SlideShare a Scribd company logo

SFScon21 - Henrik Sandklef - Checking license compatibility with flict

South Tyrol Free Software Conference
South Tyrol Free Software Conference

flict (FOSS License Compatibility Tool) can check if the license of your software, and its dependencies, are compatible and if they are in line with your license policy. This presentation will show you how to get started with flict, check a project for license compatibility, apply a license policy, how to get a graph of the compatibility between licenses in your project and finally show how a package, and its dependencies, as built with Yocto can be checked for compatibility.

Technology
1 of 51
Download to read offline
Flict FOSS License Compatibility Tool
I am not a lawyer
I am a developer
... doing compliance and FOSS related things for work and privately
Let’s go
FOSS Licenses ● Attribute copyright holders (most) ● Display license/text (most) ● Disclose source code (some)
FOSS Licenses ● Accumulative MIT AND GPL-2.0-only ● Dual MIT OR GPL-2.0-only
FOSS Licenses - Compliance ● Attribute copyright holders ● Display license/text ● Disclose source code ● Verify license compatibility
FOSS Licenses - Compatibility The terms of all of the licenses in a combined work must be compatible
License compatibility Coding it
License compatibility - terms Sounded easy
License compatibility - terms Was easy
License compatibility - terms Was easy … at first
License compatibility - graphs 1
License compatibility - graphs MPL-2.0 Apache-2.0 GPL-2.0-or-later LGPL-2.1-or-later MIT BSD Python-2.0 MPL-1.1 Libpng X11 EPL-2.0 Image generated using flict and graphviz
License compatibility - matrix
Introducing flict ● flict checks compatibility between two licenses (at a time) ● Handles dependencies / “linked” software – checks compatibility for all licenses in the combined work
Introducing flict $ flict -h usage: flict [-h] [-gf LICENSE_GROUP_FILE] [-mf MATRIX_FILE] [-rf RELICENSE_FILE] [-sf SCANCODE_FILE] [-tf TRANSLATIONS_FILE] [-es] [-el] [-nr] [-o OUTPUT] [-of OUTPUT_FORMAT] [-v] [-cc LICENSES [LICENSES ...]] [-ol OUTBOUND_LICENSES] [-V] [-dl] {verify,simplify,list,display-compatibility,outbound-candidate, policy-report}
Introducing flict ● Commands: – verify – simplify – list – display-compatibility – outbound-candidate (suggestions only) – policy-report ● Relicense (GPL-2.0-or-later) ● Alias/translations (GPLv2+ → GPL-2.0-or-later)
Introducing flict – output format $ jq . ~/.flict.cfg { "output-format": "text" } ● JSON ● text (partially) ● markdown (partially) ● dot (only for display-compatibility)
Introducing flict - simplify Simplify BSD-3-Clause or MIT or MIT and MIT
Introducing flict - simplify $ flict simplify BSD-3-Clause or MIT or MIT and MIT BSD-3-Clause OR MIT
Introducing flict Display compatibility Apache-2.0 GPL-3.0-only MIT
Introducing flict - compatibility $ flict -of markdown display-compatibility Apache-2.0 GPL-3.0-only MIT # License compatibilities # Licenses * GPL-3.0-only * MIT * Apache-2.0 # Compatibilities GPL-3.0-only |-----> MIT GPL-3.0-only |-----> Apache-2.0 MIT <-------| GPL-3.0-only MIT <-------> Apache-2.0 Apache-2.0 <-------| GPL-3.0-only Apache-2.0 <-------> MIT … or perhaps more visually
Introducing flict - compatibility $ flict -of dot display-compatibility Apache-2.0 GPL-3.0-only MIT MPL-2.0 BSD | dot -Tpng -o compats.png
Introducing flict - outbound Outbound candidates GPL-2.0-or-later AND MIT
Introducing flict - outbound $ flict outbound-candidate GPL-2.0-or-later AND MIT GPL-2.0-or-later, GPL-3.0-or-later # no relicensing: -nr $ flict -nr outbound-candidate GPL-2.0-or-later AND MIT GPL-2.0-or-later
Introducing flict Verify compatibility Apache-2.0 AND GPL-3.0-only AND MIT
Introducing flict - verify $ flict verify -le Apache-2.0 AND GPL-3.0-only AND MIT The licenses in the expression "Apache-2.0 AND GPL-3.0-only AND MIT" are compatible. Outbound license candidates: GPL-3.0-only NOTE: the suggested outbound candidate licenses need to be manually reviewed.
Introducing flict - verify $ flict verify -le Apache-2.0 AND GPL-2.0-only The licenses in the expression "Apache-2.0 AND GPL-2.0-only" are not compatible. No outbound license candidate could be identified due to license incompatibility.
Diving deeper in to flict Verifying projects fontconfig
flict - projects Image generated from a Yocto build using https://github.com/vinland-technology/compliance-utils
flict - projects JSON fontconfig.json
flict - projects $ flict -of json verify -pf fontconfig.json {"meta": {"os": "Linux", "osRelease": "5.12.9-300.fc34.x86_64", "osVersion": "#1 SMP Thu Jun 3 13:51:40 UTC 2021", "machine": "x86_64", "host": "schoenberg", "user": "hesa", "start": "2021-11-06 12:10:33.583356"}, "projec "fontconfig_libfontconfig.so.1.12.0-tree-flict.json", "project_definition": {"name": "libfontconfig.so.1.12.0", "package": "fontconfig", "subPackage": "fontconfig", "license": " MIT & MIT", "version": "2.13.1", "dependencies": [{"name "component": "libfreetype.so.6", "version": "2.10.2", "license": " FreeType | GPLv2+", "valid": true, "dependencies": [{"name": "libpng", "component": "libpng16.so.16", "version": "1.6.37", "license": " Libpng", "valid": true, "depen [{"name": "zlib", "component": "libz.so.1", "version": "1.2.11", "license": " Zlib", "valid": true, "dependencies": []}]}, {"name": "zlib", "component": "libz.so.1", "version": "1.2.11", "license": " Zlib", "valid": true, "dependencies": []}]}, "expat", "component": "libexpat.so.1", "version": "2.2.9", "license": " MIT", "valid": true, "dependencies": []}, {"name": "util-linux", "component": "libuuid.so.1", "version": "2.35.2", "license": " BSD-3-Clause", "valid": true, "depend "project_pile": [{"name": "libfontconfig.so.1.12.0", "license": " MIT & MIT", "version": "2.13.1", "dependencies": [], "expanded_license": {"expanded": "MIT", "grouped": "MIT", "simplified": "MIT", "set_list": [["MIT"]]}}, {"name": "fre "license": " FreeType | GPLv2+", "version": "2.10.2", "dependencies": [], "expanded_license": {"expanded": "FTL OR ( GPL-3.0-only OR GPL-2.0-only )", "grouped": "FTL OR ( GPL-3.0-only OR GPL-2.0-only )", "simplified": " 2.0-or-later", "set_list": [["FTL"], ["GPL-3.0-only"], ["GPL-2.0-only"]]}}, {"name": "libpng", "license": " Libpng", "version": "1.6.37", "dependencies": [], "expanded_license": {"expanded": "Libpng", "grouped": "Libpng", "simplified": "set_list": [["Libpng"]]}}, {"name": "zlib", "license": " Zlib", "version": "1.2.11", "dependencies": [], "expanded_license": {"expanded": "Zlib", "grouped": "Zlib", "simplified": "Zlib", "set_list": [["Zlib"]]}}, {"name": "zlib", "license": " Zlib "1.2.11", "dependencies": [], "expanded_license": {"expanded": "Zlib", "grouped": "Zlib", "simplified": "Zlib", "set_list": [["Zlib"]]}}, {"name": "expat", "license": " MIT", "version": "2.2.9", "dependencies": [], "expanded_license": {"e "grouped": "MIT", "simplified": "MIT", "set_list": [["MIT"]]}}, {"name": "util-linux", "license": " BSD-3-Clause", "version": "2.35.2", "dependencies": [], "expanded_license": {"expanded": "BSD-3-Clause", "grouped": "BSD-3-Clause "BSD-3-Clause", "set_list": [["BSD-3-Clause"]]}}]}, "compatibility_report": {"license": " MIT & MIT", "license_pile": ["GPL-3.0-only", "Zlib", "FTL", "BSD-3-Clause", "MIT", "GPL-2.0-only", "Libpng"], "compatibilities": {"license_com [{"outbound": "GPL-3.0-only", "combinations": [{"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["FTL"], "version": "2.10.2"}, {"name": "libpng", "license": [" "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Cla "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-3.0-only"], "version": "2.10.2"}, {"na "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", " 3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-2.0-only"], "ve {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"n "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}], "compatibility_status": true}, {"outbound": "Zlib", "combinations": [{"combination": [{"name": "libfontconfig.so.1.12.0", "licens "version": "2.13.1"}, {"name": "freetype", "license": ["FTL"], "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"] "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfi "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-3.0-only"], "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"nam "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combina "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-2.0-only"], "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility "compatibility_status": true}, {"outbound": "FTL", "combinations": [{"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["FTL"], "version": "2.10.2"}, {"name": "l ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": [ Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-3.0-only"], "vers {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"n "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["G "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "v {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}], "compatibility_status": true}, {"outbound": "BSD-3-Clause", "combinations": [{"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["FTL"], "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version" {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status":
flict - projects $ flict verify -pf fontconfig.json | jq -r .licensing { "outbound_candidates": [ "BSD-3-Clause", "FTL", "GPL-2.0-only", "GPL-3.0-only", "Libpng", "MIT", "Zlib" ] }
… a bit deeper Applying policy ● allow ● avoid ● deny
flict - policy # example policy - flict-policy.json { "policy": { "avoidlist": [ "Libpng" ], "denylist": [ "FTL", "GPL-3.0-or-later" ] } }
flict - projects JSON fontconfig.json JSON fontconfig-report.json flict verify JSON flict-policy.json JSON flict policy-report
flict - policy # verify, store report $ flict -o fontconfig-report.json verify -pf fontconfig.json # apply policy (to the report) $ flict policy-report -crf fontconfig-report.json -lpf flict-policy.json
flict - policy $ flict policy-report -crf fontconfig-report.json -lpf flict-policy.json | jq .policy_outbounds { "allowed": [ "Zlib", "BSD-3-Clause", "MIT", "GPL-2.0-only", "GPL-3.0-only" ], "avoid": [ "Libpng" ] "denied": [ "FTL" ], "policy_result": 0 } 0 – compatible, with allowed licenses Suggested outbound licenses, allowed by policy 0 – compatible, with allowed licenses Suggested outbound licenses, avoided by policy Suggested outbound licenses, denied by policy
flict – bigger projects ● Epiphany – Plain Yocto + Epiphany – Build and analyse epiphany to identify dependencies
flict – bigger projects Dependency tree has 1145 OR (|) statements ● 2^1145 combinations ● 47790880853786773025025307593129474069637354487063124257965154352281 01390319684243889598745168591546274675352099492894261285860027737199 26955731381954770513172378695089692359789920181226687143746969162594 85803064131342014120963827022693853247109392847578001538964659274706 87703399660312352581695982025565426761424466315198692552978000735706 80832 combinations
flict – bigger projects ● Dependency tree has 1145 OR (|) statements – 2^1145 combinations – 47790880853786773025025307593129474069637354487063124257965154352281 01390319684243889598745168591546274675352099492894261285860027737199 26955731381954770513172378695089692359789920181226687143746969162594 85803064131342014120963827022693853247109392847578001538964659274706 87703399660312352581695982025565426761424466315198692552978000735706 80832 combinations ● Flatten the dependency tree ● 75 deps 9 combinations
flict Yocto build ● identify packages ● for each package – identify dependencies – (c) – License – create flict project files – check compatibility “Can we use this and that software?”
flict – SBoM (SPDX) Verify SBoM (SPDX 2.2, JSON) with dependencies (relationships) Not straight out of the box, but with spdx-validator
flict – SBoM (SPDX) $ spdx-validator -r freetype-2.9.spdx.json -pp -f flict -pn libfreetype > freetype- flict.json $ flict verify -pf freetype-flict.json | jq -r .licensing { "outbound_candidates": [ "FTL", "GPL-2.0-only", "GPL-3.0-only", "Libpng", "Zlib" ] }
flict – in the making ● One more attempt at codifying the terms – possibly starting with OSADL’s work ● Looking at defining classifications (groups) and using Scancode’s license database – e.g. “Permissive” $ flict -of text -es list | grep Permissive | wc -l 731 ● Possible integration with other tools :) ● Verify RPM rpm2flict.sh cairo | jq …. GPL-2.0-or-later GPL-3.0-or-later
Problems with licenses ● a project license is not always correct on the homepage or in the LICENSE file - you need to check for yourself ● a project can consist of many packages (e.g Cairo has libcairo2, libcairo-gobject2 ...) not always under the same license ● dependencies not always easy to find - may need to be identified during build
Attributions (c) 2021 Jens Reuterberg https://github.com/hesa/flict-graphics/blob/master/flict-logo.svg GPL-3.0-or-later Edvard Munch - WebMuseum at ibiblioPage: http://www.ibiblio.org/wm/paint/auth/munch/Image URL: http://www.ibiblio.org/wm/paint/auth/munch/munch.scream.jpg, Public Domain, https://commons.wikimedia.org/w/index.php?curid=37610298 1 Copyright © 2007, 2008, 2010, 2013, 2014 Free Software Foundation, Inc. https://www.gnu.org/licenses/quick-guide-gplv3.html Creative Commons Attribution-NoDerivs 3.0 United States License. Copyright David A. Wheeler https://dwheeler.com/essays/floss-license-slide.html Creative Commons “Attribution-Share Alike 3.0 License”; the GNU Free Documentation License; or the GNU GPL (version 2 or later) (c) Henrik Sandklef https://www.flickr.com/photos/63114905@N06/50530717602/ Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0)
download / contribute ● https://github.com/vinland-technology/flict ● contributions welcome (via Pull requests)

