3 minute read

By definition, FOSS components and libraries can be used for commercial purposes without restriction or descrimination; however, the use of FOSS components and libraries, as part of larger works (both personal and commercial), can have significant restrictions imposed on the user as part of the licensing conditions.

Any third-party work available under a Free/Open Source Software (FOSS) licence, either in source or binary form, can be considered for use in a larger work. Given the wide variety of FOSS licences available, I tend to group them into three categories: weak, medium and strong. These categories are arbitrary and relate solely to the restrictions that the licence conditions impose on the author of the larger work, and (thus) the accompanying risk of non-compliance with those conditions. Whether a third-party work is appropriate for use in a given larger work is heavily dependent on the context of its use, and a final judgement should be at the discretion of the authorized stakeholders (under the advice of appropriate legal counsel).

Copyfree and Copyleft

Copyfree is a technique used in a number of FOSS licences: put simply, it is the practice of using copyright law to remove restrictions on distributed copies, and modified versions of a component or library, including combining it in a proprietary larger work. Another technique is copyleft: this is the practice of using copyright law to offer the right to distribute copies and modified versions of a component or library, and requiring that the same rights be preserved in both the modified versions and any larger works that incorporate them. Copyleft also requires that any information necessary for reproducing and modifying the component or library must be made available to the recipients. In the case of software this usually consists of: the respective source code, licensing terms and acknowledgements of original authorship. It is worth noting that copyleft only extends the right to modify and distribute a component or library (and thus access to the source code) to the individual recipients, who may or may not be the general public. However, there would be nothing preventing any of those recipients from subsequently distributing it to the public themselves, thus requiring the source code to be made publically available.

Licence Categories

Weak

These licences have few (or no) restrictions imposed as part of their conditions of use. They generally tend to be either copyfreeor have no copyleft. Components and libraries available under these licences can be used in almost all circumstances (personal and commercial) without great concern over non-compliance.

Medium

These licences have a low number of restrictions, or no wide-reaching restrictions, imposed as part of their conditions of use. They generally tend to have limited or weak copyleft, requiring some degree of licensing reciprocity; specifically, requirements where the third-party licence may have to be extended to one or more of the source code files in the larger work, and then only under certain conditions. These conditions must be carefully considered, for both context and appropriateness of usage, in order to ensure compliance. Licensing reciprocity can be difficult to track in large development environments, leading to an increased risk of inadvertently breaching the conditions. In a commercial environment a proprietary licensed alternative may be preferred by management, either for the sake of clarity or mitigation of risk.

Strong

These licences have a high number of restrictions, or a significant number of wide-reaching restrictions, imposed as part of their conditions of use. They generally tend to have strong copyleft, requiring strict licensing reciprocity; specifically, requirements where the third-party licence must to be extended to all of the source code files in the larger work, plus any that prohibit the reuse in proprietary or commerical work, without exception. These conditions can be invasive and often exert further restrictions on use or distribution of the larger work as a whole; as such, careful deliberation should be conducted when using components and libraries available under these licences, in order to prevent non-compliance. In most commercial environments a proprietary licensed alternative would most likely be preferred by management.

Updated: