React: Consider re-licensing to AL v2.0, as RocksDB has just done

From what I have heard, FB is not interested in pursuing the more draconian possibilities of the BSD+patents license. If that is true, there is actually very little difference between BSD+patents and the Apache license. As such, relicensing should make little if any pragmatic difference to Facebook.

Such a change, however, would make it much easier for license-cautious downstreamers. Please do consider making the change.

@lacker no longer works at Facebook. I'm having a little trouble figuring out who would be best to route this to, but I'll look again on Monday. Thanks for raising this!

RocksDB is now dual Apache 2.0 and GPL v2 licensed as of https://github.com/facebook/rocksdb/pull/2589

https://news.ycombinator.com/item?id=14779881

Instead of switching license to Apache License 2.0 (ALv2), which is not liked by many people, is incompatible with GPLv2) and/or dual-licensing ALv2 + GPL mess, would Facebook consider changing a PATENT license once again to make termination clause look more like the patent license grant in ALv2:

If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

Would this satisfy ASF people?

Just to voice an opinion, in my and my company's software projects, I avoid dependencies that use ALv2, and I'm against relicensing away from the BSD-like license. I'd prefer that ASF would rewrite their software to not use dependencies that their lawyers say the can't use instead of persuading every project that they can't use to change license.

We're only asking if the project would consider changing license. Apache CouchDB and others will switch away from react if we have to. We'd rather not, it's a lot of work for no real gain, but we don't have a choice. Changing license can be simple (RocksDB completed that change in a day).

We're only asking if the project would consider changing license.

I understood that. My point is that instead of changing the license, would ASF and Facebook work to arrive at the acceptable PATENTS file?

(BTW, I'm not in any way related to the React project or Facebook Inc. apart from being the user.)

great question, will need a bod from ASF Legal to answer it. I'll point them here if I can.

@dchest What is it specifically that your company finds necessary to avoid in ALv2 that is not already present in the react license?

The existing PATENTS file is a point of consternation for many, not just ASF. I think the point of this request is to alleviate licensing concerns that cause unnecessary roadblocks to adoption.

@nevetS due to Oracle America, Inc. v. Google, Inc. I avoid discussing any specifics about any licensing decisions in public or by email, so I'll leave it to other brave souls and/or lawyers. I only decided to voice my opinion here because I saw no opposing opinions posted, while in fact there are such.

The issue concerns changing the status quo to satisfy one organization's needs (but I'm sure there are others too) by re-licensing with the license written by this organization (sure, it's OSI-approved and widely used), with a history of alienating other open source (and "free software") projects. I don't want this to happen to React, so I'm trying to see if there's a middle ground by changing the PATENTS file is such a way that will satisfy both Facebook and ASF.

Many people don't use React (and Immutable, etc.) because of the PATENTS file. The simplest solution would be to delete it from all of the Facebook repos.

Modified GPL-like with share-alike patents clause?

There has been recent, renewed awareness in medical research institutes about open source license compliance. Legal review of open source software compliance often expressly asks for Apache 2.0 license precisely because it is a competently constructed and includes equitable patent grants. Since U.S. based universities rely upon patent licensing as part of their legislatively mandated technology transfer initiatives, they are growing far more cautious in their due diligence. For this reason, at some universities, software written with React may be shunned. Existing projects using React software may be asked to remove the React software software dependency. Please strongly consider this proposal, since our RexDB work is used at major universities, we do not wish to rework to use a React alternative.

@clarkevans thanks for your contribution to the discussion! As you said, the purpose of the review was ensuring compliance, that is protecting themselves from lawsuits. It's a worthy goal for any organization, but I doubt the effect of licenses on open source ecosystem was considered, and I think this effect is very important. Simple BSD-like licenses are known to cause less friction for open source projects. If the fact that Facebook granting additional patent rights (separately from copyright license) causes problems for some organizations, I think it's worth considering fixing the problem with patent grant instead of switching to the license that incorporates it.

Here's an example of a patent license which I think might work for everyone: https://github.com/golang/go/blob/master/PATENTS

@dchest I'm not a lawyer, but I'm not sure you can consider the BSD license independent of the additional patent grant, it's about intent, and patents file changes the intent. Even Facebook's blog [1] refers to their license as BSD+Patents, "We use a standard BSD license paired with an additional patent grant for most of our open source projects. For brevity, we call this combination the Facebook BSD+Patents license." This is further complicated by the recent revelation that the GPL is enforceable as a contract [2]. Please note that there is sufficient dissent at the Open Source Initiative that CC0 is not approved as an open source license [3]. Hence, I don't think that you can view BSD independently once the additional patent license is added since you can no longer assume there is implicit patent grant.

While the Apache 2.0 license may not be perfect, in the interest of unifying licenses, it's far better than adding yet another license. Surely the OSI would reject Facebook's BSD+patent license if it were proposed. So, in reality, you might want to instead consider React as "non-free" expressly because of this addition. Lots of people add additional non-free clauses to the BSD license and propose it to the OSI each year, and in almost every case the license is rejected as not complying with open source standards.

[1] https://code.facebook.com/pages/850928938376556
[2] https://perens.com/blog/2017/05/28/understanding-the-gpl-is-a-contract-court-case/
[3] https://opensource.org/faq#cc-zero

As a further note, Google's gRPC was relicensed to Apache-2.0 as part of joining CNCF. They explained their reasoning here: https://www.cncf.io/blog/2017/02/01/cncf-recommends-aslv2/

OSI-approved alternatives to Facebook's license+grant combo also include UPL[1] and BSD+Patent[2], both of which are likely to be compatible with Apache's license. Where possible I suggest avoiding inventing yet more legal language.

[1] https://opensource.org/licenses/UPL
[2] https://opensource.org/licenses/BSDplusPatent

Regarding the vague fear by unnamed people that @dchest was talking about, establishing clear compatibility with the current Apache license is precisely one of the main reasons for GPL v3.

