►
Description
Mislav Marohnić of GitHub digs into the data of open source license usage on GitHub.com
About CodeConf
CodeConf improves the software community by providing a forum for thought-provoking talks and forging social connections. The third installment of the CodeConf series took place in Nashville in 2015. Attendees came together to discuss open source, best practices, documentation, and community.
For more information on this year's CodeConf, go to:
https://codeconf.com/
A
Lot
of
good,
so
I'm
here
today,
I'm
going
to
have
a
good
to
talking
about
what
makes
probably
software
project
truly
open-source
same
thing:
I'm
going
to
talk
about
open
source
licenses.
What
defines
them
are
they're
necessary
enough
to
navigate
what
they
offer
we
are.
They
had
a
great
morning
listening
to
jaws
from
Travis,
CI
and
Casey
from
Microsoft
talking
about
their
success
with
open
source
about
their
talks.
They
have
software
that
is
their
product,
something
that
is
essential
to
their
business
and
they
develop
it
in
the
open
with
the
help
of
the
community
wow.
A
That's
really
amazing,
but
none
of
that
will
be
possible
if
software
wasn't
available
as
open
source
in
the
first
place
and
the
keeper
requisite,
for
this
is
an
open
source
license
without
one
no
one
is
allowed
to
make
changes
in
restricted,
redistribute
the
project.
So
today,
here
the
takeaways
I
want
to
have
from
my
talk.
I
want
to
help
to
dispel
some
of
the
confusion
surrounding
open
source
licenses,
namely
I'm,
going
to
provide
a
brief
overview
of
copyright,
the
concept
of
public
domain
and
the
types
of
open
source
licenses
that
are
standard
in
our
industry.
A
You
might
have
noticed
that
get
up
zone,
open
source
project
use
the
CLA
which
anybody
who
contributes
to
our
projects
under
the
gate
of
our
organization
have
to
sign.
I
will
explain
the
purpose
of
that.
It
might
be.
People
might
not
understand
mine,
we
Institute
of
that,
and
why
might
an
organization
like
ours
choose
to
establish
one
choose
to
establish
the
CLA
for
down
projects
and
now
not
get
a
disclaimer,
not
a
lawyer.
There
are
so
amazing
lawyers
that
get
up
I.
A
You
know
as
questions
learned
from
but
I'm
here
as
an
engineer
I'm
here
as
a
person
who
really
loves
open
source,
who
published
a
lot
of
open
source
project.
Myself
contributes
a
lot,
but
my
advice
here
is
not
legal
advice,
especially
if
you're
part
of
an
organization,
the
public,
open
source,
everything
that
you
publish
should
be
consulted
with
your
own
lawyer
right.
So
we
can
continue.
My
lawyer
in
progress
mine
on
lawyering
progress
is
especially
apparent.
A
If
you
just
ask
me
a
few
years
ago,
what
I
thought
about
open
licenses,
I
didn't
know
anything
I
just
use
MIT,
because
I
was
cargo,
counting
what
everybody
was
doing
if
I
have
given
this
talk
of
years
ago,
it'll
be
a
single
slide,
I
would
say
just
drop
just
use.
My
three
drop.
The
mic
walked
offstage
right
now,
I'm
more
educated
MIT
is
still
a
good
choice
for
a
lot
of
things,
but
it's
not.
A
A
A
What
different
stuff
means
in
general
and
understand
that
a
lot
of
the
licenses
that
we
have
as
standard
in
the
opposition
industry
have
a
bunch
of
this
kind
of
the
same
key
components
which
I'm
going
to
just
provide
a
brief
overview
out
here
of
them
here,
I'm
going
to
show
MIT.
For
example,
the
license
usually
starts
with
a
copyright
clause
which
might
seem
like
it's
an
oxymoron
like
open
source
software,
free
software
with
a
no
copyright.
But
a
copyright.
A
Clause
is
here
to
say
who
made
the
software
and
when
on,
who
owns
it
in
a
way,
but
just
by
itself
the
copyright
Clause
would
have
meant
that
no
one
is
allowed
to
modify
and
use
this
software
in
their
own
source
code.
But
it's
all
the
text
below
the
copyright
clause.
That's
important
that
actually
defines
an
open
source
license.
A
The
copyright
Clause
is
here
just
as
Malati,
so
next
is
a
list
of
explicit
grants
that
is
important
to
establish
exactly
what
is
permitted
to
do
with
this
software,
because
otherwise
you
can't
really
just
say
you
can
do
anything
with
this.
