research-article

Automating the license compatibility process in open source software with SPDX

Authors:

Georgia M. Kapitsaki,

Frederik Kramer,

Nikolaos D. TselikasAuthors Info & Claims

Journal of Systems and Software, Volume 131, Issue C

Pages 386 - 401

https://doi.org/10.1016/j.jss.2016.06.064

Published: 01 September 2017 Publication History

Abstract

We automate the process of license compatibility compliance.We consider the emerging Software Package Data Exchange (SPDX) specification.License detection is an important step in the license compatibility process.We use a testing set with open source projects including three popular software products as case studies. Free and Open Source Software (FOSS) promotes software reuse and distribution at different levels for both creator and users, but at the same time imposes some challenges in terms of FOSS licenses that can be selected and combined. The main problem linked to this selection is the presence of a large set of licenses that define different rights and obligations in software use. The problem becomes more evident in cases of complex combinations of software that carries different often conflicting licenses. In this paper we are presenting our work on automating license compatibility by proposing a process that examines the structure of Software Package Data Exchange (SPDX) for license compatibility issues assisting in their correct use and combination. We are offering the possibility to detect license violations in existing software projects and make suggestions on appropriate combinations of different software packages. We are also elaborating on the complexity and ambiguity of licensing detection in software products through representative case studies. Our work constitutes a useful process towards automating the analysis of software systems in terms of license use and compatibilities.

References

[1]

T.A. Alspaugh, W. Scacchi, H.U. Asuncion, Software licenses in context: The challenge of heterogeneously-licensed systems, J. Assoc. Inf. Syst., 1 (2010) 730-755.

[2]

S. Androutsellis-Theotokis, D. Spinellis, M. Kechagia, G. Gousios, Open source software: a survey from 10,000 feet, Found. Trends Technol. Inf. OM., 4 (2011) 187-347.

[3]

Ausiello, G., Franciosa, P.G., Italiano, G.F., & Ribichini, A. 2015. Incremental DFS trees on arbitrary directed graphs. arXiv preprint arXiv: 1502.07206.

[4]

J. Boyle, The Public Domain: Enclosing the Commons of the Mind, Yale University Press, 2009.

[5]

F. Chang, J. Dean, S. Ghemawat, W.C. Hsieh, D.A. Wallach, M. Burrows, T. Chandra, A. Fikes, R.E. Gruber, Bigtable: A distributed storage system for structured data, ACM Trans. Comput. Syst. (TOCS), 26 (2006) 4.

Digital Library

[6]

J. Dean, S. Ghemawat, MapReduce: simplified data processing on large clusters, Commun. ACM, 51 (2008) 107-113.

Digital Library

[7]

M. Di Penta, D.M. German, Y.-G. Guhneuc, G. Antoniol, An exploratory study of the evolution of software licensing, in: Proceedings of 32nd ACM/IEEE International Conference on Software Engineering, ACM, 2010, pp. 145-154.

Digital Library

[8]

R.W. Floyd, Algorithm 97: shortest path, Commun. ACM, 5 (1962) 345.

Digital Library

[9]

I.E. Foukarakis, G.M. Kapitsaki, N.D. Tselikas, Choosing licenses in free open source software, in: Proceedings of 24th International Conference on Software Engineering and Knowledge Engineering (SEKE 2012), 2012, pp. 200-204.

[10]

G.R. Gangadharan, V. D'andrea, S. De Paoli, M. Weiss, Managing license compliance in free and open source software development, Inf. Syst. Frontiers, 14 (2012) 143-154.

Digital Library

[11]

D.M. German, Y. Manabe, K. Inoue, A sentence-matching method for automatic license identification of source code files, in: Proceedings of IEEE/ACM International Conference on Automated Software Engineering, ACM Press, 2010, pp. 437-446.

Digital Library

[12]

D.M. German, M. Di Penta, A method for open source license compliance of java applications, IEEE Soft., 29 (2012) 58-63.

Digital Library

[13]

R. Gobeille, The FOSSology project, in: Proceedings of 2008 International Working Conference On Mining Software Repositories, ACM Press, 2008, pp. 47-50.

