Open-source licensing questions

When looking for the right licensing model to cover our Responder open-source tool, we struggled to find the right model. Some great resources such as exist but it is not easy to navigate.
I am a technician and not a lawyer so the jargon and intricacies of licensing models are very foreign and unfathomable to me; especially when dealing with added internal requirements and unknown roads a project can take.

We originally wanted to take the GPL route, we then shifted to AGPL and also wanted to avoid tricky situations to the likes of the one Elasticsearch and AWS got into.

We ended up opting for an Apache License 2.0 because we want to get our project incubated into the CNCF Project Proposal Process and Apache seems to be the only licensing model that is accepted, so it ended up being an easy decision.

Have you ever dealt with licensing option nightmare? How do you deal with that complexity? Everybody talking about it online seems to have an expert-level strong opinion about them, how do we find the most adapted one?
And also, does the license model matter much when you decide to use open-source software or library/module?


I’m so curious to see what people that showed interest in the code, like @felipecosta, @bnwoods, @magnologan, @atirado, @OzNetNerd have to say about the impact of license choice for the project.

Does this change the way you look at this code?

Thanks @raphabot I’m sure @secretmike has some thoughts too :slight_smile:

1 Like