This could be a simple yes/no answer, but I invite detailed explanations.
I have been asked to extend a closed source system at my job, which is not formally released under any license. I thought I’d learned once that meant all rights are reserved by default, but I can’t find a source for that now, so please correct me if I’m wrong.
I have found a project on Github that’s released under the MIT license. It contains a class that I’m interested in using to accomplish parts of the requested functionality.
If it makes a difference, the application I’ve been asked to work on is not currently for sale. It’s simply used internally to facilitate operations, is highly customized, and has no market value. The only real reason it’s closed source is because there are endpoints exposed to the internet that management are concerned might be exploited if a vulnerability can be discovered in the open source code.
This answer cautions me to check for a copyleft provision, which I am fairly confident is not included in the MIT license, so again please correct me if I’m wrong.
The MIT license clearly states …
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
… so I understand that the license needs to be included verbatim inside my project, but I am concerned that this in effect releases the whole project under the MIT license – which I do not have rights to do.
This answer recommends quarantining the Github project code, which I know can be cleanly accomplished as a git subtree. But I’m concerned that this situation is different because it involves two very similar open source licenses.
Is it ok to have a license in my super-project root that is something along these lines:
Copyright for portions of project Foo are held by [MIT original
author, year] as part of project Bar and are provided under the MIT
license. All other copyright for project Foo are held by
[your name, year].
And is it necessary to be any more specific about referencing what exact “portions” of the project belong to the MIT license?
I fully understand that no answer/comment here will constitute legal advice, but I could use a good slap in the face if I’m just totally misunderstanding something. Also, this being my first question, if this doesn’t belong here, which I assumed it would from these answers, then please let me know – and any kind indication of an appropriate place for this question will be sincerely appreciated.
There is not copyleft provision in the MIT license. The MIT license gives you legal permission to use the code without ever distributing any of your source code. Since your project is closed source, very few people will ever see your code, but it is still a good idea to carefully document which portions are owned by someone else. For distributing binaries, your vague reference to the MIT license is compliant with the requirements of the MIT license.
Please also note that copyleft licenses do not force you to share your source code. Copyright law forces you to obtain a license and copyleft merely offers you a license in exchange for opening your source. However, you do not have to use that mechanism to obtain your license. You are still free to obtain your license by any other mechanism, such as bribing the owner of the Copyright. Blaming copyleft licenses for the requirements of Copyright law has been a major source of the confusion regarding open source licenses.