Hi Heather, thanks for hosting the AMA. I have two semi-related questions:
Individuals and sometimes companies seem to tend to fallback to MIT as default without giving it much thought. What do you think are the most common use cases or situations where folks should consider other licenses and which ones do you recommend?
If someone were to change the license of a project, what steps should they take in order to have those effects safeguard their IP? Is the "damage already done" for the code released before the new license was put in place? If a CLA is needed, do you need previous contributors to sign them in order to update the license?
The fallback license seems to depend on the community, in my experience. People in the Linux development area do seem to default to MIT, because it is GPL compatible. (But then they often dual license under GPL and MIT, which is...weird.) In corporate world, the default license for releases is usually Apache 2.0, because it has patent terms.
If you don't use a CLA, AND you want to change the outbound license for a project, AND you have used a copyleft license (like GPL, AGPL, or LGPL) you usually have to do a clean-up project to get new rights for your project. That is a pain!
When I have advised on those projects, we usually did a 3-tier approach. Some contributions are very small (a few lines, a non-code change) and don't usually require any re-licensing. Some contributions are from contributors who are still involved in the project, and we just send them a CLA to acknowledge. (Usually they don't object.) For those who don't respond, you can push out a notice saying "We are changing our project license, please speak now or forever hold your peace." That is not the best position, legally, but it's often all you can do. If anyone actually does object, you remove the code from the project.
If you have used a permissive license for the project, you don't need all this. You just preserve the original license notice for pre-change contributions. You end up with two license notices, but that's not such a bad thing.
Hi Heather, thanks for hosting the AMA. I have two semi-related questions:
The fallback license seems to depend on the community, in my experience. People in the Linux development area do seem to default to MIT, because it is GPL compatible. (But then they often dual license under GPL and MIT, which is...weird.) In corporate world, the default license for releases is usually Apache 2.0, because it has patent terms.
If you don't use a CLA, AND you want to change the outbound license for a project, AND you have used a copyleft license (like GPL, AGPL, or LGPL) you usually have to do a clean-up project to get new rights for your project. That is a pain!
When I have advised on those projects, we usually did a 3-tier approach. Some contributions are very small (a few lines, a non-code change) and don't usually require any re-licensing. Some contributions are from contributors who are still involved in the project, and we just send them a CLA to acknowledge. (Usually they don't object.) For those who don't respond, you can push out a notice saying "We are changing our project license, please speak now or forever hold your peace." That is not the best position, legally, but it's often all you can do. If anyone actually does object, you remove the code from the project.
If you have used a permissive license for the project, you don't need all this. You just preserve the original license notice for pre-change contributions. You end up with two license notices, but that's not such a bad thing.
Thanks for the question!
I guess "tell me the license you go with and I'll tell you who you are" talks a lot about me, or the friends I hang out with? š
Thank you for the answers to both questions! I now know a lot more about this than I did before.