More concretely, writing yet another license for people to have to keep track of and analyze is simply silly. This is especially so if you write one that incorporates patent language "just like" the Apache language on top of the BSD model that is also "just like" the Apache language, except that the Apache license was updated based on feedback from competent legal counsel.

@nevetS

I don't think that @dchest ever said that his company found anything problematic with the Apache license. He just said that he tries to avoid it in his work. That is completely different.

My (uninformed) guess is that his company has no problem with Apache apart from that sourced from Dmitriy himself.

From Minio team here we would like to see this change happen. Our object storage browser UI is based on react and we are Apache 2.0 licensed.

It would be unfortunate and time consuming to migrate but we will have to do that in lieu of new information regarding Apache incompatibility. Please consider re-licensing React.

Thank you for your consideration.

@harshavardhana I think you misunderstood the situation. The current license is not incompatible with ALv2. The situation is that Apache Software Foundation's lawyers (correction: policy makers) declared that their projects will not use any dependencies licensed with BSD+Facebook's patent license, so their people filed this issue to convince Facebook to relicense it under ALv2. Many other people consider the current license and patent grant problematic, some companies also ban React for this reason. However, React is used by many more companies that don't have problems with it. See also https://github.com/omcljs/om/issues/882#issuecomment-315664114

Close, @dchest. It was not our lawyers that made this choice, but our policy decision to disallow the FB/BSD+Patent license to be mixed into the software the Foundation releases to users. And I don't think anybody expected a relicensing; this change was promulgated as an "internal" change in policy around this particular license.

The current license is not incompatible with ALv2.

From the apache discussion:

Roy T. Fielding added a comment - 12/Jun/17 13:50
I have discussed that license with Facebook's legal counsel. It is not BSD (which relies on implied patent grants) and is intentionally incompatible with the Apache License.

The request to re-license was made politely, and was met with similar politeness by @gaearon (Thank you Dan for your understanding!)

There is no expectation of change on Apache CouchDB's part, but there is certainly a lot of hope for re-licensing to be achieved. And I'm hoping Dan can connect with people like @daveman692 to understand Facebook's internal reasoning and process for the expeditious change-of-heart around RocksDB's licensing.

@wohali sure, and I hope my comments are not considered impolite, if so — sorry, that wasn't my intention. It's important to note that ASF opinion is highly valued in the open source community, so while you opening the issue is a simple and polite request for the license change, the fact that the request is caused by ASF policy position — relicense or we'll stop using it — has an side effect of making other people fear the current license.

I hope that Facebook and ASF arrive at the mutually acceptable terms, however I would like to see the compromise in the form of the current BSD license plus a changed PATENTS file, rather than ALv2. I also hope that ASF itself proposes this as an option.

(That's pretty much all I had to say, so I'm unsubscribing from this thread.)

To give you a small update, there are going to be more internal discussions about this for about a week. This is about as much as I can say. I wouldn't be too optimistic about this changing for React but we'll see. @daveman692 has kindly agreed to provide an update when these discussions are over.

So just to clarify here, there's a lot of conflicting information going around. Can software not be licensed under Apache-2.0 if it includes BSD+Patents dependencies? Or is this an internal policy for ASF that is making people nervous because it's a public statement of criticism from a well-respected foundation with lawyers knowledgable about open source licenses?

This is the issue as I understand it: The React license's patent grant is narrower than Apache-2.0's, because it prohibits patent suits against Facebook that Apache-2.0 would not. The licenses are still compatible, in the sense that they can be used together within the same work. However, the overall license for that work (call it Apache+React), is less permissive than Apache-2.0 because of React's patent restrictions. It is Apache Software Foundation policy not to distribute software that cannot be licensed, as a whole, under the terms of Apache-2.0. Therefore, it will not accept the React license into its own project because it would make the project's license more restrictive than Apache-2.0.

@samuelhorwitz I think the following links might be helpful:

ASF Legal Notice Regarding Facebook Patents+BSD/ROCKSDB License

Clarification of what this policy means for a particular project

I don't believe there was judgement or criticism other than "we cannot host any dependency with this license" and "we cannot allow software that we develop to be exclusively dependent on software that uses this license."

Nesting dependencies with varying licenses is a difficult task because of potential confusion. At this point projects within the Apache Software Foundation can leverage react, but only if the end user downloads react separately, and only if there is an alternative. This is not ideal. Given that RocksDB's license was changed, and given that there is at least the impression that the intent behind the BSD+Patents license is very similar to the apache license, it seems a discussion is in order to determine if this situation can be resolved (potentially by adopting a different license in the way that RocksDB recently did).

@copiesofcopies laid it all out pretty clearly... but I had already put this together so...

the request is caused by ASF policy position — relicense or we'll stop using it — has an side effect of making other people fear the current license.

People _should_ fear it. If you build software that depends on React, Immutable, etc., many people can't use that software. The PATENTS file is poisoning the open source ecosystem by making its way into dependencies of dependencies.

React was originally published under the Apache 2.0 license. Some people may have depended on that license when they started using React (perhaps Automattic for Calypso).

So, what people are generally asking is essentially just for React (and related projects) to be under the original license when it was first released:
https://github.com/facebook/react/blob/75897c2dcd1dd3a6ca46284dd37e13d22b4b16b4/LICENSE

I do not know what the patent implications are given the original Apache License grant by Facebook for React, but they may be worth thinking about.

While we are at it, can we also throw GraphQL, Relay, React Native, Flow into the discussion as they also have the same license+patent format.
While they are not as popular as React, they are just as important to open source community and people using them and are often used together with React.

EDIT: Added Flow to the list.

Other large companies such as mine (Adobe) can't use React, Pop, etc. for the very same reason. We'd love to participate in the project, contribute to each etc. but Facebook's heavy-handed PATENTS clause is a showstopper.

