2. Why it matters
It’s good to use code found on the web. It can be very robust and
well tested, and generally makes a programmer’s life easier.
However, third party code comes with some licensing dangers
which can seriously impact both employee and employer if the law
is broken.
While most code libraries are fine to use, some do require more
care than others to stay on the right side of the law.
This quick guide is aimed to help Epic programmers make the right
decisions on what code to use in their projects.
By necessity this guide contains some simplifications of what is a
complex legal area. If in doubt, please just ask.
3. License types
Most code found on the web is open source. There are three
main types of open source license, and these dictate what we
can and can’t do with the code.
License type Commercial use
Strongly-protective/ CANNOT use in closed-
copyleft (GPL/AGPL) source, commercial products
Weakly-protective Can use in closed-source,
(LGPL) commercial products WITH CARE
Permissive FREE TO USE in closed-source,
(Apache, MIT, BSD) commercial products
Non-OS license Terms will vary so read the license!
4. Licenses: strongly protective
Licenses: GPL, AGPL
Implications of using code:
If the code is used in a product that is redistributed, then the entire
codebase must inherit the same license. For this reason, these are
also known as viral licenses.
Epic policy:
Do NOT use any GPL or AGPL licensed code without getting
permission first, unless the project you are working on is already GPL or
AGPL licensed.
5. Licenses: weakly protective
Licenses: LGPL
Implications of using code:
This license is commonly used for code libraries. It allows the code to
be used in closed source, commercial products; however, any
modifications to the library must be fed back upstream to the
creator.
Epic policy:
It is fine to use LGPL licensed code, but any changes MUST be fed
back to the library creator, and the developer should manage this
process.
6. Licenses: permissive
Licenses: Apache, MIT, BSD
Implications of using code:
Allows the code to be used in closed source, commercial products
with no obligations. Some licenses have an ‘attribution clause’ which
simply asks that the original creator is credited.
Epic policy:
It is absolutely fine to use any Apache, MIT or BSD licensed code.
7. Licenses: non-open source
Licenses: Custom license or ‘terms and conditions’ page
Implications of using code:
This will depend entirely on the terms that the creator has outlined.
Sometimes there is just a statement on the webpage with some brief
terms of use.
Epic policy:
Find the terms and conditions or statement of use and make an
appropriate decision. If in doubt, please ask for assistance. Take a
dated screenshot in case the terms change over time.
8. Three questions to always ask
1. What are the license terms of the code you are thinking of
using?
Be sure to find out what license it is released under. If it’s not open
source or if you cannot find a license, then contact a senior
manager for approval to reuse it.
2. What are the license terms of the Epic project you are working
on?
This will impact what licenses you can use. For example, the
webinar plug-in we built for Moodle is GPL anyway.
3. Is the product for just one customer, or will it be distributed to
many?
Open source license terms kick in when a product is redistributed.
So if the code is for the private use of a single customer, it is fine to
reuse code from ANY license, GPL included.
9. Re-use conventions
The following are best practices that you should follow every time
you reuse third party code. If you get in the habit of doing this, you
should always be on the right side of the law.
- Always retain the original license info in the code files.
- Always credit the original author. Even if is not always required, it
is the right thing to do.
- If you make modifications, ensure they carry prominent notices.
- If you make modifications, send the amends back to the original
author. Again, it is not always required, but it’s the right thing to
do.
- Finally, please keep a record in the project folder of all third-party
code used and include the license type and source URL.
11. This is a PERMISSIVE license.
We can use, modify and redistribute
Apache v2 this code as part of a commercial
product.
license The license info must be retained in
the file.
Any modifications must carry
prominent notices.
If the work includes a NOTICE text
file containing author attributions,
then those attribution notices must
be provided with the new work.
http://opensource.org/licenses/Apache-2.0
12. This is a PERMISSIVE license.
We can use, modify and
redistribute this code as part of a
commercial product.
MIT license There are no obligations at all,
therefore we can do what we like
with it.
http://opensource.org/licenses/MIT
13. This is a PERMISSIVE license.
This is similar to the MIT license,
BSD 3-clause with the addition of a third clause
that says we cannot use the
author's organisation name or
license any contributor names to
promote the product.
The BSD-2 clause license is newer,
omits the third clause and is
roughly equivalent to the MIT
license.
http://opensource.org/licenses/BSD-3-Clause
14. This is a WEAKLY PROTECTIVE
license; reuse requires some care.
LGPL v3 We can use, modify and
redistribute this code as part of a
commercial product.
license We MUST include a notice that
the library is used (e.g. in a
NOTICE file) within the product
and include copies of the GPL
and LGPL (but these won't apply
to the whole product, don’t
worry!).
If we make modifications, then
the library must also be released
under the LGPL.
http://opensource.org/licenses/lgpl-3.0.html
15. This is a COPYLEFT license; reuse is
highly restrictive.
GPL v2/v3 We CANNOT use, modify or
redistribute this code as part of a
commercial product.
license If we redistribute the derivative
work then the entire product must
itself inherit the GPL.
http://opensource.org/licenses/gpl-license
16. This is a COPYLEFT license; reuse is
highly restrictive.
AGPL v3 We CANNOT use, modify or
redistribute this code as part of a
commercial product.
license If we redistribute the derivative
work, then the entire product
must itself inherit the GPL.
Redistribution in this case includes
applications accessed remotely
from a server (e.g. Cloud/SaaS
services).
http://opensource.org/licenses/AGPL-3.0
17. Further
information
If you have any questions at all
regarding the above or any licenses we
have not covered, please contact:
Mark Aberdour
Email:
maberdour@epiclearninggroup.com
Twitter: @maberdour