Dual License Change Discussion

[tonyqus]

I'm considering changing NPOI's license from Apache to dual license (free+commercial).

I've been working on NPOI for 15 years (since Sep, 2008). I really appreciate individuals and companies choose NPOI to support their business.

I've been seeking successful business pattern of open source projects for years. I even created a startup company called Neuzilla 8 years ago. I used to believe that this company can be raised by sponsorship and support fee. But it looks I was totally wrong. Apache license is the root cause of this business failure. It's free and only benefits the user no matter it's commercial or not.

Why I choose changing license

After analyzing the commercial success of EPPlus Software, I think dual license can be a good choice for OSS sustainability. EPPlus has changed the license 4 years ago and the company has a team of 6 devs now. According to nuget stats, there is not much impact on usage number after EPPlus changed the license. This is an interesting and promising discovery. I'm considering following their step.

There are a few famous accidents about OSS sustainablity happened in the past years. For example,

• Fake.js author deleted the repo since no sponsorship at all
• Moq author introduced SponsorLink to increase Github sponsorship. But the community blames him widely
• Cskefu collecting emails from Github profiles without asking for authorization

I don't wanna do anything bad to the community or anything illegal. That's the major reason I choose to change the NPOI license. This is simple and straightforward.

What will the new license look like

It's in the very early stage. The initial idea is to judge based on the company size or revenue. For example, if the revuene of a company who uses NPOI reaches $1m a year, it needs to buy commercial license.

Free license will be open to freelancers and NGO.

We may also provide startup license to support startup companies

What NPOI contributors can get from this change

I'm planning to pay NPOI contributors after the license is changed and we do receive a few payments from companies

But I'm still thinking the fairness of this kind of payment. Will it be based on number of code lines of contribution or based something else? OSS sustainablity is not just about rich the author himself but it's about paying based on contribution. You contribute more, you get more payment. That's the basic rule.

Open to Suggestions

I'm very open to suggestions and concerns. Please let me know your thoughts on this.

Reference

Elastic Dual License Change EPPlus License Change Six Labors license change

[DaviOtero]

Hi Tony! Nothing against licensing the product, but it would be very important to consider aspects to easen the transition for those who'll need to pay in the future. Freezing a version on apache license is a good option, it will give people time to see the benefits of future funded-base upgrades and support before commiting to purchases.

Companis that have annual budgets also have difficulties adapting inside the same fiscal year and this approach would help them not ditch the component and hold users.

I also noted you included NGOs in the free license, NPOs would be a good exception too.

[canton7]

Do note that everyone who has contributed work retains copyright over their contribution, and you need their permission to enact a license change.

(Unless they signed a CLA before contributing, allowing you to relicense their contribution in future, or you go through and remove all code they contributed).

See https://opensource.stackexchange.com/questions/33/how-can-a-project-be-relicensed

Freezing a version on apache license is a good option, it will give people time to see the benefits of future funded-base upgrades and support before commiting to purchases.

You have to do this AFAIK: licenses like this are granted in perpetuity, and you can't revoke the license on something which had already been released.

[LuciferSam8086]

I would fork the project. NPOI will have the old license, and put in ready only /archived , and a new project ( like NPOI+) will have the new licensing.

Another option would be : NPOI will keep this license, and you could make other projects based on NPOI with a dual license. Maybe a library to make reports with Word with a dual license, keeping NPOI as is. It might be a heavy job to do, tho. So it might not be an option for everyone.

[canton7]

Note that forking doesn't avoid needing to get consent of all contributers (if not already given) before changing the license.

[tonyqus]

@canton7 Thank you for putting this on the table. Previously, I don't know about this.

I'm willing to contact all the contributor. But there may be a few difficulties here

• What if these contributor doesn't share a public email in their Github profile. How can I reach them?
• What if I send the email, but they don't reply for a long time. Let's say 1 month. Can I say they give up the power to vote?
• What's the weight of each voter? Is it based on contribution? Because usually there are only 1-3 major contributors in one project.

As you said that I have to remove the code contributed by the guys who said no to change license, does it mean that I can recontribute by myself? even the code looks similar? It's just like the standard answer is there and I change a person to contribute.

And Is there any existing project following this step? Can you give an example? Frankly speaking, I never heard of this is done in an open source project before.

[tonyqus]

@LuciferSam8086 Yeah, I totally understand a few developers who don't like this change will fork the project. But I don't see there will be a difference. Because fork is easy, how about the maintainence for a few years without any profits?

Every open source project has only 1-2 core person in this project. If they stop maintaining it, the project will die.