There
are
some
licenses
like
the
WTF
PL.
That
say
you
can
do
anything
with
it.
It's
fine.
The
attitude
was
in
the
right.
The
heart
was
in
the
right
place,
but
legally
that's
not
really
good
a
thing
to
say,
because
it's
very
vague
and
legally
vagueness
is
not.
A
You
know
not
a
good
thing
to
have,
so
you
want
to
state
explicit
grants
license
we'll.
All
of
this
takes
place
a
grant-
and
it's
interesting
to
note
here
that
the
MIT
license
allows
you
to
sell
the
software
as
you
wish,
so
you
can
take
Ruby
on
Rails.
You
want
to
sell
it.
You
won't
make
a
lot
of
money,
so
don't
make
it
as
a
business,
but
it's
nice
to
know
that
you
really
do
have
a
lot
of
freedoms
with
this
license
and
with
a
lot
of
other
licenses,
then
we
have
the
conditions.
A
The
conditions
of
a
permissive
license
are
usually
like.
Mit
are
usually
very
there's,
not
usually
a
lot
of
them.
This
is
a
condition
that
just
says
that
this
should
be
included
in
all
of
the
copies
of
the
software.
It's
very
easy
to
follow
this
condition.
There
are
some
conditions,
others
which
are
much
harder
to
follow.
This
one
is
very
easy
which
makes
the
license
favored
about
people
who
just
want
to
go
and
opens,
or
something
and
not
care,
so
much
about
what
happens
downstream
and
and
then
there's
the
part
that
yells
at
you
I.
A
Never
liked
that
part.
Somebody's
caps,
lock
key
got
stuck
in
all
seriousness.
Is
that
the
reason
why
a
parts
of
illegal
texts
are
in
uppercase
is
there's
some
reason
for
it:
I'm
not
able
to
stay
unable
to
say
what
is
the
actual
legal
expression
for
that.
But
there
are
some
requirements
that
some
text
are
set
in
uppercase.
This
text
is
no
warranty
clause
saying
that
I'm
not
responsible
if
your
code
wipes
your
hard
drive,
otherwise
I
might
be
responsible.
A
If
my
code
wipes
your
high
drive,
because
my
work
might
be
subject
to
an
implicit
War,
even
though
I
never
said
and
never
said,
my
work
is
going
to
keep
all
of
your
data
on
your
hard
drive.
I
might
be
subject
to
implicit
warranty
if
this
clause
wasn't
up
here.
So
that's
why
a
lot
of
licenses
include
the
no
license
clause.
Sorry,
no
warranty
clause
and
you
don't
really
have
to
keep
reading
it
every
time
because
it's
usually
digitally
very
standard.
So,
let's,
let's
see
some
types
of
licenses
that
we
have.
A
So
there
are
some
broad
groups
of
licenses
out
there
I'm
just
going
to
cover
a
few
which
are
very
easy
to
understand.
There
is
the
public
domain
dedication,
which
is
basically
relinquishing
your
copyright
and
saying
you.
Everyone
could
do
whatever
I
give
away
my
copyright.
This
is
not
so
simple
as
it
sounds
to
do.
You
kind
of
just
say
have
one
line
of
text
that
says:
I
hereby
place.
A
This
work
under
the
public
domain
I've
seen
that
on
open-source
project
before
that's
not
enough
and
a
public
domain
dedication
should
have
an
explicit
list
of
grants
like
we
saw.
The
MIT
can
also
have
a
no
warranty
clause
and
that's
why
the
unlicensed
here
as
an
example
or
you
can
look
it
up
on
licensed
org
is
a
great
way
to
put
something
into
the
public
domain,
because
it's
already
thought
of
all
of
that
and
it's
a
it's
a
text
of
a
similar
size
to
an
MIT
license.
A
Just
basically
says
this
is
public
domain,
but
also
preserve
some
of
the
clauses
that
are
really
important,
they're
permissive
licenses
or
the
licenses
that
have
some
conditions,
but
the
conditions
are
usually
very,
very
hot,
very
easy
to
follow,
and
the
of
course
the
example
is
MIT
whose
text
we
already
viewed
in
the
previous
slides,
very
interesting
kind
of
licenses
are
copy.
Left
copy
left
is
a
term
that's
designed
to
be
opposite
of
copyright
by
itself.
It
doesn't
have
any
sense,
because
left
doesn't
refer
to
anything.
