As you distribute your program to recipients, you have to provide them with the proper legal notices for any open source code included in your distribution.
Your distribution may be binary only, or corresponding source code only, or binary with corresponding source code. If you distribute corresponding source code, most lawyers will argue that you have already fulfilled the obligation to provide proper legal notices, because the notices are included in the source code. However, most commercial software developers prefer to distribute binary code only, keeping their source code to themselves.
As discussed previously, the first step then is to collect all legal text snippets (copyright notices, license texts, other notices) from all included open source code, usually during software composition analysis. The second step is to compile these text snippets into a single file, the legal notices. A single file is not required by the licenses, however it is a best practice corresponding with the intent of the licenses, which is to inform recipients of the distribution about the open source code they are receiving.
The following figure shows how my Android phone makes its open source legal notices available to users of the phone.
As always, the best possible advice for complying with licenses is to work in line with their intentions and not against them, even if the written word may allow for multiple interpretations. The Android legal notices illustrate legal notices done well:
- First, there are no barriers to access. If you receive an Android device, you are typically able to access it and find your way to the legal notices.
- Second, the legal notices are easy to find. While “easy” may be relative, the Android legal notices can be found in a place that makes sense.
- Third, they are logically structured. The Android legal notices start with a table of contents that lets you jump to the information for each component.
- Fourth, they have the user in mind. The legal notices show not only the required, but additional information as well (here, where the code is used).
Hiding the legal notices behind a login or obstructing their access in any other way violates the intent, though not necessarily the legal text, of the licenses.
While creating a single legal notices file is a widely accepted best practice, how to bring this file in front of users is a context dependent decision. This decision strongly depends on what you are delivering to recipients. Your options are
- To provide printouts,
- To provide DVDs with the legal notices file, or
- To provide software access in the delivered binary (like in the Android example).
The closer the legal notices are to the (binary) code, the better.
You should not just provide a link to a file on the web; the legal notices themselves must be part of the delivery.
Copies on a DVD are the primary option if you are providing products with limited or no access to an electronic version of the legal notices. Examples of such products range from small inexpensive integrated circuits (and their firmware) all the way to large objects like cars. If you deliver in bulk, you can deliver the legal notices once with every shipment.
In a running program, access to legal notices should be easy and feel natural to a user. If the program is primarily used through a command line interface, there should be a command line option to receive the legal notices. If the program is primarily used through a graphical user interface, there should be a menu entry that provides the legal notices. The menu entry for the open source legal notices should be close or next to any other legal notices.
© 2024 Dirk Riehle, used with permission.