Consider re-licensing to AL v2.0, as RocksDB has just done

[wohali]

Hi there,

The Apache Software Foundation Legal Affairs Committee has announced that the so-called 'Facebook BSD+Patents License' is no longer allowed to be used as a direct dependency in Apache projects.

This has lead to a lot of upset and frustration in the Apache community, especially from projects requiring similarly-licensed code as direct dependencies - the chief of these being RocksDB.

However, we (the Apache Software Foundation) have just received word that RocksDB will be re-licensing their code under the dual Apache License v2.0 and GPL 2 licenses.

As a user of React.JS in an ASF top-level project (Apache CouchDB), please consider re-licensing React.JS under similar terms. Otherwise, many ASF projects such as our own will have to stop relying on and building with React.

A previous bug (#9760) suggested I mention @lacker in this issue when asking licensing questions, so I'm doing so.

Thank you kindly for your consideration.

[gstein]

@qxqxqxqx I think it is impolite to approach the issue as "make FB change". We would like them to, but it is not our place to demand that.

[vishalsuvagia]

I really hope fb reacts to the community requests to comply react-js and related libraries for an Apache license, it can become a hinderance for all those using react-js, to un-react it.

[qxqxqxqx]

@gstein I just want them know that we concern about this, if something is wrong with my means of expression, I apologize.

[erikdoe]

@gaearon First off, thank you for responding and for keeping things constructive. And please let me add that, as a maintainer of a developer-oriented piece of open source software, I sympathize with your desire to discuss code and features rather than licenses.

With that said, open source software is more than the code, the issue tracker, and releases. A key component of open source software is the licensing. So, when you write

You may see this thread as a way to say something to Facebook, but you’re talking to a team of a few people who are software developers like you.

it feels like a simplification. Many commenters on this issue do not want to make a statement at Facebook Inc., the company. They want to discuss one important aspect of React, the framework.

Now, I understand that software developers like us are not the best people to discuss legal details. However, wouldn't the logical consequence be that the Facebook Legal team, who make such decisions, become active in this forum? Shouldn't it be possible that all relevant details pertaining to a piece of open source software are discussed in the open? It is incredibly frustrating to have such an important aspect of open software discussed behind closed doors.

[cardamon]

I apologize if the following has already been brought up. It seems strange to me that there is so much fuss about an additional grant on top of a widely used licence. Why are all the legal departs of all these corporations that are mentioned in this thread not worried about every other project licensed under BSD, MIT, GPLv2, and so on? If they're worried about this particular grant not going far enough, why seems no grant at all be OK? Maybe I'm missing something?

[mitsuhiko]

Maybe I'm missing something?

There is a general discussion going on if a license without an explicit patent grant carries an implied one and some people have the opinion it does.

[alexanderkjeldaas]

@cardamon Keeping this short. IANAL, but yes you (and it seems a lot of other discussions, including those referred to in #7293), are missing the concept of an implicit patent grant that those other projects (might) have, but which is missing here because the grant is explicit. See http://en.swpat.org/wiki/Implicit_patent_licence

[matt-oakes]

@cardamon I think that's why the Apache licence would be the preference.

BSD, MIT, et al would be a permissive licence but gives no grants on any patents that Facebook may have which cover React (or any other project).

Apache is a permissive licence, but it has the patent grand clause which gives users a licence to any related patents which Facebook holds, protecting them from being caught by patent infringement.

The difference between the Apache patent grant and Facebooks BSD+patent licence (as I understand it) is that the Facebook one is weighted more towards Facebook having defacto access to your patents as you loose your licence to the Facebooks possible React ones if you sue Facebook for any patent infringement. Apache only cancels the patent grant if you sue based on any patents directly related to the project under licence.

Essentially:

• Apache would be best for most companies.
• Facebook's current licences is a lot like Apache, but the language is broader.

[cardamon]

@mitsuhiko @alexanderkjeldaas @matt-oakes Thanks for the clarifications.

[copiesofcopies]

I think that a major concern of technology companies evaluating this license is that compliance requires a burdensome -- maybe impossible -- degree of diligence.

Let's say you're Cisco and some frontend developers in your router division use React in a router's admin interface. A year and a half later, your WebEx division notices that a new web-conferencing startup (call it ConfCo) appears to be using a compression technique that you've patented. You sue for a preliminary injunction. In discovery, you learn that ConfCo licensed its compression code from QuickFire, a Facebook subsidiary. Facebook turns around and files a counterclaim alleging that your previously-licensed use of React in your routers is infringing, because your patent license was terminated when you brought a suit "against any party [ConfCo] if such Patent Assertion arises in whole or in part from any software, technology, product or service of Facebook or any of its subsidiaries or corporate affiliates."

