GitHub needs to take open source seriously

The legal details of copyright licensing are complex and off-putting -- but that doesn't mean they should be ignored

1 2 3 Page 3
Page 3 of 3

The open source solution
There are several levels of potential solution to this problem. At the most basic, GitHub could modify its terms of service so that all materials made available through the service are licensed by default under the likes of the broad and permissive Apache license or the Creative Commons Attribution license (preferably both). Text like "you agree your copyrights are licensed to all users under the Apache v2 license unless you assert otherwise" would set a safe baseline, while allowing the default to be easily overridden by any project.

At a more advanced level, new projects could be asked to pick from three preferred licenses (Apache v2, MPLv2 and GPLv3) with the option to write in a different choice or select it from a list structured using the OSI's antiproliferation sorting order. This is the approach taken by most open source "forges." Thirdly and optimally, all this information would also be encoded in a machine-readable way using a standard like SPDX with the project data so that third-party systems like Ohloh could automatically evaluate project terms and governance.

Any of these three would fix the problem; the third would serve the wider open source community well. I made these suggestions to Brian Doll, who told me, "We're always improving GitHub, so it's entirely possible that some day we may make license selection more prominent within the GitHub experience."

Meanwhile, several of the people I've interviewed suggested a grassroots temporary fix. If you want to participate in a project on GitHub and discover it has no copyright license, simply make a pull request adding one -- the Apache License v2 could be a good choice, offering maximum flexibility while also ensuring mutual patent safety for participants. If the omission is a simple oversight on the part of the project owner, they will probably accept the request, solving the problem for everyone. If they don't, stay well clear.

It's good to simplify the process of sharing on the Internet, and GitHub has created an enormously important resource. But ignoring a significant and serious aspect of code curation -- the copyright license under which it is shared -- is the wrong answer. It's certain to end in serious problems for someone, and I hope GitHub will rapidly take action to address this gap in its system. Until then, tread carefully and avoid projects with no license terms.

This article, "GitHub needs to take open source seriously," was originally published at Read more of the Open Sources blog and follow the latest developments in open source at For the latest business technology news, on Twitter.

Copyright © 2012 IDG Communications, Inc.

1 2 3 Page 3
Page 3 of 3
InfoWorld Technology of the Year Awards 2023. Now open for entries!