inno3 | innovation is openness

Dependency Management & Licence Compliance

OW2con'16 – 2016/09/21 @Mozilla France

inno3 | innovation is openness 2/13

Why?Why should I care about licence compliance ?

inno3 | innovation is openness 3/13

To respect the authors’ will

inno3 | innovation is openness 4/13

The risk management side can easily look frightening. It should not come first

inno3 | innovation is openness 5/13

[Ksummit-discuss] [CORE TOPIC] GPL defense issues

https://frama.link/GPL-defense-issues

https://lists.linuxfoundation.org/pipermail/ksummit-discuss/2016-August/003580.html

inno3 | innovation is openness 6/13

Focus has changed from detecting to managing

inno3 | innovation is openness 7/13

From snippets level to package/component level

inno3 | innovation is openness 8/13

There will always be outliers…

inno3 | innovation is openness 9/13

Package management : Licences + dependencies + recursion

inno3 | innovation is openness 10/13

Advantages : naturally integrated in devs environments, easy to build tools on top

inno3 | innovation is openness 11/13

Room for improvement : quality of Metadata

inno3 | innovation is openness 12/13

SPDX in a nutshell :- Standardised licence names and IDs. - Operators (AND, OR, +, WITH).

13

inno3 | innovation is openness 13

Pictures generously dedicated to the public domain by :

https://unsplash.com/@mindjournals / https://unsplash.com/@kalenemsley / https://unsplash.com/@dan_carl5on / https://unsplash.com/@pawelskor /https://unsplash.com/@samuelzeller / https://unsplash.com/@ilyapavlov /https://unsplash.com/@peppe / https://unsplash.com/@nolanissac / https://unsplash.com/@jtkyber1 /https://unsplash.com/@kappuru / https://unsplash.com/@garett3 / https://unsplash.com/@thepicpac