If you're Cisco's patent lawyer, this is the kind of scenario you envision when you read the React license. Now that you understand the risk, what kind of systems do you need to put in place in your organization to ensure that the WebEx lawyers know the risk before bringing the ConfCo suit?

@cardamon @matt-oakes @mitsuhiko @alexanderkjeldaas

[ivadenis]

My team, at LinkedIn, is also having legal troubles using React for our internal projects. We would love to see a change on this front.

[gaearon]

Hey all, thanks for your patience. The week is coming to an end, but unfortunately I don’t have any resolution for you yet.

Still, I want to point out that there is a real momentum behind this discussion internally. There are going to be more meetings next week escalating this up to the engineering directors. As you imagine they are quite busy, so this is taking more time than we thought.

Again, I can’t promise you any specific conclusion, and there is no clarity on where this will land. But please know there are people working on getting your voice heard.

[alexeyraspopov]

@gaearon probably the biggest pain point is the scenario described by @copiesofcopies here. Is it possible to get clarification on it?

[copiesofcopies]

Thanks for following up and for hearing us out, @gaearon!

[nevetS]

@gaearon Regardless of the outcome or where anyone stands, being given any sort of communication that this issue is being given attention is very much appreciated.

[huhuanming]

It did great damage to the community, and I am afraid that community will be split in the future.

Something like this might happen and no one will like it:

React = Oracle JDK
Preact = OpenJDK

But we cannot blame facebook, because there is no doubt about the legal right .

[bjrmatos]

It did great damage to the community, and I am afraid that community will be split in the future.

i don't think that is true.. we have some years with React and with the Patent clause there and nothing of that has stopped its evolution, many big companies (with serious legal departments) are using it and many people are using it.. my opinion is that all of this is just "fear" about what could happen, or just that people think that facebook has somekind of "conspiration plan".

and please don't get me wrong.. i believe that the React community will be in much better place without that "fear", but saying that the community will be split because of this is just another probe of that "fear" and that the biggest issue is just the people that just like drama.

let's hope that facebook will change the License/Patent of React, so some us can finally say that there is no "conspiration theory" or "world domination plan" here.

[MihaMarkic]

Well, sure, but one can't foresee the future. If there wasn't that patent clause, everybody would be happy and no "sinister" stuff could happen in future. With that clause in place, one really can't be sure. But if the worst happens, what would you do? I consider this fear a healthy feeling. If not, look at Oracle vs Google Java saga just for an example.

[LawJolla]

To throw a little more info on the fire, here's my take if anyone is curious. (tl;dr There is a lot of bad legal advice going around and way too much paranoia. We're talking about a JS framework that takes functions and returns (almost) HTML. This isn't an ARM license)

https://medium.com/@dwalsh.sdlr/react-facebook-and-the-revokable-patent-license-why-its-a-paper-25c40c50b562

[sahlouls]

+1

[CoreyDotCom]

@LawJolla The unfortunate reality is that there are many lawyers in this world and I'm pretty sure they don't all agree. :)

[LawJolla]

@CoreyDotCom Then in cases where lawyers don't all agree, is the solution to take the most risk adverse position possible? Or is the solution to understand the problem and take the most reasonable position?

[CoreyDotCom]

Perhaps it would be to follow suit with a defacto standard open source license and avoid contention.

[LawJolla]

@CoreyDotCom Apple uses similar terms. And your reply doesn't address my question.

[carlhancock]

@LawJolla Your argument is a good one for certain scenarios. But it’s tricky when the subject is a small startup without major funding. Rewriting a product to strip out React isn’t trivial for a small startup who may have built their product with it. I’ll use WordPress as an example. If WordPress adopts React, which they are currently using to build the Gutenberg project which is the planned replacement for the main editor in WordPress, it could have consequences to the entire WordPress ecosystem of commercial WordPress products. Yes, many of these are small businesses. But, many of these have also been acquired by bigger businesses. If WordPress adopts React and that startups product is built on top of WordPress... those bigger businesses could back out of acquisitions because their legal team raises a red flag during due diligence over the React clause. We already know there are companies that shy away from React for this reason. And if they had to strip our React it would basically mean rewriting it at which point the co Lang could just decide to build itself instead of acquiring the other company. If WordPress adopts it, do those same companies shy away from WordPress because they’ve used React for major functionality? When you most certainly could not afford litigation you’d want to take the most risk adverse path. Sometimes the most reasonable path is too much of a risk. I hope FB just updates the license so nobody ever has to find out if it is a paper tiger or not.

