Skip to content

License Compliance for Embedded Linux Systems

Product Summary

Product Description

Option 1: Qt LGPL vs. Qt Commercial

Why this is important

You contacted me about using Qt under LGPL-3.0 because of one or more of the following reasons:

  • You find the per-developer and per-unit fees for Qt for Device Creation – Qt Commercial, for short – too high.
  • You want to move from Qt Commercial to Qt LGPL to avoid the high license fees.
  • The Qt Company sends you regular emails threatening you with legal consequences because you are allegedly violating the LGPL.
  • The Qt Company demands an audit to find out how many developers and devices use Qt, although you are using Qt under LGPL.
  • The Qt Company makes it look like you have to open-source your application code.
  • The Qt Company insists that you must allow the users of your B2B devices to install modified Qt versions on the devices.
  • And more…

Some companies don’t countercheck these statements and pay 5-digit or even 6-digit Qt license fees per year. They might find out later that Qt LGPL would have been perfectly fine and they could have spent their money on more important topics. If you pay good money for Qt, it should be for the right reasons – and not for the wrong ones.

What you get from me

I’ll give you a clear assessment of the legal, financial and technical ramifications of using Qt Commercial and Qt LGPL. This includes

  • a detailed description of the obligations of the LGPL-3.0 and Qt Commercial license,
  • a list of Qt modules and features that you can use under LGPL-3.0 or not,
  • alternatives to Qt modules and features like Qt MQTT, Qt Charts, Qt VirtualtKeyboard and Qt for MCU that are only available under Qt Commercial,
  • a cost comparison between Qt Commercial and Qt LGPL-3.0.

Together we work out an adequate way how to use Qt LGPL on your products. We assess whether your products are B2B or B2C. With B2C products, you must enable users to install modified Qt versions on the product. With B2B products, you don’t. If you have a B2C product, I’ll give you several options how to install the Qt libraries on your product.

In the end, you can make an informed decision whether to use Qt Commercial or Qt LGPL.

I deliver this option in one workshop of 3-4 hours or in two workshops of 1.5 to 2 hours each. Of course, you get my slides and you can record the sessions.

Option 2: FOSS Licenses

Why this is important

Did you know?

  • If your proprietary application links against a library under GPL or compiles in a source file under GPL, you must open-source the code of your application.
  • Linking a library under LGPL, GPL or Apache against a library under EPL or vice versa is illegal.
  • You don’t have to provide the source code of libraries under Apache to the users of your applications.
  • Your proprietary application can communicate with a service under GPL via DBUS or gRPC – without falling under GPL.

What you get from me

I deliver this option in one workshop of 2-3 hours or in two workshops of 1 to 1.5 hours each. Of course, you get my slides and you can record the sessions.

I’ll cover the following topics in the workshop(s):

  • Problem definition: License compliance for embedded Linux systems.
  • Permissive licenses (BSD, MIT, Apache, etc).
  • Weak and strong copyleft licenses (LGPL, GPL, EPL, etc.).
  • License compatibility: legal, illegal and undesirable license combinations.
  • License compliance in supply chains.

The goal is to clarify your questions about the compliance with and between FOSS licenses used in your system.

Option 3: License Compliance Check

Why this is important

One of the world’s biggest terminal manufacturers for agricultural and construction machines provides the hardware abstraction layer (HAL) as a library. This library is under GPL. The manufacturer recommends its customers to use this library in their applications.
The multimedia library ffmpeg is used, for example, to play videos from rear-view cameras. It has an option to enable additional libraries under GPL. Some BSPs come with this option enabled, some with it disabled.
Customers, who use these libraries, would have to open-source their applications. They are waiting for a disaster to happen. You can minimise the risk of such disasters by using my bespoke process to check the license compliance of an embedded Linux system.

What you get from me

The compliance tool – a command-line utility – guides you through the compliance check of embedded Linux systems. When you run the tool for the first time on your embedded Linux build, it can decide for almost all packages, whether their combination with other packages (including the packages containing your proprietary applications) is legal, illegal, undesirable or yet unchecked. If illegal, you remove the problematic package or replace it with a differently licensed package with the same functionality. If undesirable, you ensure that the package is only used in the right context. If yet unchecked, you review the license and classify the package as legal, illegal or undesirable.

The compliance result typically contains less than five packages that need extra checking. Once checked, you add the classification of the new packages and licenses to the compliance database. Their classification is known for all future runs of the compliance tool. I’ll teach you how to classify licenses and packages correctly and how to spot and solve problematic cases.

In a hands-on session, we’ll perform a license compliance check for one embedded Linux system. I will first introduce the compliance process to the participants. Then, the participants will apply the process to the selected Linux image – with my help. At the end of the session, you will have the following deliverables.

  • A list of all packages – the compliance result – with the reason if and how each package can be combined with other packages. You know how to deal with Illegal and undesirable combinations.
  • A compliance archive that contains, for each package, all the files (source code, patches, license texts, copyright notes, etc.) required to comply with the license. By giving the compliance archive to the users of your embedded system, you satisfy the licenses of all the packages in your Linux image.
  • A compliance tool supporting the process.
  • A compliance database with the classification of known licenses and packages.
  • A detailed description of the process with examples for every filter.
  • Example QML code that displays the license texts and copyright notes in the GUI of a Qt application.
  • An optional meeting with management, where I present the compliance result.

