Skip to main content
Software Engineering

Return to Question

Post Closed as "Needs more focus" by gnat, durron597, CommunityBot
Improved language, removed answer from question
Source Link
edit approved May 26, 2015 at 10:11
jonrsharpe
edit approved May 26, 2015 at 10:11
jonrsharpe
  • 1.3k
  • 2
  • 12
  • 19

Before iI started making software for a company which requires it'sits software to be closed source-source everything was easy, but now, I'm drowning in license issues and I have no idea what to do.

I have found several great libraries for TLS and other crypto but all (obviously) have a licenselicenses. I am talking about the following licenselicenses:

  1. GNU General Public license, version 2 for Mbed TLS
  2. Apache license, version 2
  3. Microsoft Limited Permissive License (Ms_LPL) for CLR Security
  4. Adaptation of MIT X11 License for Bouncy Castle

I know GNU GPL can only be used if my project is opensourceopen source, but is it okOK to have an example project which we can provide when asked for, which is similar to the code we use on our embedded devices but is just a much simpler version. or do we actually need to provide the entire source code of what is currently running on the device.

  1. Because it is impossible to have the crypto bit open source and the rest of our source code closed source under this license right?
  1. I believe the Apache License would allow us to use the library in closed source projects without problems and only needs a copy of that license when we distribute it, am I correct?
  1. Ms-LPL, for as far as I can see, allows the use and adaptation of the code without restrictions, one can also keep it closed source. but would need to add a copy of the license, same goes for the bouncy castle license if i'm not mistaking?

  1. Because it is impossible to have the crypto bit open source and the rest of our source code closed source under this license right?

  2. I believe the Apache License would allow us to use the library in closed source projects without problems and only needs a copy of that license when we distribute it, am I correct?

  3. Ms-LPL, for as far as I can see, allows the use and adaptation of the code without restrictions, one can also keep it closed source. but would need to add a copy of the license, same goes for the bouncy castle license if i'm not mistaking?

In all cases there are part of our source code we do not want to give to anyone. The products in which the code is used are being sold. In some cases we might change the code a bit (especially in the case of mbedTLS).

It would be great if someone could help me understand these licenses and could tell me if I'm right about these licenses. And perhaps recommend the license which would be the least problematic (ege.g. needing to provide as little paperwork as possible)

ANSWER:
Thanks to maze-le and his amazing site i quickly found the answers i was looking for, just to sum up and close this question properly:.

  1. yes it is impossible to keep part of the source closed, all the source needs to be open.
  2. & 3. Apache just like the others allow you to use and adapt the source code what ever way you please, you just need to include a notice and a copy of the license.

Before i started making software for a company which requires it's software to be closed source everything was easy but now, I'm drowning in license issues and I have no idea what to do.

I have found several great libraries for TLS and other crypto but all (obviously) have a license. I am talking about the following license:

  1. GNU General Public license, version 2 for Mbed TLS
  2. Apache license, version 2
  3. Microsoft Limited Permissive License (Ms_LPL) for CLR Security
  4. Adaptation of MIT X11 License for Bouncy Castle

I know GNU GPL can only be used if my project is opensource, but is it ok to have an example project which we can provide when asked for, which is similar to the code we use on our embedded devices but is just a much simpler version. or do we actually need to provide the entire source code of what is currently running on the device.

  1. Because it is impossible to have the crypto bit open source and the rest of our source code closed source under this license right?
  1. I believe the Apache License would allow us to use the library in closed source projects without problems and only needs a copy of that license when we distribute it, am I correct?
  1. Ms-LPL, for as far as I can see, allows the use and adaptation of the code without restrictions, one can also keep it closed source. but would need to add a copy of the license, same goes for the bouncy castle license if i'm not mistaking?

In all cases there are part of our source code we do not want to give to anyone. The products in which the code is used are being sold. In some cases we might change the code a bit (especially in the case of mbedTLS).

It would be great if someone could help me understand these licenses and could tell me if I'm right about these licenses. And perhaps recommend the license which would be the least problematic (eg. needing to provide as little paperwork as possible)

ANSWER:
Thanks to maze-le and his amazing site i quickly found the answers i was looking for, just to sum up and close this question properly:

  1. yes it is impossible to keep part of the source closed, all the source needs to be open.
  2. & 3. Apache just like the others allow you to use and adapt the source code what ever way you please, you just need to include a notice and a copy of the license.

