tags:

views:

60

answers:

4
+1  Q: 

How to comply with all the open source licenses we are using in our product?

We are developing a closed-source proprietary product that uses quite a few open source projects and we have not been methodically cataloging them, along with their licenses. Now we are trying to build a deployment package and we'd like to get into compliance. What's the easiest way to accomplish this?

Should we make one big text file with all the license information or should it be separate files for each open source project or each license? Do we have to include the actual file that came with the project? Does it have to be in the same directory as the project's files?

I was thinking of a simpler approach but I'm not sure if it complies. What if we just identified all the different licenses (not projects) and make up one big text file with all the license verbiage for each one, and at the top say something like "Product XYZ is proprietary software which incorporates open source software that is covered by the following licenses." (The individual open source projects would not be identified by name).

Or alternatively, the same as above, except identifying each project by name, along with their license, but all in 1 file?

+1  A: 

IANAL but each license typically tells you exactly what you have to do to be in compliance. Something like "this text must be included" or "this copyright line must be included". So read each one and do what it says. If they don't say that a specific file must be included then, yes you can combine them. Some even say you have to add it to your documentation as an attribution.

James Keesey  2009-12-22 16:54:54
+4  A: 

Talk to a lawyer.

You can start by gathering license information for each package that you use and reading them. Many licenses (Boost license) are quite clear and permissive while others (GPLv3) are not so clear. Most of the time an attribution in your documentation will suffice. If you are distributing source, then you will likely need to distribute each license file along with either the source of each package or a reference to where it can be downloaded.

In any case, read the licenses and then talk to a lawyer.

D.Shawley  2009-12-22 16:57:01
+1 for telling him the plain, unvarnished truth.
John R. Strohm  2009-12-22 17:25:35
I've been through this a few times in a corporate context. Too many people think that redistributing OSS is simple.
D.Shawley  2009-12-22 19:53:59
+1  A: 

You read the license for each component you're using, understand it, and do whatever it says is necessary to comply.

we have not been methodically cataloging them, along with their licenses.

You really should. The last thing you want to to find out right before you ship that one of the components you're using has an incompatible license, or onerous terms.

Andrew Medico  2009-12-22 16:58:11
You should always be keeping track of licenses, no matter whether they're open source or not. Not all proprietary licenses are the equivalent of BSD that you paid money for, and the proprietary licensers are likely not as nice as the Gnu licensers.
David Thornley  2009-12-22 17:27:25
A: 

The advice to talk to a lawyer is probably the best on here (and +1 for that, as well). Something to remember, though - if you are including multiple licenses within your source, you need to comply with all of them. So, if all the licenses are permissive except one, you may have to open source your software.

Just something to be aware of.

JasCav  2009-12-22 17:05:07

related questions

What is the best way to organize my C project code and its external libraries?
Alternative to FreeLists for hosting my (developer/software) maling lists?
How do I decide which features to implement?
What is a quality real world example of TDD in action?
Why the proliferation of open source licenses?
Where can open source developers "showcase" their projects and ask for help with development?
Free (and/or open source) security software
FOSS tools for Flash development
Arguments for going open source
Is Mono ready for prime time?
Good Open Source Queuing Platform?
Where is a good place to find a talented web designer?
Alternatives to Visual Sourcesafe that integrate with Visual Studio
What is your motivation for doing free stuff?
Best License for Selling Open Source Software
Open Source C# Opportunities
How do I attract developers to an Open Source project?
Open Source Licensing Options for ASP.NET MVC Application?
Best Open Source Project Hosting Site
Open Source Windows Mobile OCR Library
Looking for WYSIWYG HTML editor
Using Xming X Window Server over a VPN
How to contribute code back to an Open Source project?
Open Source Ruby Projects
What level of programming should I have to contribute to open source?