Articles

Practical writing for engineers and engineering leads dealing with OSS license compliance — usually because a customer or investor just asked.

• A customer asked for an SBOM. What do you actually do?
  A 4-step playbook for B2B SaaS engineering leads who just received a procurement license request. What format to send, what to flag, how long it should take.
• What is an SBOM, and why are customers asking?
  Plain-English explanation of Software Bill of Materials — what they contain, why customers, regulators, and security teams ask for them, what SPDX and CycloneDX files look like.
• Is MIT compatible with GPL?
  Short answer: yes. Long answer: the question is usually being asked from the wrong direction. What "compatibility" actually means and the cases where it bites.
• AGPL and commercial use: what changes when you ship SaaS
  The AGPL closes the GPL's "ASP loophole" — provide software over a network, you owe source disclosure. When it's triggered, when it isn't, and what to do when you find AGPL buried in your tree.
• Dual-licensed packages and why your scanner gets them wrong
  A dual-licensed package can be used under either license, at your choice. Most scanners just pick one and confidently print it. That's the trap.