[LawJolla]

@carlhandcock My argument holds for all companies. Start ups don't have a patent portfolio to sue Facebook.

People seem to keep missing the salient point... for anything to happen, you need to sue Facebook. And if you have a good patent claim against them, and have the money to file the suit, you have the money to take React out. (Or don't. Assuming Facebook has any patents protecting React -- they most assuredly don't -- they can't show lost profits or reasonable royalties)

[joonhocho]

@LawJolla Also the author somehow assumes that there are no patents for React, which I doubt is true. Besides, this issue is bigger than React. It applies to all open source libraries that use same Facebook BSD+Patents. And, I am pretty sure that there are numerous patents filed for those libraries.

you have the money to take React out.

It's matter of money, energy, and time. If you see ASF's comments, ASF says they don't want to do it. I am sure they have money for it if they have to. But, it does not mean they like to do it or is any beneficial to them or any other companies that uses ASF's products. If this non-standard licensing trend continues to other big companies and all of their open source projects, then open source projects will lose their true meaning.

[LawJolla]

@joonhocho I'm the author. I didn't assume. I looked. And after 10000 reads not a single person has come forward with a plausible patent.

[j127]

@LawJolla - you write that it's a "toothless" claim and only applies to React, which you think has no related patents. But the PATENTS file is found in most Facebook repos (Immutable, GraphQL, Jest, Flow, Hack, HipHop, etc.), and it's becoming part of dependencies of dependencies. If it is a dangerous file, then the entire Free software ecosystem is getting damaged.

I don't think that you have addressed every scenario in your post. Also, some large and small tech companies seem to disagree, or at least they aren't ready to risk it.

[joonhocho]

@LawJolla Even if what you are saying is true, it has and is creating a lot of friction in the ecosystem whether it's just paranoia or not. One obvious example is this thread and numerous other threads on HN, Reddit, GitHub related to React's BSD+patents over the past few years. Many companies including big ones have shied away from using React for this very reason. ASF is currently challenging it. People here are trying to change it, and I hope it does.

[LawJolla]

@joonhocho I can't disagree with that. Fighting for more open licenses, even if the rationale is couched in unfounded paranoia, isn't a bad thing.

@j127 There's a ton of bad legal advice and ignorant paranoia, so the fact that some won't risk it is unsurprising.

[j127]

@LawJolla - Your arguments haven't addressed Immutable, GraphQL, Jest, Flow, Hack, HipHop, and all the other places that the file appears.

[carlhancock]

@LawJolla I’m not missing your point. I outlined an example in my reply on how it can impact a business from an acquisition standpoint. The small business does t have to have a patent portfolio. A big business interested in acquiring the small business could have the patent portfolio and opt not to acquire the small business because they don’t want to deal with the headache since as you said... they could just strip out the React so why not just write it yourself instead of acquiring a product you’ll have to rewrite and strip out the React from anyway? And FYI the lawyer from Automattic is speaking specifically about Calypso and Automattic as a business — and states they don’t have any patents anyway. But Automattic isn’t WordPress the open source project and how many businesses with patent portfolios use WordPress? A lot. How many of those will rethink WordPress using the open source project if they introduce key functionality written in React, which looks like a possibility with the Gutenberg project that is in Beta? I don’t know the answer to that. But like you said small businesses are unlikely to have patent portfolios. But big businesses use WordPress too.

[LawJolla]

It's clear that tin-foil hat, nonsensical hypotheticals rule this issue and further attempts at common sense will fall on confirmationally biased deaf ears. Good luck with the React license, UFOs, and faked moon landings. 🤗

[tdunning]

Dennis,

That really wasn't necessary. Not helpful, either.

[gstein]

A GitHub issue is a poor venue to discuss legal theory. It also detracts from the original request: would Facebook be amenable to relicensing React to something other than FB/BSD+Patents ?

And in that vein, there isn't really anything to discuss. The real discussion is internal to Facebook, and we can/should simply wait for their decision and/or explicit request for further community feedback.