Recommended

SFScon21 - Max Mehl - REUSE - Gold standard for Free Software licensing
SFScon21 - Max Mehl - REUSE - Gold standard for Free Software licensingSFScon21 - Max Mehl - REUSE - Gold standard for Free Software licensing
SFScon21 - Max Mehl - REUSE - Gold standard for Free Software licensingSouth Tyrol Free Software Conference
 
SFScon19 - Carmen Bianca Bakker - REUSE standardising copyright and licensing...
SFScon19 - Carmen Bianca Bakker - REUSE standardising copyright and licensing...SFScon19 - Carmen Bianca Bakker - REUSE standardising copyright and licensing...
SFScon19 - Carmen Bianca Bakker - REUSE standardising copyright and licensing...South Tyrol Free Software Conference
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSNuno Brito
 
Evolution of Technical Lag in DockerHub images - Benevol20
Evolution of Technical Lag in DockerHub images - Benevol20Evolution of Technical Lag in DockerHub images - Benevol20
Evolution of Technical Lag in DockerHub images - Benevol20Ahmed Zerouali
 
Open source technology
Open source technologyOpen source technology
Open source technologyaparnaz1
 
Progressive f# tutorials nyc don syme on keynote f# in the open source world
Progressive f# tutorials nyc don syme on keynote f# in the open source worldProgressive f# tutorials nyc don syme on keynote f# in the open source world
Progressive f# tutorials nyc don syme on keynote f# in the open source worldSkills Matter
 
Open Source Licenses
Open Source LicensesOpen Source Licenses
Open Source LicensesBananaIP Counsels
 
Gnu study guide linux admin 1 (lab work lpi 102) v 0.2
Gnu study guide linux admin 1 (lab work lpi 102) v 0.2 Gnu study guide linux admin 1 (lab work lpi 102) v 0.2
Gnu study guide linux admin 1 (lab work lpi 102) v 0.2Acácio Oliveira
 

Recommended

SFScon21 - Max Mehl - REUSE - Gold standard for Free Software licensing
SFScon21 - Max Mehl - REUSE - Gold standard for Free Software licensingSFScon21 - Max Mehl - REUSE - Gold standard for Free Software licensing
SFScon21 - Max Mehl - REUSE - Gold standard for Free Software licensingSouth Tyrol Free Software Conference
 
SFScon19 - Carmen Bianca Bakker - REUSE standardising copyright and licensing...
SFScon19 - Carmen Bianca Bakker - REUSE standardising copyright and licensing...SFScon19 - Carmen Bianca Bakker - REUSE standardising copyright and licensing...
SFScon19 - Carmen Bianca Bakker - REUSE standardising copyright and licensing...South Tyrol Free Software Conference
 
Ubucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSUbucon 2013, licensing and packaging OSS
Ubucon 2013, licensing and packaging OSSNuno Brito
 
Evolution of Technical Lag in DockerHub images - Benevol20
Evolution of Technical Lag in DockerHub images - Benevol20Evolution of Technical Lag in DockerHub images - Benevol20
Evolution of Technical Lag in DockerHub images - Benevol20Ahmed Zerouali
 
