You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is possible that decisions made before open sourcing could become a risk after open sourcing. As an example of a plausible scenario; a team need to implement a new function. This function exists in another GPL-3 copy left licenced project. To add that project would introduce multiple dependencies that aren't used by that particular function so a member of the team decides to copy the function into the package. One year later, the package is open sourced with the licence infringing code. Such an occurrence could be lessened by a Contributor Licence Agreement (CLA; see [the bot contributor-assistant](https://github.com/contributor-assistant/github-action) for an example of CLA automation). A CLA helps ensure that anyone contributing to a project acknowledges specific terms expected of contributions, like the contributions are novel code and the author will abide by the projects licence terms. In the absence of a CLA it is important to ensure that all code within the package is original, and there is no culture of cannibalising external code and infringing on people's copyright within the development team even for internal projects.
I think this example needs more details. It writes "This function exists in another GPL-3 copy left licenced project" - does that imply that the project which copies the function and then goes open-source at a later point in time will also be released under GPLv3?
On the other hand, releasing the project, including a piece of code under GPLv3 and then marking the project as MIT would be an infringement, seeing as MIT is less strict than GPLv3 about permissions.
The text was updated successfully, but these errors were encountered:
E2E-OS-Guidance/releasing.qmd
Line 55 in 0891e63
I think this example needs more details. It writes "This function exists in another GPL-3 copy left licenced project" - does that imply that the project which copies the function and then goes open-source at a later point in time will also be released under GPLv3?
If that is the assumption, then they are not necessarily in the wrong as per my understanding (is the original project attributed and referenced explicitly?):
https://fossa.com/blog/open-source-software-licenses-101-gpl-v3/
On the other hand, releasing the project, including a piece of code under GPLv3 and then marking the project as MIT would be an infringement, seeing as MIT is less strict than GPLv3 about permissions.
The text was updated successfully, but these errors were encountered: