I like to create frameworks for recurring risk analysis scenarios in order to follow consistent processes as well as allow me to establish a baseline from which to improve quality and or efficiency whenever possible.
One of the primary inputs for an open source software governance framework is of course the applicable license(s) to any given component under scrutiny. I like to group OSS license types into three primary categories to begin my review process:
Permissive licenses are sometimes called academic licenses since many of them originated at educational institutions. Examples include:
- BSD (2 clause and 3 clause) - Berkley Software Distribution
- MIT - Massachusetts Institute of Technology
- AFL - Academic Free License
- Artistic License - originally written for PERL
These licenses share a common characteristic in that downstream obligations are generally not burdensome. As such, components subject to a license in this category tend to be easily compatible with most any use case scenario in academic, corporate or government arenas. Typical obligations include:
- Accept absence of warranty or liability
- Acknowledgement of earlier contributions
- Inclusion of license file(s) in downstream distributions
On a practical note, these licenses are so brief and common that they are often found embedded in an open source project readme.txt or license.txt file and not, for example, explicitly labeled as an "MIT" or "BSD 3-clause" license. They could even be included within a source code header or comment section. This does not change their nature, but it is helpful to learn to recognize them quickly in order to save time.