Open source technology
Open source technologyOpen source technology
Open source technologyaparnaz1
 
Progressive f# tutorials nyc don syme on keynote f# in the open source world
Progressive f# tutorials nyc don syme on keynote f# in the open source worldProgressive f# tutorials nyc don syme on keynote f# in the open source world
Progressive f# tutorials nyc don syme on keynote f# in the open source worldSkills Matter
 
Open Source Licenses
Open Source LicensesOpen Source Licenses
Open Source LicensesBananaIP Counsels
 
Gnu study guide linux admin 1 (lab work lpi 102) v 0.2
Gnu study guide linux admin 1 (lab work lpi 102) v 0.2 Gnu study guide linux admin 1 (lab work lpi 102) v 0.2
Gnu study guide linux admin 1 (lab work lpi 102) v 0.2Acácio Oliveira
 
Open Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common PitfallsOpen Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common PitfallsAnsel Halliburton
 
Best C Programming Training & Coaching in Ambala
Best C Programming Training & Coaching in AmbalaBest C Programming Training & Coaching in Ambala
Best C Programming Training & Coaching in Ambalajatin batra
 
Don't Screw Up Your Licensing
Don't Screw Up Your LicensingDon't Screw Up Your Licensing
Don't Screw Up Your LicensingAnsel Halliburton
 
Jayse farrell resume
Jayse farrell resumeJayse farrell resume
Jayse farrell resumeJayse Farrell
 
Top Open Source Licenses Explained
Top Open Source Licenses ExplainedTop Open Source Licenses Explained
Top Open Source Licenses ExplainedWhiteSource
 
FFMPEG and LibAV
FFMPEG and LibAVFFMPEG and LibAV
FFMPEG and LibAVDani Gutiérrez Porset
 
How to become a free software hacker
How to become a free software hackerHow to become a free software hacker
How to become a free software hackerElmer Brown
 
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing OverviewAlexander Graebe
 
Open Source Licences
Open Source LicencesOpen Source Licences
Open Source LicencesVaruna Harshana
 
Using Qt under LGPLv3
Using Qt under LGPLv3Using Qt under LGPLv3
Using Qt under LGPLv3Burkhard Stubert
 
ICSE10a.ppt
ICSE10a.pptICSE10a.ppt
ICSE10a.pptPtidej Team
 
Icse10a.ppt
Icse10a.pptIcse10a.ppt
Icse10a.pptYann-Gaël Guéhéneuc
 
ePractice workshop on Open Source Software, 7 April 2011 - Philippe Laurent
ePractice workshop on Open Source Software, 7 April 2011 - Philippe LaurentePractice workshop on Open Source Software, 7 April 2011 - Philippe Laurent
ePractice workshop on Open Source Software, 7 April 2011 - Philippe LaurentePractice.eu
 
Readme
ReadmeReadme
ReadmeDavid Sting
 
Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Burkhard Stubert
 
Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Burkhard Stubert
 
Improvements in meta spdxscanner through FOSSology - Ueba San
Improvements in meta spdxscanner through FOSSology - Ueba SanImprovements in meta spdxscanner through FOSSology - Ueba San
Improvements in meta spdxscanner through FOSSology - Ueba SanShane Coughlan
 
Msr09.ppt
Msr09.pptMsr09.ppt
Msr09.pptYann-Gaël Guéhéneuc
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckRundeck
 
7 Tips on Getting Your Theme Approved the First Time
7 Tips on Getting Your Theme Approved the First Time7 Tips on Getting Your Theme Approved the First Time
7 Tips on Getting Your Theme Approved the First TimeDmitry Mayorov
 
GNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and DifferencesGNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and DifferencesIresha Rubasinghe
 
Mdb dn 2016_09_34_features
Mdb dn 2016_09_34_featuresMdb dn 2016_09_34_features
Mdb dn 2016_09_34_featuresDaniel M. Farrell
 

More Related Content

What's hot

Open Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common PitfallsOpen Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common PitfallsAnsel Halliburton
 
Best C Programming Training & Coaching in Ambala
Best C Programming Training & Coaching in AmbalaBest C Programming Training & Coaching in Ambala
Best C Programming Training & Coaching in Ambalajatin batra
 
Don't Screw Up Your Licensing
Don't Screw Up Your LicensingDon't Screw Up Your Licensing
Don't Screw Up Your LicensingAnsel Halliburton
 
Jayse farrell resume
Jayse farrell resumeJayse farrell resume
Jayse farrell resumeJayse Farrell
 
Top Open Source Licenses Explained
Top Open Source Licenses ExplainedTop Open Source Licenses Explained
Top Open Source Licenses ExplainedWhiteSource
 
How to become a free software hacker
How to become a free software hackerHow to become a free software hacker
How to become a free software hackerElmer Brown
 
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing OverviewAlexander Graebe
 

What's hot (9)

Open Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common PitfallsOpen Source Software - Avoiding Common Pitfalls
Open Source Software - Avoiding Common Pitfalls
 
Best C Programming Training & Coaching in Ambala
Best C Programming Training & Coaching in AmbalaBest C Programming Training & Coaching in Ambala
Best C Programming Training & Coaching in Ambala
 
Don't Screw Up Your Licensing
Don't Screw Up Your LicensingDon't Screw Up Your Licensing
Don't Screw Up Your Licensing
 
Jayse farrell resume
Jayse farrell resumeJayse farrell resume
Jayse farrell resume
 
Top Open Source Licenses Explained
Top Open Source Licenses ExplainedTop Open Source Licenses Explained
Top Open Source Licenses Explained
 
FFMPEG and LibAV
FFMPEG and LibAVFFMPEG and LibAV
FFMPEG and LibAV
 
How to become a free software hacker
How to become a free software hackerHow to become a free software hacker
How to become a free software hacker
 
