Components license

1,620 views
1,573 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,620
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Components license

  1. 1. On the provenance of Free and Open Source Software and the legal implications of its reuse based on A Method for Open Source License Compliance of Java Applications, IEEE Software May-June 2012 (vol. 29 no. 3) Daniel M German Professor Department of Computer Science University of Victoria
  2. 2. IP is an engineering problem too ● Sure, Intellectual Property is the realm of lawyers ● But software engineers have to fix it.
  3. 3. Open Source ● Open Source – software licensed under an open source license ● Open source LicenseOpen source License – allows the creation of derivative works – and their redistribution As long as some conditions are satisfied
  4. 4. Reuse and Open Source ● FOSS materialized Component-Off-The-Shelf software engineering – Huge pool of components ready to be used – Free but with a price: ● Comply with the license
  5. 5. FOSS is everywhere today ● Used by both organizations and individuals – Part of many commercial products ● OS X, Android, many embedded devices ● Created by many commercial companies – Apple, Google, HP, Ebay, Amazon, Samsung, IBM, TI, Oracle, etc.
  6. 6. “The way software is built is changing” —Scott Patterson Previous Senior Legal Counsel, HP
  7. 7. Software architectures are complex ● Frameworks ● Libraries ● Plug-ins ● Operating systems ● Scripts ● Toolkits Each comes with its own license
  8. 8. Not so simple
  9. 9. Reuse is Easy ● Re-using FOSS is very easy – Black box: ● reuse as a component – White box: ● Clone: copy entire product own's code base ● Cut-and-paste: copy snippets
  10. 10. But Risky ● Most developers don't have training in licensing ● Many think they do but don't ● Most organizations lack policies regarding use of FOSS * Sojer and Henkel 2010
  11. 11. Open Source License Compliance ● It is in need of tool support – Mostly provided by (expensive) organizations ● Blackduck, Palamida, OpenLogic ● Treat everything as Trade Secret ● License Compliance can't trust anybody ● Developers/Suppliers: – Don't know, forget, ignore, lie ...
  12. 12. The big questions ● Who are you and where did you come from? – Provenance discovery ● What role do you play? – Architectural discovery ● Does your mother know you are here? – License discovery
  13. 13. Provenance is Complicated ● Was this source file: – Locally developed? – Copied? ● If copied: – What is the source? ● Can we trust the source?
  14. 14. Software Bertillonage ● Measure certain properties of a software system – Use these properties to create classifications and reduce search space ● Joa: – Bertillonage for Java – Based on Class and Method signatures – Capable of matching binaries and source – Open Source (GPLv2+) – http://github.com/dmgerman/joa
  15. 15. Joa helps determine what is in binary
  16. 16. The general problem is harder ffmpeg libavfilter
  17. 17. License Identification ● Once you know the original code – What is its license? – Ninka ● Identify license from source code ● Open source (AGPLv3+) ● http://github.com/dmgerman/ninka
  18. 18. Ninka ● Design goals: – To sacrifice recall for the sake of accuracy ● Rather be safe then wrong ● Support “I don't know” – To be faster than fossology – To support the most common licenses, yet be extensible – To have a very simple “pipe” architecture ● Collection of small tools ● The output of one feeds into the other
  19. 19. Component level composition ● Requires architectural analysis ● How are components connected? – Type of connection? ● Linking? Dynamic? Static? ● Fork/System exec? ● Web service? ● RPC?
  20. 20. Putting all Pieces Together
  21. 21. Conclusions ● FOSS reuse is here to stay ● Organizations should be careful on how they reuse FOSS – FOSS License Compliance ● Software is needed to help ● We have implemented a method to help in license compliance of Java Applications – Joa: provenance – Ninka: licensing

×