When in Rome... https://github.com/facebook/jest also please :)

Even mid-size companies like mine (ViaSat) are starting to disallow the use of Facebook's "open-source" projects for this reason. We'd like to build React web and native apps, but it seems that any sensible legal department will recommend against agreeing to Facebook's asymmetric patent grant.

If we're compiling a list, Google also banned the use of React internally (despite many teams that wanted to adopt it) because of this PATENTS nonsense. (This may have changed since I left.) It's a ridiculous obstacle for a project that otherwise does so much to encourage community adoption.

The new patent grant (it changed once) was created specifically with feedback from Google, and last I heard their lawyers were happy with it.

So no consideration for the rest of us whose lawyers weren't happy with it? Poor form.

I'm not sure how possible this is, but what about the nuclear option of forking React from before the PATENTS file addition:

https://github.com/facebook/react/commits/master/PATENTS

Seems like a huge waste but what else can people do if Facebook doesn't want to play ball?

I am a Steering Council member of Project Jupyter, an open-source project that builds the Jupyter Notebook among other things (http://jupyter.org/). We are wanting to use react/immutable in a number of Jupyter repos, and the patents clause of FB licenses continue to cause problems for corporate/organizational users of Jupyter. For a lot of such users it isn't a problem (they are already using react) but for many they are frustrated that they have to get their lawyers involved to assess the risk of using Jupyter (if we use react). In a world where open-source has become the de-facto choice in many spheres it is really painful to be back in the land of "we have to talk to our lawyers before..."

The Jupyter leadership is not convinced there is an actual problem with the FB patent clause, but the mere fact that this generates friction for institutional users of Jupyter is a huge problem. It is also artificially limiting the adoption and usage of react and other libraries under that license.

I just want to drop my personal opinion on this issue.
I personally think of open source world as a public library in real life.
It's where anybody from anywhere can freely access, gain knowledge and maybe, without any obligations, give back their knowledge in return.
It's where people help each other by sharing knowledge and make the world a better place.
I know it's very optimistic, but that's just how I feel about it.
I love using open source projects, and in return, I have created dozens of open source projects myself and licensed all of them with MIT license, which seems the simplest and most common option for people like me without any legal backgrounds.
Of course, it would be great if I can get something out of them, but in fact, I did already.
I've been using many other open source projects, and that's already my gain. I am merely trying to give back to the community. I feel like it's the right thing to do.
I really hope this React license issue doesn't become how Facebook can realign its license with certain large organizations like ASF or Google, but more about what's the right thing to do.
I like React and other projects from Facebook, but I can't help but feel like Facebook is trying to get something out of them by adding PATENTS clauses, even if they are only defensive as suggested.
It's like finding a small note in the most popular book in a public library saying "If you ever read this book, in the future...".
Maybe more than 90% of people shouldn't need to worry about it, but it's still something unpleasant thing to consider.
I love React and wish everybody can freely use it without worries.

So no consideration for the rest of us whose lawyers weren't happy with it? Poor form.

Excuse me, but I was replying to the comment just above that was specifically about Google.

I understand that everyone is frustrated about this issue. Personally I am just as frustrated to spend time, energy, and emotional wellbeing on legal mumbo jumbo that is preventing people from using React. I would much prefer to spend this time on working together to make it better.

But the reality of this situation is that the maintainers of React (people like me that you’re interacting on the issue tracker) are not the ones making these decisions. Each of us is doing what we can to show different perspectives on this issue to the people who can make those decisions, and we appreciate your feedback too. But we can only keep discussion open if everyone stays civil and respectful. Thanks.

@gaearon - Understood I misinterpreted the intent of your comment.
Appreciate the clarification (and your efforts).

Just to make sure this stays a bit grounded, the patent grant clause of the Apache 2.0 license is not substantively different from the existing Facebook patent grant policy. Certainly using something more standardized would be good, but anyone that is concerned about using React today should probably have equal concern about all FOSS software. The main difference is the revocation clause from Facebook is a lot more broad on which kinds of IP lawsuits will activate it, but the functional distinction is pretty small.

That said, srsly use something standardized, makes life easier on both sides.

I've never written a comment like this on any project in my life. I'm unsure if hitting the "comment" button is a good idea or not. Please take everything I say below as meant respectfully. React is a wonderful ecosystem, we all want what is best for it, and I sincerely believe that everyone (including Facebook) is doing the best they can.

Personally I am just as frustrated that to spend time, energy, and emotional wellbeing on legal mumbo jumbo that is preventing people from using React.

But we can only keep discussion open if everyone stays civil and respectful.

It goes without saying that the discussion remaining civil and respectful is paramount. It is clear that this situation isn't fun for anyone (including the devs & lawyers at facebook, all contributors to React and its ecosystem, and of course devs like myself who are blocked on using React/React Native based on the PATENTS situation).

That said, the sentiments expressed in the sentences I quoted above go to the very core of what is so lopsided and problematic about this situation.

That this is dismissed as legal mumbo jumbo is frankly frightening. React's ecosystem has snowballed to the point where it is incredibly important to the future of literally all of software development. Software development has never been so important, and it affects real people in real ways. Facebook is a terrifyingly powerful force in technology, and by extension the world. As Facebook expands to more platforms as a dominant player and keeps React central to those expansions the true problems with the patent situation emerge.

For example, if Facebook dominates VR with a closed walled garden (as they are positioning to), and they happen to decide one must use React to develop for Facebook's VR platform, one must forfeit (company wide!) any legal standing with regards to patents vs. Facebook (one of the most powerful companies in the world!) in order to develop for the dominant platform of the day. It's as if during Microsoft's era of dominance one had to forfeit all legal patent standing against Microsoft in order to create a windows application. I feel like a silly worry wart even typing this out but if you think through this all logically that is literally the situation we are in today.

