Understanding the usage, impact, and adoption of non-OSI approved licenses

Meloca, Rômulo Manciola; Pinto, Gustavo; Baiser, Leonardo; Mattos, Marco Antonio de; Polato, Ivanilton; Wiese, Igor; Germán, Daniel M.

doi:10.1145/3196398.3196427

Cited by 16 publications

(5 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The relatively large number of repositories without a license may seem unusual, but it is in line with a recent study by Meloca et al, who found that it is common in open source projects to not provide a license (Meloca et al, 2018). Moreover, some files or directories could have their own license, differing from the repository's license.…”

Section: Moreoversupporting

confidence: 62%

Usage and attribution of Stack Overflow code snippets in GitHub projects

Baltes

Diehl

2018

Empir Software Eng

View full text Add to dashboard Cite

Stack Overflow (SO) is the most popular question-and-answer website for software developers, providing a large amount of copyable code snippets. Using those snippets raises maintenance and legal issues. SO's license (CC BY-SA 3.0) requires attribution, i.e., referencing the original question or answer, and requires derived work to adopt a compatible license. While there is a heated debate on SO's license model for code snippets and the required attribution, little is known about the extent to which snippets are copied from SO without proper attribution. We present results of a large-scale empirical study analyzing the usage and attribution of non-trivial Java code snippets from SO answers in public GitHub (GH) projects. We followed three different approaches to triangulate an estimate for the ratio of unattributed usages and conducted two online surveys with software developers to complement our results. For the different sets of projects that we analyzed, the ratio of projects containing files with a reference to SO varied between 3.3% and 11.9%. We found that at most 1.8% of all analyzed repositories containing code from SO used the code in a way compatible with CC BY-SA 3.0. Moreover, we estimate that at most a quarter of the copied code snippets from SO are attributed as required. Of the surveyed developers, almost one half admitted copying code from SO without attribution and about two thirds were not aware of the license of SO code snippets and its implications.

show abstract

Section: Moreoversupporting

confidence: 62%

Usage and attribution of Stack Overflow code snippets in GitHub projects

Baltes

Diehl

2018

Empir Software Eng

View full text Add to dashboard Cite

show abstract

“…They found that developers have a good understanding of popular licenses but have only a limited understanding when they need to deal with multiple open source licenses. Meloca et al [22] investigated the impact of non-OSI-approved licenses on software projects from 657,000 open-source projects. Vendome et al [23] conducted a study to find when and how software developers decide an OSS license.…”

Section: Oss License and Software Developmentmentioning

confidence: 99%

Automating License Rule Generation to Help Maintain Rule-based OSS License Identification Tools

Higashi

Ohira

Manabe

2023

Journal of Information Processing

View full text Add to dashboard Cite

Many license identification tools have been proposed to support OSS reuse. License identification tools automatically identify OSS licenses declared in source files. Ninka is one of the most accurate license identification tools. Because OSS licenses are often newly created or inherited, rules built into license identification tools need to be created and updated on a regular basis. However, when a large number of unknown licenses are detected in large OSS products, it is not easy to manually create new rules. In our previous studies, we proposed a method for clustering license statements that Ninka determined to be unknown. In this paper, we propose a method to automatically generate license rules from the clustered license statements. Our approach further filters the license statements from the created clusters to extract sequential patterns and converts the extracted patterns into regular expressions. We conducted conduct a case study where our method is applied to 1,821, 3,561 and 2,838 unknown license statement files respectively collected from FreeBSD v10.3.0, Linux Kernel v4.4.6, and Debian v7.8.0, to confirm the usefulness of our method. As a result, we confirmed that our method successfully generated license rules that take into consideration the orthographical variants and that our method also efficiently identified licenses with a small number of license rules. Furthermore, we found that adding the license rules generated by our method to Ninka improves the licensing rule performance.

show abstract

“…When evaluating a package, it is also essential to consider non-functional requirements, such as the license. Using a package with no license or with a license that does not match the developer organization's usage and policies can quickly become a problem [36,53].…”

Section: Licensementioning

confidence: 99%

What are the characteristics of highly-selected packages? A case study on the npm ecosystem

Mujahid¹,

Shihab²

2022

Preprint

View full text Add to dashboard Cite

With the popularity of software ecosystems, the number of open source components (known as packages) has grown rapidly. Identifying high-quality and well-maintained packages from a large pool of packages to depend on is a basic and important problem, as it is beneficial for various applications, such as package recommendation and package search. However, no systematic and comprehensive work focuses on addressing this problem except in online discussions or informal literature and interviews. To fill this gap, in this paper, we conducted a mixed qualitative and quantitative analysis to understand how developers identify and select relevant open source packages. In particular, we started by surveying 118 JavaScript developers from the npm ecosystem to qualitatively understand the factors that make a package to be highly-selected within the npm ecosystem. The survey results showed that JavaScript developers believe that highly-selected packages are well-documented, receive a high number of stars on GitHub, have a large number of downloads, and do not suffer from vulnerabilities. Then, we conducted an experiment to quantitatively validate the developers' perception of the factors that make a highly-selected package. In this analysis, we collected and mined historical data from 2,527 packages divided into highly-selected and not highly-selected packages. For each package in the dataset, we collected quantitative data to present the factors studied in the developers' survey. Next, we used regression analysis to quantitatively investigate which of the studied factors are the most important. Our regression analysis complements our survey results about highly-selected packages. In particular, the results showed that highly-selected packages tend to be correlated by the number of downloads, stars, and how large the package's readme file is.

show abstract

Understanding the usage, impact, and adoption of non-OSI approved licenses

Cited by 16 publications

References 22 publications

Usage and attribution of Stack Overflow code snippets in GitHub projects

Usage and attribution of Stack Overflow code snippets in GitHub projects

Automating License Rule Generation to Help Maintain Rule-based OSS License Identification Tools

What are the characteristics of highly-selected packages? A case study on the npm ecosystem

Contact Info

Product

Resources

About