Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

HP Launches FOSSology Open Source Tracking Tool

kdawson posted more than 6 years ago | from the it-is-not-a-lawyer dept.

HP 62

cpudney writes "An article in Computerworld UK reports on a new open source analysis initiative launched by Hewlett-Packard. The FOSSology Project's mission is to 'build a community to facilitate the study of Free and Open Source Software by providing free data analysis tools.' The first such tool reports how an open source project is licensed. Rather than simply collecting a project's advertised license, the tool analyzes all of the source code for a given project and reports all of the licenses being used, based on the license declarations and tell-tale phrases that identify software licensing. A video demonstrating the tool applied to abiword is available. The FOSSology source code is licensed under GPLv2."

cancel ×

62 comments

Sorry! There are no comments related to the filter you selected.

SLASHOT SUX0RZ (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22148712)

_0_
\''\
'=o='
.|!|
.| |
Heath Ledger Memorial Goatse Post [goatse.ch]

Open source nigger tracking? (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22148782)

That is far more important. Priorities, people.

Ron Paul

Re:Open source nigger tracking? (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22149310)

That is far more important. Priorities, people.
Oy vey! What a schmuck.

R.I.P. HEATH LEDGER :( (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22148786)

Ennis Del Mar could buttfuck me any day :(

Now he will never buttfuck again :(

Re:R.I.P. HEATH LEDGER :( (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22149692)

"Now he will never buttfuck again :("

If you get to the morgue quick enough, you can still buttfuck him one last time!!!

NIGGERology Open Source Watermelon Tracking Tool (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22148794)

now online [niggerforge.org]

Re:NIGGER TITS EXPLODING (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22148808)

WTF? What is with these posts?

Can someone please ban parent poster?

Niggers. (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22148824)

Don't like 'em.

Sincerely,
Ron Paul, MD

grep? (1)

Gothmolly (148874) | more than 6 years ago | (#22148830)

Nice to HP getting busy and all, but how is this any sort of breakthrough ?

for file in `find -name *.c` ; do grep GPL $file ; done

??

Re:grep? (1)

gotzero (1177159) | more than 6 years ago | (#22148872)

I think these companies are trying to do anything they can to not appear openly hostile to open source... Many have not been doing so well in that department. At least it is not a step in the wrong direction!

Re:grep? (0)

Anonymous Coward | more than 6 years ago | (#22149082)

If HP *REALLY* wanted to make a splash in the FOSS community,
they'd make sure that their hardware, especially their laptops,
could be used under Linux. My dv9000z kinda sorta works under
openSUSE 10.2, but not under 10.3, and neither the camera nor
the microphone work.

Wouldn't it be loverly if they included a CD with the appropriate
drivers on it?

Re:grep? (1)

richardablitt (897338) | more than 6 years ago | (#22151362)

At least their printers seem to be well supported under Linux (I've had no problems with them, anyway).

Re:grep? (1)

emilper (826945) | more than 6 years ago | (#22153890)

how about HP office scanners ?

Yeah cock (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22148834)

Yeah my cock is a free software movement's answer to pussy demand. This cock clearly demonstrates FOSS's commitment to closed source license methodologies. I love you guys.

Re:Yeah cock (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22149188)

That reminds me of the slashdot 10 year anniversary. So much cock and ass... It was like being on a gay farm. I was shitting (and burping) sperm for a week. Anybody else want to make it a monthly event?

Video Summary: 2 files not compatible with GPL (5, Informative)

benad (308052) | more than 6 years ago | (#22148846)

For those that don't want to load the video, there is two files in Abiword (hash.cpp and tword.cpp) that use the original BSD license (with the "obnoxious" advertising clause) and are incompatible with the project's GPLv2 license. Oops.

Re:Video Summary: 2 files not compatible with GPL (0)

rubycodez (864176) | more than 6 years ago | (#22149004)

no, BSD software can be relicensed under the more restrictive GPL, just not the other way around. By the way, I downloaded the source for Abiword-2.4.6.tar.gz and found the hash.cpp with the full license inside but no tword.cpp file

not if the advertisement clause is present (5, Informative)

keeboo (724305) | more than 6 years ago | (#22149370)

Please feel free to learn more about this issue [gnu.org] .

Re:not if the advertisement clause is present (2, Informative)

AuMatar (183847) | more than 6 years ago | (#22149586)

Outdated- the new version of the BSD license (new meaning about a decade old, if not more) has no advertising clause. Nobody uses the old style anymore, when people say BSD you can assume they mean no advertising clause. In which case, he's absolutely right.