Finally, the suggestion that if the tone of discussion around this issue gets heated that all discussion will be silenced is chilling. We're all passionate about software, we all obviously love react or we wouldn't be here, and many of us have poured countless hours into work that will have to be thrown out if this doesn't change. This is an extremely complicated situation with tons of different parties with tons of different concerns. Things getting heated is absolutely expected because we all care. I beg of everyone to keep discussion civil and mature, but the suggestion that if they don't this discussion will be silenced and this project will continue on the absolutely unacceptable status quo is a troubling thing to read.

That this is dismissed as legal mumbo jumbo is frankly frightening.

I think you missed Gaeron's point. He is not dismissing the legal problems, just expressing that it is super frustrating for him to have to deal with the same arguments about this time and time and time again. He doesn't have magic power to change anything, as magical as he is. Instead he has to weather the storm of frustration about something he has no control over.

Personally, I would suggest that we leave this thread for substantial updates about the thread topic: whether React will be relicensed or not. There are so many platforms (twitter, medium, emailing Facebook legal counsel, hacker news, reddit etc etc) to express our passion on; I have put many hours into this issue at my company. The issues tracker is a poor tool for tracking the wide ranging discussion that this topic can produce, as has happened in the past

I did not mean to dismiss the issue. I apologize if that’s how my previous comment reads. What I’m trying to say is that this is a bug tracker and not the best venue for legal discussion. Especially since most of us, as I presume, are not lawyers. You may see this thread as a way to say something to Facebook, but you’re talking to a team of a few people who are software developers like you.

We are currently keeping this issue open because there is an in-progress discussion. And we will notify you if there are any updates. However, we have always closed such issues in the past after initial discussion. This is not because we want to silence you, but because keeping it open forever does not achieve any purpose. We have heard you very well, and we have passed on your concerns. But repeating the same points over and over in different threads does not help move this forward, and creates a lot of noise and stress for the maintainers who are already empathetic to your cause.

The updates that happened in the past (such as updating grant in response to initial concerns from Google and other companies, or publishing FAQ to dispel common myths) happened outside of GitHub issues after much internal discussion. The legal team is re-evaluating these decisions every once in a while, and we’ll make sure they hear your voices. All I’m asking is that we treat each other with respect and keep this discussion level-headed while we wait for their decision. Thanks.

@gaearon, Is there an available venue for such a licensing discussion?

I understand this may not be the best place for such a discussion, but it's open and folks like you are responsive. I don't know if there is any other option for such a conversation.

While I appreciate there are internal discussions for Facebook to have on the matter, I would love an open forum for Facebook's legal group to engage with the React community on licensing.

@csepulv the Legal Team (legalus humanus) is an elusive kind, typically found in their natural private office habitat, often leaving only to hunt for food or provide for their shelter...

@coderanger

Just to make sure this stays a bit grounded, the patent grant clause of the Apache 2.0 license is not substantively different from the existing Facebook patent grant policy. Certainly using something more standardized would be good, but anyone that is concerned about using React today should probably have equal concern about all FOSS software. The main difference is the revocation clause from Facebook is a lot more broad on which kinds of IP lawsuits will activate it, but the functional distinction is pretty small.

My (non-lawyer) understanding of the distinction is that Apache 2.0 says "this license grants you the right to use anything patented within this software under the terms of this license" coupled with "if you attempt to bring about patent lawsuits regarding anything in this software, then you lose all patents rights granted to you by this license".

Whereas the argument is that the BSD+Patents clause says more along the lines "if you attempt to bring patent litigation against Facebook at all, then all the rights to use the potential patents held on this software are lost". This asymmetry is what people are concerned about because concerned parties argue this is the same as saying "all your patents in exchange for using React" since even though "patents are evil etc etc" there may be legitimate patent claims a company wishes to make at some point against Facebook or some affiliate.

To be fair to Facebook, I really doubt this stems from some sort of malice and more as a defensive measure against the ridiculous state of patent litigation these days, but that also doesn't change the legitimate concerns people have either.

Anyway once again, not a lawyer, but I thought I'd clear that up as outside of the GPL camps and other anti-commercial-open-source camps, the Apache license is regarded as a really good commercial open source license for it's explicit (symmetric) patent grant/litigation protection clause as well as it's explicit trademark protection clause, both of which are generally lacking in other good licenses such as MIT (and license modification is either expensive or done by someone who's not a lawyer as well as contributing to license eco-system complexity).

@qxqxqxqx I think it is impolite to approach the issue as "make FB change". We would like them to, but it is not our place to demand that.

I really hope fb reacts to the community requests to comply react-js and related libraries for an Apache license, it can become a hinderance for all those using react-js, to un-react it.

@gstein I just want them know that we concern about this, if something is wrong with my means of expression, I apologize.

@gaearon First off, thank you for responding and for keeping things constructive. And please let me add that, as a maintainer of a developer-oriented piece of open source software, I sympathize with your desire to discuss code and features rather than licenses.

With that said, open source software is more than the code, the issue tracker, and releases. A key component of open source software is the licensing. So, when you write

You may see this thread as a way to say something to Facebook, but you’re talking to a team of a few people who are software developers like you.

it feels like a simplification. Many commenters on this issue do not want to make a statement at Facebook Inc., the company. They want to discuss one important aspect of React, the framework.

Now, I understand that software developers like us are not the best people to discuss legal details. However, wouldn't the logical consequence be that the Facebook Legal team, who make such decisions, become active in this forum? Shouldn't it be possible that all relevant details pertaining to a piece of open source software are discussed in the open? It is incredibly frustrating to have such an important aspect of open software discussed behind closed doors.

I apologize if the following has already been brought up.
It seems strange to me that there is so much fuss about an _additional grant_ on top of a widely used licence.
Why are all the legal departs of all these corporations that are mentioned in this thread not worried about _every other_ project licensed under BSD, MIT, GPLv2, and so on? If they're worried about this particular grant not going far enough, why seems _no grant at all_ be OK?
Maybe I'm missing something?

Maybe I'm missing something?

