this post was submitted on 28 Apr 2024
8 points (78.6% liked)

Opensource

1544 readers
48 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient



founded 1 year ago
MODERATORS
 

Feedback on open source royalty license?

I'm about to release a library, and do not want to use a normal free license like the MIT, Apache, or the GPL. I want to keep the license simple and easy to understand. It also would be considered a non-free license, as it requires a royalty payment. Though, the royalty would not be directly to this library, but open source repositories in general. This is what I had considered so far.


  • 5% of generated income (per profit generating product) paid as royalty yearly to "approved open source repositories" if income is above $1,000,000/year. It's free if income is below that amount. The goal is to be similar to Unreal's license.
  • All repostiories on GitHub.com that meet these requirements are "approved open source repositories"
    • They have more than or equal to 1000 stars
      • I'm aware that stars can be purchased, but this is against GitHub's TOS and the case for fraud is more obvious. Intentionally purchasing stars with the intent of not paying royalty is similar to just not paying the royalty
    • The royalty must be paid between at least 10 repositories, with no more than 10% to a single repository
      • I might provide some lists with easy methods for averaged mass payments to like 100s or 1000s of repositories, but if they want to use discretion, it's allowed. They are just prevented from contributing everything to 1 repository.
    • They cannot be the same repository or project that is paying a royalty, but the same organization is approved as long the individual repository meets the requirements
      • The intent is to partially reward companies with many highly starred open source contributions, but their use level is on their own PR. I also dislike the idea of verifying and tracking identities of different library authors, as I like to create repositories without them being associated with my name. Though, I do think that it makes sense for stars. (The developers providing stars would technically be voting on who should be elgible for financial contributions)
  • After 5 years, the license transitions automatically into MIT or public domain for the version used. Though, new versions could still be under the same license.
  • License is automatically compatible with licenses that use the same wording.
    • No extra royalty if another dependency also uses this license
    • If the other license raises or lowers the royalty rate, it's still compatible, with the royalty rate being the higher of the two.
    • It's also compatible if the amount of repositories is raised above 10 by limiting percentages more.
    • And, also compatible if the star threshold is raised.
  • If GitHub removes stars, the existing approved repositories at the time of removal will persist as royalty options, but no new options will be automatically defined. (As the copyright holder, I still maintain the right to increase approved repostiories at anytime by issuing under a new license)
  • No liability. The liability is still similar to MIT, Apache, GPL, etc.
  • Royalty is paid by taxable year, follows tax season for US.
    • Chosen repositories by the payer must be listed on the license
      • Inclusion must link GitHub URL, payment amount, year
    • The license must be distributed in the same location as all other distributed licenses in their application
  • Just like the MIT or Apache license, the license cannot be revoked unless the licensed company decides to break the law, sue the license issuer, etc. No expectation of support, etc.
  • The source can be modified. Usage of it does not need to stay open source.
  • (Maybe, if possible) - Provide GitHub the ability to sue companies in noncompliance for a 10% reward of the settlement after lawyer fees.
  • (Maybe) - Include Codeberg too. Though, I'm concerned other developers will be less likely to use a license of this type if they don't recognize the organization.

The motivation is just that I believe it's possible for a license like this to work. Tech companies frequently use a similar income model for their products and do not have issues paying Apple their 30% tax. There's often a expectation that companies contribute back to open source repositories, so I view 5% as an easy amount to meet. (Companies should already be contributing back at a level to where this license is viewed as free) Though, I don't expect any large company to move fast on a license of this type.

I've considered a license like this in the past, but thought about it again when Microsoft requested support for FFmpeg when their engineer hadn't read documentation. When requesting a support contract, Microsoft offered $2000. This was viewed as insulting to the FFmpeg developers as Microsoft generates billions of dollars in income every year while using their software in their products.

Large companies, like Microsoft and Google, pay Apple 30% to list their products. (30% of a billion is 300 million, 150,000x more than $2k) I don't think spending the money is the issue, they just frequently refuse until they are without options.

