i've read about this sometime ago, about the distinction between Qt module/library that we are basing our SW on, and our own SW itself. our SWs can be proprietary while keeping the Qt part (that came from the factory) open under LGPL or what, correct?
Yes, exactly.
It is important to note that this is a feature of the LGPL license. There are other licenses that have similar features –
MIT,
BSD,
Apache, etc. – , but is not true in general. The Wikipedia
Comparison of free and open source software licenses article contains a table of licenses, with the Linking column containing the stance of the license in this regard.
Also note that different licenses have different requirements. For example, to comply with the MIT and most variants of the BSD license, you need to include the licenses in the source and documentation. You could say qualitatively that these licenses are more about
attribution than "rights".
Some people also have quite emotional relationship to particular licenses. I do not: they're just a tool to achieve specific results. Reading a bit of history (behind projects that use the license and the history of the licenses themselves), can help that make clearer, if it does not open to you from the license text itself.
Comparing different licenses is also useful, because then you see how they focus on completely different things.
It certainly makes life easier when you not only follow the "letter" of the license, but its "spirit" as well. Then, if a silly person attacks you about license compliance, you can contact e.g. FSF (or whoever is considered the authority on the license) for help.
legal terms are my strongest weakness..
I really don't like "legalese" myself. It's just that when I ran a small IT company producing custom solutions to all sorts of customers (from companies to artists to government organization), I
had to learn this stuff. I had a lawyer help me do that; he also taught this stuff to other lawyers.
It is possible to statically link an application towards LGPL code and keep it proprietary.
Very true.
I think it may be useful here to show the entire section
4. Combined Works for LGPL-3.0 here:
4. Combined works
You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following:
- a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License.
- b) Accompany the Combined Work with a copy of the GNU GPL and this license document.
- c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document.
- d) Do one of the following:
- 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.
- 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version.
- e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version.
(If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.)
What it means is that you need to be open (in the product documentation and description) that your application uses the LGPL'd library, and provide web links to GPL and LGPL. You can either use dynamic linking, or provide the proprietary part of the application as an object file. You must not restrict users to use only an unmodified version of the LGPL'd libraries via e.g. checksumming; you must tell the end users how they can use a different version of the LGPL-licensed library with your application. You can either use the LGPL'd libraries installed on the system, or you can provide them yourself if you provide both their sources and detailed information on how they were configured and compiled (detailed enough to make rebuilding them easy).
Providing the exact information on how the LGPL'd libraries were configured and compiled, is not only about fulfilling the LGPL-3.0 requirements, but also about respecting the community and upstream developers. With that information, is a critical bug is discovered in the LGPL'd libraries, anyone can rebuild fixed versions of the LGPL'd libraries and use them with your proprietary application. This is
utterly important part of the Free/Open Source community, and if you help make that easier, you garner goodwill; if you make that complicated, you only gain enemies who see you as respecting the letter but not the intent of the license.
Done this way, there should be zero pressure for you to open or relicense your proprietary part.
Sure, there are ideologues who believe everything should be open, and there are silly people who don't understand the license, but they both are trivially handled by sending them a form letter describing how you're following both the letter and the intent of the licenses, as described by FSF and others, so there is no obligation to open-source the proprietary part; and that for business reasons, open-sourcing it at this time is just not possible due to commitments to existing customers.
You may even be contacted by Qt Company salesdroids, but describing the contents of the aforementioned form letter will silence them too; I'd say the danger of a lawsuit is zero. They may offer better terms on a commercial license, and there are non-LGPL'd Qt modules you might wish to use –
Qt Quick 3D for example (non-3D
Qt Quick is LGPL'd) – so there are cases where getting a commercial license makes a lot of sense.
The object files would contain enough metadata to make reverse engineering pretty simple, so a good way towards the source code, wouldn't they? Without that data, linking would be rather tricky.
On Linux, Android, and Mac OS/iOS, no. Also no on GNU- and LLVM/Clang-based toolchains. These all use ELF executables and object files, so technically the object file does not need to expose any more information than the binary would: you can strip off any metadata that would not be also present in a final executable/firmware image, except for the symbol names of the LGPL library.
If your sources comprise of multiple object files linked together, rather than multiple source files compiled and linked to a single object file, it becomes somewhat more work: you need to first compile them into a single object file, and then remove all symbols not needed externally. (Otherwise, the object files would need to expose symbols used across the object files.)
In the case of microcontrollers, the linker script file (specifying the memory ranges etc. on the target MCU) would probably reveal much more than the object files, to be honest. It's not like decompiling executables/firmware files is that difficult, once you get your hands on (unencrypted) binaries.
The major downside in this option, in my opinion, is that it does require at least the linker to be available; on the aforementioned systems and toolchains, that basically means a full (basic) toolchain installed.