What I need from you

I can only review the license results and resolve license violations, if you satisfy the following premises:

  • You must have a working Yocto build of the Linux image undergoing the license compliance check. I won’t help you fix any build problems.
  • You must run my compliance tool on the Linux image and produce the compliance result.

Pricing

You can book Option 2 only together with Option 1 and Option 3 only together with Options 1 and 2.

Questions & Answers

Do you guarantee the correctness and completeness of the compliance results?

No, I simply can’t give you any such guarantees.

However, following my compliance process makes your risk of license violations very unlikely. More than 20 happy customers (as of September 2024) are proof to this claim. None of them was sued. None of them saw any legal action against them. None of them was found in violation of any licenses. Moreover, I have spent a lower 5-digit amount of my own money on an expert lawyer to ensure that I understand copyleft licenses and especially LGPL correctly.

Linux systems are too complex to guarantee the correctness or completeness of the compliance results. Here are three scenarios that are beyond my control.

  • Your developers add a new package with a problematic license to the Linux image. They don’t run the compliance tool or misinterpret the violations flagged by the tool.
  • Your developers add a library under a problematic license to the repository of your proprietary application. They include the new library into the build of the application. The compliance tool cannot see the licensing change and cannot warn about it.
  • Your developers change a build option so that a formerly unproblematic library suddenly contains code under a problematic license.

Or, I can overlook a problematic package or license. It’s just too easy.

Do you help us perform a license compliance check for further releases of our products?

Yes, I do. You can buy a block of 5 hours of my time at a price of €1,000. I help you review the compliance results for new releases of your products. I try to answer all your questions about licensing.

Can we use your bespoke compliance process for other products in our company?

Only with my written approval. I may charge an extra fee for this approval.

If “our company” means the same legal entity and your company only makes a few products, you will probably get my approval without paying an extra fee. If “our company” means several different legal entities, brands or business units, you will probably have to pay an extra fee for my approval. In the end, my approval depends on the number of different products for which you could use my compliance process.

Our contract will explicitly state which legal entities are allowed to use the compliance process under which terms. If you want to add more legal entities in the future, I will extend the contract accordingly.

Who are your target customers and who are not?

My target customers are manufacturers (OEMs) who sell their goods to end users. These companies are at the end of the supply chain. Typical examples are the manufacturers of harvesters, tractors, excavators, cars, packaging machines, vending machines, measurement devices, medical devices, home appliances and TVs.

The conditions stated on this page do not apply to companies that are not at the end of the supply chain. Typical examples are SoC, SoM, terminal and ECU makers as well as service companies. My terms and conditions explicitly forbid that companies use my bespoke process to do license compliance checks for their customers. The simplest way is that they send their customers to me. Of course, I am open to negotiate special terms and conditions with such companies.

Which embedded Linux build systems does the compliance tool support?

The compliance tool supports embedded Linux systems built with Yocto and with Buildroot. It does not yet support Linux systems based on Debian, Redhat or similar Linux distros.

Do you check license compliance for Qt desktop applications?

Yes, if they control or monitor an embedded device. No, if there is no embedded device involved.

The typical scenario looks like this. Your Qt application runs on a Windows desktop computer. It is connected with an embedded device over a network (e.g., LAN, WLAN, CAN, ModBus). The embedded device does not use Qt. It runs on a microprocessor or microcontroller with or without an operating system.

You would produce a list of third-party software (e.g., libraries) used by your Qt application. I would review this list for license issues and recommend fixes for these issues.

Who is the primary audience for the workshops?

The primary audience are the managers who are accountable for license compliance, the people doing the license compliance check and the senior technical people responsible for selecting the software used on your devices. The secondary audience are developers, who should check the license before they use third-party software from the Internet.

I recommend that at most 12 people participate in the workshops. I have found that the workshops become less interactive the bigger the audience gets. Let’s talk if you want to send more than 12 people.

Who is not allowed to attend the workshops?

People from third-party companies like service companies, contractors and freelancers are not allowed in the workshops. License compliance should not be outsourced, because your company will be responsible for violations.

What are useful resources for Qt licensing?

I have written and talked quite a bit about Qt licensing:

  • In the blog post Using Qt 6 under LGPLv3, I compare the three Qt licensing options: LGPL-3.0, Qt for Device Creation Professional and Enterprise. I explain which modules and features are available under which license, give you my best guesses at the Qt Commercial costs, warn you against mixing Qt LGPL and Qt Commercial, and give you many tips when it makes sense to pay for Qt and when not.
  • In my talk at Qt Day Italy 2019, you find a detailed explanation how to comply with the obligations of the LGPL-3.0. You find the slides in this blog post.
  • In the newsletter User Products under LGPL-3.0, I discuss when your product is a user product and what the ramifications are. If your product is not a user product, you need not allow users to install modified Qt versions on your embedded devices.
  • In the newsletter Illegal License Combinations, I look at legal and illegal combinations of permissive and copyleft licenses. For example, the combination of the Eclipse Public License (EPL) with any copyleft license is forbidden.
  • In the newsletter Do Not Sign the Qt License Agreement Unchanged, I point out the pitfalls in the Qt License Agreement for the commercial Qt for Device Creation licenses. I also give suggestions how to change the agreement, if you really need Qt Commercial.