Category: Compliance

  • SPDX

    December 1, 2017 - Mauro Carvalho Chehab

    Linux Kernel License Practices Revisited with SPDX®

    The licensing text in the Linux kernel source files is inconsistent in verbiage and format. Typically, in each of its ~100k files there is a license text that describes which license applies to each specific file. While all licenses are GPLv2 compatible, properly identifying the licenses that are applicable to a specific file is very hard. To address this problem, a group of developers recently embarked on a mission to use SPDX® to research and map these inconsistencies in the licensing text. As a result of this 10 month long effort, the Linux 4.14 release includes changes to make the licensing text consistent across the kernel source files and modules. Linux Kernel License As stated on its COPYING file, the Linux kernel’s default license is GPLv2, with an exception that grants additional rights to the kernel users:

    The kernel’s COPYING file produces two practical effects: User-space applications can use non-GPL […]

    Read More
  • November 22, 2016 - Ben Lloyd Pearson

    Check Out the Free Open Source Compliance Handbook

    Open source compliance is often overlooked, but is a critical component of a successful open source software strategy. If your company is going to use or contribute to open source software, failure to comply with the software licenses can lead to costly cleanup efforts, or even lawsuits if license violations are found. To mitigate these risks, it’s important to establish an internal organizational program that manages compliance with open source licenses. For many companies, open source compliance is often the first major step into open source engineering, so it’s vital to establish proper organizations and procedures that build a foundation for continual success. That’s why Ibrahim Haddad joined forces with the Linux Foundation to create Open Source Compliance in the Enterprise, and released it as a free handbook to download. This book covers the essentials of establishing a successful open source compliance strategy in an enterprise setting, including the structure […]

    Read More
  • May 13, 2016 - Ben Lloyd Pearson

    10 Steps to Being Successful in Open Source

    No blog is complete without a simplistic numbered list of images, and we’re no exception! Open source methodology can be a complicated subject, but that doesn’t mean we can’t try to boil it down to some easily-digestible snippets. We’re proud to present the 10 simple steps it takes to be successful in open source. All of the images in this article were created by Ibrahim Haddad and are shared under CC-BY-SA-4.0, so feel free to use them in your own work. 1. Setup business infrastructure to support open source It is extremely challenging for a company to be successful in open source if they haven’t setup the proper infrastructure to allow their employees to interact with an open source community; this includes the establishment of both technical infrastructure as well as organizational infrastructure. You need to make sure your developers have the policies, processes, and tools that are required to […]

    Read More
  • I’ve been at Samsung in the Open Source Group as Senior Open Source Strategist for about three months now, and one of the most exciting parts of my job is to help internal groups prepare to spin up new open source projects. This is something that I particularly enjoy, having spent five years at The Linux Foundation doing pretty much the same thing (albeit seated in a different place at the table). So You Think You Can Open Source? One of the things I’ve noticed over the past few years is that it’s really easy and exciting for people to say, “Open source is hot! Let’s create a new project, do some open source-y stuff, and change the world! And let’s tell the boss we’re doing this right away!” In some cases (including a few I’m working on right now) this genuinely is the case. Truly transformative technologies tend to […]

    Read More
  • July 21, 2015 - Mats Wichmann

    An Introduction to Tizen Compliance

    There is a whole world of smart devices out there, and Tizen has been built to run on many of them, including phones, televisions, cameras, appliances, cars, and more. The software that runs on top of these intelligent devices is what powers the new and interesting functionality that make up the Internet of Things. The latest generations of mobile devices have introduced new methods of installing apps in ways that allow them to be used on a wide range of devices, and this article will take a look at how Tizen makes sure that apps run on as many device types as possible through the Tizen Compliance program. How an App is Installed At the root of this is how apps are installed on an operating system. Traditional UNIX/Linux systems have several methods to install applications. One method is to hunt for the source code, build it, and run something […]

    Read More
  • Introduction Proper Open Source compliance gives you the ability to honor the obligations of open source licenses while protecting your own Intellectual Property (IP), as well as that of 3rd party software providers, from unintended disclosure. Companies that use open source software in their products should establish such a program to ensure compliance with all open source licenses. Basic elements of a compliance program include: policies, processes, guidelines, training, and automated source code audits. Compliance activities must be carefully planned and monitored to assure that objectives are met in a timely manner. There are three fundamental steps that comprise the core of a Free & Open Source Software (FOSS) compliance process: Identifying any open source software contained in an externally distributed product Reviewing and approving the intended use of FOSS Satisfying FOSS license obligations In this blog post, I’ll discuss a 7-step system you can use to improve and strengthen […]

    Read More