually added by the developer creating inconstancies in the approach.

While most extensions are including a license in their info.xml file, not all do...

https://github.com/sciencegalleryderek/com.sciencegallery.mailchimp/blob/master/info.xml#L12
https://github.com/osseed/com.osseed.eventcalendar/blob/master/info.xml

I really have no idea what license the event calendar extension is using.  I'm assuming it's open source because it includes the FullCalendar javascript library which is licensed as MIT, but shouldn't have to assume.  Regardless of the policy, extensions listed at http://civicrm.org/extensions/ should be required to have a license. 

I have other questions about extensions that are related to licensing, but those are more geared more towards developer workflows and promoting collaboration over forking.  I'll post that in another thread.

totten

  • Administrator
  • Ask me questions
  • *****
  • Posts: 695
  • Karma: 64
Re: Extension Licensing
September 11, 2013, 06:18:27 pm
(Note: I'm taking off my CiviCRM Core Team hat because I don't speak for Lobo or Dave and wasn't involved in early discussions of CiviCRM licensing -- these comments are based my personal experience/understanding. And IANAL.)

Quote
Because the guidelines specifically target patches and code contributions for CiviCRM core, this would imply that these guidelines do not apply to extensions.  If the goal is that all improvements made to CiviCRM will always be available to everyone, the AGPLv3 license needs to required for extensions.

CiviCRM doesn't require use of a specific repository where a license is automatically applied so licenses must be manually added by the developer creating inconstancies in the approach.

The discussion of licensing often focuses on obligations -- What obligations does a license impose? Are extensions legally required to use/satsify AGPL (like CiviCRM)? Does CiviCRM have any legal claim which can compel extension authors to license in one way or another?

But I think you've raised a second question -- what is our community goal vis-a-vis licensing? How do we want to achieve that goal -- how do we want to influence the licensing decisions of extensions authors? We can influence them with:
  • Hard-line legal arguments
  • Discussion/advocacy
  • Policies on the use of civicrm.org resources like the extension-directory
  • Technical barriers (like printing an error when a user activates an extension with an unsatisfactory license)

I think we should dismiss the idea that all extensions are automatically, legally required to use AGPL. While that view has some advocates and would give us more leverage to influence developers, it also conflicts with the business-needs of most implementers/customizers -- having a 3-way debate (clients+implementers+core) about licensing of a small client-specific module would be counter-productive. The balance struck on this question is in a civicrm.org FAQ ( http://civicrm.org/node/166 ):

Quote
If you do not make modifications to CiviCRM files, but instead distribute it along side another application that utilizes the CiviCRM functionality only through its API, CiviCRM will remain a separate and independent program from the other application. This means that, although you must of course still comply with the AGPL with respect to CiviCRM, your distribution of the other separate and independent program is not governed by the AGPL.

To wit: Stick to public APIs, and you can license however you want without provoking a conflict.

On the second question... what licenses do we want to encourage and how do we want to encourage... I really don't know. I think AGPL-3.0 is a good default -- that's the license used for core, so it should minimize debate about 'compatibility'.

Quote
While most extensions are including a license in their info.xml file, not all do...

While that's a systemic issue facing Github, civicrm.org should include a sanity-check when reviewing submissions to http://civicrm.org/extensions -- i.e. the reviewer should ensure that the extension includes a license.
« Last Edit: September 11, 2013, 06:29:44 pm by totten »

kreynen

  • I post occasionally
  • **
  • Posts: 105
  • Karma: 8
Re: Extension Licensing
September 12, 2013, 09:24:43 am
Quote
Stick to public APIs, and you can license however you want without provoking a conflict.

So would the use of hooks trigger the need for APLv3?

My (still not a lawyer) understanding is code that uses APIs or even queries the tables of an AGPL project directly using PHP on the same LAMP stack and wouldn't be considered a derivative work, but when the code is executed by the "parent" project it is considered an improvement or derivative.  It seems like extensions fit that description. 

That being said, there is so little case law regarding this that most projects are simply using a mix of the FSF guidelines and their own policies (which may or may not be 100% legally enforceable).  My views are also largely influenced by how the Drupal community interprets this which may or may not end up being the correct interpretation.



Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Extension Licensing
September 12, 2013, 11:44:11 am

Here is our take on things from the very beginning and what the licensing faq tries to clarify. Before i go any further, let me clarify: IANAL (I am not a lawyer).

a. If you do not modify Civi's code from the released version and are using the hooks / api to implement custom functionality, you can choose your own license.

b. Given a choice, we prefer you adopt an OSI approved open source license. If you want any part of your code to be integrated into the release, your license needs to be compatible with AGPL v3

This is a much looser interpretation than drupal's interpretation of GPL v2. Note that the GPL was written a long time before interpreted languages became very popular, which blurs a lot of the line between modules

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Discussion »
  • Extensions (Moderators: mathieu, totten, kasiawaka) »
  • Extension Licensing

This forum was archived on 2017-11-26.