EOLE / OWF 12 - License compatibility analysis and components based systems in public research - presentation of a practical approach-magali fitzgibbon (eole2012)
#OSSPARIS19 : A virtual machine approach for microcontroller programming : th...Paris Open Source Summit
Mais conteúdo relacionado
Semelhante a EOLE / OWF 12 - License compatibility analysis and components based systems in public research - presentation of a practical approach-magali fitzgibbon (eole2012)
Semelhante a EOLE / OWF 12 - License compatibility analysis and components based systems in public research - presentation of a practical approach-magali fitzgibbon (eole2012) (20)
#OSSPARIS19 - Tuto de première installation de VITAM, un système d'archivage ...
EOLE / OWF 12 - License compatibility analysis and components based systems in public research - presentation of a practical approach-magali fitzgibbon (eole2012)
1. License compatibility analysis and component based
systems in public research: presentation of a practical
approach
EOLE Conference – 12/10/2012
Magali Fitzgibbon – Technology Transfer and Innovation Department - CC BY-NC-ND 2.0
3. A (very) short presentation of Inria…
Inria : French National Institute for Research in Computer Science and Automatic Control
8 research centers in France + head office
(corporate level and local TTOs)
Missions include:
=> fundamental and applicative research
=> dissemination of scientific knowledge
=> contributing to standardization
=> providing prototypes (technology transfer)
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
4. Software prototypes @Inria
- Important number of software distributed under a FLOSS license
- Technology transfer includes operations based on open source software (in
particular by spin-off creation)
- Reuse of open source preexisting components is a usual developing practice at
Inria.
=> This leads de facto to license compatibility issues…
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
5. Software development process
(seen from the legal / TTO point of view)
Licensing in STRATEGY (legal compatibility) Licensing out
Code reuse Software : set of components exploitation
(pre-existing components) (with new “ex-nihilo”components)
L Licensing out
1 choice
Component
Licensing in based systems
Policy
Legal status of software
(Not so easy to defined)
Legal status of components
Component’s licence
Usually well defined
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
6. Such an exercise can turn out to be difficult…
License compatibility – the difficulties encountered by lawyers and TT managers:
• To be familiar and deal with an important number and diversity of FLOSS licenses
(jungle)
• Vocabulary used in FLOSS licenses is not standardized
But not only…
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
7. Reality is more than a theoretical comparison of several licenses –
context/object of analysis are crucial
• Great diversity of software and software architecture
(how can architecture be useful for the analysis?)
• Inria’s software can be made of an important number of preexisting components,
usually under a FLOSS license …
• … and can be developed on long period of times (10-15 years) by numerous
contributors
(How do you actually identify the licenses to be analyzed?)
• Licensing out strategies may change during software’s life cycle
(What incidence on license compatibility issues?)
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
8. Given these elements, what could be a good approach for license
compatibility issues in component based systems?
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
9. I. License compatibility analysis and software’s
architecture/detailed description
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
10. The 3 good reasons to ask for software’s detailed description
Identify the scope of the analysis… and be sure that everyone actually talks of the
same thing!
Easier in case of software with a “modular licensing strategy”
Makes dialogue easier with researchers/developers
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
11. Using software’s architecture – the example of DIET software (monitoring High Performance
Computing Infrastructures)
Source: Qualipso – Report on the proposed IPR tracking methodology – 16/12/2009 – www.qualipso.org
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
12. II. How can I identify licenses to be analyzed in a
(large) component based system?
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
13. Asking the development/research team:
Software’s contributors point of view and memory is essential (Inria assume people are
of good faith)…
… but it is nevertheless often incomplete!
⇒ Components’ origin and license issues are not always a priority at the beginning of a
project (POC)
⇒ Keeping a good track of what happened in a 5, 10 or 20 year development period is
difficult in public research (people come and go)
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
14. Example of a representation of authors’ appearance/disappearance and
evolution of % contribution to source code
A different (and complementary) source of information is usually needed…
Source/copyright owner: Antelink - CC BY-NC-ND 2.0
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
15. Looking « by hand » in all header files to check for licenses
Costs of analysis quickly turn to be high…
Example: a software of 100 000 files = you can keep a lawyer busy a few
weeks…
… which means that ROI is not always satisfactory.
