Legal notices are notices given by a distributor of an artifact to the recipient of the artifact. The common example is a vendor (distributor) selling a product (artifact) to a customer (recpient). Legal notices are not limited to software, and they existed long before open-source software. Legal notices serve many different purposes, for example:

• Declaration of ownership. The distributor may want to or have to declare who owns what in the artifact, including components sourced from suppliers. Such declarations may include copyright statements, patent use permissions, etc.
• Declaration of information required by law. Often the law puts requirements on distributors of artifacts, for example, to warn them about radiation emanating from devices like mobile phones. Providing this information can be lengthy and varies by jurisdiction.
• Declaration of limitation of liabilities. The distributor may want to try to limit any liabilities resulting from receiving and using the artifact. Whether such disclaimers or limitations will hold in court is often unknown until tried.

Any software artifact distributed to third parties needs to have an open source legal notices section as part of a more general legal notices. The open source legal notices are a result of the following common obligations found in open source licenses:

• Provide copyright notices (a.k.a. attribution). The distributor needs to compile and provide all copyright notices found in the open source code they are distributing to the recipients.
• Provide license texts. The distributor needs to compile and provide all license texts found in the open source code they are distributing to recipients.
• Provide disclaimers. The distributor needs to compile and provide all disclaimers and limitation statements to recipients. These are often already included in the license texts.
• Provide change notices. The distributor needs to create change notices (descriptions of modifications made to the original code) and provide them to recipients.
• Provide other notices. The distributor needs to compile and provide all other relevant notices found in the open source code to recipients. This is a catch-all to not forget anything.

Compiling open source legal notices requires sifting through the open source code and collecting all copyright notices and license texts into one document, the open source legal notices. An explicit request for providing disclaimers is typically already satisfied through providing the license text, because that’s where they can be found. Change notices are only required if you actually changed the open source code rather than just incorporating it as a library, and other notices often don’t exist.

The creation of legal notices may sound harmless, but in practice can turn into significant amount of work. The Linux kernel alone had over 25,000 contributors, all with their own copyright notice that you need to find and include in the legal notices (or else not fulfill the obligations and hence lose the usage rights grant).

The creation of legal notices is a complex topic discussed in further detail in the later section on open source license compliance.

© 2024 Dirk Riehle, used with permission.