KIPS Transactions on Software and Data Engineering (정보처리학회논문지:소프트웨어 및 데이터공학)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Identification of Open Source License Compatibility Violations

오픈 소스 라이선스 양립성 위반 식별 기법 연구

  • 이동건 (영남대학교 컴퓨터공학과) ;
  • 서영석 (영남대학교 컴퓨터공학과)
  • Received : 2018.05.24
  • Accepted : 2018.08.01
  • Published : 2018.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

Open source software is used in various ways when developing new softwares all around the world. It requires rights and responsibilities as a form of an open source software license. Because the license is a contract between original software developers of the open source software and users, we must follow it and extremely cautious to avoid copyright infringement. In particular, we must verify license compatibility when we develop new software using the existing open source softwares. However, license violation issues always occur and lead to lawsuits so that they are having an adverse effect on the open source software ecosystem. Thus, in this paper, we propose a method, OSLC-Vid, to identify license violations whether compatibility issues exist between open source softwares. The proposed method is verified by the experiments to detect actual license violation cases.

전 세계적으로 각종 산업 분야를 불문하고 소프트웨어 개발 시 오픈 소스 소프트웨어가 다양하게 활용되고 있다. 이러한 오픈 소스 소프트웨어는 자유로운 사용에 대한 권리뿐만 아니라 그에 따른 책임을 라이선스(license) 형태로 요구한다. 오픈 소스 소프트웨어 라이선스는 오픈 소스 소프트웨어 개발자와 이용자 간의 조건 범위를 명시한 계약이기 때문에 개발자가 규정한 라이선스를 지켜야 하며 이를 위반할 경우에는 저작권 침해가 발생하고, 이에 대한 책임을 지게 된다. 특히, 새로운 소프트웨어 개발 시 기존에 개발된 오픈 소스 소프트웨어를 활용하는 경우, 각 코드의 라이선스가 양립성(compatibility)문제를 발생시키지 않고 서로 호환되는지 확인해야만 한다. 그러나 이러한 철학에 반하여 양립성 문제 관련 사건들이 다수 발생하고 소송으로 이어지기도 하면서 원활한 오픈 소스 소프트웨어 생태계에 악영향을 미치고 있다. 따라서 본 논문에서는 사용하고자 하는 오픈 소스 소프트웨어들 간에 오픈 소스 규칙을 준수하고 라이선스 양립성 문제가 발생하지 않는지 식별할 수 있는 새로운 기법인 OSLC-Vid를 제안한다. 이렇게 제안된 기법은 실제 오픈 소스 소프트웨어를 활용하여 위반사례 식별 성능을 검증하였다.

Keywords

JBCRJM_2018_v7n12_451_f0001.png 이미지

Fig. 1. Measures for Association Rules

JBCRJM_2018_v7n12_451_f0002.png 이미지

Fig. 2. The Rapid Increase of the Number of Association Rules

JBCRJM_2018_v7n12_451_f0003.png 이미지

Fig. 3. Overall Approach

JBCRJM_2018_v7n12_451_f0004.png 이미지

Fig. 4. Example of Preprocessing Stages

JBCRJM_2018_v7n12_451_f0005.png 이미지

Fig. 5. Example of a Support Based Pruning Process

JBCRJM_2018_v7n12_451_f0006.png 이미지

Fig. 6. Example of a Confidence Based Pruning Process

JBCRJM_2018_v7n12_451_f0007.png 이미지

Fig. 7. Example of a Association Rule Set

JBCRJM_2018_v7n12_451_f0008.png 이미지

Fig. 8. Partial Results of Preprocessing for FFmpeg

JBCRJM_2018_v7n12_451_f0009.png 이미지

Fig. 9. Partial Results of Association Rules

JBCRJM_2018_v7n12_451_f0010.png 이미지

Fig. 10. Example of the Rule Application

Table 1. Feature and Duty of Various Licenses [7-9]

