Nythral position: the license is not a footer detail. It decides what kind of trust a product can earn, what kind of competition it invites, and what kind of company can be built around it.

A common founder question sounds simple at first: should the code be open source, source-available, or closed with a free community edition?

The honest answer is that there is no magic license that gives every advantage at once. If a product wants the credibility of open source, it has to grant real open-source freedoms. If it wants to legally block commercial forks, it can do that, but it should stop calling itself open source. That distinction matters because sophisticated users, developers, and enterprise buyers notice when a company tries to borrow open-source language while withholding open-source rights.

The decision frame
01
AdoptionPermissive licenses reduce legal friction and make it easier for other teams to embed the software.
02
ReciprocityCopyleft licenses keep derivative work in the open when software is distributed, and AGPL extends that pressure to network services.
03
Commercial controlSource-available licenses can restrict production, SaaS, resale, or competitive use, but they are not open source.
04
MoatThe durable moat is usually brand, trust, hosted operations, release discipline, support, integrations, and the team behind the roadmap.

Open Source Is Not Just Visible Code

The Open Source Definition is explicit: open source must allow free redistribution, derived works, and use in any field of endeavor. A license cannot say “you may use this, except for business,” and still be open source in the classical OSI sense.

That is the difference between “source is visible” and “software is open source.” A GitHub repository with a noncommercial restriction may be useful. It may even be generous. But it is source-available, not open source.

Working rule: if the license forbids commercial use, production use, SaaS hosting, resale, or competition, do not market it as open source. Call it source-available, community source, trial source, or noncommercial source.

The License Map

Every license below answers the same founder anxiety differently: how much freedom do users get, and how much commercial leverage does the original company keep?

License or modelTypeWhat it allowsCommercial impact
MITPermissive open sourceUse, modify, distribute, sublicense, and sell with minimal conditions.Maximum adoption, weakest protection against closed commercial forks.
BSDPermissive open sourceSimilar permissive rights; retain notices and disclaimers.Friendly to vendors and embedded use, but easy to privatize downstream.
Apache 2.0Permissive open sourceBroad commercial use plus explicit patent license and notice requirements.Often the safest permissive choice for infrastructure and enterprise adoption.
MPL 2.0Weak copyleft open sourceFile-level copyleft: changes to MPL files stay open, larger combined apps can remain proprietary.A middle path when you want some reciprocity without GPL-level reach.
LGPLWeak copyleft open sourceCommon for libraries; apps can link under conditions, library modifications remain shareable.Useful when adoption by commercial software matters but core improvements should stay open.
GPLv3Strong copyleft open sourceCommercial use is allowed, but distributed modified versions must preserve GPL freedoms.Blocks closed redistributed forks, but can make some enterprise legal teams cautious.
AGPLv3Network copyleft open sourceLike GPL, with extra source-sharing obligations for modified network services.Strongest open-source answer to hosted SaaS clones, but higher adoption friction.
Business Source LicenseSource-available with delayed open sourceSource is visible, but production or competitive use is restricted until a later conversion date.Good for commercial control, but not open source before conversion.
PolyForm NoncommercialSource-available noncommercialUse is allowed for noncommercial purposes, commercial use requires permission.Clear commercial control, but it cannot be honestly positioned as open source.
Proprietary + free tierClosed sourceUsers get product access, not source-code freedoms.Maximum control, lowest community development and audit credibility.

Why Ceph Could Sell for $175M

Ceph is a useful example because it breaks the naive idea that “open source means you cannot build a valuable company.” The Ceph repository's license file states that most of the code is under LGPL 2.1 or LGPL 3, with parts under BSD-style, Apache, Boost, public-domain, and other compatible licenses. That is real open source. It does not prohibit commercial use.

In 2014, Red Hat agreed to acquire Inktank, the company behind Ceph, for approximately $175 million in cash. Red Hat did not buy the exclusive right to stop everyone else from using Ceph. It bought the team, customer relationships, enterprise support motion, roadmap influence, brand trust, and the strategic position around distributed storage.

Code was copyableAnyone could still fork or package Ceph under the license terms.
Trust was not copyableThe original maintainers, enterprise relationships, and support reputation were the business asset.
Brand matteredA fork cannot automatically inherit the project's name, official channels, or customer confidence.
Operations matteredEnterprise buyers pay for working systems, support, guarantees, and integration, not just a zip file.

Known Products and Their Licensing Lessons

The best examples show that “open source” is not one business model. It is a set of rights that can support many business models.

