Glossary – Open Source Software and Licensing

0BSD – Zero-Clause BSD: A public domain-equivalent permissive licence that does not require attribution, and is often preferred over CC0 for software due to specific legal wording regarding code.
AGPL – GNU Affero General Public License: Network-protective and strong copyleft licence requiring source code disclosure in case of remote use, including when the software is accessed as a service.
Apache License: Permissive licence with patent protection, attribution requirements, and a patent retaliation clause, including a patent grant that permits licencees to use patents associated with the software.
Artistic License: Permissive licence originating from the Perl ecosystem; version 2 clarifies terms and has licence compatibility with GPL.
Attribution: Notice required by some licences (e.g. Apache, CC BY, BSD License) to preserve credit to original authors and contributors, and to indicate modifications.
AUTHORS File: Lists original authors and major contributors for attribution and historical reference; contributor identities can be linked to emails or ORCID identifiers.
Binaries: Compiled executable files and other binary resources, as opposed to source code.
BSD License: Berkeley Software Distribution family of permissive licences with minimal redistribution conditions, requiring retention of attribution notices.
CC – Creative Commons: Family of licences (CC BY, CC BY-NC, CC BY-NC-SA, CC BY-ND, CC BY-SA) and the CC0 public-domain dedication for content and documentation artefacts, generally not for software. They are often used as a documentation licence for manuals, diagrams, and other materials separate from software.
CC0 – Creative Commons Zero: Public-domain dedication waiving copyright and related rights where legally possible.
CC BY – Creative Commons Attribution: Licence allowing reuse and modification, including commercial use, with mandatory attribution, and no restrictions on derivatives.
CC BY-NC – Creative Commons Attribution-NonCommercial: Like CC BY but prohibiting commercial use; not an OSS licence due to usage restriction.
CC BY-NC-SA – Creative Commons Attribution-NonCommercial-ShareAlike: Like CC BY-NC but requiring derivatives to use identical terms; copyleft equivalent with usage restriction.
CC BY-ND – Creative Commons Attribution-NoDerivatives: Licence permitting distribution and commercial use, with attribution, but forbidding distribution of modified versions.
CC BY-SA – Creative Commons Attribution-ShareAlike: Licence requiring attribution, with derivatives licensed under identical terms; copyleft equivalent.
CDDL – Common Development and Distribution License: Weak copyleft licence, mainly used for Java projects.
CHANGELOG File / Changelog / Change Log: Record of notable changes between releases, relevant for licence compliance. Entries typically follow semantic versioning to indicate release levels and changes. See HISTORY File.
CI – Continuous Integration: Automated build and test process for software changes; can integrate SCA and other tools providing immediate feedback on dependencies with vulnerabilities and licence compliance.
CI/CD – Continuous Integration / Continuous Delivery: Automated pipeline covering CI, testing, and delivery of software to production or release environments. SCA can be applied to catch issues prior to deployment or release.
CLA File – Contributor License Agreement: Agreement granting rights to use, modify, and manage contributions; may include copyright transfer or sublicensing rights, and often requires signature.
Closed Source Software: Software distributed without source code access or modification rights, unlike OSS or source-available software.
CODE_OF_CONDUCT File / Code of Conduct: Document defining expected contributor behaviour.
Commercial Licence: Licence granting rights to use, modify, or distribute software for commercial purposes, often under restrictive proprietary software terms, and typically requiring payment or authorisation.
Commercial Software: Software sold or licensed for profit, typically under a commercial licence or other restrictive proprietary software terms. It can follow an Open Core model, where the base software is OSS, while additional features or services are proprietary. It may include trademarks to distinguish the software or its services.
Compatibility: See Licence Compatibility. More broadly, the general ability of software, systems, or components to work together correctly, interoperate, or exchange data without conflict.
Compliance: Ensuring software use adheres to licence, patent, and security requirements, often via audits. Licence compatibility and appropriate compliance artefacts are necessary to meet licence obligations, and standards such as OpenChain can guide organisational practices.
Compliance Artefacts: Documentation artefacts or files required for licence adherence, such as LICENSE, NOTICE, and COPYRIGHT files, including notice retention obligations to preserve copyright and licence notices in distributions. Compliance reviews may trigger remediation, such as correcting notices to meet licence obligations.
CONTRIBUTING File: Describes contribution rules, including copyright and licence conditions, and sometimes CLA or DCO requirements. It may also reference the project’s code of conduct to define expected contributor behaviour.
Contribution: Any source code, documentation artefacts, or work submitted to a project, typically governed by a CLA or DCO, forming part of the project’s copyright and licensing framework. Contributors may retain moral rights, which must be respected even when the work is licensed or assigned. See Upstream Contribution.
CONTRIBUTORS File: Lists contributors; less common than AUTHORS file, and used in large community-driven projects.
