Prof. Riehle's Industry and Research Publications

Open-Source Software

Open-source software is software that is given to you under an open source license.

Open source software includes both open source applications, which you can use out of the box, and open source components, which you can build products from. Examples of open source applications are Blender, Libre/OpenOffice, and GNU Hospital. Examples of open source components are VueJS, Apache Kafka, and the Linux Kernel.

Open source licenses

An open source license is a license for software that fulfills the following requirements:

  • You can use the software
  • You can modify the software (and for this have access to the source code)
  • You can pass on (“distribute”) the software to others (modified or not)

All of this must be free of charge.

These requirements are laid out in more detail by the open source definition of the Open Source Initiative.

They are effectively the same requirements that make software free software, as defined through the four freedoms of the Free Software Foundation.

Using open-source software

As explained, an open source license lets you use the software for free. As long as you use the software in-house only, there are no strings attached!

In-house use of the software is use in which you don’t pass on the software. So you are not giving it to third parties.

Most commonly, you will be using open source applications in-house only.

In-house uses may be personal uses (on your own workstation only) or company uses (on all workstations, or in the company’s cloud or data center). Again, as long as you don’t make the software available to third parties (not you, not your company) you don’t have to worry about your right to use the software at all.

(You may have to worry about open source security, but this is a different topic.)

Distributing open-source software

Open-source software gets tricky, if you are providing the software to third parties. This happens quickly, if you are using open source components in products or services that you are selling.

If you are doing so, you are distributing the software. The key term is distribution (as used by most licenses), sometimes conveyance (AGPL license family). Giving, passing on, distributing, conveying all mean the same thing: A separate legal entity (another person or another company) receives the open-source code from you.

If you are distributing open-source code, the licenses have a lot of obligations in store for you. And if you don’t comply with these obligations, you lose the right to distribute the open-source code and hence are violating the rights of the original open source programmers. They may or may not get upset about it.

The three most common obligations (of many others) are the provision of the license text, as well as two obligations called attribution and copyleft.

Providing license texts

Almost all licenses require that you take the open source license from the original open source code and provide it to your third parties. By and large, this is not complicated, at least as long as there is only one license and it can be found in a prominent place.

The attribution obligation

The attribution requirement requires you to give credit to the original open source programmers.

  1. You can do so by providing your modified (or not) open source code with your distributed code, or
  2. you can do so by extracting copyright notices of all open source programmers from the source code.

Most vendors opt for 2. to keep any modifications private. Unfortunately, collecting all copyright notices can be a lot of work. There are more than 25000 contributors to the Linux kernel, and they all have a right to be given credit for their work.

The copyleft obligation

The copyleft obligation requires you to distribute the open-source code and any code derived from it under the same license that you got it under. The incoming license (to you) must be the same as the outgoing license (to your customers). Thus, you cannot put your proprietary or commercial license onto the open source code.

Depending on how your own code is coupled with the copyleft-licensed open-source code, your code may be a derived work (of the open-source code). If so, you can only provide your code under the copyleft license or lose the right to distribute the open-source code. If you comply with the copyleft license, you will have to provide your source code. It gets complicated quickly, though.

This proliferation of the copyleft license is also called the copyleft effect, sometimes called a viral effect though I recommend to keep emotions out of this and either not use copyleft licensed code or stick to the license.

If you need to know more about how to deal with open source licenses, I recommend my full-day seminar on how to deliver projects and products that contain open-source code in a license-compliant way, the LCD seminar.