A
In
particular,
it's
designed
to
be
the
opposite
of
copyright,
because
copyright
restrains
work
from
being
distributed
for
being
modified
and
changed
right.
Copy
left
wants
to
preserve
the
openness
of
the
work,
so
copy
left
includes
a
clause
that
states
that
any
modifications
and
any
redistribution
of
this
work
should
be
done
under
the
same
or
more
compatible
Isis.
That
means
once
open
source,
always
open
source
and
a
lot
of
free
software.
A
The
fact
that,
once
open
source,
all
the
time
open
source
means
that
if
you
include
a
new
GNU
GPL,
a
copyleft
license
in
your
proprietary
proprietary
software
you'll
need
to
make
that
tough
to
officers
after
that,
if
it
that
libraries
in
it
at
runtime,
so
you
will
not
see
a
lot
of
Ruby
on
Rails
plugins
licensed
under
couplet,
because
that
means
a
product
like
ours,
get
up.
Calm,
wouldn't
be
able
to
use
such
a
plugin
because
we
would
have
to
open
source
or
get
calm,
which
is
not
an
option
for
us
right
now.
A
Now,
like
real
talk
a
little
bit,
it's
really
not
that
anybody
gets
up
of
anybody.
Who's
like
me
and
loves
to
publish
officer
squad,
gets
up
and
gets
really
excited
about.
I'm
gonna
license
my
work.
I'm
gonna
put
it
on
github
I'm
gonna
slap
a
license
on
it.
This
is
not
something
on
their
mind.
When
we
publish
code
we
wanna,
we
want
to
share
it.
We
want
our
people
to
use
it.
We
want
people
to
report
bugs
we
want
to
be
recognized.
All
of
this
are
very
valid.
Motivations
and
open-source
doesn't
give
us
much
personally.
A
Doesn't
feed
much
into
these
personal
motivations,
but
is
a
hurdle,
is
a
formal
hurdle
that
we
need
to
get
it
down,
go
over
quick
and
then
people
can
use
our
our
open
source
software.
So
I
was
many
times
when
I
would
publish
software
I
forgot
to
slap
a
license
on
it,
and
I
wouldn't
realize
that
this
software
is
an
open
source.
Just
the
product,
because
the
project
isn't
get
up
doesn't
mean
that
it's
open
source.
It
means
that
it
copyrighted
by
default.
If
it
doesn't
have
a
license.
The
code,
the
software
is
copyrighted.
A
If
you
want
other
people
to
be
able
to
modify
it,
use
it
in
the
projects,
please
make
it
open
source.
This
comes
as
a
surprise
to
some
it
might
be
that
people
aren't
really
able
to
use
that
grade
library
that
you
put
on
github
so
check
if
it's
open
source,
if
it's
not,
please
make
it
so
because
getup
doesn't
own
your
code
when
you
upload
it
and
get
up,
we
don't
own
it.
We
you
retain
all
the
copyright
to
it.
You
retain
ownership
of
your
own
software
and
we
can't
open
sources
for
you.
A
We
are
not
legally
allowed
to.
You
only
give
us
two
rights
for
our
Terms
of
Service.
Only
two
rights,
one
is
that
you
give
the
rights
to
other
people
to
view
our
code
and
get
up.
That
comes
as
no
surprise.
If
your
project
is
public,
you
you
give
your
right
to
others
like
me
to
view
their
project
and
other
is
that
your
project
able
to
be
forked
by
other
people
that
also
come,
isn't
a
surprise.
Everybody
who's
get
up
knows
about
the
ability
to
read
open
source
project,
public
projects,
I'm,
sorry
and
to
fork
them.
A
So
we
have
get
up
one
people
to
release
their
projects
is
open
source.
So
we
looked
at
the
percentage
of
license
versus
unlicensed
repositories
over
time
and
it
turned
out
in
the
last
few
years,
fewer
than
20%
of
all
projects,
a
lot
of
repositories
on
get
up
were
under
some
kind
of
lysis,
and
to
be
frank,
this
is
not
a
great
number.
Of
course,
we
would
want
more,
but
github
has
been
growing
and
more
and
more
people
are
creating
various
kinds
of
repositories
like
their
dot
files,
like
personal
experiments,
homework
assignments
for
school
and
college.
A
This
kind
of
project
which
they
using
personally
may
be
for
a
course
of
a
week.
They
might
not
use
it
afterwards,
they're
not
interested
in
this
being
a
shared
library,
so
it
makes
it
kind
of
explains
the
downward
strength,
but
we're
trying
to
make
this
better.
