Friday, March 3, 2017

Licensing Obligations - Source Code Availability Requirements

Source Code Availability Requirements:  It is not unusual for an open source license to require downstream consumers make the component source code easily available as a condition of use.  This requirement nurtures the open source culture by ensuring any end user can have access to review and obtain copies of open source licensed code from applications in which they have an interest.

A few examples of common open source licenses where this requirement is expressed to one degree or another include:

  • Apache License 2.0
  • Mozilla Public License 2.0
  • Common Development and Distribution License 1.0
  • GNU GPL 2.0

Depending on the specific license involved, the source code requirement may be triggered by distribution or the creation of a derivative work or both.
In order to consistently comply with the spirit of these requirements across multiple licenses in a given organization, I have found an obligation statement similar to the following satisfies or exceeds the majority of license terms in this category and is easily understood by business and technology resources:
"Component source code and supporting files must be made available in a timely manner to any end user through a reasonable request process."

Such an approach allows software architects to plan on common compliance schemes such as providing web links to a publically available library of open source code or a soft transfer to an online knowledgebase or helpdesk request process.

No comments:

Post a Comment