I was consulted by a Lawyer about open source licenses and since it is not that difficult, I thought I would share some of the simplicity with you.
Open Source software might seem like a nightmare only lawyers can understand. But this is not actually true. Determining if an Open Source library is usable in a commercial product is can become a simple task.
I am going to make this easy for you.
Think of Open source license as you would a traffic light. Green is good to go, yellow is proceed with caution but be ready to stop, Red is stop but with time may become green.
- Green licenses
BSD/MIT/Apache licenses (and a few others)
- Yellow Licenses
- Red Licenses
GPL, 3rd Party Commercial
These are close to 100% free but not quite…usually the only restrictions are simple things…like things you should not do but wouldn’t do anyway:
• “don’t remove license from the code files”
• “don’t use the name of the author or their place of business to promote your product”.
Which since we don’t do anyway, the code is essentially 100% free.
These licenses are usually short and don’t require a lawyer as anyone can pretty much read and understand them.
You don’t even have to include these licenses in any “pop-up” license agreements. As long as internally where we store these files the license remains in the source, we are fine.
You usually don’t even have to provide a mirror for this code and you can ignore requests for the source.
LGPL or Oracle isn’t as bad, but they can be a pain. Usually you are free to use these. You cannot link using the source or static link to the library, or you are essentially GPL (a Red license) but if you dynamically link to an LGPL library, then you can be free to go. Any changes to the library can be made, but you have to treat them as GPL.
So basically if you ship their software using their installer or a loose file but you don’t change the file, you are likely good to go with minimal effort.
You have to include these licenses often times in a popup or when your own license is used.
GPL means that anything you write that touches the GPL code must be licensed with GPL as well. Also, if you distribute GPL code, you must provide a “mirror” or be able to provide the GPL code when asked for it. You must also provide your own code (which is now GPL) when asked for it.
People often call GPL a virus as anything that touches it is infected by the GPL as well. However, from another point of view, someone has spent a lot of time giving their code/knowledge to the world and they deserve the right to keep this knowledge free and it is just a way to prevent someone from stealing their knowledge.
Your company can use GPL just fine if two things are true: 1) The feature is isolated and 2) the feature is not really a “differentiator” in our market. For example, a TFPT service. It really wouldn’t matter if a commercial company use GPL because TFTP is isolated to its own service and TFTP is ubiquitous and there are hundreds of different TFPT servers out there.
It may also be possible to that GPL won’t hurt you if you are first to market. If you release code and become a dominate player or market share leader, it might not matter that others can see your code.
3rd Party Commercial
3rd Party Commercial licenses absolutely cannot be used unless the company is willing to sell us the license and we are willing to pay the license fee. There may also be other agreements made in the license negotiation.
You have to include these licenses often times in a popup.
Track your licenses
It is a simple task to track the software you use and the license you use. Create three lists, Green, Yellow, and Red lists and life will be easy for you. You may only need to review a license once. Once you have places a license in the green list, any software that uses the license is in the green list.
It is also important to keep a copy of the software you use and the license you used to obtain this software. This can be important to do. Imagine if your software uses a BSD licensed tool that is re-licensed using GPL in the next version. You can keep the old BSD licensed version and continue to use it.
Any license but the 3rd party Commercial licenses are possibilities all the time. Only 3rd Party Commercial licenses may be denied you but usually for enough money they are available.
Be thorough and be careful.
Just be aware of the license and know when to use them an when not to.
See a previous post of mine:
I am not a lawyer. I am not responsible in any way for the misuse of a license based on this post, even if the post is has some piece of data that is blatantly wrong. It is the responsibility of the user of licensed or copyrighted software to make sure the license agreement or copyright is adhered to properly.