Armijn Hemel (gpl-violtions.org, Loohuis Consulting) and Shane Coughlan (Opendawn, FSFE) complete a trilogy of articles examining FOSS licensing issues and best practice on LWN.net with an outline of FOSS license compliance for companies. Readers may also be interested in part one, introducing the topic and describing what developers can do to protect their rights, and part two, examining the field of compliance engineering.
Most companies don’t develop or redistribute software. Most companies are software users only.
FOSS compliance is therefore exceedingly easy for most companies. Download the software once, install it and run it on as many company machines as you want.
What could be easier?
This is perhaps exactly why some FOSS applications, such as OpenOffice and Firefox, are starting to get significant installed base, perhaps over 25%.
http://www.h-online.com/open/news/item/OpenOffice-project-celebrate…
http://downloadstats.mozilla.com/
PS: Microsoft estimates the installed base of Microsoft Office is 400 million copies.
http://www.theregister.co.uk/2009/10/27/mozilla_firefox_30m_users_e…
That is apparently Mozilla’s estimate according to the once-every-24-hours ping-back check for updates that Mozilla receives from running copies of Firefox.
That is a pretty respectable slice of the installed base.
Every one of those unique running copies of Firefox are correctly licensed, too. Companies and individuals can both rest easy when running FOSS software.
FOSS license compliance for software companies, who do write and distribute software, is also pretty simple. It boils down to a three-point plan:
(1) If you wrote it, it is your code, so you get to say how it is distributed.
(2) If you didn’t write it, it isn’t your code, so you either have to do whatever the authors say, or don’t use it in your product.
(3) If the authors have used a FOSS license, what they say is that they want you to give out their code as you received it in the first place. Since you received it publically in the first place, it is a no-brainer to simply re-publish the source code since anyone can see it and get it from somewhere else anyway. What do you lose from that?