Your SlideShare is downloading. ×
0
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec

485

Published on

First this talk explores the various options regarding FOSS detection, how this process can be integrated in the "software factory", and how the results can be displayed in a usable and efficient way, …

First this talk explores the various options regarding FOSS detection, how this process can be integrated in the "software factory", and how the results can be displayed in a usable and efficient way, using different tools freely available to the open source communities like FOSSology and Antepedia Tools Suite. Secondly, we will give some example of license data that can be collected from many open source projects and show how it can be useful for communities to adopt standard like SPDX (Software Package Data Exchange), which will be presented briefly.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
485
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Tools for developers to ensure legal integrity of their codeFreddy Munoz, PhD freddy.munoz@antelink.comProduct Manager, Antelink. @drfmunozBruno CornecOpen Source & Linux Profession Bruno.Cornec@hp.comLead EMEA, HPIntelCo.
  • 2. The context
  • 3. The problemare you sure that you In your productknow everything…? ??? compile test analysis integration test package Product Build Engineer Final product ??? In your BoM license? version? project? are you sure that you are license compliant? 3
  • 4. Available compliance tools (non-exhaustive list) Antepedia Antepedia Antepedia Notifier Notifier Reporter Source code Binary packageSource http://www.linuxfoundation.org/programs/legal/compliance/tools 4
  • 5. Antepedia Tool Suite 5
  • 6. Antepedia Tool Suit Antepedia 940 000 projects Knowledge 210 000 000 files Base Public APIAntepedia* Antepedia*Notifier Reporter Antepedia** Search ** free public access 6 * free for non-profit projects and organizations
  • 7. Antepedia SearchSingle file Cloud service Web-browser report Original project License information Release date and location 7
  • 8. Antepedia Reportermy.antepedia.com Antepedia — the world’s Largest Knowledge Base of open source projects 1. HTML file Export Antepedia Reporter 2. CSV File Analysis Automated On-demand Detection of Open Source Components 8
  • 9. 9
  • 10. Antepedia Notifier Antepedia, the world’smy.antepedia.com largest database of open source projects Continuous detection 1. By MAIL Notification 2. Through Antepedia Notifier Atlassian JIRA Automated Continuos Detection of Open Source Components 10
  • 11. FOSSology - GoalFOSS-ology : The study of FOSSThe goal of the FOSSology project is createtools and a framework to reduce fear,uncertainty, and doubt in the use,development, and distribution of open sourcesoftware.FOSSology is a static analysis framework tolearn what we can by scanning FOSS itself.Analyze the code, save the results in adatabase, report results through a Web (orscripted) interface.
  • 12. A Simple FOSSology Process Flowo Scan every single file in a package (or distro, or …)o Fuzzy match against a library of > 400 known licenses.o Examine the non-matching portions looking for text that could be an unknown license.o Nomos, the now GPLed license analysis tool, is the result of 10+ years of scanning @HP
  • 13. File upload screenshot
  • 14. Queue management screenshot
  • 15. License analysis screenshot
  • 16. Meta data analysis screenshot
  • 17. Bucket browser screenshot
  • 18. Architecture
  • 19. Web ResourcesFOSSOlogy main sitehttp://www.fossology.org Mailing Lists, contacts http://fossology.org/contact_us Plume details http://www.projet-plume.org/fiche/fossology Project-Builder http://trac.project-builder.org Open Source at HP http://opensource.hp.com ProLiant & Linux http://www.hp.com/go/proliantlinux “The evolution of FLOSSFOSSology users: HP, ALU, Siemens, and the Internet are INRIA, OW2 tightly coupled”
  • 20. SPDX: Handling Heterogeneous Licenses 20
  • 21. 21
  • 22. Inconsistent License Information (1/2)http://sourceforge.net/projects/jwebmail/ http://jwebmail.sourceforge.net/about.html http://jwebmail.sourceforge.net/news.html 22
  • 23. InconsistentSource http://sourceforge.net/projects/winpenpack/ License Information (2/2) Source http://www.winpenpack.com/en/page.php?5 23
  • 24. 24
  • 25. SPDX: StandardizationSPDX™ - A standard format forcommunicating the components,licenses and copyrightsassociated with a softwarepackage. 25
  • 26. 26
  • 27. ??? 27

×