COSS Community 🌱

Cover image for AMA with Heather Meeker, Open Source Licensing Expert (and Musician)
Heather Meeker
Heather Meeker

Posted on

AMA with Heather Meeker, Open Source Licensing Expert (and Musician)

Hi! My name is Heather. I’m a General Partner at OSS Capital, and a lawyer in private practice specializing in open source software licensing.

I learned to program when I was a child, and since then, I’ve been fascinated by software and technology. I like to sing and play music (drums), and I like weightlifting and dancing -- but not at the same time.

Top comments (34)

Collapse
 
cassidoo profile image
Cassidy Williams

Hey Heather!

Do you have any blanket advice for someone who might have some private code they want to open source, licensing-wise? I've seen some people say that it's overkill, and others saying that they don't understand the licenses enough to use them, or feel like they need a lawyer to have one.

Collapse
 
heathermeeker profile image
Heather Meeker

It's not too hard to choose a license. Here is a video about it, for anyone who is interested. youtu.be/s7alZTsw298

TLDR: You choose either (1) GPL if you want a copyleft license for a whole program, (2) LGPL or MPL if you want a copyleft license for a library, and (3) Apache 2, BSD or MIT if you want a permissive license. And to demonstrate my (minimal) coding skills, here is my license picker! heathermeeker.com/license-picker-2-0/

Thanks for the question!

Collapse
 
dylanwre profile image
Dylan Roskams-Edris

Hello Heather,
Thanks very much for having an AMA.
I'm working at the intersection of open science, academia, and innovation and would love to know whether you have any experience with investing in/supporting projects that originated in academic settings? If so, what advice academics should have when considering this path? and (if you have the bandwidth to answer three questions) how do you convince the institutions themselves to support an open commercialization pathway?
I work in Canada and most of the university policies on innovation and IP have exactly 0 understanding of (and therefore support for) open source as a viable pathway. In fact, they usually end up getting in the way because those policies tend to equivocate "invention" and "commercialization" with highly restrictive IP instruments (e.g., patents and full copyright protection). They often create this really weird perverse incentive where, if an academic develops and shares something under an open source license then anyone else can use it to make money without having to tithe to the institution, but if the inventor themselves wants to commercialize it they have to give 10% revenue (not even net) to the institution, which effectively kills the effort.

Collapse
 
heathermeeker profile image
Heather Meeker

You are right. Universities have come very slowly to understanding OSS or any kind of open knowledge. But it's worse than that, they don't really understand "soft IP." They tend to be very entrenched in a model that goes like this: professors or researchers on their payroll develop inventions, those are patented, and the university licenses them to the inventor (or others) for royalties. I have literally had a university OTL send me a patent license when we wanted to license software or data!

Also, when you are dealing with a university OTL, you are often dealing with a contract lawyer or paralegal who has no authority to negotiate standard patent licensing terms.

This is an education problem, and it's tough. The best you can usually do is get the ear of the head of OTL, who can make decisions, and try to convince them. BTW I think the University of California has some good policies about this. security.ucop.edu/resources/open-s...
You might encourage local universities to take a page from their careful consideration of the topic.

Thanks for the question!

Collapse
 
dylanwre profile image
Dylan Roskams-Edris

Thanks a bundle for confirming my experience and the link to the UC resource! I had not encountered it before. Because CAN universities often end up following what the US does it is veeery useful to have this kind of example to point to.

Thread Thread
 
heathermeeker profile image
Heather Meeker

UC did a lot of forward thinking about it, partially in the hope of creating an example. I hope it works!

Collapse
 
didierrlopes profile image
didierlopes.eth

Hey Heather,

I don't have any question per se, as you were very VERY helpful to have a call with OpenBB team very early on to discuss some concerns we were having.

So just came to support your AMA, and thank you for being kind enough to spend some time with us. 😊

Collapse
 
heathermeeker profile image
Heather Meeker

It is truly my pleasure!

Collapse
 
fdocr profile image
Fernando

Hi Heather, thanks for hosting the AMA. I have two semi-related questions:

  1. Individuals and sometimes companies seem to tend to fallback to MIT as default without giving it much thought. What do you think are the most common use cases or situations where folks should consider other licenses and which ones do you recommend?
  2. If someone were to change the license of a project, what steps should they take in order to have those effects safeguard their IP? Is the "damage already done" for the code released before the new license was put in place? If a CLA is needed, do you need previous contributors to sign them in order to update the license?
Collapse
 
heathermeeker profile image
Heather Meeker

If you don't use a CLA, AND you want to change the outbound license for a project, AND you have used a copyleft license (like GPL, AGPL, or LGPL) you usually have to do a clean-up project to get new rights for your project. That is a pain!

When I have advised on those projects, we usually did a 3-tier approach. Some contributions are very small (a few lines, a non-code change) and don't usually require any re-licensing. Some contributions are from contributors who are still involved in the project, and we just send them a CLA to acknowledge. (Usually they don't object.) For those who don't respond, you can push out a notice saying "We are changing our project license, please speak now or forever hold your peace." That is not the best position, legally, but it's often all you can do. If anyone actually does object, you remove the code from the project.

If you have used a permissive license for the project, you don't need all this. You just preserve the original license notice for pre-change contributions. You end up with two license notices, but that's not such a bad thing.

Thanks for the question!

Collapse
 
fdocr profile image
Fernando

People in the Linux development area do seem to default to MIT, because it is GPL compatible.

I guess "tell me the license you go with and I'll tell you who you are" talks a lot about me, or the friends I hang out with? 😆

Thank you for the answers to both questions! I now know a lot more about this than I did before.

