Open WebUI changed license from BSD-3 to Open WebUI license with CLA
37 comments
·May 6, 2025kmeisthax
Any time someone uses the word "sustainable" in regards to a FOSS project, I know they're buttering up the community as they plan to make the project not FOSS anymore.
In this particular case, it's not as bad as that, as Open WebUI is merely introducing a more onerous version of the BSD advertising clause. BSD 4-clause was considered a FOSS license but, in practice, demanding specific forms of attribution was incredibly problematic, especially in projects with multiple contributors. The attribution clauses in Creative Commons licenses are similarly if not more problematic; to the point where there is a cottage industry of copyleft trolls abusing pre-4.0 licenses as a way to rugpull people and coerce them into massive settlements.
Furthermore, the way this specific attribution requirement is written sounds like a possible future trademark landmine. Like, imagine if Firefox shipped with an attribution requirement that prohibited removing the trademarked Mozilla branding. That would effectively make the project non-FOSS because anyone who wants to use their FOSS rights is in a catch-22. Either you violate copyright and remove the trademarks, or you violate trademark by using your rights under the license in a way that violates trademark policy.
I'm also particularly not fond of the plan to demand CLAs and sell white-label licenses; my personal opinion is that you should almost never sign a CLA for a FOSS contribution. At the very least CLA signers should be getting paid a revenue share of the white-label licensing revenue.
riffraff
I think CLA signing is fine if the projects is owned by a reputable organization (Apache, FSF, whatever).
If the project is controlled by a commercial entity, you just have to understand it will likely change in a way you disagree with.
Onavo
> Like, imagine if Firefox shipped with an attribution requirement that prohibited removing the trademarked Mozilla branding.
Icefox anyone?
PeterZaitsev
Yep. This "little addition" to the license will likely make it non Open Source according to standard definition. It reminds me "Commons Clause" which Redis tried to add to its license years ago... and later pulled back.
I understand OpenWebUI team pain and perhaps not everything they do, they should do as Open Source
In my opinion you should think about Open Source as fundamental science - if you discover Gravity, people are going to use it and often not giving you any credit.
mgurlitz
They swapped out MIT [0] for BSD-3 just five months ago, which doesn’t seem to have been announced at all. Nixpkgs still has the 0.6.5 release as MIT, and 0.6.6 is in the AUR as MIT as well.
I wanted to be on the dev’s side here. CLA’s can be reasonable and I’ve happily let others convert my GPL code to them before. But reading the Open WebUI developer’s blog [1] makes it evident this isn’t really about the community — as he says, “It’s just me” and what he wants that matters for Open WebUI.
[0]: https://github.com/open-webui/open-webui/pull/8468/files [1]: https://jryng.com/thoughts/my-purpose
BeefySwain
Why does this keep happening? Do people not understand the implications choosing an open source license.in the first place? There are a million licenses, in fact you can just make your own one up! But when you choose a class of license the specifically allows commercial exploitation... you don't get to act wronged when it happens.
pjmlp
Two key reasons, they don't understand the implications, and many developers are cheapskates nowadays, they wouldn't have survived in old days until 2000's, where we paid for everything, or pirated it.
Somehow it feels great to be paid, to pay others for the tools, like in every other profession, not so much.
robertclaus
I think there's some selection bias. In my experience many folks that work on open source projects tend to lean more altruistic and good natured - so understanding the license doesn't mean expecting exploitation.
nine_k
The license is still open source. There's only a branding requirement added. Not much unlike "you must retain this notice" in other open-source licenses, like the Apache license.
I frankly find LGPL more useful in cases like that, but it apparently does not work for some parties. Open-source + commercial licensing also looks like a good balance between keeping the community-developed code accessible to everyone, while allowing the parties who don't want to share to pay for the privilege.
pabs3
Its deliberate, use a permissive/pushover license to get adoption, then rugpull once you have the userbase who are relying on you, then bathe your VCs in cash.
sofixa
You can't make such a claim without any backing. While undoubtedly it's the case for some, I strongly doubt everyone does it on purpose. It's just that orgs mature with time and realise their original naiveté.
Do you have any proof of that? Hell, are OpenWebUI even receiving VC funding?
KronisLV
> But with Open WebUI’s rapid growth and success, we started seeing a pattern we couldn’t ignore: bad actors taking our work, stripping the branding, selling it as their own, and giving nothing back.
I recently wrote a blog post on software licensing and this more or less feels like the reasoning behind some of the source available licenses like SSPL or the Elastic License.
What sometimes ends up happening is that forks are created (see Redis and Elasticsearch for examples) due to the community being quite upset and that can make it worse for the original project that was trying to protect itself from typically hyperscalers but sometimes just actors that aren’t aligned with the project's goals (that give nothing back and profit themselves).
If you never intend to make money from a project, license it permissively, like MIT or BSD or Apache 2.0 or similar licenses.
If you'd like to make money from the project at some point, consider dual licensing: AGPL or even something like SSPL, alongside commercial licenses for people with different requirements (commercial, proprietary software etc.), maybe with waivers for stuff like companies smaller than X employees or Y global revenue per year.
pabs3
pabs3
I note that the GPL does not require publishing the source code, only distributing it to users of the binary code.
