We need to block development from putting in problematic open source into production. We are allowed to do bulk open source approval, but legal is looking for a commitment from us that we will not put (L3) open source with problematic licenses into production without approval. Other levels of open source we are allowed to put into production and follow up at the end of the month/qtr to get approval. Some problematic licenses are GPL and LGPL.