Nowadays software is usually a combination of own-written code and FOSS; in some cases it also contains parts licensed under non-FOSS licenses. FOSS licenses stipulate different obligations and, in order to be legally compliant, one has to abide by the obligations of every license.
This talk will present lessons learned while building a corporate compliance system that is sensitive to the needs of developers while still pleasing the lawyers.
This talk will present lessons learned while trying to ensure legal compliance in a large company. It will touch upon different aspects of the set of processes and mechanisms used. Such mechanisms exist to provide answers to questions such as: - how can FOSS be used? - how can FOSS be integrated? and - how can FOSS be released?
It is obvious that the task of legal compliance involves developers as well as people from legal professions; therefore an important part of structuring any system or set of processes has to be the satisfaction of both these groups of users. More specifically, legal people should neither become overwhelmed by their tasks, nor end up being the bottleneck of the whole workflow. On the other hand, software development should be disrupted as little as possible, since this is usually the main business.
It is hoped that such practices can greatly help everyone facing this inherently difficult and potentially risky issue. Moreover, such practices can facilitate the use of FOSS in a commercial environment.
Speakers: Alexios Zavras