Antelink Project, OW2con11, Nov 24-25, Paris
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Antelink Project, OW2con11, Nov 24-25, Paris

on

  • 794 views

 

Statistics

Views

Total Views
794
Views on SlideShare
794
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Antelink Project, OW2con11, Nov 24-25, Paris Presentation Transcript

  • 1. Management of open source licenses... Freddy Munoz Antelink freddy.munoz@antelink.com twitter: @drfmunoz Antelink S.A.S - 2011
  • 2. Antelink
  • 3. Antelink
  • 4. AntelinkOpen SourceManagement
  • 5. Antelink team of 7
  • 6. “The world’s largest knowledge base” 1M+ projects 500M+ files 1K+ new projectsAntepedia every day 44Tb+ data files
  • 7. Why open source? thousands of enterprise-readyopen source projects
  • 8. Why open source? thousands of enterprise-readyopen source projects
  • 9. Why open source? thousands of enterprise-readyopen source projects
  • 10. Why open source? thousands of enterprise-readyopen source projects 80% of companies reuse open source software
  • 11. Why caringabout license issues?
  • 12. Why caring about license issues?Why is it hard to handle licenses?
  • 13. 1 Respect the author’s wishes I want it to be GPL… or LGPL… or BSD
  • 14. 2 License data may not be reliable Open Source Product http://ossproduct.com Google Open Source Product LGPL License AgreementProduct Product Open Source Product shipped with the EPL license GPL V2
  • 15. Licenses change over time
  • 16. Licenses change over time
  • 17. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  • 18. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  • 19. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  • 20. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  • 21. 3 Non compliance = Serious implications Material loss IP violation LawsuitsDevaluation Injunctions
  • 22. The BusyBox case
  • 23. BusyBox included in the firmware GPLv2Firmware BusyBox
  • 24. Westinghouse includesBusyBox into its HDTV firmware HDTV
  • 25. BusyBox fills a lawsuit against Westinghouse v/s December 14th 2009
  • 26. Settlement: Westinghouse assessed damages,lost revenue,and lost inventory August 3rd 2010 - Settlement: Westinghouse assessed $150.000 in damages , lost revenue, and millions of dollars of inventory lost (all HDTV were donated to charity)
  • 27. How tohandle this (issue)?
  • 28. Three approaches Tool based proactive Tool based reactiveManual
  • 29. ManualApproach
  • 30. Keep track of components Product
  • 31. Keep track of components Product
  • 32. Maintain a list of licenses... check it manuallyProduct
  • 33. Maintain a list of licenses... check it manuallyProduct Components Checklist
  • 34. The Problem:too time consuming Work Tracking licenses
  • 35. ToolApproach : Reactive
  • 36. You build your software Heuristics specs Developer
  • 37. You build your software Heuristics specs Product Developer Software factory Final product
  • 38. Someone audits your softwareProduct $$
  • 39. Someoneaudits your software Product component A …………… GPL component B…………….BSD $$
  • 40. License issue = re-develop $$ Heuristics specs Product Developer Software factory Final product
  • 41. License issue = re-develop $$ component A …………… GPL component B…………….BSD Product Heuristics specs Product Developer Software factory Final product
  • 42. The problem:you already built the software...
  • 43. ToolApproach :Proactive
  • 44. You build your software Heuristics specs ProductDeveloper Software factory Final product
  • 45. Iteratively detect license data Heuristics specs Developer
  • 46. Iteratively detect license data Heuristics specs DeveloperOpen Source report
  • 47. Iteratively detect license data Heuristics specs Developer Software factoryOpen Source report
  • 48. Iteratively detect license data Heuristics specs Developer Software factoryOpen Source report Open Source report
  • 49. Iteratively detect license data Heuristics specs Product Developer Software factory Final productOpen Source report Open Source report
  • 50. Iteratively detect license data Heuristics specs Product Developer Software factory Final productOpen Source report Open Source report Open Source report
  • 51. For example.... in your Git repoHeuristics specsDeveloper
  • 52. For example.... in your Git repoHeuristics specsDeveloper
  • 53. For example.... in your Git repoHeuristics specsDeveloper
  • 54. For example.... in your Git repoHeuristics specsDeveloper Open Source report
  • 55. For example.... on your IDE Filename License Version Project antlr-3.jar BSD 3.0 Antlr commons-logging.jar Apache License 2.0 1.3 Commons Logging TestCase.java CPL 1.0 - Junit new_wizard_back.gif CPL 1.0 - EPIC
  • 56. This empowers everyone tocomply with licenses
  • 57. It’s like bug detection... early is better license orvulnerability issue Remediation cost of acost $ Deploy Deliver Code Test & Build Package Lifecycle phase Heuristics specs Product Developer Software factory Final product Production environment
  • 58. Prevention instead ofcorrection
  • 59. Tools Antepedia Heuristics specsGoogleCodeDebianCodePlex 55%Maven Central 4%Eclipse 5%Apache Arch ProductOtherJBossSourceForge 31%
  • 60. ?