Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Detection of License Inconsistencies in Free and.

Published byVerity Gilmore Modified over 8 years ago

Similar presentations

Presentation on theme: "Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Detection of License Inconsistencies in Free and."— Presentation transcript:

1 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Detection of License Inconsistencies in Free and Open Source Projects Yuhao Wu Inoue Lab 2016/02/16 1

2 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Open Source Software License Gives developers permissions to reuse and redistribute the source code, which usually exists in the header comment of a source file GPL-3.0+ Generally not allowed to be modified, removed or changed without copyright owner’s permission MIT This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. […] The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 2

3 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Files with same code contents under different licenses –License A License B –License C No license Definition of License Inconsistency –Two source files that evolved from the same provenance contain different licenses Motivation 3 License inconsistency indicates potential license violation problems EPL-1.0 None LGPL-2.1Apache-2.0 “The LGPL is ineligible primarily due to the restrictions it places on larger works, violating the third license criterion. Therefore, LGPL- licensed works must not be included in Apache products.” http://www.apache.org/legal/resolved.html#category-x

4 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Problem No research has been done to address these questions: –RQ1: How many types of license inconsistencies are there? –RQ2: Do they exist in open source projects? –RQ3: What is the proportion of each type of license inconsistency? –RQ4: What caused these license inconsistencies? Are they legal? 4

5 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Method [1] Overview Collection of Projects Project_1Project_2Project_3…  Group files by their normalized tokens using CCFinder [2]  Identify the license of each file in each group using Ninka [3] … Calculate metrics for the groups that contain license inconsistencies Group#Licenses#None#Unknown 1250 2220 … 5 [1] Yuhao Wu, Yuki Manabe, Tetsuya Kanda, Daniel M. German, Katsuro Inoue: "A Method to Detect License Inconsistencies in Large-Scale Open Source Projects", Proceedings of the 12th Working Conference on Mining Software Repositories (MSR 2015), pp.324-333, Flotrnce, Itary, May 2015. [2] T. Kamiya, S. Kusumoto, and K. Inoue, “CCFinder: A multilinguistic token-based code clone detection system for large scale source code,” IEEE Transactions on Software Engineering, vol. 28, no. 7, pp. 654–670, 2002. [3] D. M. German, Y. Manabe, and K. Inoue, “A sentence-matching method for automatic license identification of source code files,” in Proceedings of the 25th International Conference on Automated Software Engineering (ASE2010), 2010, pp. 437–446. Group_2 Group_1

6 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Empirical Study (1/3) - Setup Goal –To reveal the characteristics of license inconsistencies in open source software projects Target: –Debian 7.5 and a collection of Java projects on GitHub Categorization –LAR: License Addition or Removal –LUD: License Upgrade or Downgrade –LC: License Change 6 TypeDebian 7.5Java Projects Projects17,16010,514 Total files6,136,6373,374,164.c files472,86115,627.cpp files224,26721,176.java files365,2133,337,361 CategoryDebian 7.5Java Projects LC5,27298.4% 12,65390.9% LUD2,35043.9% 1,3169.5% LAR1,50028.0% 6,17944.4%

7 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Empirical Study (2/3) - Manual Analysis To determine the reason and safety of each case of license inconsistency (RQ4): 1.Find the repository of each related project 2.Check the license evolution of the files 3.Find out when and why the license was modified 4.Determine whether the license modification is legally safe or not 7

8 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Empirical Study (3/3) - Result (example) glassfish tomcat6 tomcat 5.5.x TagLibraryInfo.java 8 Apache-1.1 Apache-2.0 CDDL Multiple: CDDL, GPL-2.0 or Apache-2.0 Tools that maintain the licenses made some mistakes accidentally; Discussed with Apache people and agreed to change to a multi-license; Validating the license by file basis is complicated and expensive. Debian 7.5

