Antelink Project, OW2con11, Nov 24-25, Paris

757 views
656 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
757
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Antelink Project, OW2con11, Nov 24-25, Paris

  1. 1. Management of open source licenses... Freddy Munoz Antelink freddy.munoz@antelink.com twitter: @drfmunoz Antelink S.A.S - 2011
  2. 2. Antelink
  3. 3. Antelink
  4. 4. AntelinkOpen SourceManagement
  5. 5. Antelink team of 7
  6. 6. “The world’s largest knowledge base” 1M+ projects 500M+ files 1K+ new projectsAntepedia every day 44Tb+ data files
  7. 7. Why open source? thousands of enterprise-readyopen source projects
  8. 8. Why open source? thousands of enterprise-readyopen source projects
  9. 9. Why open source? thousands of enterprise-readyopen source projects
  10. 10. Why open source? thousands of enterprise-readyopen source projects 80% of companies reuse open source software
  11. 11. Why caringabout license issues?
  12. 12. Why caring about license issues?Why is it hard to handle licenses?
  13. 13. 1 Respect the author’s wishes I want it to be GPL… or LGPL… or BSD
  14. 14. 2 License data may not be reliable Open Source Product http://ossproduct.com Google Open Source Product LGPL License AgreementProduct Product Open Source Product shipped with the EPL license GPL V2
  15. 15. Licenses change over time
  16. 16. Licenses change over time
  17. 17. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  18. 18. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  19. 19. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  20. 20. License data may behttp://jwebmail.sourceforge.net/news.html inconsistent http://jwebmail.sourceforge.net/about.htmlhttp://sourceforge.net/projects/jwebmail/
  21. 21. 3 Non compliance = Serious implications Material loss IP violation LawsuitsDevaluation Injunctions
  22. 22. The BusyBox case
  23. 23. BusyBox included in the firmware GPLv2Firmware BusyBox
  24. 24. Westinghouse includesBusyBox into its HDTV firmware HDTV
  25. 25. BusyBox fills a lawsuit against Westinghouse v/s December 14th 2009
  26. 26. Settlement: Westinghouse assessed damages,lost revenue,and lost inventory August 3rd 2010 - Settlement: Westinghouse assessed $150.000 in damages , lost revenue, and millions of dollars of inventory lost (all HDTV were donated to charity)
  27. 27. How tohandle this (issue)?
  28. 28. Three approaches Tool based proactive Tool based reactiveManual
  29. 29. ManualApproach
  30. 30. Keep track of components Product
  31. 31. Keep track of components Product
  32. 32. Maintain a list of licenses... check it manuallyProduct
  33. 33. Maintain a list of licenses... check it manuallyProduct Components Checklist
  34. 34. The Problem:too time consuming Work Tracking licenses
  35. 35. ToolApproach : Reactive
  36. 36. You build your software Heuristics specs Developer
  37. 37. You build your software Heuristics specs Product Developer Software factory Final product
  38. 38. Someone audits your softwareProduct $$
  39. 39. Someoneaudits your software Product component A …………… GPL component B…………….BSD $$
  40. 40. License issue = re-develop $$ Heuristics specs Product Developer Software factory Final product
  41. 41. License issue = re-develop $$ component A …………… GPL component B…………….BSD Product Heuristics specs Product Developer Software factory Final product
  42. 42. The problem:you already built the software...
  43. 43. ToolApproach :Proactive
  44. 44. You build your software Heuristics specs ProductDeveloper Software factory Final product
  45. 45. Iteratively detect license data Heuristics specs Developer
  46. 46. Iteratively detect license data Heuristics specs DeveloperOpen Source report
  47. 47. Iteratively detect license data Heuristics specs Developer Software factoryOpen Source report
  48. 48. Iteratively detect license data Heuristics specs Developer Software factoryOpen Source report Open Source report
  49. 49. Iteratively detect license data Heuristics specs Product Developer Software factory Final productOpen Source report Open Source report
  50. 50. Iteratively detect license data Heuristics specs Product Developer Software factory Final productOpen Source report Open Source report Open Source report
  51. 51. For example.... in your Git repoHeuristics specsDeveloper
  52. 52. For example.... in your Git repoHeuristics specsDeveloper
  53. 53. For example.... in your Git repoHeuristics specsDeveloper
  54. 54. For example.... in your Git repoHeuristics specsDeveloper Open Source report
  55. 55. For example.... on your IDE Filename License Version Project antlr-3.jar BSD 3.0 Antlr commons-logging.jar Apache License 2.0 1.3 Commons Logging TestCase.java CPL 1.0 - Junit new_wizard_back.gif CPL 1.0 - EPIC
  56. 56. This empowers everyone tocomply with licenses
  57. 57. It’s like bug detection... early is better license orvulnerability issue Remediation cost of acost $ Deploy Deliver Code Test & Build Package Lifecycle phase Heuristics specs Product Developer Software factory Final product Production environment
  58. 58. Prevention instead ofcorrection
  59. 59. Tools Antepedia Heuristics specsGoogleCodeDebianCodePlex 55%Maven Central 4%Eclipse 5%Apache Arch ProductOtherJBossSourceForge 31%
  60. 60. ?

×