Open main menu

We're in this weird time in history when most commercial software is touted as "proprietary" software, yet every commercial enterprise relies on GPL software. It's kinda like saying you really love the fresh air on a Spring morning while ignoring the physical reality that you share that air with every polluter on the planet. Compliance is like trying to prove on paper that the air molecules that you breathe are not and have never touched pollution. Selling proprietary software is like trying to sell packaged air because "it's clean". It would be a better world if we just focused our energy on eliminating air pollution. Until we have such Utopia, we have companies trying to document their compliance at the least possible cost.

Compliance between Licenses

The compliance drama is not just one between proprietary and free software. There is an over abundance of software licenses, and many of the so-called 'open source' or 'permissive' licenses are incompatible with each other. So, compliance is actually about what code you have, what license is that code under, and are you compliant with all the terms of every license that you are a party to.

Enforcement

There isn't some big government agency like the FBI (who prosecutes you if you copy a movie) working to ensure that free code remains free. Instead, the effort is literally left to the little guy. The Software Freedom Conservancy is the main actor in enforcement. They are a charity drawing their financial support from individuals. https://sfconservancy.org/copyleft-compliance/principles.html Meanwhile, the big guys certainly do have lots of money to enforce violations of their licenses (http://www.bsa.org/).

Resources

Eben Moglen is director of the Software Freedom Law Center. See their guide https://www.softwarefreedom.org/resources/2014/SFLC-Guide_to_GPL_Compliance_2d_ed.html

Bradley Kuhn (and the FSF?) put together https://copyleft.org where you can find

https://copyleft.guide 
Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide
https://gpl.guide 
Part I Detailed Analysis of the GNU GPL and Related Licenses
https://compliance.guide 
Part II A Practical Guide to GPL Compliance


Vendors

BlackDuck here in Massachusetts sells compliance as do other firms like TripleCheck

Other

http://www.linuxfoundation.org/programs/legal/compliance