There is a general discussion going on if a license without an explicit patent grant carries an implied one and some people have the opinion it does.

@cardamon Keeping this short. IANAL, but yes you (and it seems a lot of other discussions, including those referred to in #7293), are missing the concept of an implicit patent grant that those other projects (might) have, but which is missing here because the grant is explicit. See http://en.swpat.org/wiki/Implicit_patent_licence

@cardamon I think that's why the Apache licence would be the preference.

BSD, MIT, et al would be a permissive licence but gives no grants on any patents that Facebook may have which cover React (or any other project).

Apache is a permissive licence, but it has the patent grand clause which gives users a licence to any related patents which Facebook holds, protecting them from being caught by patent infringement.

The difference between the Apache patent grant and Facebooks BSD+patent licence (as I understand it) is that the Facebook one is weighted more towards Facebook having defacto access to your patents as you loose your licence to the Facebooks possible React ones if you sue Facebook for _any_ patent infringement. Apache only cancels the patent grant if you sue based on any patents directly related to the project under licence.

Essentially:

• Apache would be best for most companies.
• Facebook's current licences is a lot like Apache, but the language is broader.

@mitsuhiko @alexanderkjeldaas @matt-oakes Thanks for the clarifications.

I think that a major concern of technology companies evaluating this license is that compliance requires a burdensome -- maybe impossible -- degree of diligence.

Let's say you're Cisco and some frontend developers in your router division use React in a router's admin interface. A year and a half later, your WebEx division notices that a new web-conferencing startup (call it ConfCo) appears to be using a compression technique that you've patented. You sue for a preliminary injunction. In discovery, you learn that ConfCo licensed its compression code from QuickFire, a Facebook subsidiary. Facebook turns around and files a counterclaim alleging that your previously-licensed use of React in your routers is infringing, because your patent license was terminated when you brought a suit "against any party [ConfCo] if such Patent Assertion arises in whole or in part from any software, technology, product or service of Facebook or any of its subsidiaries or corporate affiliates."

If you're Cisco's patent lawyer, this is the kind of scenario you envision when you read the React license. Now that you understand the risk, what kind of systems do you need to put in place in your organization to ensure that the WebEx lawyers know the risk before bringing the ConfCo suit?

@cardamon @matt-oakes @mitsuhiko @alexanderkjeldaas

My team, at LinkedIn, is also having legal troubles using React for our internal projects. We would love to see a change on this front.

Hey all, thanks for your patience. The week is coming to an end, but unfortunately I don’t have any resolution for you yet.

Still, I want to point out that there is a real momentum behind this discussion internally. There are going to be more meetings next week escalating this up to the engineering directors. As you imagine they are quite busy, so this is taking more time than we thought.

Again, I can’t promise you any specific conclusion, and there is no clarity on where this will land. But please know there are people working on getting your voice heard.

@gaearon probably the biggest pain point is the scenario described by @copiesofcopies here. Is it possible to get clarification on it?

Thanks for following up and for hearing us out, @gaearon!

@gaearon Regardless of the outcome or where anyone stands, being given any sort of communication that this issue is being given attention is very much appreciated.

It did great damage to the community, and I am afraid that community will be split in the future.

Something like this might happen and no one will like it:

React = Oracle JDK
Preact = OpenJDK

But we cannot blame facebook, because there is no doubt about the legal right .

It did great damage to the community, and I am afraid that community will be split in the future.

i don't think that is true.. we have some years with React and with the Patent clause there and nothing of that has stopped its evolution, many big companies (with serious legal departments) are using it and many people are using it.. my opinion is that all of this is just "fear" about what could happen, or just that people think that facebook has somekind of "conspiration plan".

and please don't get me wrong.. i believe that the React community will be in much better place without that "fear", but saying that the community will be split because of this is just another probe of that "fear" and that the biggest issue is just the people that just like drama.

let's hope that facebook will change the License/Patent of React, so some us can finally say that there is no "conspiration theory" or "world domination plan" here.

Well, sure, but one can't foresee the future. If there wasn't that patent clause, everybody would be happy and no "sinister" stuff could happen in future.
With that clause in place, one really can't be sure.
But if the worst happens, what would you do?
I consider this fear a healthy feeling. If not, look at Oracle vs Google Java saga just for an example.

To throw a little more info on the fire, here's my take if anyone is curious. (tl;dr There is a lot of bad legal advice going around and way too much paranoia. We're talking about a JS framework that takes functions and returns (almost) HTML. This isn't an ARM license)

https://medium.com/@dwalsh.sdlr/react-facebook-and-the-revokable-patent-license-why-its-a-paper-25c40c50b562

+1

@LawJolla The unfortunate reality is that there are many lawyers in this world and I'm pretty sure they don't all agree. :)

@CoreyDotCom Then in cases where lawyers don't all agree, is the solution to take the most risk adverse position possible? Or is the solution to understand the problem and take the most reasonable position?

Perhaps it would be to follow suit with a defacto standard open source license and avoid contention.

@CoreyDotCom Apple uses similar terms. And your reply doesn't address my question.

@LawJolla Your argument is a good one for certain scenarios. But it’s tricky when the subject is a small startup without major funding. Rewriting a product to strip out React isn’t trivial for a small startup who may have built their product with it. I’ll use WordPress as an example. If WordPress adopts React, which they are currently using to build the Gutenberg project which is the planned replacement for the main editor in WordPress, it could have consequences to the entire WordPress ecosystem of commercial WordPress products. Yes, many of these are small businesses. But, many of these have also been acquired by bigger businesses. If WordPress adopts React and that startups product is built on top of WordPress... those bigger businesses could back out of acquisitions because their legal team raises a red flag during due diligence over the React clause. We already know there are companies that shy away from React for this reason. And if they had to strip our React it would basically mean rewriting it at which point the co Lang could just decide to build itself instead of acquiring the other company. If WordPress adopts it, do those same companies shy away from WordPress because they’ve used React for major functionality? When you most certainly could not afford litigation you’d want to take the most risk adverse path. Sometimes the most reasonable path is too much of a risk. I hope FB just updates the license so nobody ever has to find out if it is a paper tiger or not.

