SlideShare ist ein Scribd-Unternehmen logo

Spdx - fossbazaar - licensing - fossa2010

fOSSa - Free Open Source Software Academia Conference
fOSSa - Free Open Source Software Academia Conference

FossBazar-SPDX Initiative Martin Michlmayr Legal Issues The IP licensing initiative of FOSSBAzaar HP OSS Division, Debian, Cyrius

Technologie
1 von 42
Downloaden Sie, um offline zu lesen
The State of Open Source Licensing and Ways to Improve It Martin Michlmayr Hewlett-Packard tbm@hp.com Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Agenda Why licensing matters Open source licensing Contributor agreements Copyright assignment Tools for the detection of licenses: FOSSology Standard for exchange of license information: Software Package Data Exchange (SPDX) Not covered: licenses; legal advice Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Target audience Companies using open source, especially those that also distribute it Must understand the importance of honouring licenses Identify licenses and follow them Work with projects to ensure their intentions are followed Open source projects Ensure that licensing is done right Work with companies that use and distribute their software Researchers Can shed light on best practices Can help improve state of licensing Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Why is licensing an important topic? Increasing adoption and penetration of open source Companies are getting sued, leading to more awareness: SCO: question of code ownership BusyBox, gpl-violations.org: complying with FOSS licenses Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Problems with FOSS licensing Misunderstanding of FOSS licenses: you have obligations FOSS licenses and licensing can be complex and complicated Keeping track of what FOSS is being used Keeping track of FOSS licenses used by an application and how they interact Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Your obligations: copyleft GPL: requires source code to be offered to those who receive binaries AGPL: additionally requires that the complete source code be made available to any network user Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Your obligations: permissive MIT: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. BSD (3 clause): Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Who gets sued? Whoever distributes the software without compliance No excuses: ‘software from ODM in Taiwan’ Indemnification may help But reputation is destroyed quickly Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Contributor Agreements Make legal questions around contributions explicit Often requires copyright assignment or grants Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Fedora Project Contributor Agreement (FPCA) Defines default licenses that are used unless explicit license is given Current defaults: Code: MIT Content: Creative Commons Attribution ShareAlike 3.0 Unported Does not assign copyright to Fedora or Red Hat Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Debian Every Debian developer has to agree to the DFSG and Social Contract DFSG: Debian Free Software Guidelines Social Contract: Debian will remain 100% free (according to DFSG) debian/copyright: describes upstream copyright/license and that of packaging Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Linux kernel Developer’s Certificate of Origin The contribution was created by me and I the have right to submit under indicated open source license The contribution is based on previous work that is also under indicated license The contribution was provided directly to me by someone who certified it and I didn’t modify it I understand that the contribution and project are public and recorded Signed-off-by: Martin Michlmayr <tbm@cyrius.com> Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Copyright assignments Why? Preserves the ability to relicense code Ensures sufficient rights to enforce licences in court Avoids and prevents later competing copyright claims Why not? Gives copyright holder a lot of power Makes it harder to contribute Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Tools for compliance work Binary Analysis Tool FOSSology Open Source License Checker Proprietary tools from Black Duck, Palamida, etc Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology FOSSology is a framework to study the source code of FOSS applications in a number of ways Main functionality: detection of licenses in open source applications Originally developed by HP, it is an open project with an open source license Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology You load code into the repository You analyse it and put the results into a database You view the results Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology: the new release Buckets New license algorithm Copyright agent Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Scope of the problem Prior to distributing a collection of software, each package needs to be reviewed to ensure compliance with all the licenses. Supply chain for products now requires software copyright and licensing information for lawsuit avoidance and risk mitigation. A package’s declared license may not always match the licenses of individual files inside the package itself. A package may consist of thousands of files with different licenses in the files Need a standard way of referring to the legal compliance ‘bill-of-materials’ of a software package and be able exchange information with others. Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Solution: SPDX Define a file format for license information to accompany open source packages Focus: Just the facts – no interpretations Benefits Provides a unified method for exchanging license information Avoids due diligence redundancy where the same source code package is analyzed multiple times by different receivers Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Structure of standard Identification: meta data to associate analysis results with a specific package Overview: Facts that are properties for entire package (e.g. package name, declared license) File Specific: Facts that are specific to each file included in a package (e.g. filename, copyright) Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
Resources Organizations FSF Free Software Licensing and Compliance Lab FSFE Freedom Task Force (FTF) gpl-violations.org Open Source Initiative (OSI) Software Freedom Law Center Communities FOSSBazaar FSFE Legal Network News and journals Groklaw International Free and Open Source Software Law Review Conferences FSFE ELN (European Legal Network) EOLE - European Open Source Law Event Software Martin Michlmayr The State of Open Source Licensing and Ways to Improve It