COPYING File: GNU-style file containing the full licence text, equivalent to LICENSE File.
Copyleft: Licensing principle requiring derivatives to remain under the same or a compatible licence, ensuring software freedom (e.g. GPL, AGPL), and reciprocity in derivative works.
Copyright: Legal protection granting exclusive rights to reproduce, distribute, modify, and publicly perform or display a work.
COPYRIGHT File: Lists copyright holders and years, providing a clear ownership record, often with related legal notices, such as a warranty disclaimer.
Copyright Holder: Individual or entity owning exclusive rights to a work.
CVE – Common Vulnerabilities and Exposures: A system for referencing specific security vulnerabilities. SCA tools map dependencies to CVE lists to assess risk.
DCO – Developer Certificate of Origin: Lightweight alternative to a CLA, confirmed by a contributor’s “Signed-off-by” line in source code commits.
Defensive Termination: Licence clause revoking rights if the licencee initiates patent litigation. See Patent Retaliation Clause.
Dependency: Component, library, or source code used by another software. Each external dependency typically carries an in-licence, and should be recorded in the dependency inventory or SBOM file.
Dependency Inventory: Human-readable list of external libraries, frameworks, or tools with versions and licences, often forming the basis for an SBOM File.
Derivative / Derivative Work: Work based on or incorporating an existing copyrighted work, including modified versions.
Distribution: Providing software to third parties, triggering licence obligations.
Documentation Artefacts: Technical or user-facing documents distributed with software, such as README, LICENSE, NOTICE, CHANGELOG, and CONTRIBUTING files, typically following the software’s licence. Some are covered by a documentation licence, which may differ from the software licence applied to the code.
Documentation Licence: Licence covering manuals, diagrams, or other separate materials; often CC.
Downstream: Recipient project, organisation, or user that uses or distributes upstream software.
Dual and Multi-Licensing: Distribution under multiple licences, allowing licencees to select which applies (e.g. MySQL: GPL + commercial licence, Qt: LGPL + commercial licence). The in-licence of incorporated components must be compatible with the out-licence or subsuming licence. A secondary licence is often an example of dual licensing.
Dynamic Linking: Linking external libraries at runtime rather than copying code into the executable. Critical for compliance with LGPL, as it simply allows the main application to remain proprietary software.
Elastic Licence: Source-available licence prohibiting offering the software as a managed service, and bypassing key protections; this usage restriction makes it an exemplary fauxpen.
EPL – Eclipse Public License: Weak copyleft file-scoped licence commonly used in the Java ecosystem.
EULA – End User Licence Agreement: Proprietary software licence defining rights and restrictions by which an end user may access and use the software.
EUPL – European Union Public Licence: EU-approved copyleft licence compatible with various OSS licences.
FAIR: Findability, Accessibility, Interoperability, and Reusability principle in open science.
Fauxpen: Software or licence presented as OSS but effectively controlled by the vendor, restricting true OSS freedoms (e.g. Elastic License, SSPL).
FLOSS – Free/Libre Open Source Software: Term mainly used in academic and policy contexts; libre emphasises freedom rather than price. See FOSS.
Fork: Divergent development path based on a specific version of a project; often used to continue work from the last OSS version in response to relicensing to a proprietary licence, or to prepare an upstream contribution back to the original project.
FOSS – Free and Open Source Software: Software meeting free software criteria set by the FSF; FOSS licences are a subset of OSS licences. See FLOSS.
Free Software: Software granting users freedom to use, modify, and share it, per FSF definition.
Freeware: Proprietary software available at no cost, but without the freedoms to modify or redistribute source code inherent to free software or OSS.
FSF – Free Software Foundation: Organisation maintaining GNU licences, and promoting user freedoms.
FSFE – Free Software Foundation Europe: Organisation promoting free software in Europe, and maintaining the REUSE specification.
GNU – “GNU’s Not Unix”: Project behind the GPL, LGPL, and AGPL licence family, promoting free software and user freedoms.
GPL – GNU General Public License: Strong copyleft licence requiring derivatives to use the same licence.
GSC – GÉANT Software Catalogue: Catalogue of GÉANT software.
HISTORY File: Equivalent to a CHANGELOG file, used mainly in older Unix, BSD, or GNU projects to track changes over time.
In-Licence / Inbound Licence: Licence of external components, libraries, or dependencies incorporated into a project, typically recorded in a dependency inventory or SBOM.
IoT Gap: Circumventing OSS rights in networked or embedded software that can be used but not modified; see Tivoisation.
IP – Intellectual Property: Creations of the mind protected by law through copyright, patents, trademarks, and design rights. A licence specifies how others may use such protected works.
IPR – Intellectual Property Rights: Legal rights covering patents, copyright, and trademarks. See Sideground IPR.
