research-article

Understanding the usage, impact, and adoption of non-OSI approved licenses

Authors:
Rômulo Meloca

Federal University of Technology - Paraná (UTFPR)

Federal University of Technology - Paraná (UTFPR)
View Profile

,
Gustavo Pinto

University of Pará (UFPA)

University of Pará (UFPA)
View Profile

,
Leonardo Baiser

Federal University of Technology - Paraná (UTFPR)

Federal University of Technology - Paraná (UTFPR)
View Profile

,
Marco Mattos

Federal University of Technology - Paraná (UTFPR)

Federal University of Technology - Paraná (UTFPR)
View Profile

,
Ivanilton Polato

Federal University of Technology - Paraná (UTFPR)

Federal University of Technology - Paraná (UTFPR)
View Profile

,
Igor Scaliante Wiese

Federal University of Technology - Paraná (UTFPR)

Federal University of Technology - Paraná (UTFPR)
View Profile

,
Daniel M German

University of Victoria

University of Victoria
View Profile

MSR '18: Proceedings of the 15th International Conference on Mining Software RepositoriesMay 2018Pages 270–280https://doi.org/10.1145/3196398.3196427

Published:28 May 2018Publication History

MSR '18: Proceedings of the 15th International Conference on Mining Software Repositories

Pages 270–280

ABSTRACT

The software license is one of the most important non-executable pieces of any software system. However, due to its non-technical nature, developers often misuse or misunderstand software licenses. Although previous studies reported problems related to licenses clashes and inconsistencies, in this paper we shed the light on an important but yet overlooked issue: the use of non-approved open-source licenses. Such licenses claim to be open-source, but have not been formally approved by the Open Source Initiative (OSI). When a developer releases a software under a non-approved license, even if the interest is to make it open-source, the original author might not be granting the rights required by those who use the software. To uncover the reasons behind the use of non-approved licenses, we conducted a mix-method study, mining data from 657K open-source projects and their 4,367K versions, and surveying 76 developers that published some of these projects. Although 1,058,554 of the project versions employ at least one non-approved license, non-approved licenses account for 21.51% of license usage. We also observed that it is not uncommon for developers to change from a non-approved to an approved license. When asked, some developers mentioned that this transition was due to a better understanding of the disadvantages of using an non-approved license. This perspective is particularly important since developers often rely on package managers to easily and quickly get their dependencies working.

