News

Open Source Groups Provide New Licensing Resources

• By David Ramel
• April 25, 2017

Newcomers to free and open source software (FOSS) might be bewildered by the variety of licenses that dictate how users can use community offerings.

For example, the Open Source Initiative lists nine "popular licenses" and Wikipedia lists dozens more coming in a variety of flavors for different purposes. Those purposes include linking, distribution, modification, patent grant, private use, sublicensing and trademark grant.

To help newbies get a handle on FOSS licenses, The Linux Foundation and Free Software Foundation Europe (FSFE) today announced new resources to help with identification and compliance.

"We must work more on helping those who want to be part of the free and open source software community understand the praxis and licenses used," said Matthias Kirschner, president of the FSFE, in a statement.

"The resources now made available contribute to making it easier for companies to rely on and develop free and open source software. Licensing compliance is just the first step on a journey towards using free and open source software, but it's often a steep learning curve, and we know these resources will contribute to enabling more companies to take the step into the community."

The new resources, as described by the two groups, include:

• A new, free online book, "Practical GPL Compliance: A guide for startups, small businesses, and engineers," by Armijn Hemel, MSc and Shane Coughlan. The open source groups said the book is "for startups, small businesses, and engineers tasked with shipping products that contain software covered by the GNU General Public License. The book is directly applicable to consumer electronics, drones, IoT or automotive devices based on generic Linux or Android-based Linux devices. The goal is to provide practical information to quickly address common issues and errors and to empower compliance engineers or compliance teams to get their job done as efficiently as possible. The guide goes beyond simple instructions and provides checklists and flowcharts to visualize key approaches or best practices for real-world situations."
• The open sourcing of "cregit," a tool provided by The Linux Foundation that's used at cregit.linuxsources.org. The two groups said cregit improves the visibility of changes in source code files. "The goal of the project is to explore how source code evolves with each contribution and over time," today's statement said. "One of its main applications is the creation of a token-based view of the source code, deconstructing the code into the smallest parseable units recognized by a compiler. A token-based view of git blame data shows, for each token in the corresponding source code, the commit that introduced token or last modified it and links to any relevant discussions of that change in mailing lists." The code for cregit is available on GitHub.
• The 3.1 release of FOSSology, a tool licensed under the GPL that's designed to help engineers and office staff understand the FOSS licenses associated with a given project. Features of the new edition include:
  • UI improvements to make bulk scanning more efficient when used with multiple licenses.
  • A new Dockerfile -- which is also used for Docker Hub -- comprising composed containers with a separate database server.
  • To support sharing of information from FOSSology scans with other programs, both SPDX 2.0 document formats (RDF and tag:value format) are now available.
  • Generation of Debian copyright files (also called DEP5).

"The GNU General Public License (GPL), version 2 is the key license that has contributed to the success of Linux and many other FOSS projects," the project backers said. Kate Stewart, an exec at The Linux Foundation, added more. "A better understanding of identifying where GPL licensed code exists in products and guides for how to comply with the terms can better enable the FOSS ecosystem to comply with GPL licensing," she said.