9 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Results (1/2) Answers to RQ1-3 RQ1: How many types of license inconsistency are there in the target collections of projects? –3 types: LAR, LUD and LC RQ2: Do they exist in open source projects? –Yes, they exist in Debian 7.5 and Java projects on GitHub RQ3: What is the proportion of each type of license inconsistency? –Debain 7.5 LAR (28.0%), LUD (43.9%) and LC (98.4%) –Java Projects LAR (44.4%), LUD (9.5%) and LC (90.9%) 9

10 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Results (2/2) Answers to RQ4 What caused these license inconsistencies? –i) Original author modified/upgraded the license; –ii) The file was originally multi-licensed and reusers chose either one; –iii) Reuser added one or more licenses to the source file; –iv) Reuser replaced the original license, and changed the copyright owner. 10 Among them, the last two types of license modification are legally unsafe.

11 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Conclusion An efficient method is proposed to detect license inconsistencies in open source projects An empirical study is conducted to investigate the license violation problems Future work –Apply this method to more projects to detect more patterns –Investigate the evolution of license inconsistencies 11

12 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University 12

13 Department of Computer Science, Graduate School of Information Science & Technology, Osaka University MSR’15 13

Download ppt "Department of Computer Science, Graduate School of Information Science & Technology, Osaka University Detection of License Inconsistencies in Free and."

Similar presentations

Free Beer and Free Speech Thomas Krichel

Free Beer and Free Speech Thomas Krichel
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University A Preliminary.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University A Preliminary.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Identifying Source.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Identifying Source.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Evolutional Analysis.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Evolutional Analysis.
Doe Bug Prediction Support Human Developers? Findings From a Google Case Study Chris Lewis, ZhongPeng Lin, Caitlin Sadowski, Xiaoyan Zhu, Rong Ou, E.James.

Doe Bug Prediction Support Human Developers? Findings From a Google Case Study Chris Lewis, ZhongPeng Lin, Caitlin Sadowski, Xiaoyan Zhu, Rong Ou, E.James.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Extracting Code.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Extracting Code.
Open Source Applications Mikko Mustalampi DAP02S.

Open Source Applications Mikko Mustalampi DAP02S.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University A Prototype of.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University A Prototype of.
Open Source WGISS 39. Definition of Open Source Software (OSS)  Open source or open source software (OSS) is any computer software distributed under.

Open Source WGISS 39. Definition of Open Source Software (OSS)  Open source or open source software (OSS) is any computer software distributed under.
Lesson 18: Configuring Application Restriction Policies

Lesson 18: Configuring Application Restriction Policies
1 Real Time, Online Detection of Abandoned Objects in Public Areas Proceedings of the 2006 IEEE International Conference on Robotics and Automation Authors.

1 Real Time, Online Detection of Abandoned Objects in Public Areas Proceedings of the 2006 IEEE International Conference on Robotics and Automation Authors.
AFID: An Automated Fault Identification Tool Alex Edwards Sean Tucker Sébastien Worms Rahul Vaidya Brian Demsky.

AFID: An Automated Fault Identification Tool Alex Edwards Sean Tucker Sébastien Worms Rahul Vaidya Brian Demsky.
How Is Open Source Affecting Software Development? Je-Loon Yang.

How Is Open Source Affecting Software Development? Je-Loon Yang.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Measuring Copying.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Measuring Copying.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Industrial Application.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Industrial Application.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Where Does This.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Where Does This.
1 EPICS EPICS Licensing BESSY, May 2002 Andrew Johnson.

1 EPICS EPICS Licensing BESSY, May 2002 Andrew Johnson.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Finding Similar.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Finding Similar.
Yuki Manabe*, Daniel M. German†,‡ and Katsuro Inoue†

Yuki Manabe*, Daniel M. German†,‡ and Katsuro Inoue†
Dependency Tracking in software systems Presented by: Ashgan Fararooy.

Dependency Tracking in software systems Presented by: Ashgan Fararooy.

Similar presentations

Ads by Google