Digital Library

[14]

T.F. Gordon, Report on a prototype decision support system for OSS license compatibility issues, Qualipso (IST- FP6-IP-034763), Deliverable A1.D2., 1 (2010) 3.

[15]

T.F. Gordon, Analyzing open source license compatibility issues with Carneades, in: Proceedings of the 13th International Conference on Artificial Intelligence and Law (ICAIL '11), ACM, 2011, pp. 51-55.

Digital Library

[16]

G. Governatori, H.P. Lam, A. Rotolo, S. Villata, G. Atemezing, F. Gandon, Checking licenses compatibility between vocabularies and data, in: Proceedings of the 5th International Workshop on Consuming Linked Data (COLD 2014), 2014.

Digital Library

[17]

G.M. Kapitsaki, F. Kramer, Open source license violation check for SPDX files, Springer International Publishing, 2015.

[18]

G.M. Kapitsaki, N.D. Tselikas, I.E. Foukarakis, An insight into license tools for open source software systems, J. Syst. Softw., 102 (2015) 72-87.

Digital Library

[19]

A.M.S. Laurent, Understanding Open Source And Free Software Licensing, O'Reilly Media, Inc, 2004.

Digital Library

[20]

C.Y. Lee, An algorithm for path connections and its applications, IRE Trans. Electron. Comput., 3 (1961) 346-365.

[21]

V. Lindberg, Intellectual Property and Open Source a Practical Guide to Protecting Code, O'Reilly Media, 2008.

Digital Library

[22]

Linux Foundation and its Contributors, 2015. A common software package data exchange format, version 2.0. https://spdx.org/sites/spdx/files/SPDX-2.0.pdf {Last accessed: June 13th, 2015}

[23]

A. Lokhman, A. Luoto, S. Abdul-Rahman, I. Hammouda, OSSLI: Architecture level management of open source software legality concerns, Open Source Syst. (2012) 356-361.

[24]

F. Mancinelli, J. Boender, R. Di Cosmo, J. Vouillon, B. Durak, X. Leroy, R. Treinen, Managing the complexity of large free and open source package based software distributions, in: Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006), IEEE, 2006, pp. 199-208.

Digital Library

[25]

L. Rosen, Open Source Licensing: Software Freedom and Intellectual Property Law, Prentice Hall PTR, 2004.

Digital Library

[26]

M. Sojer, J. Henkel, Code reuse in open source software development: Quantitative evidence, drivers, and impediments, J. Assoc. Inf. Syst., 11.12 (2010) 868-901.

[27]

T. Tuunamen, J. Koskinen, T. Karkkaiken, Automated software license analysis, Autom. Soft. Eng., 16 (2009) 455-490.

Digital Library

[28]

Wheeler, D.A., 2007. The free-libre / open source software (FLOSS) license slide, http://www.dwheeler.com/essays/floss-license-slide.pdf {Last accessed: June 13th, 2015}

[29]

H. Xu, H. Yang, D. Wan, J. Wan, The design and implement of open source license tracking system, in: Proceedings of the International Conference on Computational Intelligence and Software Engineering, 2010, pp. 1-4.

Cited By

Huang KXia YChen BHe SZeng HZhou ZGuo JPeng XChristakis MPradel M(2024)Your “Notice” Is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during ForkingProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680339(1022-1034)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680339
Pepe FNardone VMastropaolo ABavota GCanfora GDi Penta MBaysal OLinares-Vasquez MMoran KSteinmacher I(2024)How do Hugging Face Models Document Datasets, Bias, and Licenses? An Empirical StudyProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644412(370-381)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643916.3644412
Wintersgill NStalnaker THeymann LChaparro OPoshyvanyk D(2024)“The Law Doesn’t Work Like a Computer”: Exploring Software Licensing Issues Faced by Legal PractitionersProceedings of the ACM on Software Engineering10.1145/36437661:FSE(882-905)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643766
Show More Cited By