During the past 15 years, I don't see many developers are willing to contribute to NPOI. Frankly speaking, I tried a few ways to promote this project and introduce new contributors. But it's very rare. So why do you guys are willing to contribute now? Just because I change the license? I don't see this kind of fork behavior has any sustainability.

Take the most popular 'forked' version called Dotnetcore.NPOI as an example. I did analyze their git log and finally figure out that they only maintain for 1.5 year (from 2017- early 2018). Then they didn't maintain it anymore. They didn't reply to issues at all and eventually I went to their repo to help answer issues about NPOI before they banned me from their org in 2020.

Moreover, Dotnetcore.NPOI was not well maintained. The maintainer didn't really fix bugs. He was just pending PRs from the community if you check the contribution from the maintainer in the git log.

[tonyqus]

@LuciferSam8086 @canton7 How do you think about commercial companies use open source without any payment or sponsorship to the maintainers/contributors? Any comments?

I think change the license fixes this issue. It's not against individual users or NGO at all. What are you defending for? Companies? I don't get your point.

[canton7]

I'm not sure of all the details I'm afraid. I watched the Syncthing project change from one open source license to another, which was quite a lengthy process, and is how I'm aware of the issues here.

This is why large projects require that contributers sign a CLA before contributing: it's practically impossible to change the licensing later without it.

Strictly speaking, I think changing the license of any line of code without the copyright holder's permission, even if that person just contributed a single line, is against copyright law. But whether those people would care in practice is another matter of course.

It's not a voting system: it's that you need the copyright holder's permission to change the license of any line of code. Even if just one person says "no", you can't change the license on the code that that person specifically wrote. The SE post has some nuance: you can isolate code from a contributer into a sub-package which retains the old license if they don't (or can't) consent to a license change, for example.

However, do note that I'm not a lawyer.

Rewriting code without reference to the original does not breach copyright AFAIK.

[canton7]

@LuciferSam8086 @canton7 How do you think about commercial companies use open source without any payment or sponsorship to the maintainers/contributors? Any comments?

I mean in principle I'm all for it. That's why I release code under a permissive license such as apache or MIT, and not under a license like GPL. I've got plenty of projects and get very little sponsorship and for me personally that's fine: I do the projects because I enjoy the process.

That said, I fully support your move to a commercial license if that's the direction you want to go.

I think change the license fixes this issue. It's not against individual users or NGO at all. What are you defending for? Companies? I don't get your point.

I'm just pointing out what the law says on the matter, so you don't get legal problems from disgruntled contributed. That's all. I'm not defending anyone.

[tonyqus]

@canton7 I don't against copyright things. I'm just thinking of how to make it happen. How to lower the cost of this process?

How about I open an issue for existing contributors and pin it in Github issues? And then they can vote when they see it? But I'm still thinking putting a deadline (perhaps 3 month) there to shorten the process.

[canton7]

I'm afraid I can't be of much help there.

Personally I'd start with an audit of how much code actually remains from someone who isn't a main contributer. Things like doc comments probably don't count?

For reference on how Syncthing went about it:

• https://forum.syncthing.net/t/syncthing-is-going-to-be-relicensed-as-mplv2/2006
• https://github.com/syncthing/syncthing/pull/1421

Took a little over a week to get everyone's approval, but the shift from one OSS license to another is going to be less controversial than going paid-for.

[tonyqus]

@canton7 Thank you for this suggestion

Freezing a version on apache license is a good option, it will give people time to see the benefits of future funded-base upgrades and support before commiting to purchases.

Yeah, it looks to be a good practice to lock the apache license version and start a new repo with new license. I did see EPPlus archived their repo in Mar, 2020. This repo is under LGPL license.

[tonyqus]

@LuciferSam8086 Thank you for this suggestion

you could make other projects based on NPOI with a dual license. Maybe a library to make reports with Word with a dual license, keeping NPOI as is. It might be a heavy job to do, tho. So it might not be an option for everyone.

I did think of this. But frankly speaking, it may take another 10 years to get it popular if everything goes smooth. Usually, one OSS developer cannot make 2 popular libraries in his life. At least, I don't see many developers made it.

[Bykiev]

@LuciferSam8086 Thank you for this suggestion

you could make other projects based on NPOI with a dual license. Maybe a library to make reports with Word with a dual license, keeping NPOI as is. It might be a heavy job to do, tho. So it might not be an option for everyone.

I did think of this. But frankly speaking, it may take another 10 years to get it popular if everything goes smooth. Usually, one OSS developer cannot make 2 popular libraries in his life. At least, I don't see many developers made it.

