Policies for Open Source use at the workplace
Things I like about some companies’ approach to software installation on employee’s machines:
- No mandatory and restrictive centralized software distribution system where all employees have to hope and pray that certain tools are available and up-to-date.
- No URL blocking or similar measures of distrust that would prevent employees from downloading and installing software.
This leaves room for a focus on education, knowledge sharing and trust that employees act responsibly.
Based on my experience, these are some useful policies / objectives for Open Source use at the workplace (especially for IT companies):
- All employees who work with a computer learn the basics about Open Source licenses (OSI definition, copyleft vs permissive, see link below).
- All employees who work with a computer learn about the differences of Open Source vs Freeware vs Shareware.
- The company establishes simple and employee-friendly policies for the use of Open Source at work:
- Declare the major permissive (non-copyleft) licenses (Apache, MIT, BSD, LGPL, EPL, …) as pre-approved for all software library and tool use.
- Declare all OSI approved licenses as pre-approved for stand-alone tools, i.e. where copyleft cannot affect any derived or bundled code developed at the workplace.
- Software that satisfies the pre-approval criteria above should not require any further request or approval process.
- Additionally, the company could maintain a “blacklist” of software (versions) that are known to have security flaws or other aspects that make them unsuitable for use at the workplace.
- Recommendations can be given to watch out for and uncheck unwanted add-ons during software installations.
- Software development companies, should train their team leads in basic legal aspects like software copyright and license terms.