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview
01-15 Bay Area OSS Meetup: Free and Open Source Software Licensing Overview
 
Open Source Licences
Open Source LicencesOpen Source Licences
Open Source Licences
 

Similar to SFScon21 - Henrik Sandklef - Checking license compatibility with flict

ePractice workshop on Open Source Software, 7 April 2011 - Philippe Laurent
ePractice workshop on Open Source Software, 7 April 2011 - Philippe LaurentePractice workshop on Open Source Software, 7 April 2011 - Philippe Laurent
ePractice workshop on Open Source Software, 7 April 2011 - Philippe LaurentePractice.eu
 
Improvements in meta spdxscanner through FOSSology - Ueba San
Improvements in meta spdxscanner through FOSSology - Ueba SanImprovements in meta spdxscanner through FOSSology - Ueba San
Improvements in meta spdxscanner through FOSSology - Ueba SanShane Coughlan
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckRundeck
 
7 Tips on Getting Your Theme Approved the First Time
7 Tips on Getting Your Theme Approved the First Time7 Tips on Getting Your Theme Approved the First Time
7 Tips on Getting Your Theme Approved the First TimeDmitry Mayorov
 
GNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and DifferencesGNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and DifferencesIresha Rubasinghe
 
Embedding Qt
Embedding QtEmbedding Qt
Embedding QtFSCONS
 
Python Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One BugPython Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One Bugdelimitry
 
Licenze Open Source, API, interoperabilità, motori di una nuova web economy
Licenze Open Source, API, interoperabilità, motori di una nuova web economyLicenze Open Source, API, interoperabilità, motori di una nuova web economy
Licenze Open Source, API, interoperabilità, motori di una nuova web economyLuca Bonesini
 
Compose Camp S1.pptx
Compose Camp S1.pptxCompose Camp S1.pptx
Compose Camp S1.pptxGDSCSIT
 
An Overview of the IHK/McKernel Multi-kernel Operating System
An Overview of the IHK/McKernel Multi-kernel Operating SystemAn Overview of the IHK/McKernel Multi-kernel Operating System
An Overview of the IHK/McKernel Multi-kernel Operating SystemLinaro
 

Similar to SFScon21 - Henrik Sandklef - Checking license compatibility with flict (20)

Using Qt under LGPLv3
Using Qt under LGPLv3Using Qt under LGPLv3
Using Qt under LGPLv3
 
ICSE10a.ppt
ICSE10a.pptICSE10a.ppt
ICSE10a.ppt
 
Icse10a.ppt
Icse10a.pptIcse10a.ppt
Icse10a.ppt
 
ePractice workshop on Open Source Software, 7 April 2011 - Philippe Laurent
ePractice workshop on Open Source Software, 7 April 2011 - Philippe LaurentePractice workshop on Open Source Software, 7 April 2011 - Philippe Laurent
ePractice workshop on Open Source Software, 7 April 2011 - Philippe Laurent
 
Readme
ReadmeReadme
Readme
 
Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0
 
Using Qt under LGPL-3.0
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0
 
Improvements in meta spdxscanner through FOSSology - Ueba San
Improvements in meta spdxscanner through FOSSology - Ueba SanImprovements in meta spdxscanner through FOSSology - Ueba San
Improvements in meta spdxscanner through FOSSology - Ueba San
 
Msr09.ppt
Msr09.pptMsr09.ppt
Msr09.ppt
 
How to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in RundeckHow to Build a Custom Plugin in Rundeck
How to Build a Custom Plugin in Rundeck
 
7 Tips on Getting Your Theme Approved the First Time
7 Tips on Getting Your Theme Approved the First Time7 Tips on Getting Your Theme Approved the First Time
7 Tips on Getting Your Theme Approved the First Time
 
GNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and DifferencesGNU GPL, LGPL, Apache licence Types and Differences
GNU GPL, LGPL, Apache licence Types and Differences
 
Mdb dn 2016_09_34_features
Mdb dn 2016_09_34_featuresMdb dn 2016_09_34_features
Mdb dn 2016_09_34_features
 
Embedding Qt
Embedding QtEmbedding Qt
Embedding Qt
 
Python Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One BugPython Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One Bug
 
Licenze Open Source, API, interoperabilità, motori di una nuova web economy
Licenze Open Source, API, interoperabilità, motori di una nuova web economyLicenze Open Source, API, interoperabilità, motori di una nuova web economy
Licenze Open Source, API, interoperabilità, motori di una nuova web economy
 
Compose Camp S1.pptx
Compose Camp S1.pptxCompose Camp S1.pptx
Compose Camp S1.pptx
 
An Overview of the IHK/McKernel Multi-kernel Operating System
An Overview of the IHK/McKernel Multi-kernel Operating SystemAn Overview of the IHK/McKernel Multi-kernel Operating System
An Overview of the IHK/McKernel Multi-kernel Operating System
 
Toolchain
ToolchainToolchain
Toolchain
 
Compose Camp - Session1.pdf
Compose Camp - Session1.pdfCompose Camp - Session1.pdf
Compose Camp - Session1.pdf
 

More from South Tyrol Free Software Conference

SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...South Tyrol Free Software Conference
 
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...South Tyrol Free Software Conference
 
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data HubSFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data HubSouth Tyrol Free Software Conference
 
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...South Tyrol Free Software Conference
 
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...South Tyrol Free Software Conference
 
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...South Tyrol Free Software Conference
 
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelinesSFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelinesSouth Tyrol Free Software Conference
 
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure mattersSFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure mattersSouth Tyrol Free Software Conference
 
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...South Tyrol Free Software Conference
 
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...South Tyrol Free Software Conference
 
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free softwareSFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free softwareSouth Tyrol Free Software Conference
 
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...South Tyrol Free Software Conference
 
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changerSFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changerSouth Tyrol Free Software Conference
 
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...South Tyrol Free Software Conference
 
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation InternetSFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation InternetSouth Tyrol Free Software Conference
 
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...South Tyrol Free Software Conference
 

More from South Tyrol Free Software Conference (20)

SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
SFSCON23 - Rufai Omowunmi Balogun - SMODEX – a Python package for understandi...
 