Empfohlen

2014 10-14: GitHub plus FOSS == 1 million SPDX
2014 10-14: GitHub plus FOSS == 1 million SPDX2014 10-14: GitHub plus FOSS == 1 million SPDX
2014 10-14: GitHub plus FOSS == 1 million SPDXNuno Brito
 
SPDX 2.0: introduction
SPDX 2.0: introductionSPDX 2.0: introduction
SPDX 2.0: introductionKate Stewart
 
Dependencies and Licenses
Dependencies and LicensesDependencies and Licenses
Dependencies and LicensesRobert Reiz
 
Gauss jordan
Gauss jordanGauss jordan
Gauss jordanuis
 
Discipline
DisciplineDiscipline
Discipline9950012133
 
Nyc bid conference
Nyc bid conferenceNyc bid conference
Nyc bid conferenceREBNY
 
Tec i iletrag
Tec i iletragTec i iletrag
Tec i iletragvazumano
 
NDCC Presentation Final
NDCC Presentation FinalNDCC Presentation Final
NDCC Presentation Finallaureen920
 

Empfohlen

2014 10-14: GitHub plus FOSS == 1 million SPDX
2014 10-14: GitHub plus FOSS == 1 million SPDX2014 10-14: GitHub plus FOSS == 1 million SPDX
2014 10-14: GitHub plus FOSS == 1 million SPDXNuno Brito
 
SPDX 2.0: introduction
SPDX 2.0: introductionSPDX 2.0: introduction
SPDX 2.0: introductionKate Stewart
 
Dependencies and Licenses
Dependencies and LicensesDependencies and Licenses
Dependencies and LicensesRobert Reiz
 
Gauss jordan
Gauss jordanGauss jordan
Gauss jordanuis
 
Discipline
DisciplineDiscipline
Discipline9950012133
 
Nyc bid conference
Nyc bid conferenceNyc bid conference
Nyc bid conferenceREBNY
 
Tec i iletrag
Tec i iletragTec i iletrag
Tec i iletragvazumano
 
NDCC Presentation Final
NDCC Presentation FinalNDCC Presentation Final
NDCC Presentation Finallaureen920
 
Tan sri syed mokhtar shah bin syed nor al
Tan sri syed mokhtar shah bin syed nor alTan sri syed mokhtar shah bin syed nor al
Tan sri syed mokhtar shah bin syed nor almimi
 
Comprehensive capacity
Comprehensive capacityComprehensive capacity
Comprehensive capacityJet Wang
 
Choisi Promo
Choisi PromoChoisi Promo
Choisi PromoMenzelle Jacobs
 
A recipe for happiness 2
A recipe for happiness 2A recipe for happiness 2
A recipe for happiness 2mariah4everpeace
 
分布式和文件系统
分布式和文件系统分布式和文件系统
分布式和文件系统pluschen
 
OSS Community management
OSS Community managementOSS Community management
OSS Community managementfOSSa - Free Open Source Software Academia Conference
 
互联网项目管理要点2012
互联网项目管理要点2012互联网项目管理要点2012
互联网项目管理要点2012Jet Wang
 
Implementing Enterprise PPM for Multi-Maturity Organizations
Implementing Enterprise PPM for Multi-Maturity Organizations Implementing Enterprise PPM for Multi-Maturity Organizations
Implementing Enterprise PPM for Multi-Maturity Organizations EPM Live
 
Sports marketing: where does the future lie - in the content or the conversa...
Sports marketing: where does the future lie - in the content or the conversa...Sports marketing: where does the future lie - in the content or the conversa...
Sports marketing: where does the future lie - in the content or the conversa...cainster
 
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...EPM Live
 
HP Fossology v5.3
HP Fossology v5.3HP Fossology v5.3
HP Fossology v5.3fOSSa - Free Open Source Software Academia Conference
 
Panduan Jurnalis Meliput Peristiwa Traumatik
Panduan Jurnalis Meliput Peristiwa TraumatikPanduan Jurnalis Meliput Peristiwa Traumatik
Panduan Jurnalis Meliput Peristiwa TraumatikFederation of Independent Media Workers Union
 
The way of the stars
The way of the starsThe way of the stars
The way of the starsmayadez
 
Online Questionnaire
Online QuestionnaireOnline Questionnaire
Online Questionnairedeniseclarkaaa
 
Geo projecthaight
Geo projecthaightGeo projecthaight
Geo projecthaightCatherine Haight
 
Recent learning of scrum and management
Recent learning of scrum and managementRecent learning of scrum and management
Recent learning of scrum and managementJet Wang
 
OWF2013 INTERNET OF THINGS
OWF2013 INTERNET OF THINGSOWF2013 INTERNET OF THINGS
OWF2013 INTERNET OF THINGSfOSSa - Free Open Source Software Academia Conference
 
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Black Duck by Synopsys
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?Jennifer O'Neill
 
Implementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseImplementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseFINOS
 
Implementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseImplementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseOpen Source Strategy Forum
 
Digital Licensing Platform
Digital Licensing PlatformDigital Licensing Platform
Digital Licensing PlatformSteveJPrice
 

Weitere ähnliche Inhalte

Andere mochten auch

Tan sri syed mokhtar shah bin syed nor al
Tan sri syed mokhtar shah bin syed nor alTan sri syed mokhtar shah bin syed nor al
Tan sri syed mokhtar shah bin syed nor almimi
 
Comprehensive capacity
Comprehensive capacityComprehensive capacity
Comprehensive capacityJet Wang
 
分布式和文件系统
分布式和文件系统分布式和文件系统
分布式和文件系统pluschen
 
互联网项目管理要点2012
互联网项目管理要点2012互联网项目管理要点2012
互联网项目管理要点2012Jet Wang
 
Implementing Enterprise PPM for Multi-Maturity Organizations
Implementing Enterprise PPM for Multi-Maturity Organizations Implementing Enterprise PPM for Multi-Maturity Organizations
Implementing Enterprise PPM for Multi-Maturity Organizations EPM Live
 
Sports marketing: where does the future lie - in the content or the conversa...
Sports marketing: where does the future lie - in the content or the conversa...Sports marketing: where does the future lie - in the content or the conversa...
Sports marketing: where does the future lie - in the content or the conversa...cainster
 
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...EPM Live
 
The way of the stars
The way of the starsThe way of the stars
The way of the starsmayadez
 
Recent learning of scrum and management
Recent learning of scrum and managementRecent learning of scrum and management
Recent learning of scrum and managementJet Wang
 

Andere mochten auch (17)

Tan sri syed mokhtar shah bin syed nor al
Tan sri syed mokhtar shah bin syed nor alTan sri syed mokhtar shah bin syed nor al
Tan sri syed mokhtar shah bin syed nor al
 
Comprehensive capacity
Comprehensive capacityComprehensive capacity
Comprehensive capacity
 
