Licences for External Lifbraries

These days software systems are large and complicated. They use various technologies and components. It is very rare for a system to be built from scratch - without existing frameworks and external libraries.

Because of that, software delivered by a vendor will most probably contain such components. The customer should pay attention to the 3rd party component licences. This may have an impact in the future development.

Licence types

We need to consider two perspectives:

  1. The use of external 3rd party library.
  2. Expanding external 3rd party library.

If the software that has been ordered uses external components, each one of those components is treated as a separate entity. Such entity has its own licences given by the component's owner. (case 1)

If the vendor wants to extend external component, it needs to be done under component's licences. Open source licences (like GPL) will force the vendor to release the source code of the changed component. (case 2)

Sometimes, the vendor has his own set of components used to speed up the development process. In such case, the customer needs to make sure that it is possible and legal to extend those components by other vendors. Otherwise, the customer is dependent on this particular vendor when it comes to the future development. More about that in the Internal supporting components part below.

Licence types

  • GPL - free commercial use. The development team is forced to publish the source code.
  • MIT/BSD - free commercial use. Modifications to the source can be kept hidden.
  • End User License Agreement - licence type used by most software companies. Usually, the vendor cannot modify the source code.

In every case, the licence terms need to be provided with the external component by the vendor.

Danger

Incompetent usage of external components may result in obligatory source code release.

Internal supporting components

As mentioned above, vendors can use they own custom components or frameworks. It is quite a common practice since such supporting components visibly speed up the development process. Cryptography or spell-checking modules can be very easily reused.

For the customer, the fact that some (possibly essential) components make him dependent on a particular vendor can be problematic in future. Usually, it's the vendor who owns the licence to those components. Because of that, it would be harder for the customer to change the vendor if that was his wish.

The customer should receive a licence to use and modify all supporting components in the system he ordered.

Summary

When receiving the software, the customer should check if all external components have a licence which satisfies his needs. Licencing should be included in the software delivery agreement.