Posted by Steven S. Fang on September 29, 2017
The cries for revolt rang loudly within the open source community, as discussed in my prior post on this subject, and there is apparently insufficient soundproofing at Facebook headquarters to shield its denizens from the cacophony. Facebook has announced that it will release its popular open source React, Jest, Flow and Immutable.js projects under the MIT license, abandoning the Facebook BSD+Patents license for those projects.
After the Apache Software Foundation tagged the Facebook BSD+Patents license as a Category X license, barring software covered by that license from inclusion in Apache projects, Facebook initially hunkered down and suggested that those voicing concerns about the Facebook license simply misunderstand it – basically, “It’s not me. It’s you.” Facebook insisted:
We appreciate all the issues that have been opened asking questions and engaging us. We have considered possible changes carefully, but we won’t be changing our default license or React’s license at this time. We recognize that we may lose some React community members because of this decision. We are sorry for that, but we need to balance our desire to participate in open source with our desire to protect ourselves from costly litigation.
A month later, Facebook has seen the light and concedes, “It’s not you. It’s me.” A charitable observer would attribute that change of heart to healthy introspection on the part of Facebook. A cynic would point out that Facebook announced the switch two days after Automattic, the company behind the ubiquitous open source WordPress web publishing platform, declared that it would jettison React from its projects.
Although Automattic itself does not have strong reservations with the Facebook license, it recognizes that some within the WordPress developer community hold a more disapproving view. And even though rewriting code to excise React would consume time and resources, Automattic believes “the long-term consistency with core is worth more than a short-term hit to Automattic’s business from a rewrite… we have a lot of problems to tackle, and convincing the world that Facebook’s patent clause is fine isn’t ours to take on.”
There had been various calls from the open source community to abandon use of React in open source projects. But it took the voice of a giant in the community to effect change. If React were removed from WordPress projects, React would no longer be the de facto standard for the development of tens of thousands of WordPress plugins. The prospect of losing that life force, it seems, was too much for Facebook to bear.
Perhaps the biggest lesson here is that, if you want to roll out an open source project and minimize potential friction points for participation, choose a license approved by the Open Source Initiative. There are boundless flavors, and the open source community knows of and understands those flavors. No need to reinvent the wheel and invite confusion or, worse, hostility.
Get the latest AppSec news and trends sent directly to you.