Open Source License Reference

Permissive vs copyleft OSS licenses and their obligations.

Reference comparing major open-source licenses — MIT, BSD, Apache 2.0, MPL 2.0, LGPL, GPL 2/3 and AGPL — by permissive vs copyleft type, patent grant, and what you must disclose when you distribute. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

What is the difference between permissive and copyleft licenses?

Permissive licenses (MIT, BSD, Apache 2.0) let you reuse the code in almost any project, including proprietary ones, as long as you keep the copyright and license notice. Copyleft licenses (GPL, AGPL, and weakly LGPL/MPL) require that derivative works are released under the same license, keeping the code open.

Comparing the major open-source licenses

Open-source licenses fall on a spectrum from permissive (do almost anything, just keep the notice) to strong copyleft (derivatives must stay open under the same terms). Choosing or complying with one comes down to three questions: can you use it in proprietary code, does it grant patents, and what must you disclose when you distribute. This reference compares the licenses you will meet most often.

License spectrum at a glance

LicenseTypeProprietary use?Patent grant?Key obligation
MITPermissiveYesImplied onlyKeep notice
BSD 2/3-clausePermissiveYesImplied onlyKeep notice; BSD-3 adds no-endorsement clause
Apache 2.0PermissiveYesExplicit + retaliationKeep notice; state changes
MPL 2.0Weak copyleftYes (mixed files)ExplicitShare modified MPL files
LGPL 2.1/3Weak copyleftYes (dynamic link)Yes (LGPL-3)Keep library replaceable; share library source
GPLv2Strong copyleftNoNoneDistribute source of whole derivative
GPLv3Strong copyleftNoExplicit + tivoizationDistribute source + installation info
AGPLv3Network copyleftNoExplicitDistribute source for networked use too

How it works

Each license sets conditions that attach when you distribute (and, for AGPL, when you serve over a network). Permissive licenses — MIT, BSD, Apache 2.0 — only ask you to preserve the copyright and licence text; Apache 2.0 adds an express patent grant. Weak copyleft — LGPL (library linking) and MPL 2.0 (per-file) — keeps the licensed parts open while allowing proprietary combination. Strong copyleft — GPLv2, GPLv3, AGPLv3 — requires the whole derivative work to be released under the same licence, with AGPL extending that to networked use. GPLv3 and Apache 2.0 are compatible one way; GPLv2-only and Apache 2.0 are not — a common trap when combining packages.

Compatibility traps

GPLv2-only + Apache 2.0 is the most common problem in practice. The Apache 2.0 patent retaliation clause imposes extra restrictions beyond what GPLv2 allows, so combining them in a single binary is not permitted under GPLv2-only. If you need to combine Apache 2.0 code with a GPL project, the project must use GPLv3 or include the “or later” clause that allows it.

AGPL and SaaS is the second common surprise. Developers who run modified GPL code in a cloud service without distributing binaries believed they were safe from source disclosure — the “SaaS loophole.” AGPL was specifically designed to close that loophole.

Choosing a license for your project

  • Maximizing adoption: MIT or Apache 2.0 — both let companies use the code in proprietary products without worry.
  • Wanting a patent grant: Apache 2.0 adds an explicit patent licence and a retaliation clause that MIT lacks.
  • Keeping the library open while allowing proprietary apps: LGPL or MPL 2.0.
  • Ensuring all derivative work stays open: GPL (for desktop/server binaries) or AGPL (for SaaS).
  • Keep the LICENSE file and every copyright notice intact in every distribution — that is the minimum obligation for all permissive licenses and a legal requirement for copyleft ones.