Licensing of the library

I’d love if the engine was completely free to use in any way without requiring people to do anything other than give credit. I think MIT might be good for this.

Thoughts?

1 Like

@trusktr It is your preference to give a “Permissive License” for the library. (i.e. BSD, MIT).

We should definitely follow the Open Source Initiative (OSI) approved licensing

About Open Source Licenses
Open source licenses are licenses that comply with the Open Source Definition — in brief, they allow software to be freely used, modified, and shared. To be approved by the Open Source Initiative (also known as the OSI), a license must go through the Open Source Initiative’s license review process.

There are generally two types of open source licenses:

  • Permissive
    Minimal requirements on modification, distribution or copy
  • copyleft
    Preserving the freedoms by requiring the software to pass on the rights of copy

Remember, when making this decision the copyright holder must take into consideration the rights of the user for subsequent use of a piece of software.

Example: Under the MIT license you can use the library to make a proprietary piece of software and charge for it without any restriction and decide to not release the source. With a copyleft license (i.e. GPL) gives the developer the ability to only release based on the restrictions allowed by the original license.

In projects like this one, there really is not a need for anything more than the permissive MIT license, because it allows for copy rights and the releasing of the liability on it’s contributors. Although it does not require the sharing of modifications to the software that may be a benefit to the software.

The open source organization entity should also adopt a CLA and contributing guidelines. (I will create and link here.)

1 Like

why should there be a CLA? that just reduces the pool of contributors and introduces more hoops to jump through.

I’ve only ever seen them used by corporate run open source projects where there is one company desperately trying to place themselves into the chain of ownership.

Although there does not need to officially be a CLA, it is best to make it clear what you are giving up when you release your contribution to a project. Nothing worse than having some contributor come back on the community and claim rights based on their contribution. At the very least there needs to be a statement of what a contribution requires and what you are giving up by submitting a PR.

1 Like

Yeah, I think for big corps it makes sense legally. For our case, I think something like Three.js’ CONTRIBUTING.md is just fine.

I recommend reading about some nightmares of not having a CLA.

If an employee of a large corporation contributes and the corporation claims the code due to copyright, who would be able to fight them in court from claiming the whole body of work? Although this could happen anyway. It is less likely if the contributor signed a CLA that explicitly gave up copyright and stated contributions were their own code.

Also, other countries outside the US have laws that allow for reclaiming of work that was contributed if those rights are not signed away.

I think it is an easy thing to have a google doc for contributors before a PR is accepted.

Maybe we can pose a question in every PR, before merging, like “Do you accept the terms written in CONTRIBUTING.md?” which links to the document. The only problem is that GitHub doesn’t allow us to prohibit the person from editing their response after-the-fact. I believe that is why orgs end up making their own system. We could, for now, make PRers respond to the question on our Discourse, in a special category. I believe Discourse does have settings that would let us prevent a contributor from editing the post after-the-fact.

So, what about Three.js? Are they at risk? Three.js seems to be doing really well.

I thought about an agreement at PR time. I have an idea to handle it and at the same time give people attribution.

We have contributors add their name to a CLA.md file in the project that is like a signature that they agreed to the CLA included at the end of the document. It gets submitted with the PR the first time they make a PR. Easy enough to add their name and submit it when needed and becomes part of the PR. Less work for the maintainers also.

Maybe we can also do what Myles was doing with Famous, which was giving contributors recognition inside of package.json, like this.

I recall going through something similar when i contributed some code to medium’s sculpt project.

They required me to complete a CLA through a pull request on this project:
medium open source contributions

1 Like