Che cosa esattamente io / la mia azienda devo fare "rendere disponibili / pubblicare" le modifiche al codice sorgente e soddisfare GPL / LGPL

4

Questa sembra una domanda di base, ma non ho trovato una fonte definitiva.

Ho bisogno di modificare la fonte di un'applicazione LGPL per il mio datore di lavoro per collegare un buco di sicurezza. A lungo termine aggiorneremo ad una versione successiva di questa applicazione, ma per ora, questa è la soluzione più veloce.

(in particolare: cambierò un fork di versione di Apache Tomcat del 2005 - jboss-web 2.0.1 - per aggiungere il cookie JSESSIONID "httpOnly" e "secure").

La domanda

Che cosa devo fare esattamente io / la mia azienda per "rendere disponibile" o "pubblicare" il codice sorgente?

Deve essere accessibile dal sito Web della società o dal repository github? O posso averlo sul mio account Github privato e semplicemente avere il link dell'azienda ad esso?

grazie

    
posta user331465 14.07.2014 - 17:46
fonte

1 risposta

1

Option (a): Source Alongside Binary

GPLv2 § 3(a) and v3 § 6(a) embody the easiest option for providing source code: including Corresponding Source with every binary distribution. While other options appear initially less onerous, this option invariably minimizes potential compliance problems, because when you distribute Corresponding Source with the binary, your GPL obligations are satisfied at the time of distribution.

Option (b): The Offer

Many distributors prefer to ship only an offer for source with the binary distribution, rather than the complete source package. This option has value when the cost of source distribution is a true per-unit cost. For example, this option might be a good choice for embedded products with permanent storage too small to fit the source, and which are not otherwise shipped with a CD but are shipped with a manual or other printed material.

However, this option increases the duration of your obligations dramatically. An offer for source must be good for three full years from your last binary distribution (under GPLv2), or your last binary or spare part distribution (under GPLv3). Your source code request and provisioning system must be designed to last much longer than your product life cycle.

In addition, if you are required to comply with the terms of GPLv2, you cannot use a network service to provide the source code. For GPLv2, the source code offer is fulfilled only with physical media. This usually means that you must continue to produce an up-to-date “source code CD” for years after the product’s end-of-life.

Under GPLv2, it is acceptable and advisable for your offer for source code to include an Internet link for downloadable source in addition to offering source on a physical medium. This practice enables those with fast network connections to get the source more quickly, and typically decreases the number of physical media fulfillment requests. (GPLv3 § 6(b) permits provision of source with a public network-accessible distribution only and no physical media.

link

    
risposta data 14.07.2014 - 18:19
fonte

Leggi altre domande sui tag