Open source compliance: know your obligations

One key element of open source compliance is to know your obligations. There is a lot of confusion about what open source means exactly and some people believe that open source means you can do whatever you want. While open source grants users many freedoms, open source code comes under specific license terms which often include obligations that have to be followed by companies distributing open source software.

Because of recent lawsuits by the Software Freedom Law Center on behalf of the busybox project and the activities of the GPL-Violations project, awareness is growing that copyleft licenses such as the GPL come with obligations. For example, the GPL requires source code to be offered to those who receive binaries. The AGPL goes a step further and additionally requires that the source code be made available to users who interact with the software over the network.

But what about so called permissive licenses, such as BSD and MIT? Some people say that those licenses allow you to do anything, including putting the code into proprietary applications. And while you can do that, there are still obligations that have to be met. For example, the BSD class of licenses has this condition:

Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

If you want to distribute software that is under a BSD license, that's a condition you have to follow. The MIT license also has a very similar clause. That's the reason why you can often find license information in the "about" window of commercial applications or PDFs on CDs that come with hardware products.

The bottom line is simple: know your obligations!