> -----Original Message----- > From: License-discuss [mailto:license-discuss-boun...@opensource.org] On > Behalf Of Christopher Sean Morrison > Sent: Wednesday, February 15, 2017 1:06 PM > To: License Discussion Mailing List <license-discuss@opensource.org> > Subject: [Non-DoD Source] Re: [License-discuss] OSI equivalent > > On Feb 15, 2017, at 11:58 AM, Karan, Cem F CIV USARMY RDECOM ARL (US) > <cem.f.karan....@mail.mil < Caution- > mailto:cem.f.karan....@mail.mil > > wrote: > > Does OSI have a license compatibility chart for the various approved > licenses? > Something similar to > Caution-https://www.gnu.org/licenses/license-list.html < > Caution-https://www.gnu.org/licenses/license- > list.html > ? Our > researchers are pulling in code from all kinds of sources, and we want > to keep > them out of legal hot water, and a compatibility chart would be helpful > for > this. > > > > > Hi Cem, > > There are a variety out on the web but nothing officially sanctioned because > the devil is in the details when you talk about compatibility. > It depends heavily on whether you are integrating, modifying, or simply using > (unmodified) the 3rd party code. Creating a combined work > is not necessarily the same as creating a derivative work is not the same as > just linking against something. There are different > compatibility concerns with each. > > For example, I can create an LGPL program that uses an Apache 2.0 library > just fine, and distribute it as a combined work without too > much concern. I can also create an Apache 2.0 program that links to an LGPL > library, but I’d have to be more careful with how the LGPL > library is linked (assuming there is no link exception granted) and used — no > muddling of the code waters or my program becomes LGPL > too. It’s a fair bit more complex with the strongly protective / viral > licenses. > > The attached image by Dr. David Wheeler (renowned Mil-OSS security > researcher) is a reasonable starting point that you can find readily > around the web in various forms. The flow diagram is basically describing > code compatibility in the most general terms, about how/where > code can migrate and/or be relicensed. E.g., I can’t take an MIT code and > distribute it as public domain; but I can take a public domain > code and distribute it as MIT. Note it’s NOT referring to simple usage or > linking, otherwise it might falsely lead you to think you can’t link > against an Apache 2.0 library in a GPLv2 work. > > Cheers! > Sean
I was afraid of that... and so is our Legal department :(. We want to issue good general guidance to everyone in our workforce, but at the moment that appears to be 'go talk with Legal'. As for the image by Dr. Wheeler, it doesn't seem to have come through; can you try resending it? Thanks, Cem Karan
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ License-discuss mailing list License-discuss@opensource.org https://lists.opensource.org/cgi-bin/mailman/listinfo/license-discuss