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
16. Using tools: the « industrial way »
Code mining tools, license checkers…
They allow to gain time…
… and can therefore reduce costs of analysis!
Components’ license information in header files can now be as « opened » as open
source software!
The experienced turned out be positive as far as Inria is concerned
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
17. However… Never forget that information still needs to be qualified!
• Identifying licenses is only a start…
• Comparing a list of licenses, obtained with a tool, with your licensing-out
strategy is not sufficient for analysis to be efficient/complete!
• Tools help/provide assistance but do not fulfill the analysis
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
18. Examples
1. An important number of files identified in one of Inria’s software with an Eclipse
public license
But…
… after qualifying this information, the « EPL files » turned out to be source code
generated by Inria’s developers with Eclipse’s framework
2. Incompatible License identified in one of Inria’s software
But…
It turned ou that headers were not up-to-date concerning license information
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
19. Qualifying information requires discussion between lawyers, TT managers
and researchers/developers
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
20. III. Licensing-out strategy’s evolution during life cycle :
what is the incidence?
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
21. What changing of licensing-out strategy means
• The previous licensing-in policy (if any!) may not be pertinent anymore…
• … which means that software’s exogenous components’ licenses may not be
compliant with the new licensing-out strategy…
• What if the previous software’s license is compatible with the new one?
=> Beware! Does not mean that components’ licenses are compliant!
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
22. Example
A software initially distributed under a GNU LGPL v2.1 license
A licensing-in policy was defined
Research team’s intentions change in favour of a dual licensing scheme : GNU
GPL v2 and proprietary license
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
23. What the analysis revealed about the past…
Example of licenses found during Compliance with
the analysis (for exogenous previous GNU LGPL
components) strategy
Apache v.1 YES
Apache v.2 YES
Eclipse public license YES
BSD (new) YES
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
24. What the analysis revealed about the present/future…
Example of licenses found during Compliance with GNU
the analysis (for exogenous GPL v2
components
Apache v.1 NO
Apache v.2 NO
Eclipse public license NO
BSD (new) YES
Hopefully, solutions could be found…
But shows that costs to make software legally compliant, when
strategy changes, can actually become an issue
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
25. The 2nd part of the « story »: the legal issue did not turned out to be the
only one…
Was the dual scheme really pertinent/appropriate?
People are willing to pay for a proprietary license if they wish to redistribute
themselves under a proprietary license (and avoid GNU GPL’s constraints)
But, if a similar version is available somewhere under the GNU LGPL…
GNU GPL version of software needs to be sufficiently different from the previous
GNU LGPL version!
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
26. What comparison of source code revealed
Source/copyright owner: Antelink - CC BY-NC-ND 2.0
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
27. Conclusion
License compatibility analysis for components based systems in public research is
always :
the encounter between particular software, a development and an exploitation
strategies
Team work between lawyers, TT managers and researchers/developpers
And therefore a smart use and combination of people’s competence/experience
and tools
Which means that lawyers do not only need to rely on their « legal » expertise:
basic knowledge and curiosity of what are software and software development, is
helpful
Magali Fitzgibbon -Technology Transfer and Innovation Department - CC BY-
NC-ND 2.0
28. Thank you!
www.inria.fr
Report on the proposed IPR Tracking methodology (L. Grateau, M. Fitzgibbon, G. Rousseau)
http://www.inria.fr/content/download/6143/55776/version/2/file/Methodologie-d-analyse-IPR.pdf
Qualipso EU funded project
www.qualipso.org
Guide d’approche et d’analyse des licences de logiciels libres (S. Steer, M. Fitzgibbon)
http://www.inria.fr/content/download/5892/48431/version/2/file/INRIA_guide_analyse_licences_libres_vf.pdf
Recueil de fiches explicatives de licences libres (S. Steer, M. Fitzgibbon)
http://www.inria.fr/content/download/5892/48431/version/2/file/INRIA_guide_analyse_licences_libres_vf.pdf
Magali Fitzgibbon magali.fitzgibbon@inria.fr
http://www.linkedin.com/pub/magali-fitzgibbon/3a/390/76a