dependency management and licence compliance, ow2con'16, paris
TRANSCRIPT
inno3 | innovation is openness
Dependency Management & Licence Compliance
OW2con'16 – 2016/09/21 @Mozilla France
inno3 | innovation is openness 2/13
Why?Why should I care about licence compliance ?
inno3 | innovation is openness 3/13
To respect the authors’ will
inno3 | innovation is openness 4/13
The risk management side can easily look frightening. It should not come first
inno3 | innovation is openness 5/13
[Ksummit-discuss] [CORE TOPIC] GPL defense issues
https://frama.link/GPL-defense-issues
https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003580.html
inno3 | innovation is openness 6/13
Focus has changed from detecting to managing
inno3 | innovation is openness 7/13
From snippets level to package/component level
inno3 | innovation is openness 8/13
There will always be outliers…
inno3 | innovation is openness 9/13
Package management : Licences + dependencies + recursion
inno3 | innovation is openness 10/13
Advantages : naturally integrated in devs environments, easy to build tools on top
inno3 | innovation is openness 11/13
Room for improvement : quality of Metadata
inno3 | innovation is openness 12/13
SPDX in a nutshell :- Standardised licence names and IDs. - Operators (AND, OR, +, WITH).
13
inno3 | innovation is openness 13
Pictures generously dedicated to the public domain by :
https://unsplash.com/@mindjournals / https://unsplash.com/@kalenemsley / https://unsplash.com/@dan_carl5on / https://unsplash.com/@pawelskor /https://unsplash.com/@samuelzeller / https://unsplash.com/@ilyapavlov /https://unsplash.com/@peppe / https://unsplash.com/@nolanissac / https://unsplash.com/@jtkyber1 /https://unsplash.com/@kappuru / https://unsplash.com/@garett3 / https://unsplash.com/@thepicpac