Before I started making software for a company which requires its software to be closed-source everything was easy, but now I'm drowning in license issues and I have no idea what to do.

I have found several great libraries for TLS and other crypto but all (obviously) have licenses. I am talking about the following licenses:

  1. GNU General Public license, version 2 for Mbed TLS
  2. Apache license, version 2
  3. Microsoft Limited Permissive License (Ms_LPL) for CLR Security
  4. Adaptation of MIT X11 License for Bouncy Castle

I know GNU GPL can only be used if my project is open source, but is it OK to have an example project which we can provide when asked for, which is similar to the code we use on our embedded devices but is just a much simpler version. or do we actually need to provide the entire source code of what is currently running on the device.

  1. Because it is impossible to have the crypto bit open source and the rest of our source code closed source under this license right?

  2. I believe the Apache License would allow us to use the library in closed source projects without problems and only needs a copy of that license when we distribute it, am I correct?

  3. Ms-LPL, for as far as I can see, allows the use and adaptation of the code without restrictions, one can also keep it closed source. but would need to add a copy of the license, same goes for the bouncy castle license if i'm not mistaking?

In all cases there are part of our source code we do not want to give to anyone. The products in which the code is used are being sold. In some cases we might change the code a bit (especially in the case of mbedTLS).

It would be great if someone could help me understand these licenses and could tell me if I'm right about these licenses. And perhaps recommend the license which would be the least problematic (e.g. needing to provide as little paperwork as possible).

added 421 characters in body
Source Link
Vincent
Vincent
  • 383
  • 5
  • 11

Before i started making software for a company which requires it's software to be closed source everything was easy but now, I'm drowning in license issues and I have no idea what to do.

I have found several great libraries for TLS and other crypto but all (obviously) have a license. I am talking about the following license:

  1. GNU General Public license, version 2 for Mbed TLS
  2. Apache license, version 2
  3. Microsoft Limited Permissive License (Ms_LPL) for CLR Security
  4. Adaptation of MIT X11 License for Bouncy Castle

I know GNU GPL can only be used if my project is opensource, but is it ok to have an example project which we can provide when asked for, which is similar to the code we use on our embedded devices but is just a much simpler version. or do we actually need to provide the entire source code of what is currently running on the device.

  1. Because it is impossible to have the crypto bit open source and the rest of our source code closed source under this license right?
  1. I believe the Apache License would allow us to use the library in closed source projects without problems and only needs a copy of that license when we distribute it, am I correct?
  1. Ms-LPL, for as far as I can see, allows the use and adaptation of the code without restrictions, one can also keep it closed source. but would need to add a copy of the license, same goes for the bouncy castle license if i'm not mistaking?

In all cases there are part of our source code we do not want to give to anyone. The products in which the code is used are being sold. In some cases we might change the code a bit (especially in the case of mbedTLS).

It would be great if someone could help me understand these licenses and could tell me if I'm right about these licenses. And perhaps recommend the license which would be the least problematic (eg. needing to provide as little paperwork as possible)

ANSWER:
Thanks to maze-le and his amazing site i quickly found the answers i was looking for, just to sum up and close this question properly:

  1. yes it is impossible to keep part of the source closed, all the source needs to be open.
  2. & 3. Apache just like the others allow you to use and adapt the source code what ever way you please, you just need to include a notice and a copy of the license.

Before i started making software for a company which requires it's software to be closed source everything was easy but now, I'm drowning in license issues and I have no idea what to do.

I have found several great libraries for TLS and other crypto but all (obviously) have a license. I am talking about the following license:

  1. GNU General Public license, version 2 for Mbed TLS
  2. Apache license, version 2
  3. Microsoft Limited Permissive License (Ms_LPL) for CLR Security
  4. Adaptation of MIT X11 License for Bouncy Castle

I know GNU GPL can only be used if my project is opensource, but is it ok to have an example project which we can provide when asked for, which is similar to the code we use on our embedded devices but is just a much simpler version. or do we actually need to provide the entire source code of what is currently running on the device.