Re:not if the advertisement clause is present (1, Informative)

Anonymous Coward | more than 6 years ago | (#22150204)

You are an idiot. The BSD license used on the small bits of code in abiword is the old "obnoxious" one. Read the fucking article, and the posts before you reply.

Re:Video Summary: 2 files not compatible with GPL (4, Informative)

tlhIngan (30335) | more than 6 years ago | (#22149620)

no, BSD software can be relicensed under the more restrictive GPL, just not the other way around. By the way, I downloaded the source for Abiword-2.4.6.tar.gz and found the hash.cpp with the full license inside but no tword.cpp file


Actually, no. Prior to the modified-BSD license (which became the official BSD license), the original BSD license is incompatible with the GPL. This is because the original BSD license had an "advertising" clause that stated the software must say it includes portions copyright the Regents of California. That very clause makes it incompatible with the GPL (because the license makes additional terms in order to use the code - something the GPL prohibits).

Even the FSF states that the original BSD license is incompatible with the GPL [gnu.org] .

Now, I believe in the late 90's, the BSD folks reorganized the license and eliminated that clause, thus making BSD compatible with the GPL. They made it retroactive, I believe, but you had better be careful with code with the original terms since BSD originated code is under the new license, but the old code from a different author (but same license) may not be using the modified/revised BSD terms.

Re:Video Summary: 2 files not compatible with GPL (1)

digitig (1056110) | more than 6 years ago | (#22151152)

They made it retroactive, I believe, but you had better be careful with code with the original terms since BSD originated code is under the new license, but the old code from a different author (but same license) may not be using the modified/revised BSD terms.
Which appears to be the case with at least one of the BSD licenses used in Abiword. It's not actually the old BSD license, it's the old BSD licence with the author's name replacing references to the Regents of California. So when they made the new BSD license retroactive, the code used by Abiword was unaffected because it wasn't the Regents' to change.

Sounds great! (for hp) (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22148876)

the tool analyzes all of the source code for a given project and reports all of the licenses being used

Licenses scanned. 3 found that will not hold up in court. (we can steal THESE parts of their code and they are pretty much S.O.L.)

its what i expect from hp. makers of the most expensive thing by weight on the planet. printer ink.

Open Source competition to commercial products (4, Insightful)

mgkimsal2 (200677) | more than 6 years ago | (#22148926)

While it doesn't seem fossology is addressing exactly the same problem space, I can see a project like this taking some marketshare away from commercial products like BlackDuck's protexIP and Palamida ipAmplifier. I work in a field where this would be a very useful tool, and have been wanting to build something like this ourselves and release as an open source project. The issue has always been determining a cost-effective way of keeping the indexes up to date. But rather than scanning code and looking for direct violations, this approach turns that on its head a bit and scans for licenses. This is more a forensic tool than something which can detect all types of violations - if I just took part of a GPL file and placed it in a BSD project (or my own project, for example), it doesn't seem fossology would be able to make that determination. At least, I didn't see that from the video I watched. In any event though, this is a welcome tool for people looking to quickly get a handle on what's in their code. Glad to see it out there.

Re:Open Source competition to commercial products (1)

GarbageCollection (1199855) | more than 6 years ago | (#22149700)

I agree that this is a welcome tool. As companies continue to use increasing amounts of open source in their software, they need better ways of tracking it, to make sure that they comply with the licenses. This is particularly true for software companies, whether they are commercial or open source. I'm not sure that Fossology will take market share away from Black Duck or Palamida, however, since the functionality seems to be more limited. I'd be interested in hearing a review from someone who used the software.

Re:Open Source competition to commercial products (1)

mgkimsal2 (200677) | more than 6 years ago | (#22151628)

I'm planning on trying it out in the next week. Visit http://www.kimsal.com/ [kimsal.com] to read a review if/when I get to it.

Also, I agree, it may not take market share away, at least for now, but if the underpinning is good, it may be a good base to build similar BD/P functionality on top of.

Re:Open Source competition to commercial products (1)

tlhIngan (30335) | more than 6 years ago | (#22154062)

While it doesn't seem fossology is addressing exactly the same problem space, I can see a project like this taking some marketshare away from commercial products like BlackDuck's protexIP and Palamida ipAmplifier.


I remember a customer doing something with our code (commercial) - they scanned our submitted code against open-source code to check for violations (making sure we weren't checking in open-source code as proprietary).

