ABSTRACT
Licensing decisions for new Open Source Software are not always straightforward. However, the license that accompanies the software is important as it largely affects its subsequent distribution and reuse. License information for software products is captured - among other data - in the Software Package Data Exchange (SPDX) files. The SPDX specification is gaining popularity in the software industry and has been adopted by many organizations internally. In this demonstration paper, we present our tool for the validation of SPDX files regarding proper license use. Software packages described in SPDX format are examined in order to detect license violations that may occur when a product combines different software sources that carry different and potentially contradicting licenses. The SPDX License Validation Tool (SLVT) gives the opportunity to check the compatibility of one or more SPDX files. The evaluation performed on a number of software packages demonstrates its usefulness for drawing conclusions on license use, revealing violations in some of the test projects.
- R. M. Azzi. Cpr: how jacobsen v. katzer resuscitated the open source movement. U. Ill. L. Rev., page 1271, 2010.Google Scholar
- I. E. Foukarakis, G. M. Kapitsaki, and N. D. Tselikas. Choosing licenses in free open source software. In SEKE, pages 200–204, 2012.Google Scholar
- L. Foundation and its Contributors. A common software package data exchange format, version 2.0. 2015.Google Scholar
- R. Gobeille. The fossology project. In Proceedings of the 2008 international working conference on Mining software repositories, pages 47–50. ACM, 2008. Google ScholarDigital Library
- T. Gordon. Report on prototype decision support system for oss license compatibility issues. Qualipso, 79, 2010.Google Scholar
- T. F. Gordon. Analyzing open source license compatibility issues with carneades. In Proceedings of the 13th International Conference on Artificial Intelligence and Law, pages 51–55. ACM, 2011. Google ScholarDigital Library
- G. M. Kapitsaki and F. Kramer. Open source license violation check for spdx files. In Software Reuse for Dynamic Systems in the Cloud and Beyond, pages 90–105. Springer, 2014.Google Scholar
- G. M. Kapitsaki, N. D. Tselikas, and I. E. Foukarakis. An insight into license tools for open source software systems. Journal of Systems and Software, 102:72–87, 2015. Google ScholarDigital Library
- G. Klyne and J. J. Carroll. Resource description framework (rdf): Concepts and abstract syntax. 2006.Google Scholar
- C. Y. Lee. An algorithm for path connections and its applications. Electronic Computers, IRE Transactions on, (3):346–365, 1961.Google Scholar
- V. Lindberg. Intellectual property and open source: a practical guide to protecting code. ” O’Reilly Media, Inc.”, 2008. Google ScholarDigital Library
- F. Mancinelli, J. Boender, R. Di Cosmo, J. Vouillon, B. Durak, X. Leroy, and R. Treinen. Managing the complexity of large free and open source package-based software distributions. In Automated Software Engineering, 2006. ASE’06. 21st IEEE/ACM International Conference on, pages 199–208. IEEE, 2006. Google ScholarDigital Library
- D. L. McGuinness, F. Van Harmelen, et al. Owl web ontology language overview. W3C recommendation, 10(10):2004, 2004.Google Scholar
- A. Morin, J. Urban, and P. Sliz. A quick guide to software licensing for the scientist-programmer. PLoS Comput Biol, 8(7):e1002598, 2012.Google ScholarCross Ref
- D. A. Wheeler. The free-libre/open source software (floss) license slide. Online http://www. dwheeler. com/essays/floss-license-slide. pdf, 2007.Google Scholar
- Introduction Background and Related work SPDX License Validation Tool Implementation Notes Use Demonstration Conclusions ReferencesGoogle Scholar
Index Terms
- Validate your SPDX files for open source license violations
Recommendations
Automating the license compatibility process in open source software with SPDX
We automate the process of license compatibility compliance.We consider the emerging Software Package Data Exchange (SPDX) specification.License detection is an important step in the license compatibility process.We use a testing set with open source ...
Choosing an Open Source License
Maintaining a large code base can be time-consuming and costly. By open sourcing such code, a company can focus on new code for innovative features. However, to ensure the open source project becomes a success, the choice of open source license is ...
Choosing an Open Source Software License in Commercial Context: A Managerial Perspective
SEAA '10: Proceedings of the 2010 36th EUROMICRO Conference on Software Engineering and Advanced ApplicationsIncreasing number of companies conduct their business employing various Open source software (OSS) licenses. The choice of correct license determines the business potential of a given software. When the available OSS stack and licensing options grow, so ...
Comments