Choisi Promo
Choisi PromoChoisi Promo
Choisi Promo
 
A recipe for happiness 2
A recipe for happiness 2A recipe for happiness 2
A recipe for happiness 2
 
分布式和文件系统
分布式和文件系统分布式和文件系统
分布式和文件系统
 
OSS Community management
OSS Community managementOSS Community management
OSS Community management
 
互联网项目管理要点2012
互联网项目管理要点2012互联网项目管理要点2012
互联网项目管理要点2012
 
Implementing Enterprise PPM for Multi-Maturity Organizations
Implementing Enterprise PPM for Multi-Maturity Organizations Implementing Enterprise PPM for Multi-Maturity Organizations
Implementing Enterprise PPM for Multi-Maturity Organizations
 
Sports marketing: where does the future lie - in the content or the conversa...
Sports marketing: where does the future lie - in the content or the conversa...Sports marketing: where does the future lie - in the content or the conversa...
Sports marketing: where does the future lie - in the content or the conversa...
 
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...
PPM Challenge #2: Project Communications and Reporting – 2012 PPM Challenge a...
 
HP Fossology v5.3
HP Fossology v5.3HP Fossology v5.3
HP Fossology v5.3
 
Panduan Jurnalis Meliput Peristiwa Traumatik
Panduan Jurnalis Meliput Peristiwa TraumatikPanduan Jurnalis Meliput Peristiwa Traumatik
Panduan Jurnalis Meliput Peristiwa Traumatik
 
The way of the stars
The way of the starsThe way of the stars
The way of the stars
 
Online Questionnaire
Online QuestionnaireOnline Questionnaire
Online Questionnaire
 
Geo projecthaight
Geo projecthaightGeo projecthaight
Geo projecthaight
 
Recent learning of scrum and management
Recent learning of scrum and managementRecent learning of scrum and management
Recent learning of scrum and management
 
OWF2013 INTERNET OF THINGS
OWF2013 INTERNET OF THINGSOWF2013 INTERNET OF THINGS
OWF2013 INTERNET OF THINGS
 

Ähnlich wie Spdx - fossbazaar - licensing - fossa2010

Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Black Duck by Synopsys
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?Jennifer O'Neill
 
Implementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseImplementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseFINOS
 
Implementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseImplementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseOpen Source Strategy Forum
 
Digital Licensing Platform
Digital Licensing PlatformDigital Licensing Platform
Digital Licensing PlatformSteveJPrice
 
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Jennifer O'Neill
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Sonatype
 
What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?IWMW
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptViet NguyenHoang
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_reviewwebuploader
 
Fundamentals of Open Source Licensing
Fundamentals of Open Source LicensingFundamentals of Open Source Licensing
Fundamentals of Open Source LicensingJennifer O'Neill
 
In-House Management of Open Source Licenses
In-House Management of Open Source LicensesIn-House Management of Open Source Licenses
In-House Management of Open Source LicensesJennifer O'Neill
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementSebastiano Cobianco
 
Introduction To Open Source Licensing
Introduction To Open Source LicensingIntroduction To Open Source Licensing
Introduction To Open Source LicensingMark Radcliffe
 
Legal and Practical Concerns with Software Development
Legal and Practical Concerns with Software DevelopmentLegal and Practical Concerns with Software Development
Legal and Practical Concerns with Software DevelopmentRogue Wave Software
 
Managing Community Open Source Brands
Managing Community Open Source BrandsManaging Community Open Source Brands
Managing Community Open Source BrandsShane Curcuru
 
The Role of In-House & External Counsel in Managing Open Source Software
The Role of In-House & External Counsel in Managing Open Source SoftwareThe Role of In-House & External Counsel in Managing Open Source Software
The Role of In-House & External Counsel in Managing Open Source SoftwareFlexera
 
Introduction to Software Licensing
Introduction to Software LicensingIntroduction to Software Licensing
Introduction to Software Licensingtravellingpolander
 
Licensing as a Business by Eli Chmouni
Licensing as a Business by Eli ChmouniLicensing as a Business by Eli Chmouni
Licensing as a Business by Eli ChmouniPHX Startup Week
 

Ähnlich wie Spdx - fossbazaar - licensing - fossa2010 (20)

Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
Strategies to Reap the Benefits of Software Patents in an Open Source Softwar...
 
