WEINS FESTIVAL リーフレット omote...Title WEINS FESTIVAL_リーフレット_omote Created Date 11/2/2019 10:51:41 AM
Open Source in Android Apps: Tips for Becoming a Good Open Source Citizen AnDevCon Kim Weins, SVP...
-
Upload
angel-fitzgerald -
Category
Documents
-
view
218 -
download
0
Transcript of Open Source in Android Apps: Tips for Becoming a Good Open Source Citizen AnDevCon Kim Weins, SVP...
Open Source in Android Apps: Tips for Becoming a Good Open Source Citizen”
AnDevCon
Kim Weins, SVP Marketing, OpenLogic
Copyright OpenLogic 2006
What You’ll Learn
How much open source is used in mobile apps?
What level of compliance with open source licenses?
Why should I be concerned?
What should I do about it?
2
Copyright OpenLogic 2006
About OpenLogic
OpenLogic helps enterprises to
successfully and safely
acquire, deploy, support and control
all of the free and open source software they use.
Scanning Tools
Open Source Audits
Open Source Support
Copyright OpenLogic 2006
Mobile Apps Depend on Open Source
4
Source: OpenLogic Mobile Research 9/2010
Open Source is Used in88% of Android Apps & 41% of iOS Apps
Copyright OpenLogic 2006
Mobile Apps Depend on Open Source
5
jquery
cocos2dJSON
ichabberwz_graphics
MWFeedParser
Selenium
YUI SQLite
BoostOpenSSL
Mobile Apps
Open SourcePhoneGap
Rhodes
6
But…
Copyright OpenLogic 2006
Compliance Concern
7
Mobile AppsAren’t Consistently
Complying withOpen Source
Licenses
Copyright OpenLogic 2006
Research Methodology
Scanned 635 Top Apps with OSS Deep Discovery123 Android Apps512 iOS Apps
Picked top paid and free apps across categories
Identified 68 Apps with GPL, LGPL or Apache52 with Apache16 with GPL/LGPL
Examined those apps for compliance with key obligations
8
Copyright OpenLogic 2006
Four Areas of Compliance Analyzed
9
ApacheApache GPL/LGPLGPL/LGPL
Provide copy of licenseProvide copy of license
Notices/AttributionsNotices/Attributions
Provide copy of licenseProvide copy of license
Provide source codeProvide source code
Copyright OpenLogic 2006
Failure to Comply
10
71% of Apps using Open Source
under GPL, LGPLand Apache
do not comply
Comply29%
Do Not Comply71%
Source: OpenLogic Mobile Research 3/2011
Copyright OpenLogic 2006
Compliance by Platform
11
71% of Apps using Open Source
under GPL, LGPLand Apache
do not comply
27%Comply
Android iOS
32%Comply
Source: OpenLogic Mobile Research 3/2011
12
REALLY?Do I need to care?
Copyright OpenLogic 2006
Three Reasons to Comply
1. It’s the right thing to do
2. Protect your IP
3. Money in your pocket
13
Copyright OpenLogic 2006
It’s The Right Thing to Do
Free software…
but please comply
14
Copyright OpenLogic 2006
Protect your IP
Copyleft open source licenses can impact licensing of your IP
15
©©©©©©©©©
Copyright OpenLogic 2006
Protect your IP
16
Open Sourceunder “Copyleft”
license
Open Sourceunder “Copyleft”
licenseYour codeYour code
Derivative work? Depends on the license and
how you combine the code
LinkingLinking
Copyright OpenLogic 2006
Money in Your Pocket
Non-compliance can result in:Takedowns
Injunctions
Lawsuits
Legal costs
17
Copyright OpenLogic 2006
Takedown Requests to Android Market
18
Source: Chilling Effects Clearinghouse, Takedown Complaints for Android Market
Feb 2011 = 206 Takedown Requests
Copyright OpenLogic 2006
Takedowns: Open Source Copyright Violation
19
Example of complaint to Google re GPL violation.
Source: Chilling Effects Clearinghouse
Copyright OpenLogic 2006
More Than A Theoretical Risk: Legal Action
20
Free Software Foundation has been active in GPL enforcement.
Source: Ars Technica
Source: cnet
Source: The Inquirer
Copyright OpenLogic 2006
More Than A Theoretical Risk: Bad PR?
21
Source: Network World
Source: Matthew Garretthttp://www.codon.org.uk/~mjg59/android_tablets/
22
OK, OKI get it.
Copyright OpenLogic 2006
How to Become A Good Open Source Citizen
1. Understand open source licensing
2. Create an open source policy
3. Track all open source usage
4. Conduct a scan or audit of your code
5. Develop a compliance checklist
23
Copyright OpenLogic 2006 24
1. Understand OSS Licensing
Official definition of OSS licenseApproved by the Open Source Initiative (OSI)
http://www.opensource.org/
Currently over 60 approved licensesKey Criteria
Free distributionSource code is availableDerived works are allowedNon-discrimination
Copyright OpenLogic 2006 25
Categorizing Open Source Licenses
StringsAttached
Liberal
NoStrings
Copyleft
AdditionalClauses
“Traditional”Open Source
MIT/X
W3C
Original BSD
Apache Software License
Eclipse Public License
GNU GPL
GNU LGPL
GNU GPL v3
Common Public License
Mozilla Public License
SISSL
IBM Public License
Copyright OpenLogic 2006 26
Dependency Issues Impact Licensing
OSS often depends on or bundles other OSS
Need to look at all the dependencies and bundled projects and their licenses
Important: The licenses may not be the same!
Example:Geronimo (Apache license) uses MySQL (GPL) through the MySQL driver (formerly LGPL but now GPL)
Copyright OpenLogic 2006
2. Create an Open Source Policy
Things to includeLicenses allowedApproval processesAudit and compliance processes
ConsiderationsKeep it lightweightDon’t let fear guide you
27
Copyright OpenLogic 2006 28
3. Track all Open Source Usage: Why?
Know what you are usingBest practices for software asset management
Identify opportunities for sharing or savingsFind out what open source is being used so you can leverage expertise, support, etc. across teams
Legal & complianceValidate that you are complying with licensesBe able to determine impact of license changesProvide an audit trail for regulatory complianceAssess impact of lawsuit or IP infringement
MaintenanceBe prepared to handle security patches or critical issuesAble to plan for maintenance updates
SupportUnderstand level of support necessaryShare support resources (whether internal or external)
Copyright OpenLogic 2006 29
3. Track all Open Source Usage: What?
What open source packages are usedWhat versions are usedThe exact source/object codeWhere you got it from (source)What license it’s underWhat applications it’s used inWhat machines they are used onWhat operating system they are used withWhether the project is internal, external or for distributionWhen distributed and to whomApproval trail – who approved, when approved, for what purpose
Copyright OpenLogic 2006
4. Conduct a scan or audit of your code
Outcome of an OSS audit:List of open source packagesList of open source licensesList of license obligationsList of licenses that may have conflicting terms
OptionsScanning toolsManual reviewAudit services
Copyright OpenLogic 2006
5. Develop a compliance checklist
Create a compliance checklist:Notices in code and/or documentationSource code provided in proper wayIs there an EULA for your product?
If there are conflicts or compliance is not possible:Can you live without this code?Is there an alternative to the code?Can you contact the author and ask for an exception/different license?
Risk management:What is likely to get litigated?What are your sticking points that prevent perfect compliance?
Copyright OpenLogic 2006
Thanks!
Slides?www.openlogic.com/downloadswww.slideshare.net
Learn morewww.openlogic.com
To receive details of [email protected]
Follow@openlogic@KimAtOpenLogic
32