community summit: legal & licensing / tools for developers to ensure legal integrity of their...
DESCRIPTION
First this talk explores the various options regarding FOSS detection, how this process can be integrated in the "software factory", and how the results can be displayed in a usable and efficient way, using different tools freely available to the open source communities like FOSSology and Antepedia Tools Suite. Secondly, we will give some example of license data that can be collected from many open source projects and show how it can be useful for communities to adopt standard like SPDX (Software Package Data Exchange), which will be presented briefly.TRANSCRIPT
![Page 1: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/1.jpg)
Tools for developers to ensure legal integrity of their code
Freddy Munoz, PhDProduct Manager, Antelink.
[email protected] @drfmunoz
Bruno CornecOpen Source & Linux Profession Lead EMEA, HPIntelCo.
![Page 2: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/2.jpg)
The context
![Page 3: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/3.jpg)
3
compile
test
integration test
package
analysis
Build Engineer
Product
Final product
???
???license?version?project?
are you sure that you know everything…?
are you sure that you are license compliant?
In your BoM
In your product
The problem
![Page 4: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/4.jpg)
4
Available compliance tools(non-exhaustive list)
Source http://www.linuxfoundation.org/programs/legal/compliance/tools
Antepedia Notifier
Antepedia Reporter
Antepedia Notifier
Source code Binary package
![Page 5: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/5.jpg)
5
Antepedia Tool Suite
![Page 6: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/6.jpg)
6
Antepedia Tool Suit
AntepediaKnowledgeBase
Antepedia* Notifier
Antepedia* Reporter
Antepedia** Search
Public API
940 000 projects
210 000 000 files
** free public access* free for non-profit projects and organizations
![Page 7: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/7.jpg)
7
Antepedia Search
Cloud serviceSingle
file
Web-browser report
Original project
License information
Release date and location
![Page 8: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/8.jpg)
8
Antepedia Reporter
Automated On-demand Detection of Open Source Components
Export
1. HTML file
2. CSV FileAnalysis
Antepedia — the world’sLargest Knowledge Base of
open source projects
Antepedia Reporter
my.antepedia.com
![Page 9: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/9.jpg)
9
![Page 10: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/10.jpg)
10
Antepedia Notifier
Automated Continuos Detection of Open Source Components
Notification
1. By MAIL
2. Through Atlassian JIRA
Continuous detection
Antepedia, the world’s largest database of open source projects
Antepedia Notifier
my.antepedia.com
![Page 11: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/11.jpg)
FOSSology - Goal
FOSS-ology : The study of FOSS
The goal of the FOSSology project is create tools and a framework to reduce fear, uncertainty, and doubt in the use, development, and distribution of open source software.FOSSology is a static analysis framework to learn what we can by scanning FOSS itself.Analyze the code, save the results in a database, report results through a Web (or scripted) interface.
![Page 12: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/12.jpg)
A Simple FOSSology Process Flow
o Scan every single file in a package (or distro, or …)o Fuzzy match against a library of > 400 known
licenses.o Examine the non-matching portions looking for text
that could be an unknown license.o Nomos, the now GPLed license analysis tool, is
the result of 10+ years of scanning @HP
![Page 13: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/13.jpg)
File upload screenshot
![Page 14: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/14.jpg)
Queue management screenshot
![Page 15: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/15.jpg)
License analysis screenshot
![Page 16: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/16.jpg)
Meta data analysis screenshot
![Page 17: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/17.jpg)
Bucket browser screenshot
![Page 18: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/18.jpg)
Architecture
![Page 19: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/19.jpg)
“The evolution of FLOSSand the Internet are
tightly coupled”
Web Resources
FOSSOlogy main site http://www.fossology.orgMailing Lists, contacts http://fossology.org/contact_usPlume details http://www.projet-plume.org/fiche/fossologyProject-Builderhttp://trac.project-builder.orgOpen Source at HPhttp://opensource.hp.comProLiant & Linux http://www.hp.com/go/proliantlinux
FOSSology users: HP, ALU, Siemens, INRIA, OW2
![Page 20: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/20.jpg)
20
SPDX: Handling Heterogeneous Licenses
![Page 21: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/21.jpg)
21
![Page 22: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/22.jpg)
22
http://jwebmail.sourceforge.net/news.html
http://jwebmail.sourceforge.net/about.html
http://sourceforge.net/projects/jwebmail/
Inconsistent License
Information (1/2)
![Page 23: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/23.jpg)
23
Source http://www.winpenpack.com/en/page.php?5
Source http://sourceforge.net/projects/winpenpack/
Inconsistent License
Information (2/2)
![Page 24: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/24.jpg)
24
![Page 25: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/25.jpg)
25
SPDX: Standardization
SPDX™ - A standard format for communicating the components, licenses and copyrights associated with a software package.
![Page 26: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/26.jpg)
26
![Page 27: Community SUmmit: Legal & Licensing / Tools for developers to ensure legal integrity of their code / Freddy Munoz and Bruno Cornec](https://reader034.vdocuments.us/reader034/viewer/2022051817/549260a1ac795959288b4789/html5/thumbnails/27.jpg)
27
???