Management of open source licenses...          Freddy Munoz              Antelink   freddy.munoz@antelink.com        twitt...
Antelink
Antelink
AntelinkOpen SourceManagement
Antelink team of 7
“The world’s largest             knowledge base”               1M+   projects             500M+   files               1K+  ...
Why open source?   thousands of  enterprise-readyopen source projects
Why open source?   thousands of  enterprise-readyopen source projects
Why open source?   thousands of  enterprise-readyopen source projects
Why open source?   thousands of  enterprise-readyopen source projects                       80%        of companies       ...
Why caringabout license  issues?
Why caring  about license    issues?Why is it   hard   to   handle licenses?
1   Respect the author’s         wishes                I want it to be             GPL… or LGPL…                      or BSD
2                     License data may not                                           be reliable                     Open ...
Licenses change over time
Licenses change over time
License data                                               may behttp://jwebmail.sourceforge.net/news.html                ...
License data                                               may behttp://jwebmail.sourceforge.net/news.html                ...
License data                                               may behttp://jwebmail.sourceforge.net/news.html                ...
License data                                               may behttp://jwebmail.sourceforge.net/news.html                ...
3    Non compliance =     Serious implications              Material loss    IP violation             LawsuitsDevaluation ...
The BusyBox case
BusyBox included in   the firmware              GPLv2Firmware    BusyBox
Westinghouse includesBusyBox into its HDTV            firmware HDTV
BusyBox fills a lawsuit against Westinghouse        v/s       December 14th 2009
Settlement: Westinghouse  assessed damages,lost revenue,and lost     inventory      August 3rd 2010 - Settlement: Westingh...
How tohandle this (issue)?
Three approaches                         Tool based proactive          Tool based reactiveManual
ManualApproach
Keep track of components  Product
Keep track of components  Product
Maintain a list of licenses...    check it manuallyProduct
Maintain a list of licenses...    check it manuallyProduct                      Components Checklist
The Problem:too time consuming   Work      Tracking       licenses
ToolApproach : Reactive
You build your software   Heuristics     specs Developer
You build your software   Heuristics     specs                                   Product Developer      Software factory  ...
Someone    audits your softwareProduct                      $$
Someoneaudits your software                               Product       component A …………… GPL       component B…………….BSD  ...
License issue = re-develop                             $$   Heuristics     specs                                   Product...
License issue = re-develop                                           $$      component A …………… GPL      component B…………….B...
The problem:you already  built the software...
ToolApproach :Proactive
You build your software  Heuristics    specs                                  ProductDeveloper      Software factory   Fin...
Iteratively detect license          data   Heuristics     specs Developer
Iteratively detect license          data      Heuristics        specs  DeveloperOpen Source report
Iteratively detect license          data      Heuristics        specs  Developer          Software factoryOpen Source report
Iteratively detect license          data      Heuristics        specs  Developer          Software factoryOpen Source repo...
Iteratively detect license          data      Heuristics        specs                                              Product...
Iteratively detect license          data      Heuristics        specs                                              Product...
For example.... in your             Git repoHeuristics  specsDeveloper
For example.... in your             Git repoHeuristics  specsDeveloper
For example.... in your             Git repoHeuristics  specsDeveloper
For example.... in your             Git repoHeuristics  specsDeveloper               Open Source report
For example.... on your                          IDE Filename              License              Version   Project antlr-3....
This empowers  everyone tocomply with licenses
It’s like bug detection...                                                early is better         license orvulnerability ...
Prevention instead ofcorrection
Tools                     Antepedia         Heuristics                                         specsGoogleCodeDebianCodePl...
?
Upcoming SlideShare
Loading in...5
×

Antelink Project, OW2con11, Nov 24-25, Paris

602

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
602
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Antelink Project, OW2con11, Nov 24-25, Paris"

