Investigating whether and how software developers understand open source software licensing

Abstract

Software provided under open source licenses is widely used, from forming high-profile stand-alone applications (e.g., Mozilla Firefox) to being embedded in commercial offerings (e.g., network routers). Despite the high frequency of use of open source licenses, there has been little work about whether software developers understand the open source licenses that they use. To help understand whether or not developers understand the open source licenses they use, we conducted a survey that posed development scenarios involving three popular open source licenses (GNU GPL 3.0, GNU LGPL 3.0 and MPL 2.0) both alone and in combination. The 375 respondents to the survey, who were largely developers, gave answers consistent with those of a legal expert’s opinion in 62% of 42 cases. Although developers clearly understood cases involving one license, they struggled when multiple licenses were involved. To understand the context in which licensing issues arise in practice, we analyzed real-world questions posed by developers about the three licenses considered in the survey on online question-and-answer communities. We also interviewed practicing developers about license interaction problems they have faced. Among several lessons, we learnt that licensing issues can constrain software evolution and that developers are cautious of more restrictive licenses. Our results indicate a need for tool support to help guide developers in understanding the structure of the code and the technical details of a project while taking into account the exact requirements imposed by the licenses involved.

This is a preview of subscription content, log in to check access.

Notes

  1. 1.

    https://opensource.org/licenses/GPL-3.0

  2. 2.

    https://opensource.org/licenses/LGPL-3.0

  3. 3.

    https://opensource.org/licenses/MPL-2.0

  4. 4.

    https://goo.gl/v2JGol

  5. 5.

    https://www.cs.ubc.ca/labs/spl/projects/softwarelicensing/resources/UBC_SPL_software_licensing_survey_data.zip

  6. 6.

    https://opensource.stackexchange.com/

  7. 7.

    https://www.cs.ubc.ca/labs/spl/projects/softwarelicensing/licensing-context.html

  8. 8.

    https://stackoverflow.com/company

  9. 9.

    https://choosealicense.com/

  10. 10.

    https://tldrlegal.com/

References

  1. Alspaugh TA, Scacchi W, Asuncion HU (2010) Software licenses in context: the challenge of heterogeneously-licensed systems. J Assoc Inf Syst 11(11):730

    Google Scholar 

  2. Aslett M (2011) On the continuing decline of the gpl. http://blogs.the451group.com/opensource/2011/12/15/on-the-continuing-decline-of-the-gpl/

  3. Corbin J, Strauss A (1990) Grounded theory research: procedures, canons and evaluation criteria. Qual Sociol 13:3–21

    Article  Google Scholar 

  4. Di Penta M, German DM, Guéhéneuc YG, Antoniol G (2010) An exploratory study of the evolution of software licensing. In: Proceedings of the 32nd ACM/IEEE international conference on software engineering, ICSE ’10, vol 1. ACM, pp 145–154

  5. Gamalielsson J, Lundell B (2017) On licensing and other conditions for contributing to widely used open source projects: an exploratory analysis. In: Proceedings of the 13th international symposium on open collaboration, opensym ’17, pp 9:1–9:14

  6. German DM, Hassan AE (2009) License integration patterns: addressing license mismatches in component-based development. In: Proceedings of the 31st international conference on software engineering, IEEE Computer Society, ICSE ’09, pp 188–198

  7. German DM, Di Penta M, Davies J (2010a) Understanding and auditing the licensing of open source software distributions. In: Proceedings of the 2010 IEEE 18th international conference on program comprehension, IEEE Computer Society, ICPC ’10, pp 84–93

  8. German DM, Manabe Y, Inoue K (2010b) A sentence-matching method for automatic license identification of source code files. In: Proceedings of the IEEE/ACM international conference on automated software engineering, ASE ’10. ACM, pp 437–446

  9. Hemel A, Kalleberg KT, Vermaas R, Dolstra E (2011) Finding software license violations through binary code clone detection. In: Proceedings of the 8th working conference on mining software repositories, MSR ’11. ACM, pp 63–72

  10. Hofmann G, Riehle D, Kolassa C, Mauerer W (2013) A dual model of open source license growth. In: IFIP International conference on open source systems. Springer, pp 245–256

