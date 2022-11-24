Custom and variant licenses

In about 30% of codebases we audit (and 70% of M&A transactions), we find code that has a one-off license, a custom variant on a standard license, or no license at all. When we can identify where a component came from—a repository or a website—but find no indication of a license or terms of use in that location or in the code, we designate those components as “Not Licensed.”

Variants of standard licenses can be tricky because a cursory glance might suggest MIT or BSD licenses, for example. But closer inspection often reveals that a developer got “clever” and put their own spin on the standard.



JSON licenses

The most common variant is the JSON license, which is the MIT license plus eight consequential words: Software shall be used for Good, not Evil. The ambiguity this introduces was enough for the Apache Foundation to put a moratorium on JSON-licensed code.

We’ve also found a variant on the variant, intended to provide a solution, although it’s unlikely to make the risk more palatable. In this variant, text is added to the license that reads, “If anyone notifies you in writing that you have not complied with ethics, you can keep your license by taking all practical steps to comply within 30 days after the notice. If you do not do so, your license ends immediately.”



Beerware licenses

The famous Beerware license similarly is a variant on the MIT license, with language suggesting that users should buy a beer for the copyright holder if they run into them in a bar. This is an unlikely occurrence, but many organizations are wary of such vague obligations.

Some variants seem frivolous, like the license for the AMD64 patch by Mikhail Teterin. Its language includes “This is free software; you can redistribute it and/or modify it under the terms of the BSD License. Use by owners of Che Guevarra paraphernalia is prohibited, where possible, and highly discouraged elsewhere.”

A less ambiguous and less frivolous example of variant license is Facebook’s 2017 spin on the BSD license. It reads like the BSD but includes a provision requiring the assignment of certain patent rights.



Commons Clause variant licenses

The Commons Clause is a variant designed to modify a standard open source license to restrict the software from commercial use. An extract reads, “…the License does not grant to you, the right to Sell the Software.” Software that appears, at first glance, to be permissively licensed under, for example, the Apache license may be rendered completely unusable by this clause.