Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) •...
Transcript of Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) •...
![Page 1: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/1.jpg)
[ RMLL 2013, Bruxelles – Thursday 11th July 2013 ]
Legal analysis of source codePresenter : Dr Ir Robert Viseur
![Page 2: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/2.jpg)
2
General context
• Media coverage about violations of intellectual property in ICT industry.
• Intellectual property ? Mainly:• patents,• copyright,• industrial design rights,• trademarks.
• Examples: several trial between Apple, Samsung and Nokia about patents, copyright (look&feel) and industrial design rights violation.
![Page 3: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/3.jpg)
3
Free software context (1/2)
• Media coverage about free software licenses violation.• Case of gpl-violations.org.
• Goal: « The gpl-violations.org project tries to raise public awareness about past and present infringing use(r)s of GPL licensed software »
• Case of NeoNova et Israpunt trial in Netherlands.• Mixed development -> trial about the use of closed part
(GUI).• URL: http://www.techzine.nl/nieuws/26429/israpunt-beschuldigd-van-softwarediefstal.html.
![Page 4: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/4.jpg)
4
Free software context (2/2)
• Case of the election software in Belgium.
• Distribution without license but...
• One of the files in the source code available under the terms of the GNU GPL 2 license.
• URL: https://joinup.ec.europa.eu/news/be-government-publishes-source-code-election-software.
• Case of multiple violations in mobile applications store.
• Various violations: lack of notices/attribution files (AL), incompatibilities between licenses,...
• URL: http://techcrunch.com/2011/03/08/potential-open-source-license-violations-in-android-and-ios-apps/.
![Page 5: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/5.jpg)
5
Protection of computer softwares
• No specific law.• Covered by copyright.• Possibility to patent software.
• In particular cases in Europe (e.g. industrial process).
• Widely used in United States.
• Legal rights and duties explained in licenses (contracts).
• The licenses are build on copyright but can also refer to commercial brands and patents.
![Page 6: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/6.jpg)
6
Software licenses
• Three types of licenses: • Proprietary licenses.
• E.g. CLUF for Microsoft softwares.
• Hybrid licences (rare).• E.g. former SCSL for Sun Microsystems softwares.
• Free software licenses.• E.g. AL, BSD, GPL, LGPL,...• More or less 70 free software licenses.
![Page 7: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/7.jpg)
7
Free software licenses (1/2)
• Two families of free software licenses:• Permissive / academic licenses.• Copyleft / restrictive licenses (licenses with
reciprocity).
• Three types of licenses with reciprocity.• Weak reciprocity.
• File-based, or not.
• Strong reciprocity.• Network reciprocity.
![Page 8: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/8.jpg)
8
Free software licenses (2/2)
![Page 9: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/9.jpg)
9
Issues for companies (1/2)
• Problem of incompatibilities between free software licenses.
• Problem of incompatibily between free software licenses and agreements in marketplaces.
![Page 10: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/10.jpg)
10
Issues for companies (2/2)
• Problem of specific obligations in free sofware licenses (e.g. notices, automatic patent license agreement or patent reciprocity, etc.).
• Problem of commercial brands and patents.• Problem of developments mixing free and
proprietary source codes (e.g. partnerships).• (Problem of « wild » copy and paste behaviors).
![Page 11: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/11.jpg)
11
How to address those issues ?
• Introduce corporate governance rules.• See for example the « Open Source Review Board » at
Hewlett-Packard (Gobeille, 2008).
• Take account of license constraints in the modelling of the software (architecture).• See for example the « Software Architecture License
Tracability Analysis » tool based on ArchStudio4 or...
• « OSSLI » (Open Source Software Licensing) tool based on Eclipse and Papyrus (Alspaugh et al., 2009; Lokhman et al., 2012).
• Conduct a legal analysis of source code.• See for example FOSSology (www.fossology.org).
![Page 12: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/12.jpg)
12
Tools for legal analysis of source code
• Proprietary software: Black Duck Software.
• Available open source tools:
• The most famous: FOSSology (see http://www.fossology.org).
• The lightest: Ohcount (see http://www.ohloh.net/p/ohcount).
• Others: ASLA (see http://asla.sourceforge.net/), LIDESC (see http://www.mibsoftware.com/librock/lidesc/), etc.