IPR Coordinator: Role managing intellectual property rights and licence compliance, ensuring software projects follow the organisation’s IPR Policy for licence, IP, and contribution management.
IPR Policy: Policy governing intellectual property rights, licence selection, and compliance.
ISC License: Permissive licence created by the Internet Software Consortium (now Internet Systems Consortium).
ISO – International Organisation for Standardisation: Organisation developing international standards.
LGPL – GNU Lesser General Public License: Weak copyleft licence used mainly for libraries. It permits dynamic linking with differently licensed or proprietary software. Static linking is allowed when users receive the build information, the source code for the LGPL parts and whatever is needed to rebuild the larger work with a modified version of the library.
Licence: Legal instrument granting permissions, and imposing obligations on the use, modification, or distribution of software.
Licence Compatibility: Ability to combine or distribute software under different licences without violating their terms. For example, MIT components within a GPL project, or Apache 2.0 code with GPL 3.0 as out-licence, require that GPL obligations are met for those components as well.
Licencee: Individual or organisation granted rights under a licence.
License: US spelling of licence; also verb form in both US and UK English; used in official licence names or acronyms.
LICENSE File: File containing the full licence text. See COPYING File.
Licensing: Governance of licence permissions, obligations, compliance artefacts, and dependency management; also granting permission to use intellectual property.
LT – Licensing Team: GÉANT team in charge of SLM, coordinating software licensing, compliance, and governance.
Markdown: Lightweight text formatting syntax.
MIT License / X11 License: Simple permissive licence requiring attribution and notice retention.
Moral Rights: Personal rights of creators (distinct from economic copyright) to be credited (attribution) and to prevent derogatory treatment of their work; these are often non-transferable and persist even if copyright is transferred.
MPL – Mozilla Public License: Weak copyleft licence permitting file-level mixing.
Multi-Licensing: See Dual and Multi-Licensing.
Network-Protective Licence: Strong copyleft licence requiring source code disclosure in case of remote use (e.g. AGPL).
NOTICE File: Contains acknowledgements, attributions, and licence-related notices.
Notice Retention: Requirement to preserve copyright and licence notices in redistributions.
Open Core: A business model where the core functionality of a product is OSS (often under a permissive licence or strong copyleft), while advanced features (enterprise security, monitoring) are proprietary software or source-available software.
OpenChain: ISO/IEC standard for managing OSS in supply chains, providing guidelines for licence compliance, defining a core curriculum for OSS practices, and specifying conformance requirements for organisations.
ORCID – Open Researcher and Contributor ID: Persistent digital identifier uniquely distinguishing researchers and contributors.
OSI – Open Source Initiative: Organisation approving OSS licences.
OSPO – Open Source Program Office: Unit managing OSS strategy, compliance, and engagement. In GÉANT, the IPR Coordinator oversees IP and licence compliance, while the LT implements day-to-day SLM processes.
OSS – Open Source Software / Open Source: Software under licences granting rights to use, modify, and distribute source code, including those recognised by the OSI or FSF. An organisation’s IPR Policy guides OSS use, contribution, and distribution, while an OSPO may promote adoption, establish contribution policies, ensure compliance, and guide OSS strategy.
Out-Licence / Outbound Licence: Licence applied to distributed software, which may differ from the licences of its dependencies.
Patent: Legal protection granting exclusive rights to an invention, preventing others from making, using, selling, or distributing it without permission.
Patent Grant: Permission to use patents associated with the software and its contributions, typically covering rights held by contributors and reducing legal uncertainty for users and distributors.
Patent Retaliation Clause: Licence term revoking rights and the patent grant if the licencee initiates a patent claim, deterring patent trolling, and implementing defensive termination.
Patent Trolling: Asserting patents to obtain fees or settlements; addressed in some licences through patent retaliation clauses.
Permissive Licence: Licence allowing use, modification, and redistribution with minimal obligations, such as preserving copyright and licence text, and without imposing the same licence on derivatives (e.g. MIT, BSD, Apache, ISC, Artistic, PSFL).
Proprietary Software: Software distributed under restrictive terms limiting access, modification, or redistribution, often requiring authorisation or payment when it is commercial software sold for profit. Such software is typically governed by an EULA, and may be distributed as freeware or shareware. It may also involve trademarks, and is most often closed source software distributed without source code.
PSFL – Python Software Foundation Licence / Python License: Permissive licences governing the Python interpreter and standard library, and granting broad rights to use, modify, and distribute Python with minimal conditions that include a notice and disclaimer requirement.
Public Domain: Works not protected by copyright, either because it has expired or has been waived (e.g., via CC0). In jurisdictions where public-domain dedication is not recognised, permissive licences such as 0BSD, Unlicense, or MIT-0 can be used.
README File: Documentation artefact providing an overview of a project, installation, and usage; typically written in Markdown to ensure clear formatting and readability.
