Saturday, June 30, 2012

Changing our License to MPL 2.0

As a long-time open source developer, I've always been a big fan of the LGPL. I've always believed it struck the best balance between promoting open source and allowing commercial users who, for whatever reason, may not be willing or able to release their code under the GPL.

But a few months ago, I discovered that part of my understanding of the LGPL was flawed. Specifically, the license does not allow you to statically link a closed source executable to an LGPLed library. Apparently this was a point that was unclear in version 2.0 of the license, but was made more explicit in version 3.0, the version I adopted for Crack.

This isn't a restriction I wanted to impose on users of the language. We discussed the possibility of adding an alternate license that would explicitly allow static linking (apparently gcc does this for portions of its statically linked runtime). But ultimately, rather than complicate our licensing story, we decided to switch to the Mozilla Public License.

MPL 2.0 is classified as a "reciprocal" license. It provides all of the protection to the primary codebase that the GPL would without imposing any requirements on other code that merely links to ours. As compared to the LGPL, I think the one thing it doesn't protect is a user's ability to modify crack libraries independent of a larger system that it is linked into (the case for the LGPL's restrictions), but I care less about this case than that of developers not being able to use the language because of this restriction.

Code in the repository still hasn't been modified to reflect this, I'm going to check these changes in over the next few days.