You can leave it as a community project under old licence and it will be maintained by community, where anyone can contribute.

[RIP-webmaster]

Do note that everyone who has contributed work retains copyright over their contribution, and you need their permission to enact a license change.

Is it actually true? I think current license has a clause that enables creating derivative works under different license:

You ... may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

[kzu]

According to nuget stats, there is not much impact on usage number after EPPlus changed the license.

And after the license change (in v5, according to their readme), it fell off a cliff to ~10k and three years later it still at 10/15% of what it was:

Obviously, from the point of view of the project's health, a 10% paying customer base might be very much preferrable to 100% non-paying ones :). But that's a significant factor, IMHO.

[tonyqus]

@kzu That's a good point. I didn't look into 6 week stats of EPPlus.

Btw, @lahma helped create a Github Action CI/CD based on your Nugetizer. It works great!

[rstarkov]

But I'm still thinking the fairness of this kind of payment. Will it be based on number of code lines of contribution or based something else?

I only want to comment on this part. As you said elsewhere it's the 1-2 core maintainer(s) who are the most critical contributors. I don't know your specific situation but I would think that paying anything to occasional contributors before the core maintainers can sustain their own work is probably not very useful. The money is rather unlikely to cover commercial rates for the work anyway, it probably had little to do with motivating the contribution in the first place, and it just generates even more work for the core maintainers. It might even attract contributors you don't want, who fix some comment typos and then feel entitled to a payout. Bottom line, I think it's fine to accept payments but offer nothing to occasional contributors until the core maintainers are fully paid for their work.

[jahav]

I think your biggest problem from license point of view is the Apache POI project, if you want to get rid of Apache license completely. I think it would be rather hard to argue that NPOI is not based/derived work of POI.

"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship.

You can just sublicense it and include a copy of Apache license. It's not a copyleft license. Does it really matter that the derived project contains some text file? Android contains third party notices for literally hundreds of such files.

You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

[tonyqus]

@jahav Thank you for bringing this to the table. Yeah, I did notice this problem and I'm still evaluating it.

I'm checking if there are some existing graduated Apache project getting commericial. Looks Cloudera has a successful story on making Apache Hadoop/Apache Spark commercial. And Cloudera HDP is based on Apache Spark although there are a few extra work from Cloudera itself.

They used to have apache 2.0 license. And here is their explanation about their new commercial license. I don't think Cloudera Hadoop is getting rid of core part of Apache Hadoop. And since I used to be a big data architect for 1 year, I know that HDP keep getting new version from Apache Hadoop since the core engine is not invented by Cloudera.

If that's the case, the new license doesn't have any conflict with Apache license because anyone can use it including the maintainer. You can borrow any code from Apache projects and make it commercial. This is my understanding. Let me know if you have any other opinion.

[LuciferSam86]

Of course everything will be IMHO :)

So, I kind understand this discussion, "kind" because being a full time developer with a good salary when I put myself writing open source code, I tend to forget the monetary part, but I fully support your decision.

I wanted just to point a couple of things, and I am totally open to discussion.

I saw some big projects that changed their license to a commercial one (like ElasticSearch and Akka framework), someone forked before the license change and now there are open source forks (Amazon OpenSearch and Apache Pekko).

Another thing is the license change might be problematic for other open source projects that are using your library. It happened to me too, with a soon-to-be-released MIT project I have. QuestPDF changed their license, and I had to found another solution. In my case I changed to a Python library (weasyprint) with a RESTful API.

[jaredthirsk]

Do note that everyone who has contributed work retains copyright over their contribution, and you need their permission to enact a license change.

Is it actually true? I think current license has a clause that enables creating derivative works under different license:

You ... may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

I am wondering this as well.

I would think there is a problem from going to a restrictive license to a less restrictive license, such as the GPL to MPL syncthing example, (because the GPL contributors contribute on the deal that the whole blob of syncthing is copyleft.)

Whereas it is unlikely to be a problem to relicensing a less restrictive license to a more restrictive license. (The contributors are of the mindset: do what you want, I don't care. Except give me credit. I don't care if you profit by putting the library in an application you sell, or a derived premium library you sell.) (Though I'm not sure of the specifics of less restrictive licenses, if any restrict selling derived or partially derived works.)

@canton7 Any thoughts?

[tonyqus]

Since my Github sponsor got approved this week, I will hold on the change license plan and see if I can follow Evan You's successful story. He got about 230 sponsors per month. If I can get 50 sponors, I think my wife will say Yes

Thank you for all of your inputs. That's very kind of you.