@carlhandcock My argument holds for all companies. Start ups don't have a patent portfolio to sue Facebook.

People seem to keep missing the salient point... for anything to happen, you need to sue Facebook. And if you have a good patent claim against them, and have the money to file the suit, you have the money to take React out. (Or don't. Assuming Facebook has any patents protecting React -- they most assuredly don't -- they can't show lost profits or reasonable royalties)

@LawJolla Also the author somehow assumes that there are no patents for React, which I doubt is true. Besides, this issue is bigger than React. It applies to all open source libraries that use same Facebook BSD+Patents. And, I am pretty sure that there are numerous patents filed for those libraries.

you have the money to take React out.

It's matter of money, energy, and time. If you see ASF's comments, ASF says they don't want to do it. I am sure they have money for it if they have to. But, it does not mean they like to do it or is any beneficial to them or any other companies that uses ASF's products. If this non-standard licensing trend continues to other big companies and all of their open source projects, then open source projects will lose their true meaning.

@joonhocho I'm the author. I didn't assume. I looked. And after 10000 reads not a single person has come forward with a plausible patent.

@LawJolla - you write that it's a "toothless" claim and only applies to React, which you _think_ has no related patents. But the PATENTS file is found in most Facebook repos (Immutable, GraphQL, Jest, Flow, Hack, HipHop, etc.), and it's becoming part of dependencies of dependencies. If it is a dangerous file, then the entire Free software ecosystem is getting damaged.

I don't think that you have addressed every scenario in your post. Also, some large and small tech companies seem to disagree, or at least they aren't ready to risk it.

@LawJolla Even if what you are saying is true, it has and is creating a lot of friction in the ecosystem whether it's just paranoia or not. One obvious example is this thread and numerous other threads on HN, Reddit, GitHub related to React's BSD+patents over the past few years.
Many companies including big ones have shied away from using React for this very reason. ASF is currently challenging it. People here are trying to change it, and I hope it does.

@joonhocho I can't disagree with that. Fighting for more open licenses, even if the rationale is couched in unfounded paranoia, isn't a bad thing.

@j127 There's a ton of bad legal advice and ignorant paranoia, so the fact that some won't risk it is unsurprising.

@LawJolla - Your arguments haven't addressed Immutable, GraphQL, Jest, Flow, Hack, HipHop, and all the other places that the file appears.

@LawJolla I’m not missing your point. I outlined an example in my reply on how it can impact a business from an acquisition standpoint. The small business does t have to have a patent portfolio. A big business interested in acquiring the small business could have the patent portfolio and opt not to acquire the small business because they don’t want to deal with the headache since as you said... they could just strip out the React so why not just write it yourself instead of acquiring a product you’ll have to rewrite and strip out the React from anyway? And FYI the lawyer from Automattic is speaking specifically about Calypso and Automattic as a business — and states they don’t have any patents anyway. But Automattic isn’t WordPress the open source project and how many businesses with patent portfolios use WordPress? A lot. How many of those will rethink WordPress using the open source project if they introduce key functionality written in React, which looks like a possibility with the Gutenberg project that is in Beta? I don’t know the answer to that. But like you said small businesses are unlikely to have patent portfolios. But big businesses use WordPress too.

It's clear that tin-foil hat, nonsensical hypotheticals rule this issue and further attempts at common sense will fall on confirmationally biased deaf ears. Good luck with the React license, UFOs, and faked moon landings. 🤗

Dennis,

That really wasn't necessary. Not helpful, either.

A GitHub issue is a poor venue to discuss legal theory. It also detracts from the original request: would Facebook be amenable to relicensing React to something other than FB/BSD+Patents ?

And in that vein, there isn't really anything to discuss. The real discussion is internal to Facebook, and we can/should simply wait for their decision and/or explicit request for further community feedback.

昨天晚上熬夜看React教程，如果Facebook不改授权协议，我只想说一句话：“打死你个龟孙！”。

@kideny
it's unfair to facebook.

I also dislike the patent of React, and all facebook Repos with it.

But it's the right for facebook who develop and deploy it.

How about GraphQL? React Native? and More?

Weex includes Yoga, but Yoga also includes the patent.

Maybe in the future, most of repos will includes its patent by big business.

☹️

Vuejs is a good choice, which is a MIT-licensed open source project. It is free and simple to use.

How about Preact?

But no Preact-Native...

😂

C'mon people, let's stay on topic here…

FWIW, my company's legal department sees no issue with us moving forward with react under the current licensing scheme. I suppose it depends on what your product it.

This thread is in danger of being closed I have no doubt. Can we please stick to the topic at hand. This is an incredibly important issue for a lot of us, the react team are doing us a service allowing us to continue to communicate here. Let's try to not add pointless input that may otherwise hinder any progress or cause us to lose this channel.

FWIW, my company's legal department sees no issue with us moving forward with react under the current licensing scheme. I suppose it depends on what your product it.

There's been a lot of confusion and misleading information around this issue, and it only got worse as it blew up on HN and Reddit and news sites.

The React licence/patents situation is no different today than it was a month ago. There is no need to switch away from React if you are already using it. The question of whether your company allows the use of React due to its licence/patents is a question for your company's lawyers.

The only thing that happened is that the Apache Software Foundation's lawyers have said that they do not find the licence to be appropriate for their projects. Thus, the Apache Software Foundation has instructed all of its projects to move away from Facebook BSD+Patents code by August 31st.

This does affect several ASF projects including CouchDB, Cordova, and Superset (incubator) – which is why this issue was opened – but it has no bearing on non-ASF projects (even if they are licensed under the Apache 2.0 licence).