ProjectLicense postureLesson
Linux kernelGPLv2Strong copyleft can coexist with massive commercial ecosystems when the project becomes infrastructure.
KubernetesApache 2.0Permissive licensing helped cloud vendors and enterprises adopt it widely, while brand and governance shaped trust.
PostgreSQLPostgreSQL permissive licenseA permissive database can still build an enormous ecosystem through quality, stability, and reputation.
WordPressGPLThe core is open, while hosting, themes, plugins, services, and ecosystem trust create commercial value.
BlenderGPLOpen source can win creative tooling markets when community, foundation governance, and professional quality align.
CephMostly LGPLOpen source does not prevent acquisition value; it moves value into team, support, brand, and strategic ecosystem position.
MariaDB MaxScale-style BSL productsBusiness Source LicenseSource-available can protect commercialization for a time, but it is a different promise from open source.

The Fork Fear Is Real

The fear sounds like this: if the code is open, a competitor can copy it, add better marketing, and sell the product faster.

That can happen. A license is not a substitute for product strategy. MIT and Apache make copying easy. GPL makes closed redistribution harder. AGPL makes modified hosted services harder to keep private. Source-available licenses can forbid commercial forks entirely, but at the cost of open-source legitimacy.

The question is not “how do we make copying impossible?” The question is “what advantage are we building that a fork cannot cheaply copy?”

What competitors can and cannot copy
They can copy codeThat is expected in open source. The repository is not the entire company.
They can sell servicesOpen source allows commercial use. Competing support or managed hosting may be legal.
×
They cannot copy trust instantlyOriginal maintainers, release discipline, public roadmap, support history, and deployment quality take time.
×
They cannot own your trademarksA strong trademark policy protects official names, logos, channels, and certified builds.

Open-Core Is Usually the Practical Middle

For many product companies, the practical answer is not “everything open” or “everything closed.” It is open-core.

The core product is genuinely open source. The paid product adds operational features that businesses expect: hosted cloud, managed upgrades, SSO, role-based access control, audit logs, backups, high availability, compliance controls, security monitoring, signed builds, priority support, migration help, and team management.

This works when the paid layer is not a cynical crippleware wall. The open product must be useful enough to earn trust. The commercial product must be useful enough that serious teams prefer paying over operating everything themselves.

Related Nythral context: see our open-source projects for the public tools we maintain and the way we present official Nythral-backed software separately from ordinary code visibility.

So Which License Should A Founder Choose?

If the goal is maximum adoption and enterprise comfort, Apache 2.0 is often the cleanest default for infrastructure. It is permissive, familiar, and includes explicit patent language. The tradeoff is that commercial forks can close their changes.

If the goal is a real open-source project with stronger reciprocity, GPLv3 or AGPLv3 is the more defensive path. GPLv3 helps when modified software is redistributed. AGPLv3 is more relevant when the product is a server or hosted service, because modified network use triggers source-sharing obligations. The tradeoff is higher legal friction for some companies.

If the goal is to prevent commercial clones, choose source-available. Use something like BSL, PolyForm Noncommercial, or a custom commercial license. But say it plainly. Do not call it open source.

Founder priorityBest fitTradeoff
Maximum adoptionApache 2.0 or MITCompetitors can build closed products from the code.
Infrastructure credibilityApache 2.0Less defensive against hosted or proprietary forks.
Reciprocity on redistributionGPLv3Some vendors and enterprise teams will hesitate.
Defense against SaaS clonesAGPLv3Still open source, but with more procurement and legal friction.
Commercial control over forksBSL or PolyForm NoncommercialNot open source before conversion or while noncommercial restrictions apply.
Premium product businessOpen-coreRequires discipline: the free core must be real, and the paid layer must add operational value.

The Clean Recommendation

For a developer-facing product that wants community respect and commercial upside, the strongest strategy is usually:

  • make the core genuinely open source;
  • choose Apache 2.0 for maximum adoption, or AGPLv3 if hosted clones are the central fear;
  • protect the product name, logo, website, marketplace, official builds, and certification channel through trademarks;
  • sell the best way to use the software: hosted cloud, official signed builds, support, enterprise controls, monitoring, upgrades, security, and integrations;
  • never market source-available restrictions as open source.

The uncomfortable part is also the strategic clarity: open source means competitors may sell around your code. The way to win is not to pretend the code cannot be copied. The way to win is to become the project people trust, the release they install, the support team they call, and the roadmap they believe will still matter in five years.

Sources