JBCRJM_2018_v7n12_451_t0001.png 이미지

Table 2. Training Set Used in the Experiments

JBCRJM_2018_v7n12_451_t0002.png 이미지

Table 3. Testing Set Used in the Experiments

JBCRJM_2018_v7n12_451_t0003.png 이미지

Table 4. Verification of OSS that does not Violate Apache License Compatibility

JBCRJM_2018_v7n12_451_t0004.png 이미지

Table 5. Verification of OSS that Violates Apache License Compatibility

JBCRJM_2018_v7n12_451_t0005.png 이미지

Table 6. Confusion Matrix Derived from the Experiments

JBCRJM_2018_v7n12_451_t0006.png 이미지

References

  1. Open Source software Competency Plaza, OSS definition [Internet], https://www.oss.kr/en_oss_definition.
  2. North Bridge & Black Duck, 2015 the future of Open source [Internet], https://www.slideshare.net/blackducksoftware/2015-future-of-open-source-survey-results.
  3. David Perry, The interesting and complex legal issues of 2017 [Internet], https://opensource.com/article/17/12/best-legal.
  4. Mark Radcliffe, GPLv2 goes to court: More decisions from the Versata tarpit [Internet], https://opensource.com/article/17/12/best-legal.
  5. OpensourceSW License Information Systems, License Introduction [Internet], https://olis.or.kr/en/LicenseIntroduction.do.
  6. Byungil Kim, GPL(General Public License) and Legal issues regarding International Private Law, Korea Private International Law Journal, No.14, pp. 80-108, 2008.
  7. Open source software License International System, Open source licenses comparison [Internet], https://olis.or.kr/license/compareGuide.do.
  8. GNU Operating System, Various Licenses and Comments about Them [Internet], https://www.gnu.org/licenses/license -list.en.html#GPLIncompatibleLicenses.
  9. The Apache Software Foundation, For the purposes of being included in an Apache product, which licenses are considered to be similar in terms to the Apache license 2.0? [Internet], https://www.apache.org/legal/resolved.html.
  10. Joseph Morris, Which License Should I Use? MIT vs. Apache vs. GPL [Internet], https://exygy.com/which-licenseshould-i-use-mit-vs-apache-vs-gpl/.
  11. Jim Lynch, Did Remix OS violate the GPL and Apache licenses? [Internet], https://www.infoworld.com/article/3023538/linux/did-remix-os-violate-the-gpl-and-apache-licenses.html
  12. Lisa Fenn, Artifex and Hancom Reach Settlement Over Ghostscript Open Source Dispute [Internet], http://www.prweb.com/releases/2017/12/prweb14991130.htm.
  13. Ashish Shah, "Association rule mining with modified apriori algorithm using top down approach", in Proceedings of the 2016 2nd International Conference on Applied and Theoretical Computing and Communication Technology, pp.747-752, 2016.
  14. Chul Nam Lee, "The Research on the Compatibility of Open Source Licenses," Copyright Quarterly, Vol.30, No.1, pp.131-152, 2017.
  15. Ruian Duan, Ashish Bijlani, Meng Xu, Taesoo Kim, and Wenke Lee, "Identifying Open-source License Violation and 1-day Security Risk at Large Scale," in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp.2169-2185, 2017.
  16. Thomas F. Gordon, "Analyzing open source license compatibility issues with Carneades," in Proceedings of the 13th International Conference on Artificial Intelligence and Law, pp.51-55, 2011.
  17. Georgia M. Kapitsaki, FrederikKramer, and Nikolaos D. Tselikas, "Automating the license compatibility process in open source software with SPDX," Journal of Systems and Software, Vol.131, pp.386-401, 2017. https://doi.org/10.1016/j.jss.2016.06.064
  18. CodeEye Service, CodeEye Introduction [Internet], https://olis.or.kr/license/compareGuide.do
  19. Black Duck By Synopsys, Manage Open Source Risks with Black Duck Hub [Internet], https://www.blackducksoftware.com/solutions/open-source-license-compliance.
  20. Charu C. Aggarwal, "Data Mining," 1st ed., Springer Publishing, ch. 4, pp.93-133, 2015.
  21. Jean-Marc Adamo, "Data Mining for Association Rules and Sequential Patterns," 1st ed., Springer Publishing, ch. 3, pp.33-48, 2001.