Resources Blog For St. Patrick's Day: A Compliance Strategy for "Beerware"

For St. Patrick's Day: A Compliance Strategy for "Beerware"

Surely, you didn't just read a blog title that mentions beer on the Sonatype site? Oh Yes. Yes you did. In honor of St. Patrick's Day, we've decided to give you some tips on how to make sure your organization is compliant with an important (and entirely real) OSS license - "Beerware".

Beerware is the name for a license that has the following text:
 * ----------------------------------------------------------------------------
 * "THE BEER-WARE LICENSE" (Revision 42):
 * <phk@FreeBSD.ORG> wrote this file. As long as you retain this notice you
 * can do whatever you want with this stuff. If we meet some day, and you think
 * this stuff is worth it, you can buy me a beer in return Poul-Henning Kamp
 * ----------------------------------------------------------------------------

From an open source consumption perspective, if you intend to live up the terms of this license (and you should assume it is a serious license), you will need to make sure that you have an adequate beer budget and the ability to recognize the author if one day you should happen to "meet". The language of the license also suggests that compliance is voluntary ("if you think"). Just to be clear, you should have some legal process by which a formal statement is made to the effect:

"This project incorporates a library covered under revision 42 of the Beerware license. As set forth in the aforementioned license, we (The Consuming Entity) make a formal declaration that 'this stuff is worth it'. Therefore, it is our intention to be ready to fulfill these license obligations in the event of a chance meeting between the author and one of our IT executives."

If your software happens to incorporate and distribute software covered under the Beerware license it is unclear if this license would affect a larger work. To that end, software that incorporates the Beerware license should probably have some disclaimer that indemnifies your project from having to purchase alcohol for every project that happens to incorporate your Work. Otherwise, you may be exposed to surprise invoices from companies looking to monetize this particular obligation as an asset stream (always watch out for compliance trolls, especially with the Beerware license.)

I am certainly not a lawyer, but I would suggest consulting a seasoned jurist to see if your software would need to place further restrictions on the Beerware license. Some important questions to ask when consuming this license:

  • How do obligations in the Beerware license affect 3rd-party integrators? Is Beerware a copyleft license?
  • Does the license need more concrete language surround the definition of "beer" given the wide variety of beverages in this category?
  • What reasonable efforts at compliance need to be taken in the event that this happenstance meeting occurs in a jurisdiction or venue that prohibits the sale of "beer"?

All in all, it's important to think through all OSS licenses and have a solid compliance strategy in place that is aligned with your open source policy. While Nexus' Repository Health Check isn’t currently tracking your beer tally, we're certainly focused on expanding the list of license obligations we support to track compliance with the wide variety of OSS licenses out there.

Picture of Brian Fox

Written by Brian Fox

Brian Fox is a software developer, innovator and entrepreneur. He is an active contributor within the open source development community, most prominently as a member of the Apache Software Foundation and former Chair of the Apache Maven project. As the CTO and co-founder of Sonatype, he is focused on building a platform for developers and DevOps professionals to build high-quality, secure applications with open source components.