Antelink Project, OW2con11, Nov 24-25, Paris
Upcoming SlideShare
Loading in...5
×
 

Antelink Project, OW2con11, Nov 24-25, Paris

on

  • 784 views

 

Statistics

Views

Total Views
784
Views on SlideShare
784
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Antelink Project, OW2con11, Nov 24-25, Paris Antelink Project, OW2con11, Nov 24-25, Paris Presentation Transcript

  • Management of open source licenses... Freddy Munoz Antelink freddy.munoz@antelink.com twitter: @drfmunoz Antelink S.A.S - 2011
  • Antelink
  • Antelink
  • AntelinkOpen SourceManagement
  • Antelink team of 7
  • “The world’s largest knowledge base” 1M+ projects 500M+ files 1K+ new projectsAntepedia every day 44Tb+ data files
  • Why open source? thousands of enterprise-readyopen source projects
  • Why open source? thousands of enterprise-readyopen source projects
  • Why open source? thousands of enterprise-readyopen source projects
  • Why open source? thousands of enterprise-readyopen source projects 80% of companies reuse open source software
  • Why caringabout license issues?
  • Why caring about license issues?Why is it hard to handle licenses?
  • 1 Respect the author’s wishes I want it to be GPL… or LGPL… or BSD
  • 2 License data may not be reliable Open Source Product http://ossproduct.com Google Open Source Product LGPL License AgreementProduct Product Open Source Product shipped with the EPL license GPL V2
  • Licenses change over time
  • Licenses change over time
  • License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  • License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  • License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  • License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  • 3 Non compliance = Serious implications Material loss IP violation LawsuitsDevaluation Injunctions
  • The BusyBox case
  • BusyBox included in the firmware GPLv2Firmware BusyBox
  • Westinghouse includesBusyBox into its HDTV firmware HDTV
  • BusyBox fills a lawsuit against Westinghouse v/s December 14th 2009
  • Settlement: Westinghouse assessed damages,lost revenue,and lost inventory August 3rd 2010 - Settlement: Westinghouse assessed $150.000 in damages , lost revenue, and millions of dollars of inventory lost (all HDTV were donated to charity)
  • How tohandle this (issue)?
  • Three approaches Tool based proactive Tool based reactiveManual
  • ManualApproach
  • Keep track of components Product
  • Keep track of components Product
  • Maintain a list of licenses... check it manuallyProduct
  • Maintain a list of licenses... check it manuallyProduct Components Checklist
  • The Problem:too time consuming Work Tracking licenses
  • ToolApproach : Reactive
  • You build your software Heuristics specs Developer
  • You build your software Heuristics specs Product Developer Software factory Final product
  • Someone audits your softwareProduct $$
  • Someoneaudits your software Product component A …………… GPL component B…………….BSD $$
  • License issue = re-develop $$ Heuristics specs Product Developer Software factory Final product
  • License issue = re-develop $$ component A …………… GPL component B…………….BSD Product Heuristics specs Product Developer Software factory Final product
  • The problem:you already built the software...
  • ToolApproach :Proactive
  • You build your software Heuristics specs ProductDeveloper Software factory Final product
  • Iteratively detect license data Heuristics specs Developer
  • Iteratively detect license data Heuristics specs DeveloperOpen Source report
  • Iteratively detect license data Heuristics specs Developer Software factoryOpen Source report
  • Iteratively detect license data Heuristics specs Developer Software factoryOpen Source report Open Source report
  • Iteratively detect license data Heuristics specs Product Developer Software factory Final productOpen Source report Open Source report
  • Iteratively detect license data Heuristics specs Product Developer Software factory Final productOpen Source report Open Source report Open Source report
  • For example.... in your Git repoHeuristics specsDeveloper
  • For example.... in your Git repoHeuristics specsDeveloper
  • For example.... in your Git repoHeuristics specsDeveloper
  • For example.... in your Git repoHeuristics specsDeveloper Open Source report
  • For example.... on your IDE Filename License Version Project antlr-3.jar BSD 3.0 Antlr commons-logging.jar Apache License 2.0 1.3 Commons Logging TestCase.java CPL 1.0 - Junit new_wizard_back.gif CPL 1.0 - EPIC
  • This empowers everyone tocomply with licenses
  • It’s like bug detection... early is better license orvulnerability issue Remediation cost of acost $ Deploy Deliver Code Test & Build Package Lifecycle phase Heuristics specs Product Developer Software factory Final product Production environment
  • Prevention instead ofcorrection
  • Tools Antepedia Heuristics specsGoogleCodeDebianCodePlex 55%Maven Central 4%Eclipse 5%Apache Arch ProductOtherJBossSourceForge 31%
  • ?