185

There is some code on GitHub that I would like to use. The repository has no public declaration of license that I can find. But this particular project has over 200 forks and is a pretty active history of public issues and pull requests. There is one issue opened by someone else requesting a license be added, but with no useful responses.

The repository has no public declaration of license that I can find. Given the nature of e-commerce (in context), it seems likely that many are using this product in a commercial capacity. But in general, are there any safe assumptions that I can make about my right to use/modify/sell or contribute to this software?

This is a canonical question. New questions asking effectively the same thing as this question may be closed as a duplicate of it.

Improve this question
5
  • 3
    Related question: Is my code FLOSS just because it is published it on GitHub?
    – unor
    Commented Jul 1, 2017 at 18:26
  • 3
    This particular project has a commit history between 2008 and 2012, only three contributors (one mostly, not identified as a GitHub account). It has many opened issues / PRs but no one from the project seem to have ever answered to any of them. I don't call this "a pretty active history of public issues and pull requests". I wouldn't even be confident that this project was uploaded with the permission of the original author.
    – Zimm i48
    Commented Aug 21, 2017 at 13:45
  • 1
    This comment sums it up perfectly: github.com/organicinternet/magento-configurable-simple/pull/…
    – S.S. Anne
    Commented Jun 3, 2019 at 11:12
  • 1
    At some point, someone submitted a pull request adding the MIT license information - I hope the project author knew what they were doing by accepting it. I guess the license would be invalid if it turns out that others who already contributed did not agree to the license change?
    – Jonas Czech
    Commented Dec 12, 2019 at 19:08
  • 1
    That is a different project, though.
    – kojiro
    Commented Jun 16, 2020 at 18:21

2 Answers 2

Reset to default
176

If a repository has no license, then all rights are reserved and it is not Open Source or Free. You cannot modify or redistribute this code without explicit permission from the copyright holder.

I'm unsure of the legal implications of actually pulling the source local and building/using the software privately though. Perhaps someone else can chime in on that.

From GitHub's licensing help page:

You're under no obligation to choose a license. However, without a license, the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work. If you're creating an open source project, we strongly encourage you to include an open source license. The Open Source Guide provides additional guidance on choosing the correct license for your project.

Note: If you publish your source code in a public repository on GitHub, according to the Terms of Service, other GitHub users have the right to view and fork your repository within the GitHub site. If you have already created a public repository and no longer want users to have access to it, you can make your repository private. When you convert a public repository to a private repository, existing forks or local copies created by other users will still exist.

In short, the only thing you can safely assume is that you have no rights to do anything at all with this code. In the particular case of GitHub, you can fork the repository and view the code, but nothing more.

Being it's entirely possible that the owner doesn't realize any of this, I left a comment on the repo alerting them to the situation and pointing back to this Q & A.

Improve this answer
6
  • 2
    Comments are not for extended discussion; this conversation has been moved to chat.
    – ArtOfCode
    Commented Aug 26, 2015 at 20:46
  • 2
    In the strictest sense, does that mean that I also wouldn't have the right to run it? Proprietary software explicitly grants this right within its terms, so what's the default?
    – WhyNotHugo
    Commented Jul 3, 2020 at 18:20
  • 2
    That’s correct @WhyNotHugo. If there’s no license, you have been granted no rights. The GitHub terms of service allow you to view the code and that’s about it.
    – RubberDuck
    Commented Jul 3, 2020 at 19:22
  • 3
    Actually I do not think it is so easy. If it were patented stuff: yes. If somebody hold a patent in your jurisdiction then you are not even allowed to use this IP for internal processes etc. But this here is copyright, and one could claim that by publishing it on a webpage with a download button, that implicitly certain rights are given, definitely reading the code and downloading it. Now I believe running code is not restricted by copyright laws (although not knowing courts decisions). What I mean, (as an example) imagine somebody distributing free newspaper but when you want to read
    – lalala
    Commented Jan 26, 2021 at 18:09
  • 2
    it then they claim 'ohh we didnt give you a license to actually read it', this will not fly legally. Or what also is protected by copyright is architecture. Most countries allow you to take photographs (if they are from a public viewing angle). So I believe (but probably these things have never been tested in court) that you could claim, that you can download the source from github and run it on your own servers; probably you have to download it from github with each server though..... (to not copy it at your facility)
    – lalala
    Commented Jan 26, 2021 at 18:13
51

There is no longer any need to guess the meaning from GitHub's Terms of Service. GitHub explains it themselves pretty well on their own choosealicense.com website:

If you find software that doesn’t have a license, that generally means you have no permission from the creators of the software to use, modify, or share the software. Although a code host such as GitHub may allow you to view and fork the code, this does not imply that you are permitted to use, modify, or share the software for any purpose.

Your options:

Ask the maintainers nicely to add a license. Unless the software includes strong indications to the contrary, lack of a license is probably an oversight. If the software is hosted on a site like GitHub, open an issue requesting a license and include a link to this site, or if you’re bold and it’s fairly obvious what license is most appropriate, open a pull request to add a license.

Don’t use the software. Find or create an alternative that is under an open source license.

Negotiate a private license. Bring your lawyer.

Source: Choose A License article: No license

Improve this answer
8
  • 10
    Adding a license to an unlicensed repository may be a complex task. Only the copyright holder can license the code, which means that every contributor to the repository must individually agree to license the code under a new license. If there's only one contributor, then it's easy, as you only need that person. If there's more than one contributor it may be anywhere from easy to impossible to add a license to the repository. The maintainers can add a license that all future contributions are bound by, but they don't have the right to add-/re-license existing code which they didn't author.
    – Makyen
    Commented Jan 5, 2020 at 18:23
  • 7
    @Makyen Maybe GitHub should require that a repository has a license in order to enable pull requests or commits from anyone else than the project host...
    – gerrit
    Commented Oct 26, 2021 at 13:03
  • 2
    Isn't it ironic that GitHub suggest you make a PR, thereby creating a derivative (your fork) and violating the author's copyright? 🙃
    – Cornelius Roemer
    Commented Jul 16, 2023 at 23:58
  • @gerrit Github's obligations are to remove repositories where there is an official copyright dispute (done via a takedown request), and far as I understand, they have a good record of doing so (by taking down repos where there was indeed a violation/takedown request). To put in more controls than this would be too meddlesome. Imagine if your operating system's "copy A B" command also required you to prove that you had a license to copy the materials in directory A before it would initiate the copy operation from A to B? Personally I would not want to use such a system.
    – Brandin
    Commented Oct 17, 2023 at 7:18
  • @Makyen Re "... every contributor to the repository must individually agree to license the code under a new license." - I doubt that is a correct understanding of copyright law. Someone published the original version of the repo. AFAIK, they are the copyright holder. IMHO, Anyone who submits a push has implicitly "given" it to the original copyright holder. [Similar to submitting a push to an open-source licensed project implies licensing the pushed code under the same license.] Any other legal interpretation would be unenforceable chaos. Caveat: IANAL.
    – ToolmakerSteve
    Commented Jun 22 at 23:33

Not the answer you're looking for? Browse other questions tagged or ask your own question.