• Some criteria of choice:
• availability,
• ease of installation,
• lightness,
• support of licenses (+ precision / recall),
• community,
• updates.
![Page 13: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/13.jpg)
13
Presentation of Ohcount, Find and Grep (1/2)
• Ohcount: • Formally: source code line counter.
• But...
![Page 14: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/14.jpg)
14
Presentation of Ohcount, Find and Grep (2/2)
• Ohcount: • Option « -l, --license » : display detected licensing
information contained in each source code file.• Available in Synaptic.
• Find: search for files in a directory hierarchy.• Grep, egrep, fgrep: print lines matching a pattern.
![Page 15: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/15.jpg)
15
What we used
• Ohcount for collecting licensing information.• Find and grep for detecting files related to
attributions, patents or commercial brands.• List of keywords and...• Matching with filenames or textual content.
• Output: report (in HTML format) processed by configurable PHP script.
![Page 16: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/16.jpg)
16
Example 1: simple library
• Detection of forgotten licensed files:
![Page 17: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/17.jpg)
17
Example 2: free software suite (1/4)
• Detection of attributions (by filename / by content):
![Page 18: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/18.jpg)
18
Example 2: free software suite (2/4)
• Detection of commercial brands (by filename / by content):
![Page 19: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/19.jpg)
19
Example 2: free software suite (3/4)
• Detection of patents (by filename / by content):
![Page 20: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/20.jpg)
20
Example 2: free software suite (4/4)
• Detection of licenses (information from Ohcount) :
?!
?!
![Page 21: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/21.jpg)
21
Limitations of the method
• Some crashes with Ohcount in big file trees. • Problem with the version of the license (Ohcount).
• Example: GPL v2, GPL v2+ or GPL v3.
• Pay attention to the files covered by several licenses.
• Pay attention to the list of supported licenses.• Don't be afraid by false positives...• No architectural view.• No recognition of open content (e.g. CC) or open
data licenses.
![Page 22: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/22.jpg)
22
Stay tuned
• Some planned improvement on the script.• Examples : recognition of CC licenses, better filtering of
find/grep outputs, deeper analyze of tables (licenses), etc.
• Fast evolution of tools.• Example : FOSSology 2.2.0 released in June 2013.
• Interest in integration with source code analysis softwares.• Example: plugin for FOSSology in the wish list of Sonar
(www.sonarqube.org).• URL: http://docs.codehaus.org/display/SONAR/Plugins+under+development.
![Page 23: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/23.jpg)
23
Thanks for your attention.
Any questions ?
![Page 24: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/24.jpg)
24
Useful additional readings...
• Alspaugh, T.A., Asuncion, H.U., & Scacchi W. (2009), « Intellectual property rights requirements for heterogeneously-licensed systems », 17th IEEE International Requirements Engineering Conference (RE’09), pp. 24–33, Augustus 31 - September 4, 2009.
• Gobeille, R. (2008), « The FOSSology project », MSR '08 Proceedings of the 2008 international working conference on Mining software repositories.
• Lokhman, A., Luoto, A., Abdul-Rahman, S., & Hammouda, I. (2012), « OSSLI: Architecture Level Management of Open Source Software Legality Concerns », Open Source Systems: Long-Term Sustainability, pp. 356-361, Springer Berlin Heidelberg.
• Tuunanen, T., Koskinen, J., & Kärkkäinen, T. (2006). « Retrieving open source software licenses », Open Source Systems, pp. 35-46, Springer US.
• Viseur, R. (2011), « La valorisation des logiciels libres en entreprise », Jeudis du Libre, Université de Mons, 15 septembre 2011.
• Viseur, R. (2012), « Gérer la propriété intellectuelle dans les projets à base de logiciels libres », 17ème conférence de l'Association Information et Management, Mai 2012.
![Page 25: Legal analysis of source code - RobertViseur.BePresentation of Ohcount, Find and Grep (2/2) • Ohcount: • Option « -l, --license » : display detected licensing information contained](https://reader030.fdocuments.net/reader030/viewer/2022040618/5f2425e700c9732e3f1b8f9d/html5/thumbnails/25.jpg)
25
Contact
Dr Ir Robert Viseur
Email (@CETIC) : [email protected] Email (@UMONS) : [email protected]
Phone : 0032 (0) 479 66 08 76 Website : www.robertviseur.be
This presentation is covered by « CC-BY-ND » license.