Hi Aron, On Fri, Jul 19, 2019 at 01:56:14PM -0400, Aron Reman wrote: > Hi, > Thank you for the response. I just wanted some clarification. Under the > Debian license, I do not have to release source code as long as I am > writing my source code on top of the existing system correct? As in, I am > writing C/C++ code and running it on a Debian OS, which will be on my > product that is going to be sold commercially. It is my understanding that > under these conditions, I do not need to make my source code public. > Thanks, > Aron It's important to note that any "Debian license" is usually limited the the debian/* contents of a package. Assuming you're not modifying this, then there's no issue with potential violation of Debian-specific copyright holders. That said, is your "C/C++ code" 100% your own work, or does it build on an existing package? For example, let's say you work for a storage company, you're developing a NAS product, and you'd like to modify smartmontools to correctly read your drives' status. If this modified smartmontools is distributed on your NAS product, then those modifications are bound by the smartmontools license terms. To check for stuff like this, see the package's corresponding copyright file. eg, in this case: /usr/share/doc/smartmontools/copyright. Your lawyers should additionally ask you to audit the upstream source to confirm that this convenience copy is accurate. There are also tricky cases like QT, or at least a license like what QT used to have. That is to say, a license which grants distribution rights for noncommercial use, but requires the purchase of a commercial license for use in proprietary software. I'm not sure if the QT case is still current, but it's one reason why proprietary software traditionally chose to use GTK rather than QT. Finally, there's also software licensed under various BSD or MIT licenses that explicitly allows proprietary modifications to be made without a legal duty to provide the source code of modified parts. Once again, check /usr/share/doc/package/copyright, and have your team double-check. Finally, also in the case of embedded, I believe one continues to have a duty to provide the source code (plus modifications to the parts that require it). This is like AOSP and router firmwares. eg: you can distribute proprietary *applications with* GPL software, but you can't distribute proprietary *modifications to* GPL software. eg: https://www.zdnet.com/article/symantec-may-violate-linux-gpl-in-norton-core-router/ Regards, Nicholas P.S. To everyone reading this, can we put this answer somewhere on the debian.org, or is there a URL that already exists that we can refer people to?
Attachment:
signature.asc
Description: PGP signature