References

D. A. Almeida, G. C. Murphy, G. Wilson, and M. Hoye. 2017. Do Software Developers Understand Open Source Licenses?. In 2017 IEEE/ACM 25th International Conference on Program Comprehension (ICPC). 1--11. Google ScholarDigital Library
Jailton Coelho and Marco Tulio Valente. 2017. Why Modern Open Source Projects Fail. In 25th International Symposium on the Foundations of Software Engineering (FSE). 186--196. Google ScholarDigital Library
Eleni Constantinou and Tom Mens. 2017. An Empirical Comparison of Developer Retention in the RubyGems and Npm Software Ecosystems. Innov. Syst. Softw. Eng. 13, 2-3 (Sept. 2017), 101--115. Google ScholarDigital Library
Massimiliano Di Penta, Daniel M. German, Yann-Gaël Guéhéneuc, and Giuliano Antoniol. 2010. An Exploratory Study of the Evolution of Software Licensing. In Proceedings of the 32Nd ACM/IEEE International Conference on Software Engineering - Volume 1 (ICSE '10). ACM, New York, NY, USA, 145--154. Google ScholarDigital Library
Karl Fogel. 2017. Producing Open Source Software: How to Run a Successful Free Software Project (second ed.). O'Reilly Media. http://www.producingoss.com/.Google Scholar
D. German and M. Di Penta. 2012. A Method for Open Source License Compliance of Java Applications. IEEE Software 29, 3 (May 2012), 58--63. Google ScholarDigital Library
Daniel M. German and Jesús M. González-Barahona. 2009. An Empirical Study of the Reuse of Software Licensed under the GNU General Public License. Springer Berlin Heidelberg, Berlin, Heidelberg, 185--198.Google Scholar
D. M. German, M. Di Penta, and J. Davies. 2010. Understanding and Auditing the Licensing of Open Source Software Distributions. In 2010 IEEE 18th International Conference on Program Comprehension. 84--93. Google ScholarDigital Library
Eirini Kalliamvakou, Georgios Gousios, Kelly Blincoe, Leif Singer, DanielM. German, and Daniela Damian. 2016. An in-depth study of the promises and perils of mining GitHub. Empirical Software Engineering 21, 5 (2016), 2035--2071. Google ScholarDigital Library
Eirini Kalliamvakou, Georgios Gousios, Kelly Blincoe, Leif Singer, Daniel M. German, and Daniela Damian. 2014. The Promises and Perils of Mining GitHub. In Proceedings of the 11th Working Conference on Mining Software Repositories (MSR 2014). 92--101. Google ScholarDigital Library
Georgia M. Kapitsaki, Nikolaos D. Tselikas, and Ioannis E. Foukarakis. 2015. An insight into license tools for open source software systems. Journal of Systems and Software 102 (2015), 72 -- 87. Google ScholarDigital Library
Cory Kapser and Michael W. Godfrey. 2008. "Cloning considered harmful" considered harmful: patterns of cloning in software. Empirical Software Engineering 13, 6 (2008), 645--692. Google ScholarDigital Library
Miryung Kim, L. Bergman, T. Lau, and D. Notkin. 2004. An ethnographic study of copy and paste programming practices in OOPL. In Empirical Software Engineering, 2004. ISESE '04. Proceedings. 2004 International Symposium on. 83--92. Google ScholarDigital Library
Sanghoon Lee, Daniel M German, Seung-won Hwang, and Sunghun Kim. 2015. Crowdsourcing Identification of License Violations. Journal of Computing Science and Engineering 9, 4 (2015), 190--203.Google ScholarCross Ref
Yuki Manabe, Daniel M. German, and Katsuro Inoue. 2014. Analyzing the Relationship between the License of Packages and Their Files in Free and Open Source Software. Springer Berlin Heidelberg, Berlin, Heidelberg, 51--60.Google Scholar
Trevor Maryka, Daniel M. German, and Germán Poo-Caamaño. 2015. On the Variability of the BSD and MIT Licenses. Springer International Publishing, Cham, 146--156.Google Scholar
OSD. 2018. The Open Source Definition (Annotated). (2018). https://opensource.org/osd-annotatedGoogle Scholar
Gustavo Pinto, Igor Steinmacher, and Marco Aurélio Gerosa. 2016. More Common Than You Think: An In-depth Study of Casual Contributors. In IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering, SANER 2016, Suita, Osaka, Japan, March 14-18, 2016 - Volume 1. 112--123.Google Scholar
Lawrence Rosen. 2004. Open Source Licensing: Software Freedom and Intellectual Property Law. Prentice Hall PTR, Upper Saddle River, NJ, USA. Google ScholarDigital Library
Carlos Denner dos Santos. 2017. Changes in free and open source software licenses: managerial interventions and variations on project attractiveness. Journal of Internet Services and Applications 8, 1 (07 Aug 2017), 11.Google Scholar
E. Smith, R. Loftin, E. Murphy-Hill, C. Bird, and T. Zimmermann. 2013. Improving developer participation rates in surveys. In 2013 6th International Workshop on Cooperative and Human Aspects of Software Engineering (CHASE). 89--92.Google Scholar
Diomidis Spinellis. 2012. Package Management Systems. IEEE Software 29, 2 (2012), 84--86. Google ScholarDigital Library
Sander van der Burg, Eelco Dolstra, Shane McIntosh, Julius Davies, Daniel M. German, and Armijn Hemel. 2014. Tracing Software Build Processes to Uncover License Compliance Inconsistencies. In Proceedings of the 29th ACM/IEEE International Conference on Automated Software Engineering (ASE '14). ACM, New York, NY, USA, 731--742. Google ScholarDigital Library
Christopher Vendome, Gabriele Bavota, Massimiliano Di Penta, Mario Linares-Vásquez, Daniel German, and Denys Poshyvanyk. 2017. License usage and changes: a large-scale study on gitHub. Empirical Software Engineering 22, 3 (01 Jun 2017), 1537--1577. Google ScholarDigital Library
Christopher Vendome, Gabriele Bavota, Massimiliano Di Penta, Mario Linares Vásquez, Daniel M. Germán, and Denys Poshyvanyk. 2017. License usage and changes: a large-scale study on gitHub. Empirical Software Engineering 22, 3 (2017), 1537--1577. Google ScholarDigital Library
Christopher Vendome, Mario Linares-Vásquez, Gabriele Bavota, Massimiliano Di Penta, Daniel German, and Denys Poshyvanyk. 2017. Machine Learning-based Detection of Open Source License Exceptions. In Proceedings of the 39th International Conference on Software Engineering (ICSE '17). IEEE Press, Piscataway, NJ, USA, 118--129. Google ScholarDigital Library
Christopher Vendome, Mario Linares-Vasquez, Gabriele Bavota, Massimiliano Di Penta, Daniel M. German, and Denys Poshyvanyk. 2015. When and Why Developers Adopt and Change Software Licenses. In Proceedings of the 2015 IEEE International Conference on Software Maintenance and Evolution (ICSME) (ICSME '15). IEEE Computer Society, Washington, DC, USA, 31--40. Google ScholarDigital Library
Erik Wittern, Philippe Suter, and Shriram Rajagopalan. 2016. A Look at the Dynamics of the JavaScript Package Ecosystem. In Proceedings of the 13th International Conference on Mining Software Repositories (MSR '16). ACM, New York, NY, USA, 351--361. Google ScholarDigital Library
Yuhao Wu, Yuki Manabe, Daniel M. German, and Katsuro Inoue. 2017. How are Developers Treating License Inconsistency Issues? A Case Study on License Inconsistency Evolution in FOSS Projects. Springer International Publishing, Cham, 69--79.Google Scholar
Y. Wu, Y. Manabe, T. Kanda, D. M. German, and K. Inoue. 2015. A Method to Detect License Inconsistencies in Large-Scale Open Source Projects. In 2015 IEEE/ACM 12th Working Conference on Mining Software Repositories. 324--333. Google ScholarDigital Library
Yuhao Wu, Yuki Manabe, Tetsuya Kanda, Daniel M. German, and Katsuro Inoue. 2017. Analysis of license inconsistency in large collections of open source projects. Empirical Software Engineering 22, 3 (01 Jun 2017), 1194--1222. Google ScholarDigital Library

