It is a legal and ethical obligation to comply with the license of open source code when using it, and to proactively correct errors even if they are undetected. The following are the key points and suggestions： --- ### **1. Legal and ethical responsibilities** -**Legal risks**: Open source licenses (such as GPL, MIT, Apache, etc.) are legally binding. Failure to comply with the terms (such as failure to retain the copyright notice, failure to publicly modify the code, etc.) may constitute infringement and lead to litigation or compensation. -**Ethical obligations**: The open source community relies on integrity. Even if it is undetected, the violation damages the developer's trust in the open source ecosystem. --- ### **2. Potential consequences** -**Company risk**: If it is discovered afterwards, the company may face： -Legal proceedings (if the GPL requires the code to be disclosed, violations may lead to compulsory open source or compensation). -Loss of reputation, affecting customers or partnerships. -**Personal responsibility**: As a code user, you may be jointly and severally liable. --- ### **3. How to correct it? ** -**Review now**： 1. **Confirm the license type**: Check the license of the code used (for example, MIT needs to retain the copyright notice, and the GPL needs to open source derivative works). 2. **Assess the degree of violation**: Is the statement missing? Is the derivative code not open source? -**Remedial measures**： -**Supplementary Statement**: Add the original author's copyright and license documents to the project. -**Open source code**: If you violate “open source” licenses such as the GPL, you must disclose the relevant code in accordance with the terms. -**Contact the original author**: Explain the situation and negotiate a remedy (some authors may make minor mistakes). -**Internal report**: It is recommended to deal with it through the legal affairs or compliance team to avoid follow-up risks. --- ### **4. Why take the initiative to correct? ** -**Reduce risk**: Proactive rectification is less expensive than handling after being reported. -**Maintain reputation**: Reflect the company's emphasis on compliance and avoid obstacles to future cooperation. -**Employee protection**: Avoid personal and professional risks caused by concealment of problems. --- ### **5. Follow-up prevention** -**Establishment process**: The company should formulate specifications for the use of open source code, including： -Review the license before introduction. -Use tools (such as Fossil) to scan for dependencies. -**Training team**: Ensure that developers understand common license requirements. --- ###**Summary** **Must take the initiative to correct**. Compliance is not only a legal requirement, but also the protection of the long-term interests of the open source community and the company. It is recommended to cooperate with the legal affairs or compliance department as soon as possible to formulate a rectification plan and improve the process to avoid future problems.