Modern open source projects rarely consist solely of all new code, written entirely from scratch. More often, they are built from many sources. And, each of these original sources may operate under a particular license – which may also differ from the license that the new project uses.
Winslow runs The Linux Foundation’s license scanning and analysis service, and he advises projects about licenses identified in their source code and dependencies.
He says that getting license compliance right early can help attract contributors and users to an open source project. However, he notes that license scanning and compliance are not end goals; rather, they are processes that can serve other objectives, including:
According to Winslow, “any project that implements license scanning and compliance should aim to make it sustainable” and should set realistic goals to avoid being overwhelmed by the number of options and issues that may arise.
Winslow also explains how using tools, such as FOSSology for license scanning and Software Package Data Exchange (SPDX) to help package scan results into meaningful reports, can help projects succeed in compliance efforts.
Learn more and download this free publication now.