Creating New Code:
Open source software is now found in most places, so good working knowledge of open source licensing and compliance obligations is crtical. Understanding how to indicate licenses accurately in source code will minimize problems for contributions to upstream projects, as well as being useful in internal corporate projects.
To help developers understand the fundamentals of open source licensing and compliance, the Linux Foundation has created a free course (LFC191: Compliance Basics for Developers), that provides an overview of the key types of licenses, what copyright statements are, and how to code them accurately in your source. Clearly expressing licensing and copyright information, makes it possible to be easily found (by scanners, etc.), which is key to making sure your intentions are respected.
Understanding Existing Code:
Before contributing to an existing project, its important to know the licenses that the project is using. This lets you know what terms you may need to follow to contribute new code, whether you can combine code from different projects to add new features, etc. 'grep', 'awk' and 'sed' can get a lot of information, but as projects become more complex, its useful to have a toolkit like FOSSology where you can run license, copyright and export control scans from the command line.
FOSSology is an open source project that incorporates multiple scanners as plug-ins and agents, and can generate compliance information summaries (like SPDX files) for the scanned code. In addition to command line support, FOSSology also provides a graphical user interface and database support, for creating compliance workflows.
Developers who want to help improve and extend FOSSology for other developers, are welcome to participate.
Contacting Companies about Compliance Issues with Your Code:
Many times, open source developers need to contact companies to discuss compliance issues but cannot find the appropriate party. The Linux Foundation has created a directory of compliance officers at companies using Linux and Open Source software in their commercial products so communication can be eased. If you are a developer who has contributed upstream to a project, and want to connect a compliance officer at a specific company, please fill out this form and we'll try to connect you to the right person at that company. You can check back on the progress of your request any time using the request number provided when your submitted form is accepted.
If you are part of an open source compliance office and want to register your organization, please fill out this form to have your organization included in the directory.