If
we
look
at
projects
that
have
gained
at
least
some
interest
from
others
like
in
this
example,
at
least
10
stars
on
a
repo
is
my
personal
judgement
of
a
project
being
at
least
noticed
by
other
people.
This
is
a
situation
is
much
better.
A
More
than
50
percent
of
such
project,
head
of
10
and
more
stars
on
get
up
I'm,
sorry,
more
than
50
percent
a
project
that
have
10
or
more
stars
to
get
up
have
an
open-source
license.
That
percentage
is
rising.
Our
metrics
are
round
they're
very
conservative,
so
these
are
very
conservative
numbers
they're
much
more.
There
are
many
more
open
source
projects
on
github
that
we
weren't
able
to
detect
as
open
source.
So
as
getup
grows,
the
total
number
of
licensed
projects
grows
with
it.
A
A
The
most
popular
license
is
get
up
calm
as
of
now.
This
is
the
list
we
already
seen
that
MIT
was
a
clear
favorite
for
now
the
group,
the
category
other,
is
the
licenses
that
we
don't
know
what
they
are,
because
we
cannot
reliably
place
them
under
any
of
the
other
categories
they
might
defer
their
license.
Tax
has
edited,
they
might
be
combined
different
license
into
one.
It
might
be.
Somebody
invented
the
whole
new
license.
We
only
recognize
this
list,
which
are
open
source
initiative
approved
licenses
to
reinstate
our
license.
Detection
is
limited
right
now.
A
There
might
be
more
license
repositories
on
github
right
now
and
I'll
mention
that
a
little
bit
more
afterwards,
so
you
may
have
noticed
a
significant
uptick
in
the
number
of
licensed
repositories
in
the
middle
of
2013
on
the
previous
graphs.
This
wasn't
an
accident.
This
was
us
launching
to
salaices,
calm
sedusa
license.
Calm
is
a
site
where
people
can
go
and
get
educated
about
the
license
based
on
their
needs
right.
The
license
doesn't
exist
in
a
vacuum.
It's
there
exist
to
satisfy
your
needs,
so
this
site
will
help.
A
You
decide
based
on
what
you
want
from
your
projects
based
on
restrictions
you
want
imposed
on
it
which
license.
Should
you
pick
and
then
afterwards,
after
you're
chosen,
the
license
you
can
go
to
a
site
called
add
a
license,
not
an
official
get
a
project
but
done
by
a
github
err.
Raj,
it's
pretty
cool.
It's
an
auth,
app
ask
you
for
your
permission,
to
update
your
repos
and
then
based
on
the
license
you
picked.
A
It
will
apply
to
your
repositories,
never
leaving
the
browser,
but
there's
a
little
trick
on
github.com
that
I
didn't
know
about
for
this
year
that
you
can
add
a
license
to
an
existing
project
really
easily
by
going
to
create
a
new
file
to
what
we
call
the
get
up
flow,
which
is
editing
files
in
a
name
in
the
browser.
So
when
you
go
to
create
a
new
file
and
you
name
it
something
like
Ison's
or
copying,
we
will
present
an
automatic
license.
A
Picker
lysis
template
picker,
similar
to
when
creating
a
new
repository,
but
this
one
exists
for
existing
repositories
as
well.
So
this
is
great
feature
because
when
you
choose
a
license
from
the
drop-down
license,
tech
is
automatically
entered
your
name,
and
the
current
here
is
prefilled,
so
you
don't
even
have
to
edit
the
license
further
in
the
text
editor
in
the
browser
you
can
just
commit
that
and
your
project
has
has
licensed.
A
Having
licenses
only
in
source
files
is
not
enough.
We
can't
really
reliably
discover
this
way
so
put
the
license
tags
in
a
license
file.
We
can
build
license
that
the
exceed
license
that
MV
anything
like
that.
Just
mentioning
in
the
readme,
this
project
is
licensed
by
MIT,
just
mentioning
that
is
not
enough.
Please
put
in
the
license
file
clicking
to
our
URL.
It's
not
enough
URLs
break
linking
to
an
MIT
license
saying
this
project
is
less
amenity.
Here's
the
link
to
the
text
of
the
license.
A
A
Next
thing
is
a
little
trick
with
getup
API
with
the
getup
JSON
API.
If
you
ever
doubled
with
the
Getae
BPI,
probably
remember
how
simple
it
was
to
get
started
with
it
so
shown
on
the
screen.
