The Software Freedom Law Center, which provides legal help to the free and open-source software community, has released a detailed document that describes how users and vendors can ensure they are in compliance with the open-source GNU General Public License (GPL).
Initially, GPL compliance was enforced through informal means, such as bulletin board discussions, but as Linux's profile grew in ensuing years, enforcement efforts became more organised and ultimately entered the courts, the report notes. Last year, Skype was found guilty of violating the GPL by a Munich, Germany regional court.
It need not go that far, according to authors Bradley Kuhn, Aaron Williamson and Karen Sandler.
"We have found that most violations stem from a few common mistakes that can be, for the most part, easily avoided," they wrote. "We hope to educate the community of commercial distributors, redistributors, and resellers on how to avoid violations in the first place, and to respond adequately and appropriately when a violation occurs."
Among the lengthy report's tips is a caution not to rely on "build gurus."
"Too many software projects rely on only one or a very few team members who know how to build and assemble the final released product," it states. "Such knowledge centralisation not only creates engineering redundancy issues, but it also endangers GPL compliance, which requires you to provide build scripts."
Companies should also closely watch their software purchases to ensure they are compliant with the GPL, according to the report.
"The companies we contact about GPL violations often respond with: 'We didn't know there was GPL'd stuff in there,'" it states. "Integration of third-party proprietary software typically requires a formal arrangement and management/legal oversight before the developers incorporate the software. By contrast, your developers often obtain and integrate FOSS without intervention. The ease of acquisition, however, does not mean the oversight is any less necessary."