Open Source License Violation Check for SPDX Files

  • Georgia M. Kapitsaki
  • Frederik Kramer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8919)

Abstract

The Open Source Software development model has gained a lot of momentum in the latest years providing organizations and software engineers with a variety of software, components and libraries that can be exploited in the construction of larger application systems. Open Source Software is accompanied by licenses that state the conditions under which the intellectual property can be used. Since not all licenses are governed by the same conditions of use, the correct combination of licenses is vital, when different libraries are exploited in newly developed application systems. If this is not adequately handled, license violations might be a consequence of incompatibilities. In this paper we present our work on license violation checking in the framework of Software Package Data Exchange (SPDX). Starting from the modelling of license compatibilities our approach examines potential violations in software package information formatted using the SPDX specification. At the same time alternative solutions in the form of applicable licenses for the software package are proposed. This approach can be a valuable asset for Open Source practitioners in the license decision process assisting in detecting possible violations and in making suggestions on license use.

Keywords

Free Open Source Software Licensing License compatibility Software Package Data Exchange 

References

  1. 1.
    Aksulu, A., Wade, M.: A comprehensive review and synthesis of open source research. Journal of the Association for Information Systems 11(11) (2010)Google Scholar
  2. 2.
    Alspaugh, T.A., Scacchi, W., Asuncion, H.U.: Software licenses in context: The challenge of heterogeneously-licensed systems. Journal of the Association for Information Systems 11(11) (2010)Google Scholar
  3. 3.
    Boyle, J.: The public domain: Enclosing the commons of the mind. Yale University Press (2009)Google Scholar
  4. 4.
    Colazo, J., Fang, Y.: Impact of license choice on open source software development activity. Journal of the American Society for Information Science and Technology 60(5), 997–1011 (2009)CrossRefGoogle Scholar
  5. 5.
    Feller, J., Fitzgerald, B., et al.: Understanding open source software development. Addison-Wesley, London (2002)Google Scholar
  6. 6.
    German, D.M., Di Penta, M., Davies, J.: Understanding and auditing the licensing of open source software distributions. In: 2010 IEEE 18th International Conference on Program Comprehension (ICPC), pp. 84–93. IEEE (2010)Google Scholar
  7. 7.
    German, D.M., Manabe, Y., Inoue, K.: A sentence-matching method for automatic license identification of source code files. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, pp. 437–446. ACM (2010)Google Scholar
  8. 8.
    Gobeille, R.: The fossology project. In: Proceedings of the 2008 International Working Conference on Mining Software Repositories, pp. 47–50. ACM (2008)Google Scholar
  9. 9.
    Lerner, J., Tirole, J.: The scope of open source licensing. Journal of Law, Economics, and Organization 21(1), 20–56 (2005)CrossRefGoogle Scholar
  10. 10.
    Linux Foundation and its Contributors: A Common Software Package Data Exchange Format, version 1.2 (2013), http://spdx.org/sites/spdx/files/spdx-1
  11. 11.
    Madanmohan, T., et al.: Notice of violation of IEEE publication principles open source reuse in commercial firms. IEEE Software 21(6), 62–69 (2004)CrossRefGoogle Scholar
  12. 12.
    Mancinelli, F., Boender, J., Di Cosmo, R., Vouillon, J., Durak, B., Leroy, X., Treinen, R.: Managing the complexity of large free and open source package-based software distributions. In: 21st IEEE/ACM International Conference on Automated Software Engineering, ASE 2006, pp. 199–208. IEEE (2006)Google Scholar
  13. 13.
    Rosen, L.: Open source licensing: Software Freedom and Intellectual Property Law. Prentice Hall PTR (2004)Google Scholar
  14. 14.
    Tuunanen, T., Koskinen, J., Kärkkäinen, T.: Automated software license analysis. Automated Software Engineering 16(3-4), 455–490 (2009)CrossRefGoogle Scholar
  15. 15.
    Wang, H., He, H., Yang, J., Yu, P.S., Yu, J.X.: Dual labeling: Answering graph reachability queries in constant time. In: Proceedings of the 22nd International Conference on Data Engineering, ICDE 2006, pp. 75–75. IEEE (2006)Google Scholar
  16. 16.
    Wheeler, D.A.: The free-libre/open source software (floss) license slide (2007), http://www.dwheeler.com/essays/floss-license-slide.pdf
  17. 17.
    Xu, H., Yang, H., Wan, D., Wan, J.: The design and implement of open source license tracking system. In: 2010 International Conference on Computational Intelligence and Software Engineering (CiSE), pp. 1–4. IEEE (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Georgia M. Kapitsaki
    • 1
  • Frederik Kramer
    • 2
  1. 1.Department of Computer ScienceUniversity of CyprusNicosiaCyprus
  2. 2.Otto von Guericke UniversityMagdeburgGermany

Personalised recommendations