MIT vs. GPL vs. Apache: Open-Source Licenses Made Simple
Open-source software is published so anyone can take it and use it. We tend to think of it as free, but more precisely it’s free under certain conditions. What spells out those conditions is the license.
If you use it without knowing the conditions, you may later run into a situation where you can’t sell your product or where you have to publish your entire source code. In this post, I’ll unpack, without any code, how the three leading licenses — MIT, Apache, and GPL — differ.
“Free” in open source comes with conditions #
A license is a usage rule that sets out under what conditions you may use the code. Being published and being free to use however you like are different matters. Even published code carries an attached promise: use it this way, and please keep to this.
Fortunately, the widely used licenses boil down to a few kinds. Just being able to tell MIT, Apache, and GPL apart lets you read most situations. The three can be lined up from the most permissive to the strictest.
MIT — the most permissive license #
MIT is among the most liberal licenses. As long as you keep the copyright notice that credits the original author, almost everything is allowed: using the code commercially, modifying it, or not publishing your modifications.
Because the terms are simple, companies and individuals alike adopt it without hesitation. A disclaimer that says “we take no responsibility for problems arising from this code,” plus keeping the copyright notice, is essentially all there is. Being easy to use lightly, countless popular libraries choose MIT.
Apache — MIT plus patent protection #
The Apache license can be used as freely as MIT, but its distinguishing feature is an added layer of patent provisions. It includes a grant that extends the patents held by a contributor to the people who use that code.
Put simply, it’s a mechanism that prevents anyone from later asserting patents against users of that code. That’s why companies wary of patent disputes prefer the Apache license. If you want to use code freely but want one more layer of legal safeguard, Apache fits.
GPL — the license that keeps freedom going #
GPL has a different grain from the other two. If you take code published under GPL and put it into your software, your software must also be published under the same GPL terms. The philosophy is: give back as freely as you received.
Because of this property, GPL is often described as having a viral quality. By analogy, if a single drop of GPL code is mixed in, the whole body of water takes on that color. It’s a well-intentioned safeguard to keep software open for everyone, but it becomes a major constraint for a commercial product whose source can’t be published. So before putting GPL code into a product, you need to check especially carefully.
So, what should you look at? #
When bringing open source into a product, what to check narrows to two things: whether you may use it commercially, and whether a duty to publish your own source code arises. MIT and Apache are generally free of worry on both; with GPL, you have to weigh the source-disclosure obligation.
The simple habit of checking the license once when you bring in a library can head off big problems later. The most dangerous move is to wave it through, thinking “it’s published, so it’s fine to just use.”
Why this makes work easier for non-developers #
- You weigh adoption decisions together. When deciding which open source to use in a product, you can see, through the same lens as the developers, what constraints a license places on the business.
- You spot legal and contractual risk early. You can understand why “did you comply with open-source licenses” becomes a checklist item in outsourcing or delivery contracts.
- You decide whether to publish your own code. When releasing what you built as open source, you can set a direction for which license to attach and how people can then use it.
Wrapping up #
Today we looked at the leading open-source licenses — MIT, Apache, and GPL — from the most permissive to the strictest. The key points: MIT is almost entirely free as long as you keep the copyright notice, Apache adds patent protection on top, and with GPL, if you use it, you must publish your own code along with it.
If you’re curious how open source has changed the world, read How Open Source Changed the World; if you want to know how the collaboration of many people editing one body of code works, read Git and Version Control.