All I’m asking is for a little respect — the license version
All I’m asking is for a little respect — the license version
You use a lot of code someone else has written. Cody copied from StackOverflow, external dependencies, dependencies of your dependencies, the underlying operating system, the infrastructure components, and so on.
If you, the reader, like me are a software developer, you know that creating software is a lot of work, especially if it is hardened and well-carved enough so that others use it to solve their needs. The process consists of many steps, from idea through design, specification, coding, testing, and documenting to releasing and maintaining.
Most times, a product is created by several people, both developers and from other disciplines like UX, design, domain experts, and many more.
You should respect their work.
Respect their work by being polite when submitting issues or asking questions, of course, but also by giving credit where credit is due.
Respect the work they have done, that they have control of the work and how they want it to be used. How do we determine that, and how do they communicate that to us? Through licenses.
Every released piece of code has a license, which states the conditions for using the software. In the open-source world, the license is typically explicitly mentioned, allowing you to make informed choices.
There are a ton of licenses out there, so it might be a bit of a jungle to navigate. Luckily, a license typically belongs to one of a few major categories:
- Do whatever you want with the code (e.g. Apache, MIT)
- Do whatever you want, as long as you attribute properly (e.g. CC-BY)
- If you use code with this license, you must also distribute your code with this license (e.g. GPL)
- Use the code as you want — for non-commercial purposes (e.g. AFPL)
This is of course a simplified, high-level approach. You can find more information, in a quite readable format, at TLDRLegal, and the Wikipedia article on permissive licenses is also informative and easy to grasp. Choose a license might also be a nice place to start.
For most professional scenarios, licenses of type 1 and 2 tend to be non-problematic, while 3 and 4 require attention.
The chilling effect is also a factor here — it is probably far easier and faster to find another library to solve your needs rather than going through the organizational process of determining whether licensing your code with e.g. GPL is acceptable.
While we’re at it — even though it might be tempting to skip the process entirely and hope that no one notices the copyleft dependency you’re using — don’t. It’s not worth it.
By now, we have established that there are some licenses that your dependencies and tools can use without issues, and probably other licenses that you want to keep out of your sphere.
So how do you ensure that all the gazillions of dependencies have a proper license?
You don’t.
Your build tool does.
I have experience with plugins for Maven and Gradle as well as yarn and npm for this. I assume similar plugins are available for other modern tools as well.
These have in common that you can provide a list of licenses that you accept into your codebase, and possibly a list of dependencies that you’ve manually established to be ok, i.e. if you’re using a company-internal library.
You can find the Gradle implementation we’re using on my current assignment here, with the list of acceptable licenses here. We’re using the Gradle-license-report plugin, which I can recommend. It’s under active development, and it just works.
For frontend, it’s all summarized in this line of code. We’re using the license-checker-rseidelsohn plugin, which gets the job done.
There are other tools out there solving the same needs as well, and the world might have changed from the time of writing until you read this. Nevertheless, the concept remains relevant.
To summarize: Check your licenses!
All I’m asking is for a little respect — the license version was originally published in Compendium on Medium, where people are continuing the conversation by highlighting and responding to this story.