Reciprocity: Principle requiring that rights granted under a licence (e.g. copyleft) must be extended to derivatives or redistributed versions.
Relicensing: Changing a licence of existing software, often to improve licence compatibility or for commercial reasons; must comply with original licence or contributor consent. Relicensing to a fauxpen or commercial licence often results in a fork.
Remediation: Process of resolving identified issues in a software project, such as updating outdated dependencies with vulnerabilities, replacing incompatible licences or correcting missing notices, to restore compliance and reduce security or legal risk.
Remote Use: Use of software over a network, potentially triggering copyleft obligations.
REUSE / REUSE Specification: FSFE initiative defining standardised file headers, licence text placement, and metadata for automated compliance, aligning with FAIR principles through improved accessibility and interoperability of licensing information.
SBOM File – Software Bill of Materials: Machine-readable dependency inventory listing components and their licences, often in SPDX or CycloneDX format, with semantic versioning and provenance. It should include all components, including transitive dependencies, supporting FAIR principles by improving findability and reusability of information.
SCA – Software Composition Analysis: Automated detection of dependencies, licences, and vulnerabilities, to support compliance, risk assessment, and remediation, often integrated into CI or CI/CD. SCA tools identify direct and transitive dependencies, and commonly report known vulnerabilities using CVE identifiers.
Secondary Licence: Alternative licence permitted by a primary licence for compatibility.
Semantic Versioning: Versioning scheme using MAJOR.MINOR.PATCH notation (e.g. 1.2.3).
Shareware: Proprietary software provided initially for free (often as a trial) with the expectation that the user will pay for continued use; distinctly different from OSS.
Sideground IPR: Intellectual property rights of third-party dependencies, or other copyrighted work incorporated into a project, requiring proper handling to ensure licence compliance.
SLA – Software Licence Analysis: Assessment of licensing in software projects.
SLM – Software and Licence Management: GÉANT subtask supported by the LT, relying on the GSC for software and access to compliance artefacts, and using SLA to assess compliance and risks.
Software Licence: See Licence.
Source Code: Human-readable form of software that is often compiled into binaries.
Source-Available Licence / Source-Available Software: Licence or software with visible source code, but restrictive terms preventing OSS status (e.g. Elastic Licence, SSPL). Unlike Closed Source Software, the source code is viewable, though modification or redistribution may remain limited.
SPDX – Software Package Data Exchange: Standard for machine-readable licence and component metadata, including standard identifiers (e.g. MIT, Apache-2.0, BSD-3-Clause); widely used in SBOMs and REUSE headers.
SSPL – Server Side Public Licence: Network-protective, strong copyleft, and source-available licence requiring release of service management layer source code when providing a service. Its additional obligations on the surrounding service stack make it fauxpen.
Static Linking: Copying library code directly into the main executable binary. For weak copyleft licences like LGPL, this may trigger obligations to provide object code or source code to allow relinking.
Strong Copyleft: Licensing model requiring derivatives to remain under the same terms or licence (e.g. GPL, AGPL, EUPL, CC BY-SA). SSPL is a strong copyleft source-available licence.
Sublicensing: Allowing a licencee to pass on certain rights to a third party without transferring copyright or changing licence terms; permissive licences allow it, copyleft licences restrict it to the same terms, and commercial licences usually forbid it.
Subsuming Licence: Licence that governs a combined work when incorporated dependencies impose conditions on the whole, similar to an out-licence but not necessarily implying distribution. “Subsuming into” means incorporating one work into a larger one so it becomes subject to that subsuming licence.
Tivoisation: Restricting software modification on devices; prohibited by GPL 3.0; closely related to the IoT gap.
Trademark: Legally protected sign, name, logo, symbol, design, or other identifying mark distinguishing goods or services, granting the owner exclusive rights to its commercial use.
Transitive Dependency: Dependency required by another dependency rather than by the project directly. Tracking transitive dependencies is essential for SCA, SBOM accuracy and licence compliance.
Unlicense: Permissive licence used in jurisdictions where public-domain dedication is not recognised.
Upstream Contribution: Improvement submitted to the original software or project.
Upstream Software: Original software from which other software is derived. A downstream project or user receives and builds upon it, potentially triggering licence obligations and compliance requirements.
Usage Restriction: Licence term limiting certain uses of the software, including remote use, commercial, military, surveillance, or other applications.
Vulnerability: A weakness in software code that can be exploited; SCA tools are primarily used to identify known vulnerabilities (mapped to CVEs) in dependencies.
Warranty Disclaimer: Statement denying liability for damages.
Weak Copyleft: Copyleft with limited scope (e.g. LGPL, MPL, EPL, CDDL), usually applying to modifications of the original source code, but allowing linking with differently licensed or proprietary software.

Space shortcuts

Page tree