The short answer is yes, compliance is necessary even if you don’t distribute. Let’s discuss some of the reasons. This question comes up in sales conversations frequently and is usually a result of an internal discussion at a prospect’s company.
At its most basic level, complying with the open source licenses even when no one may otherwise know is just the right thing to do. By the nature of open source licenses, once you download the source code, you have entered into a licensing agreement with the author or copyright holder of the code. If you enter a licensing agreement through the more traditional procurement process, you probably wouldn't get done and then say, "we don't need to comply with those terms we just negotiated." Why should open source licenses be any different? You got the code (maybe for no cost), you entered a license, and you should comply with the license requirement. Period. Plus, you never know if someone may blow the whistle on you; a disgruntled employee who leaves the company could quickly inspire a lot of bad press and a potential lawsuit with very little effort.
As you can see there are plenty of reasons to comply with an open source license other than distribution. And while distribution is one of the more compelling reasons that cause a company to make efforts to comply, at the end of the day doing it because it’s the legal and moral thing to do is awfully compelling as well.
What do you think? Is compliance already a standard part of your organization?
Stay tuned for discussion on how to go from talking about compliance to implementing compliance in the enterprise.
Allowed tags: <a> link, <b> bold, <i> italics
If you read a post on The Enterprise OSS Blog, please leave a comment. Let us know what you think, even if it's just a few words. Comments do not require approval, but they are moderated.OpenLogic reserves the right to remove any comments it deems inappropriate.