How do ensure I am not violating any Open Source licenses when I sell my software?
I few months back I was talking to friend who works in M&A for a big software company and he was telling me that a large deal just got killed because they realized that part of the code was built out of Open Source pieces that didn't have the licenses required to be sold the way they were. This raised a very big concern that I feel a lot of entrepreneurs don't realize: We need to be extremely careful about the type of licenses Open Source code are distributed under. Some don't allow you to just take it, put it in your code and sell.
It becomes even worth when you use frameworks, that have plugins taken from other Open Sources projects, etc etc..
So my question is: How to be sure you are compliant..
What if I code everything using Symfony, or Codeigniter of RoR, stuff like that. What about Javascripts libraries, jQuery, and others? Is there a way, a tool, some kind of solution to this problem?
I'm not looking for answers about the specific example I gave but generally a general framework (or tool) to make sure that I'm not spending month building a business to realize when it's time to sell it for big bucks that most of it is illegal!
Thank you.
3 Answers
NO magic here. Just the basic good old technique: Make a list of all your software 3rd party dependencies and track down their licenses. Read, understand fully and make sure you're in compliance.
Look at the license before you start using a software component. If you have any doubts, find another component or write your own.
I've built a lot of software in C or C++ that links with various open-source components, and here's what I do:
- GPL compilers and so on are okay as standalone executables, but no GPL code gets compiled or linked into proprietary software.
- LGPL code is only cool for use in proprietary software if it's built into a separate dynamically-linked library. I typically use LGPL libraries that ship with the operating system (e.g. Mac OS X or Ubuntu).
- Anything that's static-linked needs to have a non-infective license. Examples include the BSD, MIT, zlib, and Boost licenses.
There are probably similar rules of thumb for the languages and technologies you're using. If you're in doubt about a particular component, ask on a relevant mailing list or IRC channel.
-
I wonder if there isn't actually a business opportunity in a testing tool that will go parse your code and dependencies to match them against licenses so you know what you are using.. Anyway. thanks for your response. – Antony P. 13 years ago
-
@Anthony -- I have been part of a couple "audits" on code paid for by potential investors. There was a question on here recently by someone asking if that was kosher. I am sure a similar service could be done by the company as part of preparation for securing investment. – Joseph Barisonzi 13 years ago
This sounds a bit silly considering all major software companies especially Apple and Microsoft often use a lot of open source third party software components and technologies in their own OS's.
A good open source licence will let you do whatever you want with the software as long as you properly attribute the open source developer(s). If you have an iPhone, go to settings and then about, you'll notice a lot of attribution for third party open source components in Apple's iOS for example.
-
Unfortunately, not all open source licenses are "good" in this sense. Some, like GPL v3, are more viral than that. – Bob Murphy 13 years ago
-
Yeah, that's true. Not all open source licences are good, but in essence there are good open source licences that merely require attribution and that is what I think all projects should release under to be worthy of being called open source. – Digital Sea 13 years ago
