Linux Foundation Policy and Best Practices Guidance¶

This site is intended to provide recommendations and guidance about licensing, legal, and regulatory matters relating to open collaboration project communities.

This site is not intended as legal advice. Any questions relating to legal requirements and compliance should be discussed with your own legal counsel.

Licensing and IP¶

  • Basics: Copyright

  • Basics: Patent

  • Open Source License Compliance

  • Copyright Notices

  • Contributions to Projects: DCO and CLAs

  • SPDX License IDs

Standards and Open Collaboration¶

  • Introduction

  • Standards vs. Software

  • Licensing of Standards

  • Community Specifications

EU Cyber Resilience Act¶

  • Introduction

  • Step 1: Categorize Your Project

  • Step 2: Written Security Policy

  • Step 3: Notification Process

  • Step 4: Cooperation

  • Step 5: Additional Actions

  • Resources

US Export Controls¶

  • Introduction

  • United States EAR

  • EAR and OSS

  • Non-Standard Cryptography

  • Standards-Related Activities

  • Best Practices

US OFAC Sanctions¶

  • Introduction

  • About OFAC Sanctions

  • OFAC and Open Source

  • Key Points for Developers

  • Conclusion

Data Privacy¶

  • Telemetry Data

  • Hosted Tools and Immutable Records

 
  • Licensing and IP →

Logo

Policy and Best Practices

Navigation

  • Licensing and IP
  • Standards and Open Collaboration
  • EU Cyber Resilience Act
  • US Export Controls
  • US OFAC Sanctions
  • Data Privacy

Related Topics

  • Documentation overview
    • Next: Licensing and IP
©2026, The Linux Foundation. | Page source