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
SFSCON23 - Roberto Innocenti - From the design to reality is here the Communi...
 
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data HubSFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
SFSCON23 - Martin Rabanser - Real-time aeroplane tracking and the Open Data Hub
 
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
SFSCON23 - Marianna d'Atri Enrico Zanardo - How can Blockchain technologies i...
 
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
SFSCON23 - Lucas Lasota - The Future of Connectivity, Open Internet and Human...
 
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
SFSCON23 - Giovanni Giannotta - Intelligent Decision Support System for trace...
 
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelinesSFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
SFSCON23 - Elena Maines - Embracing CI/CD workflows for building ETL pipelines
 
SFSCON23 - Christian Busse - Free Software and Open Science
SFSCON23 - Christian Busse - Free Software and Open ScienceSFSCON23 - Christian Busse - Free Software and Open Science
SFSCON23 - Christian Busse - Free Software and Open Science
 
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure mattersSFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
SFSCON23 - Charles H. Schulz - Why open digital infrastructure matters
 
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portalSFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
SFSCON23 - Andrea Vianello - Achieving FAIRness with EDP-portal
 
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
SFSCON23 - Thomas Aichner - How IoT and AI are revolutionizing Mass Customiza...
 
SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
SFSCON23 - Stefan Mutschlechner - Smart Werke MeranSFSCON23 - Stefan Mutschlechner - Smart Werke Meran
SFSCON23 - Stefan Mutschlechner - Smart Werke Meran
 
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
SFSCON23 - Mirko Boehm - European regulators cast their eyes on maturing OSS ...
 
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free softwareSFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
SFSCON23 - Marco Pavanelli - Monitoring the fleet of Sasa with free software
 
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
SFSCON23 - Marco Cortella - KNOWAGE and AICS for 2030 agenda SDG goals monito...
 
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changerSFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
SFSCON23 - Lina Ceballos - Interoperable Europe Act - A real game changer
 
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
SFSCON23 - Johannes Näder Linus Sehn - Let’s monitor implementation of Free S...
 
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation InternetSFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
SFSCON23 - Gabriel Ku Wei Bin - Why Do We Need A Next Generation Internet
 
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis MapsSFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
SFSCON23 - Edoardo Scepi - The Brand-New Version of IGis Maps
 
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
SFSCON23 - Davide Vernassa - Empowering Insights Unveiling the latest innova...
 

