EOLE / OWF 12 - License compatibility analysis and components based systems in public research -...
-
Upload
open-world-forum -
Category
Documents
-
view
401 -
download
1
description
Transcript of EOLE / OWF 12 - License compatibility analysis and components based systems in public research -...
License compatibility analysis and component based systems in public research: presentation of a practical approach
EOLE Conference – 12/10/2012
Magali Fitzgibbon – Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
CONTEXT
A (very) short presentation of Inria…
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Inria : French National Institute for Research in Computer Science and Automatic Control
8 research centers in France + head office
(corporate level and local TTOs)
Missions include:
=> fundamental and applicative research
=> dissemination of scientific knowledge
=> contributing to standardization
=> providing prototypes (technology transfer)
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Software prototypes @Inria
- Important number of software distributed under a FLOSS license
- Technology transfer includes operations based on open source software (in
particular by spin-off creation)
- Reuse of open source preexisting components is a usual developing practice at
Inria.
=> This leads de facto to license compatibility issues…
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
exploitation Licensing out
Licensing in Policy
Software development process (seen from the legal / TTO point of view)
STRATEGY (legal compatibility)
Legal status of components Component’s licence Usually well defined
Legal status of software (Not so easy to defined)
Licensing in
L1
Code reuse (pre-existing components)
Component based systems
Software : set of components (with new “ex-nihilo”components)
Licensing out choice
Such an exercise can turn out to be difficult…
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
License compatibility – the difficulties encountered by lawyers and TT managers: • To be familiar and deal with an important number and diversity of FLOSS licenses
(jungle)
• Vocabulary used in FLOSS licenses is not standardized
But not only…
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Reality is more than a theoretical comparison of several licenses – context/object of analysis are crucial
• Great diversity of software and software architecture (how can architecture be useful for the analysis?)
• Inria’s software can be made of an important number of preexisting components,
usually under a FLOSS license …
• … and can be developed on long period of times (10-15 years) by numerous contributors
(How do you actually identify the licenses to be analyzed?) • Licensing out strategies may change during software’s life cycle (What incidence on license compatibility issues?)
Given these elements, what could be a good approach for license compatibility issues in component based systems?
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
I. License compatibility analysis and software’s architecture/detailed description
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
The 3 good reasons to ask for software’s detailed description
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Identify the scope of the analysis… and be sure that everyone actually talks of the same thing!
Easier in case of software with a “modular licensing strategy”
Makes dialogue easier with researchers/developers
Using software’s architecture – the example of DIET software (monitoring High Performance Computing Infrastructures)
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Source: Qualipso – Report on the proposed IPR tracking methodology – 16/12/2009 – www.qualipso.org
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
II. How can I identify licenses to be analyzed in a (large) component based system?
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Software’s contributors point of view and memory is essential (Inria assume people are of good faith)… … but it is nevertheless often incomplete! ⇒ Components’ origin and license issues are not always a priority at the beginning of a
project (POC) ⇒ Keeping a good track of what happened in a 5, 10 or 20 year development period is
difficult in public research (people come and go)
Asking the development/research team:
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
A different (and complementary) source of information is usually needed…
Example of a representation of authors’ appearance/disappearance and evolution of % contribution to source code
Source/copyright owner: Antelink - CC BY-NC-ND 2.0
Looking « by hand » in all header files to check for licenses
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Costs of analysis quickly turn to be high… Example: a software of 100 000 files = you can keep a lawyer busy a few weeks… … which means that ROI is not always satisfactory.
Using tools: the « industrial way »
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Code mining tools, license checkers… They allow to gain time… … and can therefore reduce costs of analysis! Components’ license information in header files can now be as « opened » as open
source software!
The experienced turned out be positive as far as Inria is concerned
However… Never forget that information still needs to be qualified!
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
• Identifying licenses is only a start… • Comparing a list of licenses, obtained with a tool, with your licensing-out
strategy is not sufficient for analysis to be efficient/complete! • Tools help/provide assistance but do not fulfill the analysis
Examples
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
1. An important number of files identified in one of Inria’s software with an Eclipse public license But… … after qualifying this information, the « EPL files » turned out to be source code generated by Inria’s developers with Eclipse’s framework 2. Incompatible License identified in one of Inria’s software But… It turned ou that headers were not up-to-date concerning license information
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Qualifying information requires discussion between lawyers, TT managers
and researchers/developers
III. Licensing-out strategy’s evolution during life cycle : what is the incidence?
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
What changing of licensing-out strategy means
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
• The previous licensing-in policy (if any!) may not be pertinent anymore… • … which means that software’s exogenous components’ licenses may not be
compliant with the new licensing-out strategy… • What if the previous software’s license is compatible with the new one? => Beware! Does not mean that components’ licenses are compliant!
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
A software initially distributed under a GNU LGPL v2.1 license
A licensing-in policy was defined
Research team’s intentions change in favour of a dual licensing scheme : GNU
GPL v2 and proprietary license
Example
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Example of licenses found during the analysis (for exogenous components)
Compliance with previous GNU LGPL strategy
Apache v.1 YES
Apache v.2 YES
Eclipse public license YES
BSD (new) YES
What the analysis revealed about the past…
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
What the analysis revealed about the present/future…
Example of licenses found during the analysis (for exogenous components
Compliance with GNU GPL v2
Apache v.1 NO
Apache v.2 NO
Eclipse public license NO
BSD (new) YES
Hopefully, solutions could be found…
But shows that costs to make software legally compliant, when strategy changes, can actually become an issue
The 2nd part of the « story »: the legal issue did not turned out to be the only one…
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
Was the dual scheme really pertinent/appropriate? People are willing to pay for a proprietary license if they wish to redistribute themselves under a proprietary license (and avoid GNU GPL’s constraints) But, if a similar version is available somewhere under the GNU LGPL… GNU GPL version of software needs to be sufficiently different from the previous
GNU LGPL version!
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
What comparison of source code revealed
Source/copyright owner: Antelink - CC BY-NC-ND 2.0
Conclusion
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
License compatibility analysis for components based systems in public research is always : the encounter between particular software, a development and an exploitation
strategies
Team work between lawyers, TT managers and researchers/developpers And therefore a smart use and combination of people’s competence/experience
and tools
Which means that lawyers do not only need to rely on their « legal » expertise: basic knowledge and curiosity of what are software and software development, is
helpful
www.inria.fr Report on the proposed IPR Tracking methodology (L. Grateau, M. Fitzgibbon, G. Rousseau) http://www.inria.fr/content/download/6143/55776/version/2/file/Methodologie-d-analyse-IPR.pdf Qualipso EU funded project www.qualipso.org Guide d’approche et d’analyse des licences de logiciels libres (S. Steer, M. Fitzgibbon) http://www.inria.fr/content/download/5892/48431/version/2/file/INRIA_guide_analyse_licences_libres_vf.pdf Recueil de fiches explicatives de licences libres (S. Steer, M. Fitzgibbon) http://www.inria.fr/content/download/5892/48431/version/2/file/INRIA_guide_analyse_licences_libres_vf.pdf
Magali Fitzgibbon [email protected] http://www.linkedin.com/pub/magali-fitzgibbon/3a/390/76a
Thank you!