I recently did an audit of the "BSD" licenses in the FreeBSD ports tree. This pertains strictly to those defined as LICENSE=BSD which could be one of several licenses. It was an extremely tedious process manually verifying the license of each port, and except for a dozen which are not identifiable or waiting for email responses from the authors it has been completed successfully.
Things I've learned:
-
Lots of people don't understand open source licenses and incorrectly label their own license. BSD == MIT, etc.
-
Services like pypi don't get any more granular than "BSD" which made this audit frustrating and perpetuates the idea that there is a single "BSD" license. Go look in PKG-INFO files -- just says License: BSD.
-
Developers have this fantastic idea where they say "This project is under the BSD license" and then never point the enduser to any license text anywhere.
-
Many people are leaving their LICENSE or COPYING files out of their release tarballs -- incredibly daft of them.
-
BSD community members seem to know when you author software you license files not an entire projects, and put the license in the header of every source file. (Thanks!)
-
Some people think they can just edit standard licenses because they're smarter than the lawyers who helped develop these licenses and cause unnecessary work to myself and others. (ZPL2.1 with a clause cut out)
-
There are far too many variants of the MIT license.
-
OpenBSD actually uses the ISCL license, not a classic BSD license. (Don't worry, it's just shorter)
-
Even Debian can make mistakes. (That's not a GPLv3 license.)
-
Tons of copies of the BSD 3-CLAUSE out there that have clauses numbered 1., 2., and 4.. Makes me chuckle every time I see it.
-
An unofficial BSD 1-CLAUSE is floating out there in use by a few projects which indicates the author only cares about its source distribution and not the binary...
-
The Sendmail license had an older variant that implied that you have to fly to California to defend yourself if you violate it.
-
Never trust the license of a package. If you're a vendor you better verify it by hand before selling your product.
Results:
1 ART20
1 BSD1
1 BSD2 BSD3 ART10
1 BSD2 MIT
1 BSD3 TclTk
1 CC
1 CPL
1 GPLv2 BSD3CLAUSE BSD4CLAUSE
1 GPLv2 ISCL
1 GPLv3
1 PHP202
1 PHP30
1 Sendmail
1 ZPL21
2 BSD2 BSD3
2 BSD3 MIT
2 REPOZE -- ZPL21 modified
4 GPLv2
4 TclTk
5 CUSTOM
8 BSD4
17 ISCL
24 MIT
62 BSD2
148 BSD3
This isn't 100% accurate either as sometimes there were ports which had multiple licenses defined and I only fixed and noted the "BSD" one. However, those that have multiple licenses listed were instances that I discovered that the project didn't fit strictly under one license.