Obligations when using OSS
If you create a custom solution containing OSS, this in legal sense is a "derived" work. If you distribute your derived work to your business client or any other legal entity in binary packaged form, the license obligations of contained OSS get into effect. Ignoring these leads to a license infringement which can create high damage.
To carefully handle these obligations you must:
-
maintain an OSS inventory (to gain transparency on OSS usage and used licenses)
-
check license conformity depending on usage/distribution in a commercial scenario
-
check license compatibility between used OSS-licenses
-
fulfill obligations defined by the OSS-licenses
Obligations need to be checked per license. Frequent obligations are:
-
deliver the license terms of all used versions of the OSS licenses
-
not to change any copyright statements or warranty exclusions contained in the used OSS components
-
deliver the source code of the OSS components (e.g. on a data carrier)
-
when modifying OSS, track any source code modification (including date and name of the employee/company)
-
display OSS license notice in a user frontend (if any)
-
other obligations depending on individual license