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
I\'m Not an IT Lawyer: Why Does Open Source Matter to Me?
 
Implementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash CourseImplementing and Managing an Open Source Compliance Program: A Crash Course
Implementing and Managing an Open Source Compliance Program: A Crash Course
 
Implementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash CourseImplementing and Managing Open Source Compliance Programs - A Crash Course
Implementing and Managing Open Source Compliance Programs - A Crash Course
 
Digital Licensing Platform
Digital Licensing PlatformDigital Licensing Platform
Digital Licensing Platform
 
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
Outbound Licensing Strategies: Is Open Source the Right Model for Your Company?
 
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
Lawyers and Licenses in Open Source-based Development: How to Protect Your So...
 
What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?
 
Opensource Powerpoint Review.Ppt
Opensource Powerpoint Review.PptOpensource Powerpoint Review.Ppt
Opensource Powerpoint Review.Ppt
 
opensource_powerpoint_review
opensource_powerpoint_reviewopensource_powerpoint_review
opensource_powerpoint_review
 
Fundamentals of Open Source Licensing
Fundamentals of Open Source LicensingFundamentals of Open Source Licensing
Fundamentals of Open Source Licensing
 
In-House Management of Open Source Licenses
In-House Management of Open Source LicensesIn-House Management of Open Source Licenses
In-House Management of Open Source Licenses
 
Open Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk ManagementOpen Source in the Enterprise: Compliance and Risk Management
Open Source in the Enterprise: Compliance and Risk Management
 
Introduction To Open Source Licensing
Introduction To Open Source LicensingIntroduction To Open Source Licensing
Introduction To Open Source Licensing
 
Legal and Practical Concerns with Software Development
Legal and Practical Concerns with Software DevelopmentLegal and Practical Concerns with Software Development
Legal and Practical Concerns with Software Development
 
Managing Community Open Source Brands
Managing Community Open Source BrandsManaging Community Open Source Brands
Managing Community Open Source Brands
 
Open Source vs Proprietary
Open Source vs ProprietaryOpen Source vs Proprietary
Open Source vs Proprietary
 
The Role of In-House & External Counsel in Managing Open Source Software
The Role of In-House & External Counsel in Managing Open Source SoftwareThe Role of In-House & External Counsel in Managing Open Source Software
The Role of In-House & External Counsel in Managing Open Source Software
 
Introduction to Software Licensing
Introduction to Software LicensingIntroduction to Software Licensing
Introduction to Software Licensing
 
Licensing as a Business by Eli Chmouni
Licensing as a Business by Eli ChmouniLicensing as a Business by Eli Chmouni
Licensing as a Business by Eli Chmouni
 

Mehr von fOSSa - Free Open Source Software Academia Conference

Mehr von fOSSa - Free Open Source Software Academia Conference (20)

Les douze commandements du community manager
Les douze commandements du community managerLes douze commandements du community manager
Les douze commandements du community manager
 
Les licences open source simplement ?
Les licences open source simplement ? Les licences open source simplement ?
Les licences open source simplement ?
 
Diffuser les résultats de recherche ?
Diffuser les résultats de recherche ? Diffuser les résultats de recherche ?
Diffuser les résultats de recherche ?
 
