Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dependencies and Licenses

2,821 views

Published on

This presentation gives an overview about open source software dependencies, package managers and their licenses.

Published in: Software
  • Be the first to comment

Dependencies and Licenses

  1. 1. Dependency & License Management
  2. 2. Who I am? • Robert Reiz • Software Eng. since 1998 • I started VersionEye
  3. 3. What I do? • I write crawlers • I integrate Package Managers • I integrate SCM APIs (GitHub, Stash …)
  4. 4. VersionEye • 550K Open Source Projects • 10 Package Managers • 3 SCMs Dependency & License Management
  5. 5. Software Library “In computer science, a library is a collection of implementations of behaviour, written in terms of a language, that has a well-defined interface by which the behaviour is invoked.” http://en.wikipedia.org/wiki/Library_%28computing%29 Wikipedia
  6. 6. Year 1999 Download Software Libraries via Browser!
  7. 7. Year 1999 Add it via drag & drop to your project!
  8. 8. Dependency Management 1999 • Resolving transitiv dependencies by hand. • No version tracking! • Libraries checked in to SCM! • Not reproducible! • Dependency Hell!
  9. 9. Dependency Management Today with Maven <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpmime</artifactId> <version>2.1</version> </dependency> Define your dependencies in a pom.xml file
  10. 10. Dependency Management Today with Maven Repository Server Your computer run > mvn compile request dependency sends dependency
  11. 11. >mvncompile Dependency Management with Maven • It downloads the dependencies. • It resolves transitive dependencies. • It puts the dep. into the right place. • Reproducible. • No need to check in dep. into SCM!
  12. 12. Dependency Management • Maven (Java) • Bundler (Ruby) • Composer (PHP) • CocoaPods (Objective-C) • …. • PyPI (Python) • Leiningen (Clojure) • NPM (Node.JS) • Bower (JS) • …. Eachlanguagehasapackagemanager!
  13. 13. http://blog.versioneye.com/2014/01/15/which-programming-language-has-the-best-package-manager/
  14. 14. http://semver.org/
  15. 15. 1.MAJOR version when you make incompatible API changes 2.MINOR version when you add functionality in a backwards-compatible manner 3.PATCH version when you make backwards-compatible bug fixes. MAJOR.MINOR.PATCH
  16. 16. 2.0.0 2.1.0 2.1.1 2.1.2 3.0.0 Major Minor Patch Patch Major
  17. 17. ~3MillionNew Releases
  18. 18. 6%# 94%# New$Releases$ Major# Minor/Patch#
  19. 19. 94% of all new releases are harmless and you can update without doubt.
  20. 20. How do you get notified about new versions? Version Tracking is a problem!
  21. 21. https://www.versioneye.com Sign up with your GitHub Account and try it for free!
  22. 22. Software License “A software license is a legal instrument governing the use or redistribution of software.” http://en.wikipedia.org/wiki/Software_license Wikipedia
  23. 23. SPDX Licenses ~ 300 http://spdx.org/licenses/
  24. 24. And there are even more!
  25. 25. Everybody can invent new licenses!
  26. 26. DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE Version 2, December 2004 Copyright (C) 2004 Sam Hocevar <sam@hocevar.net> Everyone is permitted to copy and distribute verbatim or modified copies of this license document, and changing it is allowed as long as the name is changed. DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. You just DO WHAT THE FUCK YOU WANT TO.
  27. 27. http://choosealicense.com/licenses/
  28. 28. The GPL License You should avoid GPL for commercial projects!
  29. 29. Software License Core Committers candefine a license for their projects!
  30. 30. The Normalisation Problem The same license can be written in different ways! • Apache License 2 • Apache License 2.0 • The Apache License, 2.0 • The Apache Software License 2.0 • ….
  31. 31. The Human Factor Internet with millions of open source libraries! pull new OS library pull new OS library pull new OS library Software developers download open source libraries every day and they don’t care about licenses! commercial company
  32. 32. TheLicenseProblem How to avoid that a software developer pulls in a open source library with a copyleft license?
  33. 33. LicenseManagementSoftware
  34. 34. LicenseManagementwithVersionEye http://blog.versioneye.com/2014/09/15/license-whitelist/
  35. 35. www.VersionEye.com Keeps an eye on more than 550K open source libraries! Supports 22 Languages and 10 Package Managers! current status at 5th March 2015!
  36. 36. VersionEyeEnterprise https://www.versioneye.com/enterprise
  37. 37. @RobertReiz Questions? @VersionEye #ContinuousUpdating

×