Collapse
 
heathermeeker profile image
Heather Meeker

The fallback license seems to depend on the community, in my experience. People in the Linux development area do seem to default to MIT, because it is GPL compatible. (But then they often dual license under GPL and MIT, which is...weird.) In corporate world, the default license for releases is usually Apache 2.0, because it has patent terms.

Collapse
 
jess profile image
Jess Lee

Any horror stories to share for maintainers/entrepreneurs of oss?!

Collapse
 
heathermeeker profile image
Heather Meeker

I have plenty, a few of which I can't share. :) But here are a few general examples -- the names have been omitted to protect the disappointed.

  • Be careful about the name of your project. You should treat it as a trademark and protect it. Some of the worst heartaches I have seen are fights about who gets to control a project, and legally, that comes down to using the project name. Don't let someone else hijack your hard work.

  • If you develop a project while at a company, and want to spin in off into a business, be sure to have a written understanding with your company about it. Most of them will be cooperative if you ask. Again, the legal property at issue is usually the project name, which would usually belong to the company. It can be difficult to understand what rights you have in projects you do "on your own time" -- the law does not track most people's expectations. So you probably need to accept that your company will have a seat at the table in your new venture, and it's best to get that into the open early, rather than have it come back to bite you when you are doing your first financing.

  • If your project is under a copyleft license like GPL, consider whether you need a contribution license agreement (CLA). I have worked with many companies that did not use one, then had to backtrack to get rights from contributors who were no longer engaged, or even friendly.

Thanks for the question!

Collapse
 
deepak profile image
Deepak Prabhakara

Hi Heather,

It would be great to get a glimpse of how Enterprises (especially their legal counsel) view open-source licenses, are there particular ones they prefer and ones they will likely look to stay away from?

Collapse
 
heathermeeker profile image
Heather Meeker

Unfortunately some legal counsel are still not very knowledgeable about open source, and they consider it a big scary problem. People always fear what they don't understand. (I feel this way about the areas of law I don't know, too.) When it comes to using OSS of others, counsel will be concerned about copyleft licenses like Affero GPL or even GPL. And yet, often, using code under these licenses is not a problem -- you just need to have a compliance process in place, and to understand your use case. Over the years, legal counsel have learned more about OSS, and it's now part of the toolkit of most tech lawyers. But sometimes, we need to do a little education to make them comfortable. I find that it's usually possible to address OSS concerns, and when it's not, it's because of an unwillingness of counsel to learn.

Thanks for the question!

Collapse
 
melodydrummondhansen profile image
Melody Drummond Hansen

Hello, Heather—
Long-time listener, first-time caller. 😄
Lawyers often like to include OSS disclosure obligations and/or audit rights or responsibilities. Is disclosure or audit better in your view? Can disclosure obligations lead to over-disclosure or inaccurate disclosures that create risk?
MDH

Collapse
 
heathermeeker profile image
Heather Meeker

Hi Melody!

Audits are useful, but they can be overkill depending on the situation. They are never wrong, of course. I like to say that they are like insurance -- it's never wrong to buy it, but you might be insuring against risks that are very unlikely to arise. Disclosures are very important, not only for the information they convey, but how they demonstrate internal open source compliance processes. If a company (usually in an M&A, investment or sales deal) delivers a disclosure that is unprofessional or lacking information (or the clearly-inaccurate "we don't use any open source"), then it's often best to do an audit. But if the disclosure looks good, then an audit usually doesn't yield any additional material risks.

Thanks for the question!

Collapse
 
brendab9 profile image
Brenda M Brown

Hello Heather,
This comment is just a greeting and kudos, since there is a precedent above for having no question per se. My tenuous connection to open source consists of owning a Helium Hotspot and a Linux computer, and vaguely knowing that both companies use software operating primarily under open source licensing. I've read a few of your easy to understand articles on complex topics such as inflation, AGPL and DAO's. We met in person years ago at a Yale event and discussed your work on non competitive game theory! So I am delighted that you have become successful and world-famous and that I had an opportunity to meet you years ago.

Collapse
 
heathermeeker profile image
Heather Meeker

Thanks for the shout-out, Brenda! It's great to hear from you and I hope you are doing great.

Collapse
 
brendab9 profile image
Brenda M Brown

Yes, doing great! Beat Gloria Steinem by one year by marrying a man at age 67! (Her first marriage was at age 66). Sending "Connect" on LinkedIn.

Collapse
 
liana profile image
Liana Felt

Hey Heather - Thank you so much for doing this!

Do you have any guiding principles founders can use to determine the correct licensing model?

Collapse
 
heathermeeker profile image
Heather Meeker

Arcane magic spell, or tarot cards? Just kidding. It's not too complicated.

If you are building a business, you have to figure out what you are selling -- and it can be anything but licenses to open source software, because they are free. But that's not so hard to figure out, because people don't really buy source code rights, they buy products. So, the question is: what extra value are you creating, and who will buy it?

There are all sorts of options: complimentary software (open core), managed services, hardware, network platforms, professional services, support services, even product QA (like Red Hat). Here's a video with a deeper explanation for anyone who wants to learn more. youtu.be/Ck1gJIZ3Lr4

Thanks for the question!

Collapse
 
nishchit14 profile image
Nishchit

Hey Heather!
Thanks for the AMA!! I have a question about copyright and multiple licenses,

  1. when and why do add a copyright message/template at the header of each file of oss codebase? does it relate to any license?

  2. also would there be any bad impression for enterprises if we use permissive (90%) and copyleft(10%) licenses to save the core of the project? and what should be the best practices to sign CLAs for such case?