Recommendations

Towards open source software licenses compatibility check
PCI '22: Proceedings of the 26th Pan-Hellenic Conference on Informatics

The use of free and open source software is increasing and there is currently a tendency towards more openness in the provision of open source software. However, libraries that are used in conjunction with the software may affect the final license ...
LiDetector: License Incompatibility Detection for Open Source Software
Open-source software (OSS) licenses dictate the conditions, which should be followed to reuse, distribute, and modify software. Apart from widely-used licenses such as the MIT License, developers are also allowed to customize their own licenses (called ...
Validate your SPDX files for open source license violations
FSE 2016: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering

Licensing decisions for new Open Source Software are not always straightforward. However, the license that accompanies the software is important as it largely affects its subsequent distribution and reuse. License information for software products is ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Journal of Systems and Software

Journal of Systems and Software Volume 131, Issue C

September 2017

569 pages

ISSN:0164-1212

Issue’s Table of Contents

Copyright © Elsevier Inc.

Publisher

Elsevier Science Inc.

United States

Publication History

Published: 01 September 2017

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 27 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Huang KXia YChen BHe SZeng HZhou ZGuo JPeng XChristakis MPradel M(2024)Your “Notice” Is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during ForkingProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680339(1022-1034)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680339
Pepe FNardone VMastropaolo ABavota GCanfora GDi Penta MBaysal OLinares-Vasquez MMoran KSteinmacher I(2024)How do Hugging Face Models Document Datasets, Bias, and Licenses? An Empirical StudyProceedings of the 32nd IEEE/ACM International Conference on Program Comprehension10.1145/3643916.3644412(370-381)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643916.3644412
Wintersgill NStalnaker THeymann LChaparro OPoshyvanyk D(2024)“The Law Doesn’t Work Like a Computer”: Exploring Software Licensing Issues Faced by Legal PractitionersProceedings of the ACM on Software Engineering10.1145/36437661:FSE(882-905)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643766
Wintersgill NRoychoudhury APaiva AAbreu RStorey M(2024)Studying and Improving Software License Compliance in PracticeProceedings of the 2024 IEEE/ACM 46th International Conference on Software Engineering: Companion Proceedings10.1145/3639478.3639785(225-227)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639478.3639785
Duan MLi QHe BChua TNgo CKa-Wei Lee RKumar RLauw H(2024)ModelGo: A Practical Tool for Machine Learning License AnalysisProceedings of the ACM Web Conference 202410.1145/3589334.3645520(1158-1169)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645520
Antelmi ATorquati MCorridori GGregori DPolzella FSpinatelli GAldinucci M(2024)Analyzing FOSS license usage in publicly available software at scale via the SWH-analytics frameworkThe Journal of Supercomputing10.1007/s11227-024-06069-x80:11(15799-15833)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/s11227-024-06069-x
Win HWang HTan SChandra SBlincoe KTonella P(2023)Towards Automated Detection of Unethical Behavior in Open-Source Software ProjectsProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616314(644-656)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616314
Cui XWu JWu YWang XLuo TQu SLing XYang MLiu AMuccini H(2023)An Empirical Study of License Conflict in Free and Open Source SoftwareProceedings of the 45th International Conference on Software Engineering: Software Engineering in Practice10.1109/ICSE-SEIP58684.2023.00050(495-505)Online publication date: 17-May-2023
https://dl.acm.org/doi/10.1109/ICSE-SEIP58684.2023.00050
Xu WHe HGao KZhou MBissyandé TKlein JBird CSarro F(2023)Understanding and Remediating Open-Source License Incompatibilities in the PyPI EcosystemProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00175(178-190)Online publication date: 11-Nov-2023
https://dl.acm.org/doi/10.1109/ASE56229.2023.00175
Wolter TBarcomb ARiehle DHarutyunyan N(2022)Open Source License Inconsistencies on GitHubACM Transactions on Software Engineering and Methodology10.1145/357185232:5(1-23)Online publication date: 8-Dec-2022
https://dl.acm.org/doi/10.1145/3571852
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents