Developerguidelines forusing third-partycodeMark AberdourHead of Learning Platforms
Why it mattersIt’s good to use code found on the web. It can be very robust andwell tested, and generally makes a programmer’s life easier.However, third party code comes with some licensing dangerswhich can seriously impact both employee and employer if the lawis broken.While most code libraries are fine to use, some do require morecare than others to stay on the right side of the law.This quick guide is aimed to help Epic programmers make the rightdecisions on what code to use in their projects.By necessity this guide contains some simplifications of what is acomplex legal area. If in doubt, please just ask.
License typesMost code found on the web is open source. There are threemain types of open source license, and these dictate what wecan and can’t do with the code. License type Commercial use Strongly-protective/ CANNOT use in closed- copyleft (GPL/AGPL) source, commercial products Weakly-protective Can use in closed-source, (LGPL) commercial products WITH CARE Permissive FREE TO USE in closed-source, (Apache, MIT, BSD) commercial products Non-OS license Terms will vary so read the license!
Licenses: strongly protectiveLicenses: GPL, AGPLImplications of using code:If the code is used in a product that is redistributed, then the entirecodebase must inherit the same license. For this reason, these arealso known as viral licenses.Epic policy:Do NOT use any GPL or AGPL licensed code without gettingpermission first, unless the project you are working on is already GPL orAGPL licensed.
Licenses: weakly protectiveLicenses: LGPLImplications of using code:This license is commonly used for code libraries. It allows the code tobe used in closed source, commercial products; however, anymodifications to the library must be fed back upstream to thecreator.Epic policy:It is fine to use LGPL licensed code, but any changes MUST be fedback to the library creator, and the developer should manage thisprocess.
Licenses: permissiveLicenses: Apache, MIT, BSDImplications of using code:Allows the code to be used in closed source, commercial productswith no obligations. Some licenses have an ‘attribution clause’ whichsimply asks that the original creator is credited.Epic policy:It is absolutely fine to use any Apache, MIT or BSD licensed code.
Three questions to always ask1. What are the license terms of the code you are thinking ofusing?Be sure to find out what license it is released under. If it’s not opensource or if you cannot find a license, then contact a seniormanager for approval to reuse it.2. What are the license terms of the Epic project you are workingon?This will impact what licenses you can use. For example, thewebinar plug-in we built for Moodle is GPL anyway.3. Is the product for just one customer, or will it be distributed tomany?Open source license terms kick in when a product is redistributed.So if the code is for the private use of a single customer, it is fine toreuse code from ANY license, GPL included.
Re-use conventionsThe following are best practices that you should follow every timeyou reuse third party code. If you get in the habit of doing this, youshould always be on the right side of the law.- Always retain the original license info in the code files.- Always credit the original author. Even if is not always required, itis the right thing to do.- If you make modifications, ensure they carry prominent notices.- If you make modifications, send the amends back to the originalauthor. Again, it is not always required, but it’s the right thing todo.- Finally, please keep a record in the project folder of all third-partycode used and include the license type and source URL.
This is a PERMISSIVE license. We can use, modify and redistributeApache v2 this code as part of a commercial product.license The license info must be retained in the file. Any modifications must carry prominent notices. If the work includes a NOTICE text file containing author attributions, then those attribution notices must be provided with the new work.http://opensource.org/licenses/Apache-2.0
This is a PERMISSIVE license. We can use, modify and redistribute this code as part of a commercial product.MIT license There are no obligations at all, therefore we can do what we like with it.http://opensource.org/licenses/MIT
This is a PERMISSIVE license. This is similar to the MIT license,BSD 3-clause with the addition of a third clause that says we cannot use the authors organisation name orlicense any contributor names to promote the product. The BSD-2 clause license is newer, omits the third clause and is roughly equivalent to the MIT license.http://opensource.org/licenses/BSD-3-Clause
This is a WEAKLY PROTECTIVE license; reuse requires some care.LGPL v3 We can use, modify and redistribute this code as part of a commercial product.license We MUST include a notice that the library is used (e.g. in a NOTICE file) within the product and include copies of the GPL and LGPL (but these wont apply to the whole product, don’t worry!). If we make modifications, then the library must also be released under the LGPL.http://opensource.org/licenses/lgpl-3.0.html
This is a COPYLEFT license; reuse is highly restrictive.GPL v2/v3 We CANNOT use, modify or redistribute this code as part of a commercial product.license If we redistribute the derivative work then the entire product must itself inherit the GPL.http://opensource.org/licenses/gpl-license
This is a COPYLEFT license; reuse is highly restrictive.AGPL v3 We CANNOT use, modify or redistribute this code as part of a commercial product.license If we redistribute the derivative work, then the entire product must itself inherit the GPL. Redistribution in this case includes applications accessed remotely from a server (e.g. Cloud/SaaS services).http://opensource.org/licenses/AGPL-3.0
FurtherinformationIf you have any questions at allregarding the above or any licenses wehave not covered, please contact:Mark AberdourEmail:email@example.comTwitter: @maberdour