I haven't consulted a lawyer for it. I'm just interested in understanding how it is perceived. I also am willing to consider significant changes, but I haven't had better ideas for creating a license for funding open source.

As for my library

  • It's unimportant, in a niche, and blockchain related
  • I wrote it for personal use
  • It won't bother me if the license just completely fails or is impossible to enforce. (Though, Unreal Engine uses a 5% royalty license that seems successful)
  • It also won't be elgible for part of the royalty until it meets the same requirements.
  • I expect developers who might use it will not be generating above $1m, so they won't care that it's not under MIT, Apache, GPL, etc.

Any suggested changes if I decide to do something like this? As an example, larger/lower star requirement? (I was concerned of excluding really high quality software that just hasn't received notice by other developers) I also like the idea of changing the maximum contribution to 1% per repository as I think it could become difficult for companies to exploit. (Though, I was concerned that companies acting in good faith would be encouraged to not support really good projects that badly need financial contributions) I also think same organization contributions seem bad to approve, but my opinion for allowing it is because developers are rating these repositories as highly appreciated. (They're contributing really high quality open source software) Is this a bad idea or seem too complicated?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)

I was already pinged to a discussion of it.

There's so much to read that I haven't already. I think real democratic control of a license could be good. Though, I haven't taken time to understand the governance structure of it.

However, they explicitly name and define machine learning model training as a prohibited use of the covered work.

This doesn't immediately sound bad to me.

I'm not informed on software law. As an example, my understanding from Oracle v. Google is that Google received a ruling from the Supreme Court around 2020 that stated their copyrighted use of a public API, like the public side documentation side of method calls could not be considered a violation of copyrighted works. The idea that they could use machine learning on the internal code of methods and use it to write their own version from the the start of the method call doesn't exactly seem like a good thing to allow.

Though, this is a really uninformed opinion. I haven't read any of it in detail. The public opinion is usually on Google's side. I'll leave an excerpt.

Now let us consider the example that the District Court used to explain the precise technology here. Id., at 980– 981. A programmer wishes, as part of her program, to de- termine which of two integers is the larger. To do so in the Java language, she will first write java.lang. Those words (which we have put in bold type) refer to the “package” (or by analogy to the file cabinet). She will then write Math. That word refers to the “class” (or by analogy to the drawer). She will then write max. That word refers to the “method” (or by analogy to the recipe). She will then make two pa- rentheses ( ). And, in between the parentheses she will put two integers, say 4 and 6, that she wishes to compare. The whole expression—the method call—will look like this: “java.lang.Math.max(4, 6).” The use of this expression will, by means of the API, call up a task-implementing pro- gram that will determine the higher number.

In writing this program, the programmer will use the very symbols we have placed in bold in the precise order we have placed them. But the symbols by themselves do noth- ing. She must also use software that connects the symbols to the equivalent of file cabinets, drawers, and files. The API is that software. It includes both the declaring code that links each part of the method call to the particular task-implementing program, and the implementing code that actually carries it out. (For an illustration of this tech- nology, see Appendix B, infra.)

Now we can return to the copying at issue in this case. Google did not copy the task-implementing programs, or implementing code, from the Sun Java API. It wrote its own task-implementing programs, such as those that would determine which of two integers is the greater or carry out any other desired (normally far more complex) task.

https://supreme.justia.com/cases/federal/us/593/18-956/case.pdf


This isn't all that relevant, and there's lots of case law. It just seems slightly frustrating to me that the law might allow 1) a company to use copyright software for learning 2) take public methods, and their supporting documentation 3) and finally use them inconjunction with a prompt of the documentation to generate the internal code.

This all is a very unresearched or serious view of it. For whatever reason, I just was already thinking about it. It's all to say, I think I understand the argument for disallowing machine learning use. I haven't really decided where I align. I think it's really valuable that we can automate anything, but I also feel negative to the idea of signing everything over to the tech companies and hoping for the best.