Our customer decided to base its new product generation on Linux, instead of Microsoft Windows that was used so far. There are many reasons to use Linux and one of them is the fact that this is free of charge. Now free of charge does not mean that there is no restriction in its use. Open Source Software and the use of open source software requires the manufacturer to remain in compliance with copyright law. Indeed, the Linux kernel is licensed under version 2 of the GPL. The glibc is licensed under version 2.1 of the GNU Lesser General Public License. Individual files or components can be licensed under other types of licenses i.e. BSD.
Before releasing the product, it was requested to be officially compliant.

When using Linux as OS for a product, the manufacturer copies and distributes open source software. This requires to be compliant with OSL. We recommended going through an audit, and in this specific case, an audit from our partner OSADL, as this audit covers both the technical and legal aspect of OSS compliance. Part of the audition team is a lawyer firm, specialized in OSL. This audit focuses on the license conditions of the GPL and LGPL and has a product related approach, which is what our client was looking for.
We acted as technical and administrative consultant prior and during the audit. As Partner of OSADL, we have knowledge and a good understanding of the legal and technical requirements for a manufacturer that uses Linux in his products.
OSL compliance is not a one-off activity, it involves different departments, requires new processes and is under the responsibility of the management. We consulted regarding the development of new processes, training of employees to spread out knowledge about this topic. Company documents needed to be checked, possibly adapted (contracts with suppliers, Terms and Conditions, etc…) or created.
Besides the company related topics, we also consulted on the product using Linux which required specific actions:

• Provision of the license texts
• Notation of Copyrights
• Disclaimers
• Provision of complete corresponding machine-readable source code
• Compliance with license conditions for modified software
• Inspection of accompanying documentation
• Relinking of the C library
• Permission of modification
• Permission of modification

In order to facilitate reviewing all the components and look for license texts, copyrights and disclaimers, there are tools that can be used. In this case, we used FOSSology (www.fossology.org).

Our offering is to consult and accompany the manufacturer in the audit preparation.

The Audit went well and only a few specific topics related to supplier’s T&C were an issue against the permission of reverse engineering.
Such an audit is very much recommended when using Linux, and especially, when modifications are done in the kernel! Not being compliant can have huge repercussions, like delivery stop, destruction of shipped materials, provision of customers lists, financial compensation, trial costs and, of course, unprofessional image of the company.
The investment in time and money is worth it, so did our customer see it.