[kideny]

昨天晚上熬夜看React教程，如果Facebook不改授权协议，我只想说一句话：“打死你个龟孙！”。

[huhuanming]

@kideny it's unfair to facebook.

I also dislike the patent of React, and all facebook Repos with it.

But it's the right for facebook who develop and deploy it.

How about GraphQL? React Native? and More?

Weex includes Yoga, but Yoga also includes the patent.

Maybe in the future, most of repos will includes its patent by big business.

☹️

[LnsooXD]

Vuejs is a good choice, which is a MIT-licensed open source project. It is free and simple to use.

[huhuanming]

How about Preact?

But no Preact-Native...

😂

[dlindenkreuz]

C'mon people, let's stay on topic here…

[TheTFo]

FWIW, my company's legal department sees no issue with us moving forward with react under the current licensing scheme. I suppose it depends on what your product it.

[nodediggity]

This thread is in danger of being closed I have no doubt. Can we please stick to the topic at hand. This is an incredibly important issue for a lot of us, the react team are doing us a service allowing us to continue to communicate here. Let's try to not add pointless input that may otherwise hinder any progress or cause us to lose this channel.

[dpogue]

FWIW, my company's legal department sees no issue with us moving forward with react under the current licensing scheme. I suppose it depends on what your product it.

There's been a lot of confusion and misleading information around this issue, and it only got worse as it blew up on HN and Reddit and news sites.

The React licence/patents situation is no different today than it was a month ago. There is no need to switch away from React if you are already using it. The question of whether your company allows the use of React due to its licence/patents is a question for your company's lawyers.

The only thing that happened is that the Apache Software Foundation's lawyers have said that they do not find the licence to be appropriate for their projects. Thus, the Apache Software Foundation has instructed all of its projects to move away from Facebook BSD+Patents code by August 31st.

This does affect several ASF projects including CouchDB, Cordova, and Superset (incubator) – which is why this issue was opened – but it has no bearing on non-ASF projects (even if they are licensed under the Apache 2.0 licence).

[mitsuhiko]

I really don't think this issue should be turned into an opinion poll about the licensing situation. There are people who already cannot use react but want and there are a few more due to the ASF change that have issues with this now. This issue is already being discussed to death.

I'm pretty sure I'm not the only one who is subscribed to this issue to receive updates on the licensing situation and not to have my inbox swamped with more opinions about it. Maybe the actual discussions about the usefulness or not could be had elsewhere?

[huhuanming]

So this issue is a request to re-license, or just complains? or find a reason to make it?

I cannot getting something of value from it.

[rnewson]

This issue is only us (CouchDB PMC) asking Facebook if they would consider changing the license to the Apache Software License 2.0.

We have to either remove the parts of our project that use React or port them to something else if this doesn't happen. We would much prefer to continue using React if the license is changed to one that the ASF accepts and it's far simpler if that's the ASL 2.0 license. We are not making demands or threats and we're not even commenting on the wider social or legal aspects in this forum, fascinating though they are.

The only response we are really waiting for is from Facebook (either directly or via a suitably authorised member of the React team).

There have been many excellent comments on the thread and it helps to see that the concern here is felt by others, but I for one would welcome the thread staying closer to the original goal.

[deavial]

I think it was understated by it only affecting a "few ASF projects". It affects every single open source project that uses react on either the backend or the front end, this includes WordPress. We can't expect users of OUR projects to respect a patent rider. You can't release your project as BSD if the license of any dependency is on the X list. So basically you can't license your project under anything but Facebook's license.

[hexpunk]

@victoriafrench That's not strictly true. You can release your software under any license you want. Your license doesn't affect the terms under which React is licensed. The license of your software applies to how the users of your software are allowed to use it. React's license affects how you use React, not how your users use your software.

[deavial]

@JayAndCatchFire that is not true. If you were to release Wordpress under BSD and it used a GPL component, you become GPL. Now any developer who creates any form of plugin for Wordpress is now also GPL. This is the reality. You can not use a license under X without distributing your product under the same license and it chains down from there. This is standard copyright licensing law, every attorney will tell you the same thing.

Let's move this over to motion picture. I use a video clip that has a non-theatrical license that I use in my after effects CGI template and I license that as CC. Marvel comes and uses my CGI template. Marvel can not release the movie to theaters because the non-theatrical license travels up the chain.

It's called a "chain of title" and applies to all copywritten work.