An insight into license tools for open source software systemsby Georgia M. Kapitsaki, Nikolaos D. Tselikas, Ioannis E. Foukarakis

Journal of Systems and Software

About

Year
2015
DOI
10.1016/j.jss.2014.12.050
Subject
Hardware and Architecture / Information Systems / Software

Similar

Text

Accepted Manuscript

An insight into license tools for open source software systems

Georgia M. Kapitsaki , Nikolaos D. Tselikas ,

Ioannis E. Foukarakis

PII: S0164-1212(14)00294-5

DOI: 10.1016/j.jss.2014.12.050

Reference: JSS 9446

To appear in: The Journal of Systems & Software

Received date: 11 December 2013

Revised date: 21 November 2014

Accepted date: 28 December 2014

Please cite this article as: Georgia M. Kapitsaki , Nikolaos D. Tselikas , Ioannis E. Foukarakis , An insight into license tools for open source software systems, The Journal of Systems & Software (2014), doi: 10.1016/j.jss.2014.12.050

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

ACCEPTED MANUSCRIPT

AC

CE

PT

ED

M

AN

US

CR

IP

T 1

Highlights  We provide a licensing comparative overview of existing assistive approaches/tools  License identification tools present a more mature current state  License compliance requires the collaboration of various techniques  License graphs are useful in detecting license conflicts

ACCEPTED MANUSCRIPT

AC

CE

PT

ED

M

AN

US

CR

IP

T 2

An insight into license tools for open source software systems

Georgia M. Kapitsaki 1 , Nikolaos D. Tselikas 2 and Ioannis E. Foukarakis 2 1

Department of Computer Science, University of Cyprus, 75 Kallipoleos Street, P.O. Box 20537,

CY-1678, Nicosia, Cyprus. Tel. + 357 2289 2692 / Fax + 357 2289 2701. email: gkapi@cs.ucy.ac.cy 2

Communication Networks and Applications Laboratory, Department of Informatics and

Telecommunications, University of Peloponnese, End of Karaiskaki Street, 22 100, Tripolis,

Greece. Tel. +30 2710 372216 / Fax +30 2710 372160 email: {ntsel, ifouk}@uop.gr

Abstract:

Free/Libre/Open Source Software (FLOSS) has gained a lot of attention lately allowing organizations to incorporate third party source code into their implementations. When open source software libraries are used, software resources may be linked directly or indirectly with multiple open source licenses giving rise to potential license incompatibilities. Adequate support in license use is vital in order to avoid such violations and address how diverse licenses should be handled. In the current work we investigate software licensing giving a critical and comparative overview of existing assistive approaches and tools. These approaches are centered on three main categories: license information identification from source code and binaries, software metadata stored in code repositories, and license modeling and associated reasoning actions. We also give a formalization of the license compatibility problem and demonstrate the role of existing approaches in license use decisions.

Keywords:

Free/Libre/Open Source Software; License identification; License compatibility; License violations. 1. Introduction

Free/Libre/Open Source Software (FLOSS) or free and open-source software (FOSS) (Androutsellis-Theotokis et al., 2011) has assisted in the spread of emerging technologies, allowing users to utilize freely publicly available software and developers to incorporate third party source code into their implementations. Individual and already tested libraries are often used as building blocks for larger software systems, offering reusable functionality and providing the means for faster time-to-release. Various open source communities consisting of active developers and bug fixers for specific projects can be encountered ranging from small to very large groups depending on the popularity of the software system. The terms under which the software has become available and is provided for use are depicted in the corresponding licenses (Lawrence, 2004). Licensing is a legal issue, since software is highly linked with intellectual

ACCEPTED MANUSCRIPT

AC

CE

PT

ED

M

AN

US

CR

IP

T 3 property. In general, licenses “provide access rules that allow other people to go through the legal firewall and use the intellectual property” (Lindberg, 2008). In open source software, licenses express how the software can be used further by the potential users differentiating between user rights and obligations. The strong importance of license use is also reflected in the research community that has shown a rising interest in open source software licensing in the last years (Alspaugh et al., 2009; Hemel et al., 2011; Sojer and Henkel, 2011).

As the number of components in software systems increases, so does the complexity of deciding which license(s) can be applied on the final system, or of checking if there are any incompatibilities among the terms defined in the licenses adopted in the different software components. Especially during the development phase, it is usual that software engineers include additional – and often redundant – dependencies in their code light-hearted, without checking possible licensing violations (Sojer and Henkel, 2011). In an enterprise world, where commercial software is often distributed against high prices, such an issue cannot be treated light-hearted (Douglas, 2011). Lots of different licenses have appeared containing various bounds and conditions on the software use: GNU General Public License (GPL), Apache License, MIT license, to name a few. Things are getting even more complex because each license may have multiple versions and each version is independent from a legal point of view, and if we consider other kind of licenses that are critical to understanding collaborations in FLOSS projects, i.e., individual Contributor License Agreements (CLAs). Without copyright assignments or CLAs, changing a software license requires the consent of every contributor to that system (Jensen and