We didn't, but the output it got back was pretty enlightening. We still had to defend it, but the worst chunks ended up being "You're initializing a window class structure - since Microsoft's documentation says the structure is laied out that way, it makes sense people would initialize it that way" (just a bunch of generic initializations you'd find in any Windows book or online FAQ). Though, said project wasn't using libwine - I don't know what it used, just it ended up using a data structure practically identical to Win32. The other alleged violations were things like "i = 0" and more generic Win32-like code.

FOSS that solves problems created by FOSS? (0, Flamebait)

filbranden (1168407) | more than 6 years ago | (#22148930)

When computers were invented, they were supposed to solve problems. Today, companies have huge IT departments just to solve computer problems that didn't existed before computers.

When FOSS started, its purpose was to write software to solve problems. Today, we're seeing FOSS written to solve FOSS problems, like licensing issues.

Doesn't it kind of defeat the point?

Re:FOSS that solves problems created by FOSS? (4, Insightful)

iggymanz (596061) | more than 6 years ago | (#22149042)

typewriters solved a problem too, and companies had typewriter repair departments. Parcel delivery companies solve problems and my company has a shipping and receiving department. gee, what's up what that?

No point defeated, FOSS exists because of copyright law and software that helps ensure licensing is proper is a great way for the movement(s) to self-police.

This has already been around for years (3, Informative)

LS (57954) | more than 6 years ago | (#22148966)

A friend of mine in SF started a company a few years back called Palamida [palamida.com] that provides a very similar service. I don't think their code is GPLed though.

LS

Re:This has already been around for years (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22149206)

A friend of mine in SF started a company a few years
"A friend", eh?

Re:This has already been around for years (0)

Anonymous Coward | more than 6 years ago | (#22149356)

I have a friend who started Black Duck Software (blackducksoftware.com [blackducksoftware.com] ). FOSSology is not the same thing as Palamida and Black Duck... they actually track the code that's copyrighted and tell you what the license was originally, not just tell you what license is stated in the file.

Re:This has already been around for years (0)

Anonymous Coward | more than 6 years ago | (#22150262)

In all fairness, Palamida is not the same thing as Black Duck.

how... meta. (4, Funny)

sootman (158191) | more than 6 years ago | (#22149086)

So, it's an open-source tool that evaluates how open-source open-source software is? Wow. If ever there was an app that demanded a recursive acronym, this is it. Any suggestions?

Re:how... meta. (2, Funny)

dozer (30790) | more than 6 years ago | (#22149300)

yaossfsck?

Re:how... meta. (0)

Anonymous Coward | more than 6 years ago | (#22149400)

FOSSology is an Open Source Software Overviewing License(s) Obligating You :-P

bah, it's the best I could do this late. (by obligating, i mean obligations you are to meet according to use of the code per license[s])

captcha: orgasm, heh

Re:how... meta. (2, Funny)

Anonymous Coward | more than 6 years ago | (#22149424)

If they had just called it "FOSS" (which is taken, I know. Bear with me...) then it could be "FOSS is an Open Source Scanner"

*shrug*

Re:how... meta. (1)

Urza9814 (883915) | more than 6 years ago | (#22151542)

There are still plenty of alternatives....the first letter could be anything:

LOSS causes profit loss
Toss that TOSS
Doss with DOSS

Re:how... meta. (1)

LarsG (31008) | more than 6 years ago | (#22152798)

.  <- the concept of recursive acronyms

O  <- you

Re:how... meta. (1)

Urza9814 (883915) | more than 6 years ago | (#22155718)

Well, those sentences I listed weren't the actual acronyms, if that's what you're thinking...I was just giving examples of what you could say if you used them. The actual acronym would be (L/T/D)OSS is an Open Source Scanner. I shoulda been more clear on that.

rename it to Ono (2, Funny)

Gary W. Longsine (124661) | more than 6 years ago | (#22149538)

In light of the BSD tidbit above, it could be renamed: OhNO! ... ONO's Not militantly Open enough! (where the "militantly" and "enough" are silent.)

Re:how... meta. (2, Funny)

jd (1658) | more than 6 years ago | (#22150382)

  • TOSTOSTOS: The Open Sourceness Testing Open Source Tool for Openable Source Tarballs
  • ROSCROSC: ROSCROSC Open Source Checker Recursively Open Source Checks
  • YIARAFARACOSL: YIARAFARACOSL Is A Recursive Acronym For A Recursive Application Checking Open Source Licenses

P.S. SCO changed their copy. If the filename starts with linux-2.6, it prints "Owned By SCO" 250 times. I hear they plan to use their version when they appeal.

