[tentonova]

In contrast, as a company looking to use and contribute to open-source software, BSD licensed code is an easier sell because you aren't locked to purchasing a commercial non-OSS license from the copyright holders (see: Oracle/Sun/Monty regarding MySQL).

[tptacek]

Yes, the BSD license sure is better for software users. You can lift a BSD package wholesale into a new white-label product, and you don't even have to tell the author! That sure is convenient.

You use the BSD license when you don't care about the commercial value of your code. But, for the most part, I think using the BSD license means you're not going to care about the commercial value of your code, because if it's valuable, people will freeload.

In my industry, the GPL has done a servicable job protecting some key software projects (Snort, Nessus, Wireshark). The counterexamples (notably Metasploit) are utterly dependent on the continued effort of the original authors --- Metasploit goes stale faster than almost any other security tool.

[tentonova]

Yes, the BSD license sure is better for software users.

It's also better for software contributors who want to leverage the code in their own products, and use the resulting revenue to contribute back their changes (but not their entire product).

But, for the most part, I think using the BSD license means you're not going to care about the commercial value of your code, because if it's valuable, people will freeload.

Some people will free-load. Many won't. Look at the Apache project, where a vast majority of development is funded by corporations using the software in their closed source products while contributing improvements back to the original product.

In my industry, the GPL has done a servicable job protecting some key software projects (Snort, Nessus, Wireshark).

How do you define "protecting", and what evidence would you use to demonstrate that protection? What would you say those projects were protected from?

[tptacek]

In the case of Snort, that would be protection from 5-10 VC-funded commercial companies releasing products that compete with Sourcefire's product, the core of which (in fact, the entire v1.0 of which) is simply Snort. Does that sound fair to you? That someone would collect $5MM to build a 30 person engineering team that gets to start picking off customers in 3 months by repackaging your code? It doesn't sound fair to me at all.

[tentonova]

As I said below, I'm surprised by the emotional arguments engendered in your word choices -- "fairness", "benevolence", etc.

This is simply business, not ideology. In terms of ideology, I think there's a simply check for whether Sourcefire meets the criteria of "I love the GPL. Except when it applies to me": Sourcefire could not ever include anyone else's GPL code in their own product without breaking their business model.

[tptacek]

And? So what? Sourcefire isn't scavenging Github for code to stick on their boxes; they're writing code, and then (for the most part) publishing it to the world.

From my vantage point, it's the people who produce interesting and valuable code whose interests should come first. Companies who reallllly want to use that code in their for-profit endeavors can buy a license or build their own replacement or open their code; I don't care.

[tentonova]

I'm not sure what your point is, or how it counters the author's original point, which is that what's good for the goose is very much not good for the gander.

[pjhyett]

"You use the BSD license when you don't care about the commercial value of your code."

That sounds almost as ridiculous as someone saying:

"You use the GPL license when you want to scare off anyone else interested in using your code."

Seriously, though, there are a dozen examples with the code that runs GitHub to dispute your statement.

[tptacek]

What are the examples you're thinking of?