  11. Kim M, Bergman LD, Lau TA, Notkin D (2004) An ethnographic study of copy and paste programming practices in OOPL. In: 2004 International symposium on empirical software engineering (ISESE 2004), 19–20 August 2004, Redondo Beach, CA, USA, pp 83–92

  12. Robillard MP, Deline R (2011) A field study of api learning obstacles. Empir Softw Eng 16(6):703–732

    Article  Google Scholar 

  13. Rosson MB, Carroll JM (1996) The reuse of uses in smalltalk programming. ACM Trans Comput-Hum Interact 3(3):219–253

    Article  Google Scholar 

  14. Sen R, Subramaniam C, Nelson M (2008) Determinants of the choice of open source software license. J Manage Inf Syst 25(3):207–240

    Article  Google Scholar 

  15. Sonatype (2015) 2015 State of the software supply chain report: hidden speed bumps on the road to “continuous”. https://www.sonatype.com/state-of-the-software-supply-chain. Access Jan 30 2017

  16. Stewart KJ, Ammeter AP, Maruping LM (2006) Impacts of license choice and organizational sponsorship on user interest and development activity in open source software projects. Info Sys Research 17(2):126–144

    Article  Google Scholar 

  17. Vendome C (2015) A large scale study of license usage on github. In: Proceedings of the 37th international conference on software engineering, ICSE ’15, vol 2. IEEE Press, pp 772–774

  18. Vendome C, Poshyvanyk D (2016) Assisting developers with license compliance. In: Proceedings of the 38th international conference on software engineering companion, ICSE ’16. ACM, pp 811–814

  19. Vendome C, Linares-Vásquez M, Bavota G, Di Penta M, German D, Poshyvanyk D (2015a) License usage and changes: a large-scale study of java projects on github. In: Proceedings of the 2015 IEEE 23rd international conference on program comprehension, ICPC ’15. IEEE Press, pp 218–228

  20. Vendome C, Linares-Vasquez M, Bavota G, Di Penta M, German DM, Poshyvanyk D (2015b) When and why developers adopt and change software licenses. In: Proceedings of the 2015 IEEE international conference on software maintenance and evolution (ICSME), IEEE Computer Society, ICSME ’15, pp 31–40

  21. Vendome C, Bavota G, Penta MD, Linares-Vásquez M, German D, Poshyvanyk D (2017a) License usage and changes: a large-scale study on github. Empir Softw Eng 22(3):1537–1577

    Article  Google Scholar 

  22. Vendome C, Linares-Vásquez M, Bavota G, Di Penta M, German D, Poshyvanyk D (2017b) Machine learning-based detection of open source license exceptions. In: Proceedings of the 39th international conference on software engineering, ICSE ’17. IEEE Press, pp 118–129

  23. Wu Y, Manabe Y, Kanda T, German DM, Inoue K (2017) Analysis of license inconsistency in large collections of open source projects. Empir Softw Eng 22(3):1194–1222

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Daniel A. Almeida.

Additional information

Communicated by: David Lo and Alexander Serebrenik

Appendix A: Interview Script

Appendix A: Interview Script

  1. 1.

    What is your current role in your organization?

  2. 2.

    What are your main responsibilities?

  3. 3.

    How are you involved with the software products produced at your organization?

    1. (a)

      Do you write code? Select open source components? Test?

  4. 4.

    How are licensing decisions made at your organization?

    1. (a)

      How are developers involved? Could you give a few examples of decisions you have been involved in?

  5. 5.

    Have you ever encountered license incompatibility issues?

  6. 6.

    Could you describe a particular scenario in which license incompatibilities occurred?

    1. (a)

      What were the licenses? What was the structure of the code carrying the licenses?

    2. (b)

      How did the code with different licenses interact?

    3. (c)

      What was your role in identifying or resolving the challenge?

  7. 7.

    How often has a situation like this occurred?

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Almeida, D.A., Murphy, G.C., Wilson, G. et al. Investigating whether and how software developers understand open source software licensing. Empir Software Eng 24, 211–239 (2019). https://doi.org/10.1007/s10664-018-9614-9

Download citation

Keywords

  • Open source
  • Software licenses
  • Empirical studies