This
is
an
endpoint
for
getting
all
of
the
organization's
repositories
right,
so
I
can
just
curl
it.
I
can
increase
the
price
per
page
limit
and
I
can
fetch
all
or
most
of
get-ups
open-source
project
under
the
goetaborg.
A
So
a
little-known
trick
is
something
that
we
still
have
in
the
previous
stage
is
when
you
craft
a
zip
specifically
made
accept
header.
It's
gonna
trigger
a
mode
in
which
license
information
for
this
repository
is
returned
as
well.
This
is
our
licenses
API.
It's
up.
There
is
documented
it's
on
the
preview
face.
That's
why
the
accept
header
is
necessary,
so
for
each
project
this
will
return
the
license
information.
We
publish
secrets
like
this
and
I
API
developer
blogs.
A
There's
our
get
abuses
MIT
a
lot.
There
are
some
other
license
in
the
mix
as
well.
This
is
all
done
possible.
Our
license
detection
and
get
them
in
the
github
API
everywhere
is
done
by
the
licensee
library.
This
is
done
by
bamb,
alter
of
get
up.
It's
of
course,
open
source
it's
under
license.
If
you
want
our
license
detection
to
be
better,
you
can
always
contribute
to
it,
because
there
are
some
limitations.
We
can't
reliably
always
detect
the
license.
A
A
I
love
the
command
line,
a
lot
bad
scripting
here,
I'm
creating
a
batch
script
to
iterate
through
all
of
the
dependencies
of
a
project,
so
first
I'm
outputting
the
list
of
all
the
gems,
the
directories
of
all
the
gems
and
then
node
modules
and
power
components.
This
project
has
all
kinds
of
dependencies
looping
through
all
of
that
in
bash
and
then
using
licensee
on
the
command.
Mindful
easy
directory,
I
can
get
really
fast
with
a
few
lines
of
code.
A
I
can
get
license
information
for
all
my
projects
and
here's
how
it
looks
like
well
not
on
my
project,
but
the
project
dependencies
I
want
to
see
that
I'm
reliably
using
license
right.
So
licensee
library,
it's
great,
it's
out
there
in
the
open.
If
you
want
to
improve
it,
we'd
love
you
to
help,
and,
lastly,
I
just
need
to
mention
get
up
CLA.
We
can't
really
have
a
talk
about
licensing
without
mentioning.
We
now
have
a
CLA,
which
is
like
an
agreement
making
your
contribution
to
our
project
explicit,
regular
opsins
licenses.
A
Don't
cover
that
regular
services
is
just
cover
what
the
software
outgoing
is
licensed
under,
but
not
it
doesn't
cover
incoming
contributions.
So
we
have
a
CLA
to
make
this
explicit
that
you
retain
your
copyright
for
your
completions,
but
you
give
a
certain
grants
covering
some
of
the
patent
stuff
or
anything
like
that.
So
it
protects
us
from
a
certain
scenarios
that
your
employer,
after
un,
contributed
to.
A
Our
project
could
maybe
possibly
try
to
sue
us
over
a
patent
or
something
like
that,
and
then
we
would
be
forced
to
take
some
of
our
parts
of
our
site
down
of
things
like
that,
so
to
wrap
up,
we
really
care
about
open
source.
So
we
obviously
care
that
your
projects
have
open
source
licenses
because
they
are
not
open
source
without
them.
A
Open
source
starts
with
open
source
licenses.
It's
a
prerequisite.
It's
not
glamorous,
but
it
needs
to
be
done.
Someone
has
to
do
it.
Education
really
helps.
We
saw
that
uptick.
You
saw
that
update
in
the
graph.
When
we
educate
people
about
licenses.
They
are
more
conscious
about
them.
They
are
applying
those
to
our
projects
and,
of
course,
when
we
saw
that
results
of
education,
we
want
to
increase
our
education
about
licenses
their
help
files
on
github
calm,
and
there
is,
of
course,
the
choose
license:
com.
There's
a
cause.
Talk
like
I'm,
giving
right
now.
A
Tools
that
we
make
help
the
github
API
license,
AOP
I
will
help
people
perform
the
audits
of
their
licenses
you're
doing
organization,
but
you
can
help
us
as
well.
If
you
go
to
your
own
projects
or
to
your
organization,
projects
perform
a
query.
Quick
audit
save
something
needs
a
license.
It
is
supposed
to
be
open
source
or,
if
you're,
using
somebody
else's
project
that
doesn't
have
a
license.