Meet the Open Source License Compliance Handbook

A large open-source licensed zoo inevitably leads to the fact that you often have to ask questions about their compatibility, any applicable licensing conditions, depending on the respective use case. It’s great, of course, that there are detailed explanations for certain licenses (see, for example, GPL 2.0 or MPL 2.0 ; and even under the MIT license they managed to make a large and detailed review).

But it’s really good and useful when comparative reviews appear that are dedicated to a number of, or even many, licenses in total. One of these projects, which appeared just recently in 2019, is the Open Source License Compliance Handbook .

This material is about him, read the details below.

As members of our FINOS Foundation become more and more involved in open source development, compliance with licenses will inevitably become one of the focuses of attention. Although there is no shortage of information about the various open licenses, finding practical clarifications on license compliance that is available to developers dealing with compliance issues is not easy.

To help solve this problem, Finos organized cooperation with Dzhileyn Lovejoy ( Jilayne Lovejoy ) - a lawyer, specializing in issues of open source code - to create the Open the Source License Compliance Handbook , the manual for practical information on compliance with the most common open source licenses. We are pleased to release this guide as an open resource for our members and the wider open source community!

The purpose of the manual is to provide developers and engineers with information on the compliance with the general conditions and use cases for licenses on a self-service basis. It also seeks to identify more complex compliance conditions that may require more careful consideration or consultation with a lawyer.

Like developers, lawyers prefer to work on interesting tasks rather than answering the same questions over and over. Most of the work of enforcing open source licenses is relatively simple and does not require a lawyer. Considering the most common conditions and use cases, we want to provide technological organizations with the opportunity to manage most of the workload regarding compliance with license conditions and limit the legal analysis to more complex issues of such compliance. We hope that the end result will be more effective legal checks on compliance with the terms of the licenses and an increase in the number of source code for open source projects!

How to use the directory

The record of the relevant licenses in the manual is not an exhaustive summary, but focuses on conditions related to local compliance with licenses. Compliance with an open license requires you to know the following:

1. what open source software do you use;
2. what licenses apply to this software and what these licenses mean;
3. how you use open source software (i.e. use cases).

The manual is between steps 2 and 3: the license and use case determine your obligations to comply with the license terms. The license records indicate which obligations apply in each of the four most common use cases, which account for 99% of compliance requirements:

1. distribution (distribution) of unmodified binary code;
2. distribution (distribution) of modified binary code;
3. distribution (distribution) of unmodified source code;
4. distribution of modified source code.

In those cases where the licenses include requirements aimed at other use cases or relate to a specific compliance method, we tried to include links to external resources that may be useful in resolving these complex issues.

We heard you love open source ...

In accordance with our mission of open source, we have made this guide itself in the form of an open source project! Watch the project on GitHub.

We store license compliance information in a simple, machine-readable, custom YAML format , so it can be easily incorporated into other tools and databases, while remaining available to lawyers and licensing practitioners who may want to contribute to the improvements. We also wrote some Python code to process matching data into popular document formats, including asciidoc , DocBook , docx, and pdf .

The contents of the directory are licensed under a Creative Commons Attribution-ShareAlike 4.0 license , and the code itself is licensed under an Apache License 2.0 . We recommend that lawyers and developers check the project repository on GitHub and participate by providing new licenses (or improving license information), improving data formats and code, or anything else that you think is useful.

We hope you find the Open Source License Compliance Handbook useful and hope to find out how you will eventually use it!

A few words about Jileyn Lovejoy ...

Jileyn is an open source lawyer and community leader. Jileyn is involved in various open source groups: she leads the legal team of the Software Package Data Exchange (SPDX) project and is the companion to the list of SPDX licenses; She was also one of the founders of the OpenChain project. Jileyn was a leading open source lawyer at Arm, advising on legal, business, and technical issues regarding open source, providing training, and improving open source processes, including creating and managing the Open Source Office at Arm. Prior to that, Jilaine was the only lawyer at OpenLogic, a provider of open source software support, enterprise compliance and compliance solutions. Jileyn currently advises on open source software policy, strategy and licensing. In his free time, Jileyn can be seen on a bicycle in the mountains of Colorado or taking part in the podcast for geeks FOSS + beer.

... and about FINOS

Fintech Open Source Foundation (FINOS) is an independent non-profit organization focused on promoting open innovation during a period of unprecedented technological transformation in the field of financial services. FINOS believes that organizations that develop open source software and common standards will be best placed to take advantage of the growth opportunities created by this transformation. The foundation offers the Open Developer Platform (ODP), a program compatible with the Open Source Readiness Program and The Open Source Strategy Forum (OSSF), which is a leading global event for financial managers and technologists dedicated to open innovation. Open source foundation projects are licensed under Apache 2.0 and available on GitHub.www.finos.org .