Questions regarding disclosure of open source
chuck at codefab.com
Wed Apr 21 22:43:53 UTC 2010
On Apr 21, 2010, at 3:12 PM, Joe Bell wrote:
> We’re all familiar with the phrase “Redistribution and use in source and binary forms, with or without modification, are permitted provided that…Redistributions must reproduce the above copyright notice, this list of conditions and the following disclaimer” and for applications that are cut-and-dry (say I include the lighttpd web server on my device) it is straightforward to comply and list in your open source declaration. What is confusing, or at the least bit, unclear, to me is regarding taking an off-the-shelf commercial version of Linux (say Wind River) and then augmenting it with lighttpd and other applications that weren’t a part of the original COTS component. In this case, am I obligated to say, disclose the fact that a version of BusyBox is in that Wind River distribution? Do I have to scan every single binary and library in my overall package and outline each of their licenses one by one? Or can I simply state that I utilize Wind River Linux and pass the licensing disclosure off onto them?
You're presumably obliged to follow the licensing terms of every distinct piece of software which you include. For a Linux distribution, that's mostly GPL + bits of MIT/BSD/zlib, and the standard means for doing so would be to provide the full source code for all of the software in question with every binary distribution as an optional install.
If you are making a non-commercial distribution, you can refer back to the vendor who provided this software per GPLv2 3(c) [or similar clause GPLv3 6(c)]:
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
> The generic question is of course any time one takes a COTS component and incorporates into their software, should you demand in turn a full document outlining all the licenses and then append that to your own.
That's a relatively common approach, yes.
For example, if you read the license for Microsoft Windows (or some other operating systems), they include their own license and then append numerous variations of the older BSD license for parts of the network stack, etc which they obtained from the original BSD-licensed sources.
PS: If it is not readily apparent what one would need to do to fulfill your obligations when using other folks' source code, you should consult your lawyer. Hopefully, this is not the same individual which inflicted the 13-line disclaimer upon otherwise innocent mailing lists:
> This message is confidential to Prodea Systems, Inc unless otherwise indicated
> or apparent from its nature. [ ... ]
...which I have abbreviated in sacrifice to the Virtue of Brevity, about which I cannot say too much.
More information about the License-discuss