Disposal8433
You're right, but it's equivalent to publishing because all users can have the source code AND can then distribute it freely once at least one user has it.
never_inline
What really is the moat of openwebui? I have seen at least 4 - 5 react UIs with similar functionality (chat, RAG, document library).
nirv
Not sure about the moat, it's mostly a SvelteKit web app with extra utils after all. But it has a rather unique combination of advanced features (RAG integrations, workspaces[1], pipelines[2], code execution[3], MCP integration[4], etc.) and a user-friendly "production grade" interface. I've built a dependency for OWUI using many of these advanced features, and now I'm trying to figure out where to migrate with no obvious alternatives.
My only gripe with the project was the (exorbitant) size of the docker containers, especially for cases where you need a tool with no local models, just a gateway to third-party APIs. Now another and more serious one has been added.
[1] https://docs.openwebui.com/features/workspace/
[2] https://docs.openwebui.com/pipelines/
DetroitThrow
I think it's just the most popular, most full-y featured OSS project.
Based on history, I don't think changing from a permissive OSS license will allow it to remain the most popular, most full-y featured project, especially in a world of competitors (plenty of which have venture funding).
HenriNext
Curious.. which 'bring your own keys' -style competitors have venture funding?
DetroitThrow
Is HuggingFace venture funded? Because they have an Apache 2.0 licensed competitor (but it's not very active at a glance).
MSTY is the first one that comes to mind though. And if you're willing to stretch your idea of "what competes with OpenWebUI" I know half a dozen startups that let you pass in some set of keys and "build a multi-agent system" in a GUI usually alongside some pared down chat windows.
42lux
Lobechat comes to mind.
Disposal8433
As we've seen this countless times, it still has the same problems:
> taking our work, [...] and giving nothing back
That's the BSD license for you. Following is a lot of FUD about what you can or cannot do, and what is open-source at all.
> the new branding clause [...] incentivizes individuals and organizations to actively contribute back
Not anymore with a CLA. I understand that they want money, but it never works by semi-closing open-source projects. It doesn't seem to be a famous project but I still expect the usual small forks while the real projects contributions slowing down because of the CLA.
zephyreon
Asked and answered but for the sake of discourse, what is the best model/structure for open source projects? Every OSS project that reaches critical mass seems to believe changing the license to something source-available is the only option. Is it or isn’t it? Why or why not? Does it make sense to go with a different OSS license? If it does, which license would you recommend, and in what case(s)?
DetroitThrow
>Every OSS project that reaches critical mass seems to believe changing the license to something source-available is the only option.
Far from, these projects are the exceptions not the norm imo. Even the ones that grow past hobbyist torch-passing. Usually the impetus for changing license involves a business who finds themselves in charge of very well-used projects that, despite their popularity, isn't all that lucrative to be the ward of.
So, I think there are better models than using permissive OSS as the license for the first few years of a project and then switching it out from underneath contributors/users.
From a purely business perspective, it seems silly to acquire a customer base who wants _free_ and agree to provide it, then rug pull them - and expect the inertia from the initial goodwill can carry the business for more than a few years. I've seen dozens of software businesses and projects die this way at this point, so I'm not surprised, even if the juice is only temporary it's seems well worth the squeeze for enough of these entities.
pabs3
Do you mean funding model? I agree with the Ladybird developers, the best model is to accept donations and other no-strings-attached funding.
zephyreon
Moreso the structure of an OSS project, which includes the funding model. The license choice is arguably one of the most important decisions yet people seem to get bitten by it quite often in my view.
pabs3
Depends on your goals, but I would say the default should be AGPLv3 without CLA, funded by donations and maybe sponsorship and other no-strings-attached sources, with the money going into a non-profit foundation, and the trademarks, domains and other assets owned by the foundation, and the copyrights owned by individual contributors.
https://vadosware.io/post/the-future-of-free-and-open-source...
kennethallen
They cannot just relicense the work of all of their public contributors without them agreeing in writing. This is completely illegitimate. (They don't seem to require signing any contributor agreement.)
DHowett
Have you come by your certainty that they have not asked because you were a contributor?
robertclaus
How does keeping the branding in place reduce misleading customers? Won't it look even more like Open WebUI supports the forked product?
pabs3
They address that, for forks you have to make it clear that it is a fork of Open WebUI.
kmeisthax
The LICENSE[0] doesn't say that. That's merely Open WebUI's interpretation of their own license. Now, a judge would probably consider that estoppel, but you don't want to rely on that.
Using the license on its own, you effectively are saying:
- Don't use our branding to endorse your fork
- Don't remove our branding from your fork
The only way to satisfy both of these is to not fork.
[0] https://raw.githubusercontent.com/open-webui/open-webui/refs...
Also, they forgot to reformat the new clauses for 80 column text, which makes the license unreadable on the normal GitHub viewer.
Disposal8433
The forks will begin at the previous version though without having the branding requirements. Forking before the new version is what happens all the time.
numpad0
Wait, they want Iceweasel branded as Firefox, not the other way around?
I am skeptical that this change meets the Open Source definition. I can understand that they want to experiment with something new, but the OSD includes a non discrimination clause, you cannot restrict or grant different rights in an open source license to different groups. What they should do instead is dual license, with a license that a acheives their goals for the general populace, plus special licenses for specifc groups that allow them to do things the open source license doesnt. I'm not a fan of CLAs like that, but they are requiring a CLA anyway.