This handbook provides information on how to comply with some common open source licenses under a specific set of use-cases. The goal here is to provide developers and engineers with some "self-serve" information to facilitate the end goal of open source license compliance, particularly for the easy-to-comply with conditions in open source licenses. This handbook also aims to help identify some of the more complex open source license compliance conditions for which consultation with open source counsel may be needed.
Determining the requirements that need to be met to comply with open source licenses involves the following:
-
You must know what open source software you are using;
-
You must know what license applies to that open source software and the relevant legal interpretation of the license; and
-
You must know how you using that open source software. This is the “use-case”.
The information in this handbook assumes you have already determined what open source software you are using and under what license (#1 and #2). It is the combination of the license (#2) and the use-case (#3) which determines what license conditions are triggered. This is open source license compliance.
One way to think of this is as an if-then statement. For example: IF I am distributing unmodified open source software in binary form (use-case), THEN I must provide a copy of the license (requirement) by (HOW) placing a copy with my distribution.
Some open source license conditions are easy to understand and comply with, while other conditions are open for (legal) interpretation or involve more complex use-cases that cannot be easily categorized. The license compliance requirements in this handbook are summarized for the four most common use-cases as listed below. License terms or conditions where further analysis or consultation with your open source counsel may be needed are noted. For these license terms or conditions, external references that may be helpful are provided in the seeAlso key. Likewise, if your use-case varies in any way or you are using a different license than those licenses listed here (even if it seems similar) or you have any questions about this information or how to properly comply, please contact your open source counsel.
Other terms not related to license compliance are not captured here. For example, choice of law, jurisdiction, statutory references, or licensee representations. Some open source licenses provide explicit clarification that no trademark license is granted; as this is essentially a restatement of basic trademark law and does not require any license compliance action, these clauses are not captured here. Likewise, information describing the license grants are not captured here. As always, your open source counsel should familiarize themself with the entire license before relying on the information provided in this handbook.
The Handbook is focused on use cases involving distribution of open source software, because most compliance obligations only apply when the software is distributed.
We define distribution as "providing software to another entity, i.e., an individual or organization outside your company or organization."
The use cases addressed in the compliance entires are:
-
UB = Distribution, unmodified, binary form
-
MB = Distribution, modified, binary form
-
US = Distribution, unmodified, source form
-
MS = Distribution, modified, source form
Where "binary" refers to compiled code, binary, executable, non-source form; and "source" refers to the human readable, editable form.
Note that while accessing a web-based application does not typically involve a "distribution" of the application in this sense, it might involve the transfer of some Javascript code from the server to the user’s browser that is a distribution. A few open source licenses also have obligations specifically triggered by access to software via a computer network; we address these as special cases.
© 2019 Fintech Open Source Foundation, Jilayne Lovejoy, and other contributors. This document is licensed under the terms of the Creative Commons Attribution-ShareAlike (CC By-SA) License, version 4.0. It is offered as-is and as-available, without representation or warranty of any kind, whether express, implied, statutory, or other. The original version of this document is available at https://github.com/finos-osr/OSLC-handbook/. Any modified version must indicate modifications. This notice and disclaimer must be retained on any copies and derivative works.