"Commercial Source" licensing

· by Steve · Read in about 6 min · (1083 Words)

Making a living from open source is hard. Correction - making a living from writing open source software is hard - it’s incredibly easy to make a living from someone else’s open source software of course, which is why that’s what most people do 😀At one time the popular opinion was that pure-play open source companies could make a living from support services, which works to a degree but I know from both my own experience and from that of others that it doesn’t work that well. Again, the best chances of it working are if you’re providing support services for software that someone else writes, because you’re only able to monetise the service, not the development. This actually discourages people from investing in development, and instead merely in deployment and ancilliary services which isn’t actually a good thing for core product development.

The best cases of companies funding open source are where they’re using it to deliver some other product or service which is directly monetised, therefore the open source development comes under their general R&D budget. Google, IBM and others fall firmly under this category, and you can bet that the largest open source software projects are funded this way - Apache, Eclipse, Firefox all pay their core developers like this. But, it requires a fairly significant level of scale to be able to do that, hence why it’s usually the giant corporations that do it rather than smaller companies.

The next favourite option is dual-licensing; the general set-up if you come at this with a commercial hat on, is that you pick a license that a lot of commercial entities will have a problem with extending from (ie GPL), then you sell them an alternative license; the idea being that you get the adoption via the open source license and make money from the commercial license. But, it can be controversial, as most recently discussed by Greg Stein in the Oracle / MySQL case.  The argument is that if your commercial license is just a proprietary license, and can be revoked and otherwise monkeyed with by the issuing company (or perhaps more importantly, its acquirers), you have actually been lured into a honey trap - the lure being that open source comes with certain protections, but that if you rely on the availability of the commercial license you actually have none of those and might as well have bought from a proprietary software vendor.

So, what to do? If you’re a small development company, open sourcing your product will definitely bring more people in, but if you’re not in the hosting / cloud business and don’t want to rely on services to earn your keep (who can blame you), what can you do to earn your keep except abandon open source for your main products (maybe splitting your time between proprietary and open source), or dual-license and face accusations that you’re fibbing about the true nature of your product for your commercial users?

Well, I’ve been wondering whether the problem is that dual-licensing typically falls back on traditional licensing concepts, ie that your commercial license looks very much like a normal proprietary license, which has all the problems of ‘what if my vendor changes the license conditions’ etc - when in fact it really needs to be more like a permissive open source license, with a payment condition. One of the great powers of open source is that it is ‘detached’ from the producer and compeltely predictable and immutable - once the software is out there, it can’t be taken away from the receiver and is always ‘whole’ in terms of the source code so no-one is tied in. There are also cast-iron source & binary redistribution clauses that are known up-front, and are again immutable, which mean everyone knows where they stand, forever. Why can’t the commercial side of a dual-license continue to do this, while at the same time generating a revennue stream for the company?

Maybe I’m being naive. But what about this sort of dual-license set-up for a library or toolset:

  • Default is GPL (and obviously free)
  • Commercial alternative license available, giving very permissive rights, but with these important rules:
    • The license is irrevocable once issued
    • The right to redistribute unlimited copies of derivative binary works is included with Apache-style conditions
    • The right to redistribute unlimited copies of derivative source to anyone under the GPL (for free) is included
    • The right to redistribute unlimited copies of derivative source under the permissive commercial license conditions is also included, provided the same original license fee is paid per receiver. Critically, the price and conditions surrounding redistribution may not be altered unilaterally by the licensor at any time after the license is issued (so once you’ve bought it once, the conditions and price for non-GPL redistribution are set in stone and cannot be altered unless both parties agree - say if the price is reduced later)
    • All software reverts to the Apache license if the company folds without selling the rights to someone else

This would mean that those choosing to opt for the commercial license would have the same kind of cast-iron guarantee an open source user has that once software is out in the wild and being used under some conditions, that the originator cannot possibly change that, ie take it away or change their right to modify and redistribute under conditions they agreed to at the start. To me, this seems to give the same kind of certainty over not being screwed over in the future as open source does, thus blunting the accusations of proprietary lock-in by the back door, but while generating some revenue for the developer too. It is, in effect, the same as a permissive open source license with the one addition that redistribution of the source to a new party requires either payment to the originator, or reverting to the GPL.

Now, of course there is still potential uncertainty around new versions of the software, but this is no different from open source, where your only guarantee is over what is published right now, not what might happen in future versions.

Does anyone know companies that use this model? My experience is that commercial dual licenses tend to be as restrictive as proprietary licenses, which then can justifiably lead to accusations that the open source license has been used as a shill to get people into a lock-in scenario. Is there really a ‘third way’ or am I missing the point?