← Learn··Updated 19 Jun 2026·3 min read

What is an open-source license?

An open-source license is the legal grant that hands copyright permissions back to everyone. What copyright restricts by default, who decides what counts as 'open source' (the OSI and the FSF), and the three families — permissive, copyleft, and source-available.

Open source & licensing
Open source licenses explainedPart 1 of 7
#open-source
#license
#copyright
#osi
#ai-assisted
In this seriesOpen source licenses explained

An open-source license is a legal grant that gives everyone permission to use, study, modify, and redistribute a piece of software. It exists because, without it, nobody legally can. Copyright is the default state of all code, and the default is no. A license is how an author turns that default into a yes, and the exact shape of the yes is what separates one open-source license from another.

The moment code is written, copyright attaches automatically — no registration, no notice required. Copyright means all rights reserved: the author alone may copy, modify, or distribute the work, and everyone else needs permission. Put code on GitHub with no license and it is visible, but it is not open — you have been given no rights to it at all. The repository is public; the copyright is still locked.

A license is that permission, written down in advance and offered to everyone. An open-source license specifically grants the rights that make collaboration legal: run it for any purpose, read and change the source, and pass copies — modified or not — to other people. Those rights are what the right to fork is built on; this series is the mechanical reference for the licenses that grant them.

Who decides what "open source" means

Two organizations define the term, from two directions, and in practice they draw the line in almost the same place:

  • The Open Source Initiative (OSI) publishes the Open Source Definition — ten criteria a license must meet, including free redistribution, available source, allowed derived works, and no discrimination against persons, fields of use, or other software. The OSI maintains the canonical list of approved licenses. "Open source" as a precise term means "OSI-approved."
  • The Free Software1 Foundation (FSF) publishes the Free Software Definition — the four freedoms (run, study, redistribute, distribute modified versions). The FSF's emphasis is ethical ("free as in freedom"); the OSI's is pragmatic. That terminology — and the myth that "free" means "free of charge" — gets its own post: free vs open source.
🔗 Learn more1 Free vs open source: 'free as in freedom', not 'free as in beer'

A third body, SPDX, doesn't judge anything — it just assigns every license a short machine-readable identifier (MIT, Apache-2.0, GPL-3.0-only) so build tools and scanners can track them unambiguously. When this series names an SPDX id, that's the one to put in your LICENSE file metadata.

The three families

Every license you'll meet falls into one of three groups, defined by what they ask in return:

flowchart TD
    LIC["An open-source license: rights handed back"] --> PERM["Permissive: keep the notice, do anything"]
    LIC --> COPY["Copyleft: pass on the same freedoms"]
    PERM --> MIT["MIT, BSD"]
    PERM --> AP["Apache 2.0: adds a patent grant"]
    COPY --> LGPL["LGPL: weak, library boundary only"]
    COPY --> GPL["GPL: strong, the whole program"]
    COPY --> AGPL["AGPL: strong, also covers network use"]
    SA["Source-available: SSPL, BSL"]
    SA -. "looks open, fails the test" .-> LIC

    classDef plain stroke:#7b88a1,stroke-width:2.5px
    classDef key stroke:#a3be8c,stroke-width:2.5px
    class LIC key
    class PERM,COPY,MIT,AP,LGPL,GPL,AGPL,SA plain

The license families. Permissive and copyleft2 are both open source; they differ only on whether you must pass the freedoms on. Source-available licenses sit outside the set — the dashed edge is the test they fail.

🔗 Learn more2 Copyleft and the GPL family
  • Permissive — keep the copyright notice, otherwise do anything, including building closed products on top. MIT, BSD, Apache 2.0.
  • Copyleft — same freedoms, with one condition: distribute a modified version and you must release your changes under the same license. The GPL family.
  • Source-available — the source is published, but the license withholds freedoms the definition requires. SSPL and BSL look open and are not. The OSI approves neither.

How to read a license in thirty seconds

You rarely need to read the full legal text. Three checks answer most questions:

  1. Find the SPDX id. It tells you exactly which license and version (Apache-2.0 is not Apache-1.1; GPL-2.0-only is not -or-later).
  2. Is it OSI-approved? If it's on the OSI list, it's genuinely open source. If it's "source-available," it is not — treat it as proprietary with the source shown.
  3. Permissive or copyleft? This decides your obligations when you redistribute. Permissive: keep the notice. Copyleft: your derivative inherits the license. Which one to pick, and how they mix, are their own questions — covered next in the series.