License lets commercial apps use this repository?

[AndroidDeveloperLB]

Here it is this one:

https://github.com/terl/lazysodium-android/blob/master/LICENSE.md

But it uses another repository which has a very weird license, of 2 licenses of my choice:

https://github.com/java-native-access/jna/blob/master/LICENSE

So what's going on? Is it ok to use them both in my own app? I haven't changed anything in its code (and of the other), if that matters.

[gurpreet-]

Hello again @AndroidDeveloperLB,

JNA is licensed under a dual-license which means you can freely choose the license you want. You can choose either the LGPL 2.1 or the Apache License 2.0. The LGPL 2.1 is seen as less permissive than the Apache License 2.0. If you want a more permissive license which allows for commercial use, then the Apache License 2.0 is seen by the developer community as the best choice.

It's not up to me to decide for you though, you must read through the licenses yourself to see which one most suits you.

[gurpreet-]

There are loads of companies using Lazysodium in their projects for commercial purposes if that helps too.

[AndroidDeveloperLB]

Sorry but this still is very weird to me:

1. How come I get to choose the license? It's as if I get to fly an airplane and they would ask me if I want to pay for the ticket or not... Why should I choose to pay? :) It's the first time I see a choice...
2. Shouldn't lazysodium-android repository be based on this license? Would using lazysodium-android mean that I have 2 licenses for it?
3. It says lazysodium-android has Mozilla license. Is it similar to Apache?
4. Suppose I want to use lazysodium-android, and I'm not going to change the code of it and not of JNA or anything else that it uses. Is it ok, even if my app is closed source? Should I do something special?

I'm worried about using this library now. That's why I ask. In the beginning I saw Mozilla and I noticed the "V"s similar to Apache, so I thought it's very safe to use. Please let me know if it's really ok.

[gurpreet-]

The questions you're asking should be directed to a lawyer but I can give you some hints.

1. There are plenty of dual-licensed software projects. For reference see here https://en.wikipedia.org/wiki/Multi-licensing. It is not about money (developers seldom create open-source projects for monetary gain), it is more about compatibility between licenses and the principles of the open-source developer. Let's say that JNA was licensed only as LGPL 2.1. Now if I wanted to make Lazysodium licensed under Apache License 2.0 I could not because APL2 is incompatible with LGPL2.1. Now the question might be why JNA would only be licensed as LGPL2.1 in the first place. Well it is up to the developer and what they believe in. They might support open-source passionately and believe that all software should be open-source and not proprietary, this is one of the core tenets of the Free Software Foundation and license their code under the LGPL2 or the AGPL. Conversely, if the developer believes in all software should be consumable and permissive by anyone then they release it under the MIT or the BSD license. Sometimes it is not even the developer who decides but a downstream dependency. It may have been that JNA had a downstream dependency which was LGPL2.1 and so made JNA LGPL2.1 too but then that downstream license was changed to be more permissive. Or it could have been the case that the developers of JNA had a change of heart and wanted JNA to be APL2.0 instead but also wanted to keep the projects who used it when it was LGPL2.1 and so in order to satisfy both they dual-licensed JNA. Indeed, any number of things are possible. So you see, it is not about paying for an airplane ticket, it is more about what airline would you like to travel with. The LGPL or the APL. Freedoms, choices and principles.

2. No, Lazysodium consumes the JNA project under the Apache License 2.0. MPL2 is compatible with APL2.0.

3. I'm not a lawyer so please research yourself into this. In fact, read the licenses, they are very clear on a lot of things. MPL2 is more restrictive than APL2 in my opinion in the sense that in order to change Lazysodium you must either publish your changes or contribute back to Lazysodium. MPL2 is a great license that allows commercial use but also helps out the maintainer.

4. Should be fine to use. But I'm not a lawyer so don't come running back to me if you get sued 😂 You should try to read up on licenses rather than asking me for advice, because although I have done a lot of research into this, it is a world which is complex and has a lot of nuances.

Woah, just because the versions are similar does not make them the same or compatible. Yes, I believe Lazysodium is fine to use in commercial and non-commercial projects but your commercial project might be different to others, every case is different, so seek expert advice.

Taking everything I said above into consideration, you have open-source projects licensed under the APL2.0, why did you license them that? Why not the MIT or the GPL3? Then ask yourself if you did license them under the GPL3 would your projects have received the uptake and popularity they have now? Especially if most companies rule out GPL3 code? Basically what I'm trying to get at is what do you believe in. What are your principles when it comes to code? Do you believe that all code should be open and used by everyone and anyone including companies for monetary gain? Now that you are creating a commercial app you might wish that an amazing library was never licensed under the GPL3. On the other hand, if you were a one person developer who has created an amazing APL2 library used by everyone and were kind of resentful of the fact that you were powering all sorts of companies, then you might wish that you licensed your library under GPL3. Indeed, freedoms, choices and principles!

https://choosealicense.com/ https://www.mozilla.org/en-US/MPL/2.0/FAQ/ https://www.gnu.org/licenses/gpl-faq.en.html

[AndroidDeveloperLB]

So I think it should be fine. If this one is like Apache, and the JNA lets me say I want it to be Apache, I should be safe to use them both.

Really wish it could be easy to understand all of these. I'm not a lawyer and even though I'm good with English usually, I'm bad at it when it comes to laws-terms (and also in my own language).

All I want is to simply use a library. I will treat it fairly. I promise :)

I am allows to use it, even if my app is closed sourced, right? I won't change anything in code for it. Just have a dependency to it and use its classes, and that's it. I will even mention that I use it in some "about" page on the app.

[gurpreet-]

Yes you can use it even if your app is closed source. Crediting this library is not required but a nice gesture 🙂

[AndroidDeveloperLB]

I will put credit nevertheless. Here's my app if you wish to try. Next update will include usage and credit of this library.