Recently uploaded

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

SFScon21 - Henrik Sandklef - Checking license compatibility with flict

  • 2. I am not a lawyer
  • 3. I am a developer
  • 4. ... doing compliance and FOSS related things for work and privately
  • 6. FOSS Licenses ● Attribute copyright holders (most) ● Display license/text (most) ● Disclose source code (some)
  • 7. FOSS Licenses ● Accumulative MIT AND GPL-2.0-only ● Dual MIT OR GPL-2.0-only
  • 8. FOSS Licenses - Compliance ● Attribute copyright holders ● Display license/text ● Disclose source code ● Verify license compatibility
  • 9. FOSS Licenses - Compatibility The terms of all of the licenses in a combined work must be compatible
  • 11. License compatibility - terms Sounded easy
  • 12. License compatibility - terms Was easy
  • 13. License compatibility - terms Was easy … at first
  • 15. License compatibility - graphs MPL-2.0 Apache-2.0 GPL-2.0-or-later LGPL-2.1-or-later MIT BSD Python-2.0 MPL-1.1 Libpng X11 EPL-2.0 Image generated using flict and graphviz
  • 17. Introducing flict ● flict checks compatibility between two licenses (at a time) ● Handles dependencies / “linked” software – checks compatibility for all licenses in the combined work
  • 18. Introducing flict $ flict -h usage: flict [-h] [-gf LICENSE_GROUP_FILE] [-mf MATRIX_FILE] [-rf RELICENSE_FILE] [-sf SCANCODE_FILE] [-tf TRANSLATIONS_FILE] [-es] [-el] [-nr] [-o OUTPUT] [-of OUTPUT_FORMAT] [-v] [-cc LICENSES [LICENSES ...]] [-ol OUTBOUND_LICENSES] [-V] [-dl] {verify,simplify,list,display-compatibility,outbound-candidate, policy-report}
  • 19. Introducing flict ● Commands: – verify – simplify – list – display-compatibility – outbound-candidate (suggestions only) – policy-report ● Relicense (GPL-2.0-or-later) ● Alias/translations (GPLv2+ → GPL-2.0-or-later)
  • 20. Introducing flict – output format $ jq . ~/.flict.cfg { "output-format": "text" } ● JSON ● text (partially) ● markdown (partially) ● dot (only for display-compatibility)
  • 21. Introducing flict - simplify Simplify BSD-3-Clause or MIT or MIT and MIT
  • 22. Introducing flict - simplify $ flict simplify BSD-3-Clause or MIT or MIT and MIT BSD-3-Clause OR MIT
  • 24. Introducing flict - compatibility $ flict -of markdown display-compatibility Apache-2.0 GPL-3.0-only MIT # License compatibilities # Licenses * GPL-3.0-only * MIT * Apache-2.0 # Compatibilities GPL-3.0-only |-----> MIT GPL-3.0-only |-----> Apache-2.0 MIT <-------| GPL-3.0-only MIT <-------> Apache-2.0 Apache-2.0 <-------| GPL-3.0-only Apache-2.0 <-------> MIT … or perhaps more visually
  • 25. Introducing flict - compatibility $ flict -of dot display-compatibility Apache-2.0 GPL-3.0-only MIT MPL-2.0 BSD | dot -Tpng -o compats.png
  • 26. Introducing flict - outbound Outbound candidates GPL-2.0-or-later AND MIT
  • 27. Introducing flict - outbound $ flict outbound-candidate GPL-2.0-or-later AND MIT GPL-2.0-or-later, GPL-3.0-or-later # no relicensing: -nr $ flict -nr outbound-candidate GPL-2.0-or-later AND MIT GPL-2.0-or-later
  • 29. Introducing flict - verify $ flict verify -le Apache-2.0 AND GPL-3.0-only AND MIT The licenses in the expression "Apache-2.0 AND GPL-3.0-only AND MIT" are compatible. Outbound license candidates: GPL-3.0-only NOTE: the suggested outbound candidate licenses need to be manually reviewed.
  • 30. Introducing flict - verify $ flict verify -le Apache-2.0 AND GPL-2.0-only The licenses in the expression "Apache-2.0 AND GPL-2.0-only" are not compatible. No outbound license candidate could be identified due to license incompatibility.
  • 31. Diving deeper in to flict Verifying projects fontconfig
  • 32. flict - projects Image generated from a Yocto build using https://github.com/vinland-technology/compliance-utils
  • 34. flict - projects $ flict -of json verify -pf fontconfig.json {"meta": {"os": "Linux", "osRelease": "5.12.9-300.fc34.x86_64", "osVersion": "#1 SMP Thu Jun 3 13:51:40 UTC 2021", "machine": "x86_64", "host": "schoenberg", "user": "hesa", "start": "2021-11-06 12:10:33.583356"}, "projec "fontconfig_libfontconfig.so.1.12.0-tree-flict.json", "project_definition": {"name": "libfontconfig.so.1.12.0", "package": "fontconfig", "subPackage": "fontconfig", "license": " MIT & MIT", "version": "2.13.1", "dependencies": [{"name "component": "libfreetype.so.6", "version": "2.10.2", "license": " FreeType | GPLv2+", "valid": true, "dependencies": [{"name": "libpng", "component": "libpng16.so.16", "version": "1.6.37", "license": " Libpng", "valid": true, "depen [{"name": "zlib", "component": "libz.so.1", "version": "1.2.11", "license": " Zlib", "valid": true, "dependencies": []}]}, {"name": "zlib", "component": "libz.so.1", "version": "1.2.11", "license": " Zlib", "valid": true, "dependencies": []}]}, "expat", "component": "libexpat.so.1", "version": "2.2.9", "license": " MIT", "valid": true, "dependencies": []}, {"name": "util-linux", "component": "libuuid.so.1", "version": "2.35.2", "license": " BSD-3-Clause", "valid": true, "depend "project_pile": [{"name": "libfontconfig.so.1.12.0", "license": " MIT & MIT", "version": "2.13.1", "dependencies": [], "expanded_license": {"expanded": "MIT", "grouped": "MIT", "simplified": "MIT", "set_list": [["MIT"]]}}, {"name": "fre "license": " FreeType | GPLv2+", "version": "2.10.2", "dependencies": [], "expanded_license": {"expanded": "FTL OR ( GPL-3.0-only OR GPL-2.0-only )", "grouped": "FTL OR ( GPL-3.0-only OR GPL-2.0-only )", "simplified": " 2.0-or-later", "set_list": [["FTL"], ["GPL-3.0-only"], ["GPL-2.0-only"]]}}, {"name": "libpng", "license": " Libpng", "version": "1.6.37", "dependencies": [], "expanded_license": {"expanded": "Libpng", "grouped": "Libpng", "simplified": "set_list": [["Libpng"]]}}, {"name": "zlib", "license": " Zlib", "version": "1.2.11", "dependencies": [], "expanded_license": {"expanded": "Zlib", "grouped": "Zlib", "simplified": "Zlib", "set_list": [["Zlib"]]}}, {"name": "zlib", "license": " Zlib "1.2.11", "dependencies": [], "expanded_license": {"expanded": "Zlib", "grouped": "Zlib", "simplified": "Zlib", "set_list": [["Zlib"]]}}, {"name": "expat", "license": " MIT", "version": "2.2.9", "dependencies": [], "expanded_license": {"e "grouped": "MIT", "simplified": "MIT", "set_list": [["MIT"]]}}, {"name": "util-linux", "license": " BSD-3-Clause", "version": "2.35.2", "dependencies": [], "expanded_license": {"expanded": "BSD-3-Clause", "grouped": "BSD-3-Clause "BSD-3-Clause", "set_list": [["BSD-3-Clause"]]}}]}, "compatibility_report": {"license": " MIT & MIT", "license_pile": ["GPL-3.0-only", "Zlib", "FTL", "BSD-3-Clause", "MIT", "GPL-2.0-only", "Libpng"], "compatibilities": {"license_com [{"outbound": "GPL-3.0-only", "combinations": [{"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["FTL"], "version": "2.10.2"}, {"name": "libpng", "license": [" "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Cla "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-3.0-only"], "version": "2.10.2"}, {"na "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", " 3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-2.0-only"], "ve {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"n "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}], "compatibility_status": true}, {"outbound": "Zlib", "combinations": [{"combination": [{"name": "libfontconfig.so.1.12.0", "licens "version": "2.13.1"}, {"name": "freetype", "license": ["FTL"], "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"] "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfi "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-3.0-only"], "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"nam "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combina "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-2.0-only"], "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility "compatibility_status": true}, {"outbound": "FTL", "combinations": [{"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["FTL"], "version": "2.10.2"}, {"name": "l ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": [ Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["GPL-3.0-only"], "vers {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"n "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}, {"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["G "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "v {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status": true}], "compatibility_status": true}, {"outbound": "BSD-3-Clause", "combinations": [{"combination": [{"name": "libfontconfig.so.1.12.0", "license": ["MIT"], "version": "2.13.1"}, {"name": "freetype", "license": ["FTL"], "version": "2.10.2"}, {"name": "libpng", "license": ["Libpng"], "version": "1.6.37"}, {"name": "zlib", "license": ["Zlib"], "version" {"name": "zlib", "license": ["Zlib"], "version": "1.2.11"}, {"name": "expat", "license": ["MIT"], "version": "2.2.9"}, {"name": "util-linux", "license": ["BSD-3-Clause"], "version": "2.35.2"}], "compatibility_fails": [], "compatibility_status":
  • 35. flict - projects $ flict verify -pf fontconfig.json | jq -r .licensing { "outbound_candidates": [ "BSD-3-Clause", "FTL", "GPL-2.0-only", "GPL-3.0-only", "Libpng", "MIT", "Zlib" ] }
  • 36. … a bit deeper Applying policy ● allow ● avoid ● deny
  • 37. flict - policy # example policy - flict-policy.json { "policy": { "avoidlist": [ "Libpng" ], "denylist": [ "FTL", "GPL-3.0-or-later" ] } }
  • 38. flict - projects JSON fontconfig.json JSON fontconfig-report.json flict verify JSON flict-policy.json JSON flict policy-report
  • 39. flict - policy # verify, store report $ flict -o fontconfig-report.json verify -pf fontconfig.json # apply policy (to the report) $ flict policy-report -crf fontconfig-report.json -lpf flict-policy.json
  • 40. flict - policy $ flict policy-report -crf fontconfig-report.json -lpf flict-policy.json | jq .policy_outbounds { "allowed": [ "Zlib", "BSD-3-Clause", "MIT", "GPL-2.0-only", "GPL-3.0-only" ], "avoid": [ "Libpng" ] "denied": [ "FTL" ], "policy_result": 0 } 0 – compatible, with allowed licenses Suggested outbound licenses, allowed by policy 0 – compatible, with allowed licenses Suggested outbound licenses, avoided by policy Suggested outbound licenses, denied by policy
  • 41. flict – bigger projects ● Epiphany – Plain Yocto + Epiphany – Build and analyse epiphany to identify dependencies
  • 42.
  • 43. flict – bigger projects Dependency tree has 1145 OR (|) statements ● 2^1145 combinations ● 47790880853786773025025307593129474069637354487063124257965154352281 01390319684243889598745168591546274675352099492894261285860027737199 26955731381954770513172378695089692359789920181226687143746969162594 85803064131342014120963827022693853247109392847578001538964659274706 87703399660312352581695982025565426761424466315198692552978000735706 80832 combinations
  • 44. flict – bigger projects ● Dependency tree has 1145 OR (|) statements – 2^1145 combinations – 47790880853786773025025307593129474069637354487063124257965154352281 01390319684243889598745168591546274675352099492894261285860027737199 26955731381954770513172378695089692359789920181226687143746969162594 85803064131342014120963827022693853247109392847578001538964659274706 87703399660312352581695982025565426761424466315198692552978000735706 80832 combinations ● Flatten the dependency tree ● 75 deps 9 combinations
  • 45. flict Yocto build ● identify packages ● for each package – identify dependencies – (c) – License – create flict project files – check compatibility “Can we use this and that software?”
  • 46. flict – SBoM (SPDX) Verify SBoM (SPDX 2.2, JSON) with dependencies (relationships) Not straight out of the box, but with spdx-validator
  • 47. flict – SBoM (SPDX) $ spdx-validator -r freetype-2.9.spdx.json -pp -f flict -pn libfreetype > freetype- flict.json $ flict verify -pf freetype-flict.json | jq -r .licensing { "outbound_candidates": [ "FTL", "GPL-2.0-only", "GPL-3.0-only", "Libpng", "Zlib" ] }
  • 48. flict – in the making ● One more attempt at codifying the terms – possibly starting with OSADL’s work ● Looking at defining classifications (groups) and using Scancode’s license database – e.g. “Permissive” $ flict -of text -es list | grep Permissive | wc -l 731 ● Possible integration with other tools :) ● Verify RPM rpm2flict.sh cairo | jq …. GPL-2.0-or-later GPL-3.0-or-later
  • 49. Problems with licenses ● a project license is not always correct on the homepage or in the LICENSE file - you need to check for yourself ● a project can consist of many packages (e.g Cairo has libcairo2, libcairo-gobject2 ...) not always under the same license ● dependencies not always easy to find - may need to be identified during build
  • 50. Attributions (c) 2021 Jens Reuterberg https://github.com/hesa/flict-graphics/blob/master/flict-logo.svg GPL-3.0-or-later Edvard Munch - WebMuseum at ibiblioPage: http://www.ibiblio.org/wm/paint/auth/munch/Image URL: http://www.ibiblio.org/wm/paint/auth/munch/munch.scream.jpg, Public Domain, https://commons.wikimedia.org/w/index.php?curid=37610298 1 Copyright © 2007, 2008, 2010, 2013, 2014 Free Software Foundation, Inc. https://www.gnu.org/licenses/quick-guide-gplv3.html Creative Commons Attribution-NoDerivs 3.0 United States License. Copyright David A. Wheeler https://dwheeler.com/essays/floss-license-slide.html Creative Commons “Attribution-Share Alike 3.0 License”; the GNU Free Documentation License; or the GNU GPL (version 2 or later) (c) Henrik Sandklef https://www.flickr.com/photos/63114905@N06/50530717602/ Attribution-ShareAlike 2.0 Generic (CC BY-SA 2.0)