Hi! :-) Am Fr., 27. Mai 2022 um 23:11 Uhr schrieb Carl Schwan <c...@carlschwan.eu>: > [... > In adition to that Nicolas already said, you might want to double check if > the LGPL 2.1 license is really to restrictive for your distributions > scenarios. The LGPL 2.1 is more permissive than the normal GPL 2 and the LGPL > 3 and as been specially be developed to be integrated inside proprietary > projects. > I'm not a lawyer, but the key requirement for the LGPL 2.1 license is that > you link the library with your project using dynamic linking, add a link to > the source code and if you do modification to the library, you also need to > publish your modification to the library. The rest of your project is not > affected by the copy left clause.
In addition to the additions, I also would like to point out that NetworkManager itself is GPLv2-licensed (note the missing "L"!), so you will already have to comply with the GPL in your product. As long as dynamic linking is used, complying with the LGPL, especially the v2 variant, should actually be doable. It may be worth discussing this with your legal department. I know that that is a massive pain (I have done something similar on a few occasions as well...), but it may absolutely be worth it if the engineering team gains speed by using established resources. Often pointing out other companies that successfully use LGPL-licensed stuff in commercial applications helps, and so does mentioning the only-modifications-to-the-library-need-to-be-open-source aspect of the LGPL compared to the GPL. Using dynamic linking may require changes in the development workflow, as in embedded devices static linking is very common, but this may be something that could work in your case. And last but not least, you will only have to provide the source code to the people who receive your binaries - which may be everybody, or possibly just the people receiving the medical device. The v2 variant of the (L)GPL also still allows tivoization[1], which is absolutely a bad thing for consumers and free software as a whole, but for your case of providing medical equipment may allow you to use (L)GPLv2 code in scenarios where regulatory requirements force you to add measures which prevent people from tampering with the device and modifying its code. Obviously, none of the above is legal advice and may not even be applicable to your specific product, but generally speaking in case of issues like this I do think it's worth to consult your legal team and try to find a solution there before pouring engineering resources into reengineering (and testing and verifying!) an already existing piece of code. Cheers, Matthias [1]: https://en.wikipedia.org/wiki/Tivoization -- I welcome VSRE emails. See http://vsre.info/