NetworkManagerQt

Matthias Klumpp matthias at tenstral.net
Sat May 28 05:44:10 BST 2022 

Hi! :-)

Am Fr., 27. Mai 2022 um 23:11 Uhr schrieb Carl Schwan <carl at carlschwan.eu>:
> [...
> In adition to that Nicolas already said, you might want to double check if the LGPL 2.1 license is really to restrictive for your distributions scenarios. The LGPL 2.1 is more permissive than the normal GPL 2 and the LGPL 3 and as been specially be developed to be integrated inside proprietary projects.
> I'm not a lawyer, but the key requirement for the LGPL 2.1 license is that you link the library with your project using dynamic linking, add a link to the source code and if you do modification to the library, you also need to publish your modification to the library. The rest of your project is not affected by the copy left clause.

In addition to the additions, I also would like to point out that
NetworkManager itself is GPLv2-licensed (note the missing "L"!), so
you will already have to comply with the GPL in your product. As long
as dynamic linking is used, complying with the LGPL, especially the v2
variant, should actually be doable. It may be worth discussing this
with your legal department. I know that that is a massive pain (I have
done something similar on a few occasions as well...), but it may
absolutely be worth it if the engineering team gains speed by using
established resources.
Often pointing out other companies that successfully use LGPL-licensed
stuff in commercial applications helps, and so does mentioning the
only-modifications-to-the-library-need-to-be-open-source aspect of the
LGPL compared to the GPL. Using dynamic linking may require changes in
the development workflow, as in embedded devices static linking is
very common, but this may be something that could work in your case.
And last but not least, you will only have to provide the source code
to the people who receive your binaries - which may be everybody, or
possibly just the people receiving the medical device.

The v2 variant of the (L)GPL also still allows tivoization[1], which
is absolutely a bad thing for consumers and free software as a whole,
but for your case of providing medical equipment may allow you to use
(L)GPLv2 code in scenarios where regulatory requirements force you to
add measures which prevent people from tampering with the device and
modifying its code.

Obviously, none of the above is legal advice and may not even be
applicable to your specific product, but generally speaking in case of
issues like this I do think it's worth to consult your legal team and
try to find a solution there before pouring engineering resources into
reengineering (and testing and verifying!) an already existing piece
of code.

Cheers,
    Matthias

[1]: https://en.wikipedia.org/wiki/Tivoization

-- 
I welcome VSRE emails. See http://vsre.info/

More information about the kde-devel mailing list