I really don't think this issue should be turned into an opinion poll about the licensing situation. There are people who already cannot use react but want and there are a few more due to the ASF change that have issues with this now. This issue is already being discussed to death.

I'm pretty sure I'm not the only one who is subscribed to this issue to receive updates on the licensing situation and not to have my inbox swamped with more opinions about it. Maybe the actual discussions about the usefulness or not could be had elsewhere?

So this issue is a request to re-license, or just complains? or find a reason to make it?

I cannot getting something of value from it.

This issue is only us (CouchDB PMC) asking Facebook if they would consider changing the license to the Apache Software License 2.0.

We have to either remove the parts of our project that use React or port them to something else if this doesn't happen. We would much prefer to continue using React if the license is changed to one that the ASF accepts and it's far simpler if that's the ASL 2.0 license. We are not making demands or threats and we're not even commenting on the wider social or legal aspects in this forum, fascinating though they are.

The only response we are really waiting for is from Facebook (either directly or via a suitably authorised member of the React team).

There have been many excellent comments on the thread and it helps to see that the concern here is felt by others, but I for one would welcome the thread staying closer to the original goal.

I think it was understated by it only affecting a "few ASF projects". It affects every single open source project that uses react on either the backend or the front end, this includes WordPress. We can't expect users of OUR projects to respect a patent rider. You can't release your project as BSD if the license of any dependency is on the X list. So basically you can't license your project under anything but Facebook's license.

@victoriafrench That's not strictly true. You can release your software under any license you want. Your license doesn't affect the terms under which React is licensed. The license of your software applies to how the users of your software are allowed to use it. React's license affects how you use React, not how your users use your software.

@JayAndCatchFire that is not true. If you were to release Wordpress under BSD and it used a GPL component, you become GPL. Now any developer who creates any form of plugin for Wordpress is now also GPL. This is the reality. You can not use a license under X without distributing your product under the same license and it chains down from there. This is standard copyright licensing law, every attorney will tell you the same thing.

Let's move this over to motion picture. I use a video clip that has a non-theatrical license that I use in my after effects CGI template and I license that as CC. Marvel comes and uses my CGI template. Marvel can not release the movie to theaters because the non-theatrical license travels up the chain.

It's called a "chain of title" and applies to all copywritten work.

@victoriafrench I completely agree in the case of GPL. GPL is a viral license. Also, Wordpress is already licensed under GPL. But none of the software involved in this discussion (React, Apache Foundation's software, and various companies' proprietary software) is under a GPL license. We're talking about APL and BSD, neither of which are viral licenses. The PATENTS file doesn't change that.

The lawyers from Apache have made their decision - the licenses are incompatible. Facebook lawyers have said as much, too, according to the public discusion on the apache mailing list. (linked above in one of my previous comments).

This is a request to change the license.

There is always a lot of speculation as to what the license means. There are many differing opinions. Facebook has an FAQ about the license. They made a clarification post when it was last updated.

This request, per comments above, is being discussed internally at Facebook. They will decide what to do soon enough.

Individuals, projects, and companies can decide whether it's a good decision to use software with this or any other license. There are many online discussions on this topic in more appropriate forums than a github issue.

If you are similarly having difficulty leveraging React for legal reasons pertaining to the license, that would be great information to add to the issue comments.

If you are looking to change people's minds about how to interpret the license, this isn't the place to do it.

I would caution anyone from leveraging a legal opinion from this issue discussion. Most of the participants are not Facebook employees, and nobody has made an official statement clarifying the parameters of the license in this thread.

Besides, not very many lawyers have github accounts.

@nevetS to clarify: the Foundation did not say the licenses were incompatible. ... The Foundation said that its projects could not depend upon components using the FB/BSD+Patents license because it would introduce requirements over/above those of the ALv2.

Over the course of this discussion (here/elsewhere) several lawyers have stated the licenses are not incompatible. It is just that incorporating both into a larger Work means that you have two sets of requirements (ALv2 and FB/BSD+Patents). That larger set of requirements can be perfectly acceptable to some developers and the software they release.

By policy, that combination is not acceptable to the Foundation. Simple as that.

Open source should not rely on a patron's sympathy that can be revoked at any hint of conflict. Either open source a project and openly collaborate or keep it closed source. Softening this up with a Frankenstein license is counterproductive and extremely dangerous - if this sets a precedent and you have to accept additional clauses for every open source project you use, we will all suffer tremendously. The suggestion is a much cleaner solution for everyone. If this clause is only a paper tiger like some claim, it should not exist and if it is not, then this project is not open and has to be approached with extreme caution in most scenarios. In short: While I apologize for adding another opinion, the suggestion to relicense seems very well-founded. We recently had to decide against React for this reason and that's a shame.

Active committer on Apache Superset (incubating) here https://github.com/apache/incubator-superset, and ex Facebooker. Like CouchDB we're caught in the Facebook/ASF crossfire and would just like to use React to build and share [truly unlimited, surprise-free] open source software.

Regardless of the legitimacy, true meaning and applicability of the patent clause, we'd like for Facebook to play by the same rule as everyone else in the open source space and produce a standard, condition-free BSD license for React.

I was largely unaware of this issue when the team chose React for Superset, and for us to backtrack on either on the ASF or React side would be extremely counterproductive. Or worse, another option might be to tip-toe around by not distributing React in our releases and have the users build the software on their own to defer liability [not an option].

Personally (and based on my limited understanding of the legal implications) I think it's unethical for Facebook to buy itself some sort of patent lawsuit immunity through its popular open source software.

[Also related] If Facebook sticks with the current patent clause, I'd like to see the npm license metadata changed to reflect Conditional BSD or something that makes it clear that it isn't good old BSD, so that when we use package managers to import libs, and recurse through dependencies to understand the tree of licensing implications, that somehow this would bubble up as something important to understand, research and validate with our lawyers and software foundations.