  1. Because it is impossible to have the crypto bit open source and the rest of our source code closed source under this license right?
  1. I believe the Apache License would allow us to use the library in closed source projects without problems and only needs a copy of that license when we distribute it, am I correct?
  1. Ms-LPL, for as far as I can see, allows the use and adaptation of the code without restrictions, one can also keep it closed source. but would need to add a copy of the license, same goes for the bouncy castle license if i'm not mistaking?

In all cases there are part of our source code we do not want to give to anyone. The products in which the code is used are being sold. In some cases we might change the code a bit (especially in the case of mbedTLS).

It would be great if someone could help me understand these licenses and could tell me if I'm right about these licenses. And perhaps recommend the license which would be the least problematic (eg. needing to provide as little paperwork as possible)

Before i started making software for a company which requires it's software to be closed source everything was easy but now, I'm drowning in license issues and I have no idea what to do.

I have found several great libraries for TLS and other crypto but all (obviously) have a license. I am talking about the following license:

  1. GNU General Public license, version 2 for Mbed TLS
  2. Apache license, version 2
  3. Microsoft Limited Permissive License (Ms_LPL) for CLR Security
  4. Adaptation of MIT X11 License for Bouncy Castle

I know GNU GPL can only be used if my project is opensource, but is it ok to have an example project which we can provide when asked for, which is similar to the code we use on our embedded devices but is just a much simpler version. or do we actually need to provide the entire source code of what is currently running on the device.

  1. Because it is impossible to have the crypto bit open source and the rest of our source code closed source under this license right?
  1. I believe the Apache License would allow us to use the library in closed source projects without problems and only needs a copy of that license when we distribute it, am I correct?
  1. Ms-LPL, for as far as I can see, allows the use and adaptation of the code without restrictions, one can also keep it closed source. but would need to add a copy of the license, same goes for the bouncy castle license if i'm not mistaking?

In all cases there are part of our source code we do not want to give to anyone. The products in which the code is used are being sold. In some cases we might change the code a bit (especially in the case of mbedTLS).

It would be great if someone could help me understand these licenses and could tell me if I'm right about these licenses. And perhaps recommend the license which would be the least problematic (eg. needing to provide as little paperwork as possible)

ANSWER:
Thanks to maze-le and his amazing site i quickly found the answers i was looking for, just to sum up and close this question properly:

  1. yes it is impossible to keep part of the source closed, all the source needs to be open.
  2. & 3. Apache just like the others allow you to use and adapt the source code what ever way you please, you just need to include a notice and a copy of the license.
Source Link
Vincent
Vincent
  • 383
  • 5
  • 11

Libraries and licenses

Before i started making software for a company which requires it's software to be closed source everything was easy but now, I'm drowning in license issues and I have no idea what to do.

I have found several great libraries for TLS and other crypto but all (obviously) have a license. I am talking about the following license:

  1. GNU General Public license, version 2 for Mbed TLS
  2. Apache license, version 2
  3. Microsoft Limited Permissive License (Ms_LPL) for CLR Security
  4. Adaptation of MIT X11 License for Bouncy Castle

I know GNU GPL can only be used if my project is opensource, but is it ok to have an example project which we can provide when asked for, which is similar to the code we use on our embedded devices but is just a much simpler version. or do we actually need to provide the entire source code of what is currently running on the device.

  1. Because it is impossible to have the crypto bit open source and the rest of our source code closed source under this license right?
  1. I believe the Apache License would allow us to use the library in closed source projects without problems and only needs a copy of that license when we distribute it, am I correct?
  1. Ms-LPL, for as far as I can see, allows the use and adaptation of the code without restrictions, one can also keep it closed source. but would need to add a copy of the license, same goes for the bouncy castle license if i'm not mistaking?

In all cases there are part of our source code we do not want to give to anyone. The products in which the code is used are being sold. In some cases we might change the code a bit (especially in the case of mbedTLS).

It would be great if someone could help me understand these licenses and could tell me if I'm right about these licenses. And perhaps recommend the license which would be the least problematic (eg. needing to provide as little paperwork as possible)