Affiliation:
1. Friedrich-Alexander University Erlangen-Nuernberg
2. Schulich School of Engineering, University of Calgary
3. Friedrich-Alexander University Erlangen-Nürnberg
Abstract
Almost all software, open or closed, builds on open source software and therefore needs to comply with the license obligations of the open source code. Not knowing which licenses to comply with poses a legal danger to anyone using open source software. This article investigates the extent of inconsistencies between licenses declared by an open source project at the top level of the repository, and the licenses found in the code. We analysed a sample of 1,000 open source GitHub repositories. We find that about half of the repositories did not fully declare all licenses found in the code. Of these, approximately ten percent represented a permissive vs. copyleft license mismatch. Furthermore, existing tools cannot fully identify licences. We conclude that users of open source code should not only look at the declared licenses of the open source code they intend to use, but rather examine the software to understand its actual licenses.
Publisher
Association for Computing Machinery (ACM)
Reference59 articles.
1. Pär J Ågerfalk and Brian Fitzgerald . 2008. Outsourcing to an unknown workforce: Exploring opensurcing as a global sourcing strategy. MIS quarterly ( 2008 ), 385–409. Pär J Ågerfalk and Brian Fitzgerald. 2008. Outsourcing to an unknown workforce: Exploring opensurcing as a global sourcing strategy. MIS quarterly (2008), 385–409.
2. Do Software Developers Understand Open Source Licenses?
3. Analyzing software licenses in open architecture software systems
4. Competition Among Proprietary and Open-Source Software Firms: The Role of Licensing in Strategic Contribution
5. Sharing at scale
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献