Prompt
Always verify the licensing compatibility of all dependencies, especially in security-critical networking code. GPL and other restrictive licenses can create legal compliance issues and security vulnerabilities through forced disclosure requirements or usage restrictions.
Before integrating external libraries, headers, or frameworks:
- Identify all direct and transitive dependencies
- Check each dependency’s license against your project’s licensing policy
- Document any licensing conflicts and their security implications
- Consider dual-licensing or alternative implementations when conflicts arise
Example from BPF networking code:
// Problematic - GPL-only dependencies
#include <linux/bpf.h> // GPL license
#include <bpf/bpf_helpers.h> // GPL license
// Solution - Use dual-licensed alternatives or
// implement compatible functionality
char __license[] __section("license") = "Dual BSD/GPL";
License restrictions can compromise security by limiting your ability to patch vulnerabilities, distribute security updates, or maintain code independently. Always audit licensing before committing to dependencies in security-sensitive components.