- Protection du logiciel - **François Pelligrini**
- Protection du logiciel - **François Pelligrini** - Protection du logiciel - **François Pelligrini**
- Protection du logiciel - **François Pelligrini**
 
La valorisation de logiciels de recherche au sein de l'Inria? / Transfert ma...
La valorisation de logiciels de recherche au sein de l'Inria? / Transfert ma...La valorisation de logiciels de recherche au sein de l'Inria? / Transfert ma...
La valorisation de logiciels de recherche au sein de l'Inria? / Transfert ma...
 
Resultats nuit info 2013
Resultats nuit info 2013Resultats nuit info 2013
Resultats nuit info 2013
 
In trust we trust ! Blablacar by frederic mazzella
In trust we trust ! Blablacar by frederic mazzellaIn trust we trust ! Blablacar by frederic mazzella
In trust we trust ! Blablacar by frederic mazzella
 
Open sourcing of Journalism by James Corbett
Open sourcing of Journalism by James CorbettOpen sourcing of Journalism by James Corbett
Open sourcing of Journalism by James Corbett
 
Open intelligence by tom secker
Open intelligence by tom seckerOpen intelligence by tom secker
Open intelligence by tom secker
 
Eco Nomy Eco Trust Eco Systems - Introduction
Eco Nomy Eco Trust Eco Systems - IntroductionEco Nomy Eco Trust Eco Systems - Introduction
Eco Nomy Eco Trust Eco Systems - Introduction
 
Innovation & Massive data
Innovation & Massive dataInnovation & Massive data
Innovation & Massive data
 
#SAIFC késako - Semantic Analysis for Flow Computing
#SAIFC késako - Semantic Analysis for Flow Computing #SAIFC késako - Semantic Analysis for Flow Computing
#SAIFC késako - Semantic Analysis for Flow Computing
 
Eco System over code!
Eco System over code!Eco System over code!
Eco System over code!
 
Afup 10 ans plus tard
Afup 10 ans plus tardAfup 10 ans plus tard
Afup 10 ans plus tard
 
Analyse de la propriete intellectuel
Analyse de la propriete intellectuelAnalyse de la propriete intellectuel
Analyse de la propriete intellectuel
 
From open source labs to ceo methods and advice by sysfera
From open source labs to ceo methods and advice by sysferaFrom open source labs to ceo methods and advice by sysfera
From open source labs to ceo methods and advice by sysfera
 
Management de communaute
Management de communauteManagement de communaute
Management de communaute
 
Methods about Open Source Governance v2.5
Methods about Open Source Governance v2.5Methods about Open Source Governance v2.5
Methods about Open Source Governance v2.5
 
Systematic / GTLL / Ecosystemes logiciel-libre in PARIS region
Systematic / GTLL / Ecosystemes logiciel-libre in PARIS regionSystematic / GTLL / Ecosystemes logiciel-libre in PARIS region
Systematic / GTLL / Ecosystemes logiciel-libre in PARIS region
 
Choir and Community Management
Choir and Community ManagementChoir and Community Management
Choir and Community Management
 

Kürzlich hochgeladen

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 

Kürzlich hochgeladen (20)

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 

Spdx - fossbazaar - licensing - fossa2010

  • 1. The State of Open Source Licensing and Ways to Improve It Martin Michlmayr Hewlett-Packard tbm@hp.com Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 2. Agenda Why licensing matters Open source licensing Contributor agreements Copyright assignment Tools for the detection of licenses: FOSSology Standard for exchange of license information: Software Package Data Exchange (SPDX) Not covered: licenses; legal advice Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 3. Target audience Companies using open source, especially those that also distribute it Must understand the importance of honouring licenses Identify licenses and follow them Work with projects to ensure their intentions are followed Open source projects Ensure that licensing is done right Work with companies that use and distribute their software Researchers Can shed light on best practices Can help improve state of licensing Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 4. Why is licensing an important topic? Increasing adoption and penetration of open source Companies are getting sued, leading to more awareness: SCO: question of code ownership BusyBox, gpl-violations.org: complying with FOSS licenses Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 5. Problems with FOSS licensing Misunderstanding of FOSS licenses: you have obligations FOSS licenses and licensing can be complex and complicated Keeping track of what FOSS is being used Keeping track of FOSS licenses used by an application and how they interact Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 6. Your obligations: copyleft GPL: requires source code to be offered to those who receive binaries AGPL: additionally requires that the complete source code be made available to any network user Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 7. Your obligations: permissive MIT: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. BSD (3 clause): Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 8. Who gets sued? Whoever distributes the software without compliance No excuses: ‘software from ODM in Taiwan’ Indemnification may help But reputation is destroyed quickly Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 9. Contributor Agreements Make legal questions around contributions explicit Often requires copyright assignment or grants Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 10. Fedora Project Contributor Agreement (FPCA) Defines default licenses that are used unless explicit license is given Current defaults: Code: MIT Content: Creative Commons Attribution ShareAlike 3.0 Unported Does not assign copyright to Fedora or Red Hat Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 11. Debian Every Debian developer has to agree to the DFSG and Social Contract DFSG: Debian Free Software Guidelines Social Contract: Debian will remain 100% free (according to DFSG) debian/copyright: describes upstream copyright/license and that of packaging Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 12. Linux kernel Developer’s Certificate of Origin The contribution was created by me and I the have right to submit under indicated open source license The contribution is based on previous work that is also under indicated license The contribution was provided directly to me by someone who certified it and I didn’t modify it I understand that the contribution and project are public and recorded Signed-off-by: Martin Michlmayr <tbm@cyrius.com> Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 13. Copyright assignments Why? Preserves the ability to relicense code Ensures sufficient rights to enforce licences in court Avoids and prevents later competing copyright claims Why not? Gives copyright holder a lot of power Makes it harder to contribute Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 14. Tools for compliance work Binary Analysis Tool FOSSology Open Source License Checker Proprietary tools from Black Duck, Palamida, etc Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 15. FOSSology FOSSology is a framework to study the source code of FOSS applications in a number of ways Main functionality: detection of licenses in open source applications Originally developed by HP, it is an open project with an open source license Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 16. FOSSology You load code into the repository You analyse it and put the results into a database You view the results Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 17. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 18. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 19. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 20. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 21. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 22. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 23. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 24. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 25. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 26. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 27. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 28. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 29. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 30. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 31. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 32. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 33. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 34. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 35. FOSSology: the new release Buckets New license algorithm Copyright agent Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 36. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 37. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 38. FOSSology demo Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 39. Scope of the problem Prior to distributing a collection of software, each package needs to be reviewed to ensure compliance with all the licenses. Supply chain for products now requires software copyright and licensing information for lawsuit avoidance and risk mitigation. A package’s declared license may not always match the licenses of individual files inside the package itself. A package may consist of thousands of files with different licenses in the files Need a standard way of referring to the legal compliance ‘bill-of-materials’ of a software package and be able exchange information with others. Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 40. Solution: SPDX Define a file format for license information to accompany open source packages Focus: Just the facts – no interpretations Benefits Provides a unified method for exchanging license information Avoids due diligence redundancy where the same source code package is analyzed multiple times by different receivers Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 41. Structure of standard Identification: meta data to associate analysis results with a specific package Overview: Facts that are properties for entire package (e.g. package name, declared license) File Specific: Facts that are specific to each file included in a package (e.g. filename, copyright) Martin Michlmayr The State of Open Source Licensing and Ways to Improve It
  • 42. Resources Organizations FSF Free Software Licensing and Compliance Lab FSFE Freedom Task Force (FTF) gpl-violations.org Open Source Initiative (OSI) Software Freedom Law Center Communities FOSSBazaar FSFE Legal Network News and journals Groklaw International Free and Open Source Software Law Review Conferences FSFE ELN (European Legal Network) EOLE - European Open Source Law Event Software Martin Michlmayr The State of Open Source Licensing and Ways to Improve It