@gstein not sure what you mean, Facebook has been told that it's not compatible by foundation members

@johnament I think that Greg is referring to a definition compatibility which says that two licenses are incompatible if there is no logical way to combine software components under the two licenses. For instance, CDDL and GPL are classic in this case since they both put limits on how the derived work must be licensed and the limits have no intersection.

There is another definition of compatibility and that is upstream policy compatibility. That is the problem at Apache. We don't (as you know better than I) allow dependencies that inhibit field of use or other aspects of use. As such, the patents rider on BSD+Patents is incompatible with Apache's policy.

There is nothing, however, that says that I can't use an Apache licensed component together with react if I am happy about that. I would just wind up with a derived work that imposes the same patent behavior on my users. I can't bring the combination back to Apache and suggest it be a project. But I can use it outside of Apache's policy confines.

In sum, I agree with both of you. :-)

@tdunning Could be. I'll let Greg comment on what his intentions were, but my reading of Roy's comment is that the licenses themselves are not compatible with one another (e.g. you couldn't dual license code under both of them). Speculatively, this is because ALv2 includes an irrevocable claim while the FBPL includes an explicit revocation clause. This is also probably why we can't include it, at the roots of it, because there is partial code that is potentially revocable.

Very simple, @johnament ... I said that @nevetS was incorrect when he asserted "The lawyers from Apache have made their decision - the licenses are incompatible." ... Our lawyers have made no such declaration. And the referenced ASF Member is not a lawyer, let alone one representing the Foundation.

The Foundation has said it will not allow FB/BSD+Patents for policy reasons (I'd have to look, but I don't even think our lawyers weighed in, at all). It has nothing to do with compatibility, and the Foundation has made no assertions or declarations about compatibility.

Apologies for stirring the pot on that @gstein - I myself had the wrong impression and shouldn't have made that statement without verifying.

It would be nice if those with legal team resources like the ASF would somehow publicly weigh in on the topic.

No worries, @nevetS ... easy enough to clarify.

Unfortunately, the ASF cannot provide legal advice. The crazy thing about the legal profession is that no lawyer will provide such advice either, unless and until you are their client covered under a retainer agreement. That's why you'll see commentary [from lawyers] marked as opinion, and in their second breath tell you to retain your own lawyer for advice :-)

+cc top contributors @zpao, @spicyj, @sebmarkbage, @gaearon

Multiple projects at the ASF (CouchDB, Cordova, and Superset) are in limbo and many of us would like for Facebook to communicate and clarify whether:

• the stance on the patents clause is firm and will not change
• people are debating internally at FB and will come up with clarification (an ETA would be great!)
• things are moving in the direction of a standard, ASF approved license (?!)

Personally I ❤️ React, ❤️ the ASF, and ❤️ open source software. Please allow us to share things built on top of React!

I have been waiting for more than two weeks and felt very disappointed now. We can change nothing but just go away. Goodbye react && Hello angular.

I'm pretty sure there will be no public decision until ~31 August because of corporation-enterprise etiquette

Calm down. At least the Facebook legal team (!!!) is looking into it. That by itself should be considered almost nothing short of divine intervention. Past that, it's going to be a waiting game, and that should be expected of anything related to legal work. Not much anyone of us can do here right now, but sit, and wait. If you can't sit and wait, go learn Vue, or something in the meantime. It's not going to kill you.

Your complaining is only going to make things worse at this point. They already know that we don't like how things are right now. They get it. I'm sure they're sick of listening to this thread. If there are more pointless comments in this thread, you bet your ass this thread will be locked down and shoved in the attic to collect dust.

I too share @mistercrunch's and @OlegLustenko's thoughts/concerns. We'll likely need to wait until August 31st to hear something on this from Facebook.

Any progress？

Hi all – thanks for waiting patiently. We still don't have anything to announce right now but will update here when we do.

Come on Facebook, do the right thing!

Come on Facebook, do the right thing!

Please stop.

If you can't sit and wait, go learn Vue, or something in the meantime. It's not going to kill you.

Sure some people can sit and wait but when you have production code, time is money. And for a company it could become very expensive to rewrite code simply because you have to change your framework. Imagine you hired React JS developers, do you keep them and hope they could learn another framework, or do you look for other staff.

@coding102 You can use use preact, with preact-compat it should be fully compatible with react.

I agree with spicyj: Please stop. Those discussions certainly have a place (e.g. a forum), but are misplaced in a Github issue which only deals with a very specific request. Furthermore, we have reached a point where we are waiting for a specific response. Your comments are well-intentioned (and I'm impatiently awaiting the result myself), but this should be discussed somewhere else, e.g. here, here or here. We also had preact mentioned twice before - repetitions do not contribute anything.

As Adam mentioned today, we want to be able to open source technology that is part of our most successful products. That's why we had to rethink how we could approach our licensing practice without further opening ourselves up to frivolous lawsuits and why it will remain in place. I'm sorry that this has caused so much churn in the community. Some even feel like they have to stop using UI frameworks because of it.

I understand that some organizations may choose to have policies against this type of license on principle. I like that we clearly include a patent license in our repo. IMO it would be nice if more companies would choose this route too. I was surprised by the ASF's decision since our license hasn't changed in years now. I think that's unfortunate because it works against companies trying to open up while protecting their business. It also creates a lot of churn for people building and combining great technologies. I wish this was normalized.

I'd like to keep working on giving more protection to ideas with many diverse implementations. Let's create an environment for that to happen. I'll close this out for now but let's keep the broader discussion going.

We’re relicensing React, Jest, Flow, and Immutable.js under the MIT license.
I hope that this addresses your concerns.

https://code.facebook.com/posts/300798627056246/relicensing-react-jest-flow-and-immutable-js/

React Native (including Metro, Fresco, and Yoga) has also been relicensed as MIT.

https://github.com/facebook/react-native/commit/26684cf3adf4094eb6c405d345a75bf8c7c0bf88