Skip to main content
SpringerLink
Log in
Book cover

International Conference on Software Reuse

ICSR 2015: Software Reuse for Dynamic Systems in the Cloud and Beyond pp 90–105Cite as

Open Source License Violation Check for SPDX Files

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8919))

Abstract

The Open Source Software development model has gained a lot of momentum in the latest years providing organizations and software engineers with a variety of software, components and libraries that can be exploited in the construction of larger application systems. Open Source Software is accompanied by licenses that state the conditions under which the intellectual property can be used. Since not all licenses are governed by the same conditions of use, the correct combination of licenses is vital, when different libraries are exploited in newly developed application systems. If this is not adequately handled, license violations might be a consequence of incompatibilities. In this paper we present our work on license violation checking in the framework of Software Package Data Exchange (SPDX). Starting from the modelling of license compatibilities our approach examines potential violations in software package information formatted using the SPDX specification. At the same time alternative solutions in the form of applicable licenses for the software package are proposed. This approach can be a valuable asset for Open Source practitioners in the license decision process assisting in detecting possible violations and in making suggestions on license use.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aksulu, A., Wade, M.: A comprehensive review and synthesis of open source research. Journal of the Association for Information Systems 11(11) (2010)

    Google Scholar 

  2. Alspaugh, T.A., Scacchi, W., Asuncion, H.U.: Software licenses in context: The challenge of heterogeneously-licensed systems. Journal of the Association for Information Systems 11(11) (2010)

    Google Scholar 

  3. Boyle, J.: The public domain: Enclosing the commons of the mind. Yale University Press (2009)

    Google Scholar 

  4. Colazo, J., Fang, Y.: Impact of license choice on open source software development activity. Journal of the American Society for Information Science and Technology 60(5), 997–1011 (2009)

    Article  Google Scholar 

  5. Feller, J., Fitzgerald, B., et al.: Understanding open source software development. Addison-Wesley, London (2002)

    Google Scholar 

  6. German, D.M., Di Penta, M., Davies, J.: Understanding and auditing the licensing of open source software distributions. In: 2010 IEEE 18th International Conference on Program Comprehension (ICPC), pp. 84–93. IEEE (2010)

    Google Scholar 

  7. German, D.M., Manabe, Y., Inoue, K.: A sentence-matching method for automatic license identification of source code files. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, pp. 437–446. ACM (2010)

    Google Scholar 

  8. Gobeille, R.: The fossology project. In: Proceedings of the 2008 International Working Conference on Mining Software Repositories, pp. 47–50. ACM (2008)

    Google Scholar 

  9. Lerner, J., Tirole, J.: The scope of open source licensing. Journal of Law, Economics, and Organization 21(1), 20–56 (2005)

    Article  Google Scholar 

  10. Linux Foundation and its Contributors: A Common Software Package Data Exchange Format, version 1.2 (2013), http://spdx.org/sites/spdx/files/spdx-1

  11. Madanmohan, T., et al.: Notice of violation of IEEE publication principles open source reuse in commercial firms. IEEE Software 21(6), 62–69 (2004)

    Article  Google Scholar 

  12. Mancinelli, F., Boender, J., Di Cosmo, R., Vouillon, J., Durak, B., Leroy, X., Treinen, R.: Managing the complexity of large free and open source package-based software distributions. In: 21st IEEE/ACM International Conference on Automated Software Engineering, ASE 2006, pp. 199–208. IEEE (2006)

    Google Scholar 

  13. Rosen, L.: Open source licensing: Software Freedom and Intellectual Property Law. Prentice Hall PTR (2004)

    Google Scholar 

  14. Tuunanen, T., Koskinen, J., Kärkkäinen, T.: Automated software license analysis. Automated Software Engineering 16(3-4), 455–490 (2009)

    Article  Google Scholar 

  15. Wang, H., He, H., Yang, J., Yu, P.S., Yu, J.X.: Dual labeling: Answering graph reachability queries in constant time. In: Proceedings of the 22nd International Conference on Data Engineering, ICDE 2006, pp. 75–75. IEEE (2006)

    Google Scholar 

  16. Wheeler, D.A.: The free-libre/open source software (floss) license slide (2007), http://www.dwheeler.com/essays/floss-license-slide.pdf

  17. Xu, H., Yang, H., Wan, D., Wan, J.: The design and implement of open source license tracking system. In: 2010 International Conference on Computational Intelligence and Software Engineering (CiSE), pp. 1–4. IEEE (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Cyprus, 1 University Avenue, Nicosia, Cyprus

    Georgia M. Kapitsaki

  2. Otto von Guericke University, Universitaetsplatz 2, D-39106, Magdeburg, Germany

    Frederik Kramer

Authors
  1. Georgia M. Kapitsaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frederik Kramer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Softwaretechnik und Fahrzeuginformatik, Technische Universität Braunschweig, Mühlenpfordtstr. 23, 38106, Braunschweig, Germany

    Ina Schaefer

  2. Department of Informatics, Aristotle University of Thessaloniki, 54124, Thessaloniki, Greece

    Ioannis Stamelos

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Kapitsaki, G.M., Kramer, F. (2014). Open Source License Violation Check for SPDX Files. In: Schaefer, I., Stamelos, I. (eds) Software Reuse for Dynamic Systems in the Cloud and Beyond. ICSR 2015. Lecture Notes in Computer Science, vol 8919. Springer, Cham. https://doi.org/10.1007/978-3-319-14130-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-14130-5_7

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-14129-9

  • Online ISBN: 978-3-319-14130-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation