VRB News
Virtual Reality Brisbane
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact
No Result
View All Result
No Result
View All Result
Home IT news

Maintaining parts lists of open source licenses

admin by admin
May 30, 2022
in IT news
0
A list of all installed open source components including a link to the website and license text.
0
SHARES
21
VIEWS
Share on FacebookShare on Twitter

The conditions for the use of open source components depend on the underlying licenses. Therefore, the installers must ensure in the form of a bill of materials of all open source components that it is always clear where which license is used and what obligations arise with it.

That’s why license bills of materials are relevant

There are countless different open source licenses. They should put the principles of open source software on a legal foundation. Although the similarities between the licenses are great, there are still differences – sometimes only nuances, which, however, can have significant consequences.

To give two examples: If the Apache license 2.0 is used, then changes to the source code must be documented and the changes must be supplied in the form of a NOTICE file. The GPL v3 can in turn lead to the fact that the new work must also be published under the GPL.

The problem is that an open source component can make it into a product almost in passing. The developer needed a quick solution to a specific problem? A short search, ignoring the license conditions, a single command line command later and the open source component is integrated. The transitive dependencies of these components, in turn, lead to the fact that numerous open source components end up in the project, which the developer did not even take into account.

Probably the one who employs responsible developers here who coordinate and communicate this step. A bill of materials of the components used together with the licenses then represents the starting point to uncover this circumstance, to identify problems and to take solution measures.

Create license Parts lists

The license bill of materials can be created both manually and automatically. In the end, however, only a combination of both measures remains. Because no matter how sophisticated the automatism used is: there are simply too many exotic licenses and special cases, the consequences of which are not known or unambiguous. A good strategy therefore consists of a high automated proportion combined with the right, manual measures.

Automated measures

All quantitative tasks can be automated. One of these is to search all installed or referenced packages, sources and dependencies for licenses. Corresponding tools already exist in large numbers, such as Scancode Toolkit.

It is important not to run this tool once, but regularly, at the latest before each delivery, but ideally with each build or deployment created. As a rule, the result of such a check is a list that forms an overview of all components and licenses. The most common open source licenses stipulate that the original license must be included in derivative works.

In the next step, the list must be packaged and integrated into the derived work. Either all license texts are attached in the original or – more simply and also usual for large projects such as Chrome – as a list with links, under which the license text can be read and the project can be found. The list should then be sorted alphabetically by component.

Manual measures

Qualitative work, on the other hand, cannot be automated. This includes searching the list of found licenses for outliers or exotics. If there are exotics, then they must be examined in detail professionally or legally. Exotics can be outdated or invalid licenses. It can also be modified licenses that prohibit or prescribe a very specific use. If a license is missing, then the copyright law may apply, which is regulated differently depending on the country.

At the latest with such licenses, the entire component architecture should be checked. This audit must clearly show whether the component is integrated directly into the created product and is therefore a component. Or whether the component is just called. A mere call eliminates almost all the restrictions that an open source license usually imposes.

In the course of the audit – but also independently of it – installed components can of course also be replaced by those that use a license that is easier to comply with. However, this in turn requires a conversion in the project, which in turn can make numerous other measures necessary.

A matter of care

In short: license parts lists are a matter of maintenance, consisting of automatic and manual measures. The bill of materials of open source licenses is not an optional element, it is a mandatory component of today’s software and hardware products. Open source components are used in almost all products. Only those who have a clear overview of the licenses and know all the consequences can deliver products with a clear conscience.

Previous Post

SuperData slashes PlayStation VR sales estimate

Next Post

Almost every popular site or app manipulates users

admin

admin

Related Posts

The new Meta Quest 3 standalone VR headset is officially announced
IT news

The new Meta Quest 3 standalone VR headset is officially announced

June 6, 2023
A World on Your Plate
IT news

A World on Your Plate: Exploring Popular Global Dishes

June 5, 2023
Image Technology: A lot of fake Netflix messages circulating in Netflix account suspension? Problems with the subscription? Anyone who currently receives such messages, which supposedly come from Netflix, should be extremely skeptical and just do not rush anything. More…
IT news

Image Technology: A lot of fake Netflix messages circulating in Netflix account suspension? Problems with the subscription? Anyone who currently receives such messages, which supposedly come from Netflix, should be extremely skeptical and just do not rush anything. More…

June 2, 2023
Blockbuster mocks Netflix for charging to lend your account
IT news

Blockbuster mocks Netflix for charging to lend your account

May 31, 2023
How ChatGPT can help you in everyday life
IT news

How ChatGPT can help you in everyday life

May 25, 2023
Next Post
Almost every popular site or app manipulates users

Almost every popular site or app manipulates users

Premium Content

A few of the reasons why social media is important

A few of the reasons why social media is important

July 7, 2020

Nokia added the Chinese speed

August 14, 2020
New video shows what Tekken 7 will look like in virtual reality

New video shows what Tekken 7 will look like in virtual reality

March 16, 2022

Browse by Category

  • Games
  • IT news
  • Tech
  • World

VRB News is ready to cooperate with webmasters and content creators. Send an email to info@virtualrealitybrisbane.com

Categories

  • Games
  • IT news
  • Tech
  • World

Recent Posts

  • The new Meta Quest 3 standalone VR headset is officially announced
  • A World on Your Plate: Exploring Popular Global Dishes
  • Image Technology: A lot of fake Netflix messages circulating in Netflix account suspension? Problems with the subscription? Anyone who currently receives such messages, which supposedly come from Netflix, should be extremely skeptical and just do not rush anything. More…

© 2021 - The project has been developed ServReality

No Result
View All Result
  • Home
  • About us
  • IT news
  • Tech
  • World
  • Contact

© 2021 - The project has been developed ServReality

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?