I have often been asked the question: “Is this a good open source license to use?”

First, this is the wrong question: the developer will not be using the license, they will be using the OSS covered by the license.

To be fair, some open source licenses are so liberal that any OSS covered by those licenses can be used in any way with no obligations or fear of legal consequences.

However, for the majority of open source licenses, the answer to the simple question depends upon complicated issues: how the OSS will be used, whether the developer can fulfill the license obligations resulting from that use, and whether the developer’s business agrees to fulfill those obligations.

In a common case, distributing a product which dynamically links with an LGPL-licensed library at least requires the developer to publish the OSS library’s copyright notice and make the OSS source code available to any customer.

In an uncommon case, distributing a product which statically links with that same LGPL-licensed library also requires the developer to make the proprietary source code of the product available to any customer. Same license, same library, but different use results in unacceptable obligations.

In another case, distributing modified CPL-licensed OSS requires the developer to make the modified source code available to any customer. If their modifications are clever enhancements that the developer’s business wants to remain trade secret, then that usage (that is, modification) results in unacceptable obligations.

Are the LGPL and CPL licenses bad? No, but they are a type of license that poses more risks, so the developer has to be careful how they use the OSS covered by these licenses.