What considerations should I consider before including an Open Source library?
In the company I work for, if a development team member proposes to use an open Source library to solve a problem, Project producers always ask what software license comes with the library.
We are not lawyers, but I understand that not all different licenses can be combined because there are certain requirements that each requires to meet.
That said, I want to know, what would the considerations to consider before including an open Source library in a software What did I create on my own ?
4 answers
That said, I want to know, what would be the considerations to consider before including an open Source Library in a software What did I create on my own?
The most important consideration you should consider in general is the way your application is distributed, that is, how it will be used by users. Depending on how the distribution is that the licenses can put some impediment.
If your application is a service (SaaS)
In that case the only license I know that can limit you is the license AGPL since it forces you to do the whole app AGPL and publish the source code somewhere. The rest of the licenses can be used, without restriction (beyond that it would be nice to link them as a form of thanks). The only exception is the Code JavaScript , which is sent to the client and it runs on your computer, which should be treated as in the next section.
If your app is installable
In this case you have to distinguish two different types of dependencies, those that can be installed separately and those that are compiled within your application.
In the case of dependencies that are installed separately, most licenses do not affect you, since it does not mix with your application. separate installer (this works for example GitHub for Windows, which installs behind git licensed GPL).
In the latter case, in which your application uses libraries internally, is that licenses can become complicated, in this case the licenses "open (BSD, MIT, etc)" does not constitute any problem, except the obligation to leave a mention of its use and the license (example).
Finally, the"free" (or copyleft) licenses), they force you to give the user access to the source code of the same. In the case of the license LGPL it is only necessary to give access to the code of the same library (with the modifications you have made), not to all your code. The case of LPG it is more extreme since it asks you to distribute your entire application under that license (matter than in some cases it is impossible since some, are incompatible).
Clarification
In general, licenses require you to distribute the source code with the person you give the application to, not to make it public. Therefore, if the application is sold to a specific company for internal use, what the license requires is that you give the source to the company, not that you publish everything on the internet.
The most important distinction is whether a license is copyleft (GPL family) or permissive (MIT, BSD, Apache and others). The former oblige, under certain conditions, to relicense the code of products that use software licensed with them, in order to preserve at all times the freedoms of the user. Permissive licenses are more lax, allow to be included in closed products under some conditions and are generally simpler. The links you have past Christopher contain a lot of information about it.
A very interesting website is TLDRLegal
In it they explain many free or open software licenses so that they are easy to understand, and in the future it will allow to compare them.
It is important to note that license absence is not free software . Absence of license means that no rights are granted , because according to the treaties International (Berne Convention) "copyright" is non-renounceable. That is why there are software licenses, which develop the concepts of authorship, attribution and permissions in an appropriate language and compatible with the laws of the different countries. GitHub created a website to help developers choose a license for their project and contains interesting information on the subject.
This topic is broad (see https://es.wikipedia.org/wiki/Licencia_de_software and https://es.wikipedia.org/wiki/Anexo:Comparaci%C3%B3n_de_licencias_de_software_libre).
You have to study the licenses (or ask the lawyers of your company to do it). This cannot be avoided.
Here we compare the use of the Lesser GPL license and the ordinary GPL license (two of the common free licenses) with respect to libraries:
[U] sar the "Lesser GPL" license allows the use of the library in proprietary programs; the use of the ordinary GPL for a library it makes available only for free programs. ( http://www.gnu.org/licenses/why-not-lgpl.html).
(please also see the very good answers from astrojuanlu and yms ).
I am not a lawyer, so use of the information below is at your own risk:
There are several licenses for Open Source projects that allow re-distribution of binaries in closed source commercial applications. Note that the key to the matter is "re-distribution", if you use an open source project internally in your company, without redistributing it, there is (usually) nothing to worry about.
So, the most well-known permissive licenses sound:
Note 1: LGPL differentiates between using sources directly, static linkage and dynamic linkage. If you use an LGPL library with static linkage or in source code, your code is affected by the LGPL license (you must distribute the sources). Have understood that there are exceptions for interface files, such as those .h in C and C++
Note 2: each of these licenses may or may not impose restrictions on modifications to the code, here I am assuming they will be used unmodified.
The most well-known non-permissive licenses are:
GNU AGPL this is the strictest I know of, it contains a clause that forces the publication of your source code even in the case of using the open source project on websites or web services, even if there is no "redistribution" as such of binaries.
Sometimes GPL and AGPL licenses are combined with an alternative commercial license for use in closed source commercial projects.
Examples of projects using this AGPL-Commercial dual license strategy are Ghostscript, iText, QT, and MongoDB (me I ask if the one who named this project speaks Spanish).
An important detail is that an Open Source Project published with a permissive license could have a dependency published with a non-permissive license, used in the form of an external library. In such situations, non-permissive leave prevails.
Another interesting point is the definition of" distribution " of sources. GPL for example does not say that you have to put your sources on the Internet accessible to anyone, the idea is that every person who receives a binary from your application or system, should be able to receive the sources if they so wished, it could even be mailed on a DVD, mediating even a "reasonable" payment for the effort to burn the disc and send it.