Meet the Open Source License Compliance Handbook

A large zoo of open-source licenses inevitably leads to the fact that one often has to ask questions regarding their compatibility, certain applicable license conditions, depending on the respective usage scenario. It is remarkable, of course, that there are detailed explanations for certain licenses (see, for example, about GPL 2.0 or MPL 2.0 ; and even under a license MIT managed to make a large and detailed review).

But it is really good and useful when comparative reviews appear, devoted at once to a series, or even to many licenses in the aggregate. One of these projects, which appeared just recently in 2019, is the Open Source License Compliance Handbook .

This material is about him, read the details below.

As members of our FINOS foundation become increasingly involved in open source-related development, compliance with licenses inevitably becomes one of the foci of attention. Although there is no shortage of information about the various open licenses, it is not easy to find practical explanations about the compliance of licenses available to developers dealing with compliance issues.

To help solve this problem, FINOS collaborated with Jilayne Lovejoy - an attorney specializing in open source issues - to create the Open Source License Compliance Handbook , a reference guide for practical information on adhering to the most common open source licenses. We are pleased to release this guide as an open resource for our members and the wider open source community!

The goal of the guide is to provide developers and engineers with information on the compliance of the general conditions and options for using licenses on the principle of "self-service". It also aims to identify more complex compliance conditions that may require more careful consideration or consultation with a lawyer.

Like developers, lawyers prefer to work on interesting tasks rather than answering the same questions over and over again. Most of the work on compliance with open source licenses is relatively simple and does not require the participation of a lawyer. Considering the most common conditions and use cases, we want to provide technology organizations with the ability to manage most of the workload on license compliance and limit legal analysis to more complex issues of such compliance. We hope that the end result will be more effective legal checks on compliance with license conditions and an increase in the number of contributions to open source projects!

How to use the directory

Records of relevant licenses in the manual are not exhaustive summaries, but focus on conditions relating to compliance with licenses in the field. Compliance with the terms of the open license requires you to know the following:

1. which open source software you use;
2. what licenses apply to this software and what these licenses mean;
3. how you use open source software (i.e. usage scenarios).

The guide is located between steps 2 and 3: the license and use case define your obligations to comply with the license terms. The license records indicate which obligations apply in each of the four most common use cases, which account for 99% of compliance requirements:

1. distribution (distribution) of unmodified binary code;
2. distribution (distribution) of the modified binary code;
3. distribution (distribution) of unmodified source code;
4. distribution of modified source code.

In cases where licenses include requirements that are directed to other uses or concern a specific compliance method, we tried to include references to external resources that may be useful in solving these complex issues.

We heard you love open source ...

In accordance with our open source mission, we made this guide itself in the form of an open source project! See the project on GitHub.

We store license compliance data in a simple, machine-readable, ad-hoc YAML format, so they can easily be incorporated into other tools and databases, while remaining accessible to lawyers and license compliance professionals who may want to contribute to improvements. We also wrote a little Python code to handle compliance data in popular document formats, including asciidoc , DocBook , docx, and pdf .

Directory content is licensed under the Creative Commons Attribution-ShareAlike 4.0 license , and the code itself is licensed under the Apache License 2.0 . We recommend lawyers and developers to check out the project repository on GitHub and take part by providing new licenses (or improving license information), improving data and code formats, or anything else you think is useful.

We hope that you find the Open Source License Compliance Handbook useful and we hope to find out how you will eventually use it!

A few words about Jileen Lovejoy ...

Jilein is a lawyer specializing in open source issues and a community leader. Jileen participates in various open source groups: she heads the legal team of the Software Package Data Exchange (SPDX) project and is the maintainer of the SPDX license list; she was also one of the founders of the OpenChain project. Jilane was the lead open source attorney at Arm, advised on legal, business and technical issues regarding open source, conducted training and improved processes related to open source, including creating and leading the Open Source Office at Arm. Prior to this, Djilein was the only lawyer at OpenLogic, a solution provider for open source software support, support and compliance for enterprises. Jilane currently advises on the policies, strategies and licensing of open source software. In his spare time, Jileyn can be met on a bike in the mountains of Colorado or taking part in a podcast for geeks FOSS + beer.

... and about FINOS

The Fintech Open Source Foundation (FINOS) is an independent non-profit organization focused on promoting open innovation in a period of unprecedented technological change in the financial services industry. FINOS believes that organizations that develop open source software and common standards will have the best opportunities to take advantage of the growth opportunities created by this transformation. The Foundation offers the Open Developer Platform (ODP), a program that is compatible with the Open Source Readiness Program and the Open Source Strategy Forum (OSSF) and is the leading global event for financial managers and technologists dedicated to open innovation. Open source projects of the fund are licensed under Apache 2.0 and are available on GitHub. For more information, visit www.finos.org .