Embed Size (px)
Citation preview
Preparingyoursourcecodefordistribu3on
www.triplecheck.net
Aboutthepresenter
NunoBritol Formerlicensingcoordinator,EuropeanSpaceAgency(contractor)l MasterofSo?wareEngineering(CarnegieMellonUniversity,2009)l VolunteeratFreeSo?wareFounda3on,hHp://fsf.org/licensing/teamandLinuxFounda3on,hHp://spdx.org
AboutTripleCheckToolsforlicensecomplianceandplagiarismdetec3on
Theproblem
Average software is built with >78% non-original code
- Copyleft and open source infringements - Plagiarism by accident (or intentional) - Intellectual property theft (contract breach)
Are you really sure your code is yours?
Google's chief Java architect: “It's likely I copied Sun code found in Android, I'm sorry if I did”
Google vs Oracle court case, July 2016
Happenstooeasily
Happenstooo?en
Licensecompliancelife-cycle
Zipfileforend-users
Yoursourcecode
List3rdpartycomponents
Solvecomponentconflicts
Findnon-originalcodesnippets
Solvenonoriginalcodesnippets
Preparezipfilefordistribu3on
Collect3rdpartycode
Createdocumenta3on
Keepingyourso?wareclean?
Applicablelicenses?IntellectualProperty?Licensingquality?
Makingsureyourcodeisclean
Yoursourcecode
• Headershaveyourcopyrightandlicense?• Are3rdpartycodesnippetsiden3fied?
Third-partycode• Aretherequirementsforeachlicensebeingfollowed?
DocumentaBon• Areyoudescribinghowthesystemiscompiledandinstalled?• Iseach3rdpartycomponentlistedandjus3fied?• Isyourlistuptodate?
Sourcecodeheaders?
Dependsonproject.Defaultisshortandreadable.Example
//Copyright(c)2016ACMELtd.//License:Apache-2.0
Forheavycases:
Using.ABOUTfiles
Thesearetextfilesplacedonthesamefolderwhereyouhaveeachthird-partlibrary.OriginallyusedbyAndroid.
Whatitdescribes:
• Declaredlicense• Whichfilesarethelicenseapplicable• DetailssuchasauthorandURL
Howcanitbecreated?• Manually,usingasampleandatexteditor• Automa3cally,hHp://triplecheck.net/components/
Using.SPDXfiles
Astandardizedwaytolistthefilesandrespec3velicensesthatareinsideapackage(e.g.Zipfile),seehHp://spdx.org
Whatitdescribes:
• Declaredlicense• Whichfilesarethelicenseapplicable• DetailssuchasauthorandURL
Howcanitbecreated?• Automa3cally,hHp://triplecheck.net/download/
Standardiza3on
Withoutclarity,wecan’tautomatenorunderstandwhatismeant.Specifywithoutambiguitythelicensesand3rdpartyso?wareyouuse.
Includeversionnumber
• Differentversionsmayhavedifferentlicenses• Notaddingaversionforcesend-userstoinves3gate
Usestandardlicensenames,don'tinventnewones• Usetheiden3fiersfromhHp://spdx.org/licenses• Makeiteasyforeveryonetounderstand
Includewitheachproject
LICENSE• Fulllegaltermsfordeclaredlicenses
README• Describetheprojectandlistlicensesinreadabletext
AUTHOR• Liststheauthorsandcompanythatwrotetheso?ware
Discoveringauthorsinyourcode?
Some3mesitisnotcleartolistwhoexactlycontributedcodeyourprojectsbutthiscanalsobeautomated.Fromgit,youcanlistthecontributorswiththefollowingsyntax: git log --format='%aN <%aE>' | sort -f | uniq source:hHps://github.com/rust-lang/rust/issues/5037
