The Linux kernel, and most of the software that makes it usable are governed by the GPL, or the GNU General Public License. Now at version 3 (GPLv3), the GPL was originally written by Richard Stallman, and it’s intended to protect software freedom. The Software Freedom Law Center (SFLC) has published a guide to keeping with the terms of the GPL and related open source licenses.

Here’s the executive summary and some portions of the guide:

1 Executive Summary

This is a guide to effective compliance with the GNU General Public License (GPL) and related licenses. In accordance with the Software Freedom Law Center’s (SFLC’s) philosophy of assisting the community with GPL compliance cooperatively, this guide focuses on avoiding compliance actions and minimizing the negative impact when enforcement actions occur. It introduces and explains basic legal concepts related to the GPL and its enforcement by copyright holders. It also outlines business practices and methods that lead to better GPL compliance. Finally, it recommends proper post-violation responses to the concerns of copyright holders.

2 Background

Early GPL enforcement efforts began soon after the GPL was written by Richard Stallman in 1989, and consisted of informal community efforts, often in public Usenet discussions. 1 Over the next decade, the Free Software Foundation (FSF), which holds copyrights in many GNU programs, was the only visible entity actively enforcing its GPL’d copyrights on behalf of the community of Free/Libre and Open Source Software (FOSS) developers. FSF’s enforcement was generally a private process; the FSF contacted violators confidentially and helped them to comply with the license. Most violations were pursued this way until the early 2000’s.

By that time, Linux-based systems had become very common, particularly in embedded devices such as wireless routers. During this period, public ridicule of violators in the press and on Internet fora supplemented ongoing private enforcement and increased pressure on businesses to comply. In 2003, the FSF formalized its efforts into the GPL Compliance Lab, increased the volume of enforcement, and built community coalitions to encourage copyright holders to together settle amicably with violators. Beginning in 2004, Harald Welte took a more organized public enforcement approach and launched gpl-violations.org, a website and mailing list for collecting reports of GPL violations. On the basis of these reports, Welte successfully pursued many enforcements in Europe, including formal legal action.

In 2007, the SFLC filed the first U.S. copyright infringement lawsuit based on a violation of the GPL. While the lawsuits filed by SFLC on behalf of its clients have been quite public, SFLC resolves the vast majority of enforcement actions privately via cooperative communications with violators. As we have worked to bring individual companies into compliance, we have encountered numerous violations resulting from preventable problems such as inadequate attention to licensing of upstream software, misconceptions about the GPL’s terms, and poor communication between software developers and their management. In this document, we highlight these problems and describe best practices to encourage corporate users of FOSS to reevaluate their approach to GPL’d software and avoid future violations.

SFLC continues to conduct GPL enforcement and compliance efforts for many of its clients who release their software under the GPL, the GNU Lesser Public License (LGPL) and other copyleft licenses. In doing so, we have found that most violations stem from a few common mistakes that can be, for the most part, easily avoided. We hope to educate the community of commercial distributors, redistributors, and resellers on how to avoid violations in the first place, and to respond adequately and appropriately when a violation occurs.

You may read the full guide here