License Compliance Vocabulary
5 exercises — Practice vocabulary for license compliance: GPL copyleft, FOSS audits, dual licensing, the REUSE specification, and permissive vs. copyleft distinctions.
0 / 5 completed
1 / 5
A legal counsel says: "Our open source policy prohibits GPL in our products." A developer asks why GPL is specifically prohibited. Which explanation is correct?
GPL's copyleft (or "viral") provision is the key commercial concern — incorporating GPL code into a distributed product triggers a requirement to release the entire product under GPL, eliminating proprietary protection.
The GPL "distribution trigger" is the critical nuance: (1) using GPL software as an internal tool (not distributed) does not trigger copyleft — many companies use GPL-licensed developer tools freely; (2) distributing a product that contains GPL code to customers or users triggers the obligation to provide source under GPL. The GPL v2 and v3 differ in how they handle network-access scenarios (GPL v3's AGPL variant also triggers on network use). LGPL (Lesser GPL) is a weaker copyleft that permits linking without triggering the full copyleft — this is why many commercial-friendly open source libraries use LGPL. Companies typically allow: MIT, BSD, Apache 2.0, ISC (permissive licenses) for products; GPL for internal tools; LGPL on a case-by-case review.
Key vocabulary:
• copyleft — a license condition that requires derivative works to be released under the same (or compatible) license
• GPL (GNU General Public License) — a strong copyleft license that requires source release when distributing software containing GPL code
• distribution trigger — the act of distributing software to users that activates copyleft obligations
The GPL "distribution trigger" is the critical nuance: (1) using GPL software as an internal tool (not distributed) does not trigger copyleft — many companies use GPL-licensed developer tools freely; (2) distributing a product that contains GPL code to customers or users triggers the obligation to provide source under GPL. The GPL v2 and v3 differ in how they handle network-access scenarios (GPL v3's AGPL variant also triggers on network use). LGPL (Lesser GPL) is a weaker copyleft that permits linking without triggering the full copyleft — this is why many commercial-friendly open source libraries use LGPL. Companies typically allow: MIT, BSD, Apache 2.0, ISC (permissive licenses) for products; GPL for internal tools; LGPL on a case-by-case review.
Key vocabulary:
• copyleft — a license condition that requires derivative works to be released under the same (or compatible) license
• GPL (GNU General Public License) — a strong copyleft license that requires source release when distributing software containing GPL code
• distribution trigger — the act of distributing software to users that activates copyleft obligations