Linux Foundation Policy and Best Practices Guidance

This site is intended to provide recommendations and guidance about licensing, legal, and regulatory matters relating to open collaboration project communities.

This site is not intended as legal advice. Any questions relating to legal requirements and compliance should be discussed with your own legal counsel.

Licensing and IP

• Basics: Copyright

• Basics: Patent

• Open Source License Compliance

• Copyright Notices

• Contributions to Projects: DCO and CLAs

• SPDX License IDs

Standards and Open Collaboration

• Introduction

• Standards vs. Software

• Licensing of Standards

• Community Specifications

EU Cyber Resilience Act

• Introduction

• Step 1: Categorize Your Project

• Step 2: Written Security Policy

• Step 3: Notification Process

• Step 4: Cooperation

• Step 5: Additional Actions

• Resources

US Export Controls

• Introduction

• United States EAR

• EAR and OSS

• Non-Standard Cryptography

• Standards-Related Activities

• Best Practices

US OFAC Sanctions

• Introduction

• About OFAC Sanctions

• OFAC and Open Source

• Key Points for Developers

• Conclusion

Data Privacy

• Telemetry Data

• Hosted Tools and Immutable Records