Index Terms

Understanding the usage, impact, and adoption of non-OSI approved licenses
1. Software and its engineering
  1. Software creation and management
    1. Collaboration in software development
      1. Open source model

Recommendations

Open source software licenses: Strong-copyleft, non-copyleft, or somewhere in between?

Studies on open source software (OSS) have shown that the license under which an OSS is released has an impact on the success or failure of the software. In this paper, we model the relationship between an OSS developer's utility, the effort that goes ...
Read More
An Investigation into the Impact of Software Licenses on Copy-and-paste Reuse among OSS Projects
WCRE '11: Proceedings of the 2011 18th Working Conference on Reverse Engineering

Because licensing an open source software (OSS) product restricts its reuse, the developer of the product has to consider the impact on reuse when choosing the license. However, to the best of our knowledge, there are no quantitative studies on the ...
Read More
Licenses of Open Source Software and their Economic Values
SAINT-W '05: Proceedings of the 2005 Symposium on Applications and the Internet Workshops

Licenses of open source software (OSS) are quiet various but can be categorised into three. That is GPL (GNU general Public License) like, LGPL (GNU Lesser general Public License) like, or MPL (Mozilla Public License) like. Although there are numbers of ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
MSR '18: Proceedings of the 15th International Conference on Mining Software Repositories
May 2018
627 pages
ISBN:9781450357166
DOI:10.1145/3196398
General Chair:
Andy Zaidman
Delft University of Technology, Netherlands
,
Program Chairs:
Yasutaka Kamei
Kyushu University, Japan
,
Emily Hill
Drew University
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 28 May 2018
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
OSI approved
open source software
software license
Qualifiers
- research-article
Conference

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 10
  Total Citations
  View Citations
- 170
  Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Understanding the usage, impact, and adoption of non-OSI approved licenses

MSR '18: Proceedings of the 15th International Conference on Mining Software Repositories

ABSTRACT

References

Cited By

Index Terms

Recommendations

Open source software licenses: Strong-copyleft, non-copyleft, or somewhere in between?

An Investigation into the Impact of Software Licenses on Copy-and-paste Reuse among OSS Projects

Licenses of Open Source Software and their Economic Values