  1. 1. Management of open source licenses... Freddy Munoz Antelink freddy.munoz@antelink.com twitter: @drfmunoz Antelink S.A.S - 2011
  2. 2. Antelink
  3. 3. Antelink
  4. 4. AntelinkOpen SourceManagement
  5. 5. Antelink team of 7
  6. 6. “The world’s largest knowledge base” 1M+ projects 500M+ files 1K+ new projectsAntepedia every day 44Tb+ data files
  7. 7. Why open source? thousands of enterprise-readyopen source projects
  8. 8. Why open source? thousands of enterprise-readyopen source projects
  9. 9. Why open source? thousands of enterprise-readyopen source projects
  10. 10. Why open source? thousands of enterprise-readyopen source projects 80% of companies reuse open source software
  11. 11. Why caringabout license issues?
  12. 12. Why caring about license issues?Why is it hard to handle licenses?
  13. 13. 1 Respect the author’s wishes I want it to be GPL… or LGPL… or BSD
  14. 14. 2 License data may not be reliable Open Source Product http://ossproduct.com Google Open Source Product LGPL License AgreementProduct Product Open Source Product shipped with the EPL license GPL V2
  15. 15. Licenses change over time
  16. 16. Licenses change over time
  17. 17. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  18. 18. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  19. 19. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  20. 20. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  21. 21. 3 Non compliance = Serious implications Material loss IP violation LawsuitsDevaluation Injunctions
  22. 22. The BusyBox case
  23. 23. BusyBox included in the firmware GPLv2Firmware BusyBox
  24. 24. Westinghouse includesBusyBox into its HDTV firmware HDTV
  25. 25. BusyBox fills a lawsuit against Westinghouse v/s December 14th 2009
  26. 26. Settlement: Westinghouse assessed damages,lost revenue,and lost inventory August 3rd 2010 - Settlement: Westinghouse assessed $150.000 in damages , lost revenue, and millions of dollars of inventory lost (all HDTV were donated to charity)
  27. 27. How tohandle this (issue)?
  28. 28. Three approaches Tool based proactive Tool based reactiveManual
  29. 29. ManualApproach
  30. 30. Keep track of components Product
  31. 31. Keep track of components Product
  32. 32. Maintain a list of licenses... check it manuallyProduct
  33. 33. Maintain a list of licenses... check it manuallyProduct Components Checklist
  34. 34. The Problem:too time consuming Work Tracking licenses
  35. 35. ToolApproach : Reactive
  36. 36. You build your software Heuristics specs Developer
  37. 37. You build your software Heuristics specs Product Developer Software factory Final product
  38. 38. Someone audits your softwareProduct $$
  39. 39. Someoneaudits your software Product component A …………… GPL component B…………….BSD $$
  40. 40. License issue = re-develop $$ Heuristics specs Product Developer Software factory Final product
  41. 41. License issue = re-develop $$ component A …………… GPL component B…………….BSD Product Heuristics specs Product Developer Software factory Final product
  42. 42. The problem:you already built the software...
  43. 43. ToolApproach :Proactive
  44. 44. You build your software Heuristics specs ProductDeveloper Software factory Final product
  45. 45. Iteratively detect license data Heuristics specs Developer
  46. 46. Iteratively detect license data Heuristics specs DeveloperOpen Source report
  47. 47. Iteratively detect license data Heuristics specs Developer Software factoryOpen Source report
  48. 48. Iteratively detect license data Heuristics specs Developer Software factoryOpen Source report Open Source report
  49. 49. Iteratively detect license data Heuristics specs Product Developer Software factory Final productOpen Source report Open Source report
  50. 50. Iteratively detect license data Heuristics specs Product Developer Software factory Final productOpen Source report Open Source report Open Source report
  51. 51. For example.... in your Git repoHeuristics specsDeveloper
  52. 52. For example.... in your Git repoHeuristics specsDeveloper
  53. 53. For example.... in your Git repoHeuristics specsDeveloper
  54. 54. For example.... in your Git repoHeuristics specsDeveloper Open Source report
  55. 55. For example.... on your IDE Filename License Version Project antlr-3.jar BSD 3.0 Antlr commons-logging.jar Apache License 2.0 1.3 Commons Logging TestCase.java CPL 1.0 - Junit new_wizard_back.gif CPL 1.0 - EPIC
  56. 56. This empowers everyone tocomply with licenses
  57. 57. It’s like bug detection... early is better license orvulnerability issue Remediation cost of acost $ Deploy Deliver Code Test & Build Package Lifecycle phase Heuristics specs Product Developer Software factory Final product Production environment
  58. 58. Prevention instead ofcorrection
  59. 59. Tools Antepedia Heuristics specsGoogleCodeDebianCodePlex 55%Maven Central 4%Eclipse 5%Apache Arch ProductOtherJBossSourceForge 31%
  60. 60. ?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×