Don’t Use Non-Open-Source Code In Mozilla

tl;dr: Don’t use third party code which isn’t clearly marked as open source in Mozilla projects, even if the developer says you can. This includes HighCharts. Consult the licensing team if in doubt.

Mozilla is an open source organization. Our manifesto says that “free and open source software promotes the development of the Internet as a public resource.” I hope never to see the day when we decide as an organization to ship non-open-source software; if we ever did, that decision would have to come from the very top.

However, it turns out that sometimes we accidentally do ship or require stuff with a non-open-source licence. So I thought it might be helpful to clarify some common situations. In particular, Mozilla developers should not use:

  • Code put up on Github (or anywhere else) without an explicit licence
  • Code which is is only available for non-commercial use (e.g. CC-BY-NC)
  • Code which you can’t make derivatives of (e.g. CC-BY-ND)
  • Code whose developer says “sure, it’s not open source, but it’s OK for you to use it”
  • Non-open-source code which lives elsewhere on the web and is pulled in by URL (e.g. a JS library)

One non-commercial-use-only library (HighCharts) made it into one Mozilla website (with permission of the developer) and, despite a bug being filed to remove it, it hasn’t been removed and has in fact been used in at least one more major Mozilla web property – and it could have been even more if I hadn’t noticed someone else saying they were planning to use it. Hence this blog post, to try and make sure it doesn’t spread any further. There are alternatives – Rickshaw has been suggested. It’s a lot of hassle to remove working code once it’s integrated and deployed, and the best way to avoid that hassle is not to use such a library in the first place.

There’s lots of code in the world which we can’t use due to its licence. The fact that you have a copy of that code on your hard drive doesn’t make it any more usable. :-)