informa
/
Commentary

Open Source License Auditing Tools Still Need Someone Knowledgeable Behind The Wheel

Yesterday my colleague Charles Babcock brought us the news about HP's release of the FOSSology tool, a license-auditing application that promises to help organizations cut through the thickets of software licenses that can come with open source programs.  When you get down to it, though, it's just a tool: the real decisions about software licensing have to and always

Yesterday my colleague Charles Babcock brought us the news about HP's release of the FOSSology tool, a license-auditing application that promises to help organizations cut through the thickets of software licenses that can come with open source programs.  When you get down to it, though, it's just a tool: the real decisions about software licensing have to and always must be made by warm, breathing bodies.

As Charles explained in his summary, FOSSology is an application that analyzes source code repositories of software to determine what licensing schemes are in effect for that software.  The license scheme(s) used by a given piece of code is typically described in a header prepended to the code; FOSSology crunches this information and tries to determine as best it can what licenses are being used, how they vary, and where they may clash.  A single project can have a whole congeries of different software licenses in effect; it's not always obvious what's being used or even if the code a given license is attached to is being employed.

To that end, the program's also been attuned not only to look for the texts of known licenses like the GPL, but to look for key phrases that indicate a license may be in effect (e.g., "This program is licensed..."), but it can't determine what they are offhand, and so they're broken out into their category ("Phrases").  Found texts are highlighted with differences broken out so you can see what text the program has tagged as being a likely suspect for a license.

For an absorbing demonstration of how the program works, go check out the movies that have been posted on the FOSSology site.  My favorite, since it's the most concrete and easy to follow, is one where FOSSology is set loose on Abiword and appears to detect an incompatible license scheme in the source ... but the answer may be a little more complex than that.  Go watch the video; it's nifty just on the level of basic geekery, and it also gives you an idea of how nuanced this issue can be.  (The full rundown of screenshots and demos is available here.)

As you can see from the demo, FOSSology is just a way to break this information out and make it more digestible.  It doesn't make licensing decisions for you -- no more so than, say, a spellchecker or grammar program can force you to shed unorthodox spelling or enrich your vocabulary.  That means it has to be piloted and implemented by people who already have an understanding of what's compatible with what and why.

Proprietary and open software both carry different kinds of responsibilities with them for their use.  It's not uncommon for the plethora of licenses out there to be wielded as a cudgel against open source: e.g., you better watch out, or you'll discover you have to give your software away, or some variant on that.  The way I see it, FOSSology is just one more way to shut those people up.

Editor's Choice
Salvatore Salamone, Managing Editor, Network Computing
Mary E. Shacklett, President of Transworld Data
Joao-Pierre S. Ruth, Senior Writer
Richard Pallardy, Freelance Writer