Re:how... meta. (1)

gr8scot (1172435) | more than 6 years ago | (#22150682)

OSSOSS
Open Source Software Openness Scanning Software

License bloat (1)

iminplaya (723125) | more than 6 years ago | (#22149100)

Will this help reduce it? 13K sized programs with 50K licenses. Hey, a new game. Stenoproject. Find the hidden program inside the license. Kinda like Where's Waldo.

Why bother? (1)

rorted (1210996) | more than 6 years ago | (#22149144)

Off topic, but this is a pet hate of mine -- why bother sticking the logos of web standards on your page when it fails so [w3.org] thoroughly [w3.org] to comply to said standards?

Re:Why bother? (1)

alextmqazwsx (1124255) | more than 6 years ago | (#22149552)

And one of mine, Inviting looking pages that are password protected. ("Demo - Try it!")

Don't Let SCO see this. (5, Funny)

WallyDrinkBeer (1136165) | more than 6 years ago | (#22149208)

This could be a disaster.

SCO will run Linux through this tool and find out all the stuff in their that has /* Copyright 1982 SCO */ in the headers.

Arghh.

Ummmm.... (2, Funny)

vlad_petric (94134) | more than 6 years ago | (#22149760)

SCO who?

need help guys! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22149214)

Sorry for posting this here but I don't know where else to go. I'm 13 and i need some advice. I know it's full of guys here and my parents would kill me if I go on sex sites D:

I have embarassing erections all the time! I get them waking up and going to bed and all the time at school like i was talking to this girl i like the other day and i got one and i think she may have noticed! What do i do slashdot? Help!!!!

Re:need help guys! (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22149260)

Since you are on slashdot, I will assume you are a nerd with no social skills. Therefore you have three choices: first of all, you could do nothing, and go around with a constant hard-on, thus obtaining a reputation as a horny bastard (a nympho might be attracted to you as such); secondly, you could go home and masturbate, thus relieving the pressure; thirdly, you could rape the girl you have a crush on, and possibly go to juvenile detention.

As an HP employee... (1)

Anonymous Coward | more than 6 years ago | (#22149270)

I like seeing the move to Open Source in quite a few projects, mostly Linux/HP-UX based [hp.com] . But if the internal company reorganization doesn't actually fix some problems, HP as a company is going under. (yes this is still fallout from the whole "who's leaking info to the press let's get their calling records" scandal) The only thing that is saving it from the ineptitude of the management is the talent of the onshore techs, otherwise it'd be dead already. The offshore "towers" are for the most part steaming towers of crap with constant turnover and a willingness to escalate a sneeze into a Sev-2 situation.

Ranting anonymous for obvious reasons, but I'm sure there is quite a few HP'ers who could of written this. HP "invent" your way out of this one management, there is no silver bullet unless it's in your skull. ;)

Re:As an HP employee... (0)

Anonymous Coward | more than 6 years ago | (#22150456)

ballmer is that you?

Re:As an HP employee... (1)

ibsteve2u (1184603) | more than 6 years ago | (#22163412)

I tend to agree with your perspective, which is why I'm leery of HP/Compaq doing anything in the open source world.

After watching the destruction of DEC, I know they must still have a mass of those people who can take a good thing and destroy it.

What if there's no license lines? (0)

Anonymous Coward | more than 6 years ago | (#22149304)

What about those like vtiger and other companies (or individuals) who leach off open source projects, just taking off the copyright lines? This program doesn't help in those cases. Basically a lot of overhead for little reassurance...

Public Domain (1)

Besna (1175279) | more than 6 years ago | (#22149326)

If we need any sort of standard, it should be the simplest of all--public domain. Maybe an XML attribute or watermark. Certain dated materials can be automatically assigned as well.

GPLv2? (2, Funny)

dacut (243842) | more than 6 years ago | (#22149452)

The FOSSology source code is licensed under GPLv2
Does it just say GPLv2 in their license file, or did they properly analyze the source to determine it was GPLv2?

About that name... (1)

Smallpond (221300) | more than 6 years ago | (#22149526)

Doesn't it seem like a bad idea for HP to be using a name that sounds like "fossile".

CU0m (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22149548)

Ohloh? (1)

Ptur (866963) | more than 6 years ago | (#22150680)

Isn't this what http://www.ohloh.net/ [ohloh.net] does (and much more)?

Re:Ohloh? (1)

triso (67491) | more than 6 years ago | (#22155702)

Isn't this what http://www.ohloh.net/ [ohloh.net] does (and much more)?
i don't think Ohloh knows what it wants to be.

Re:Ohloh? (0)

Anonymous Coward | more than 6 years ago | (#22156066)

Why do you say that?

Implications? (1)

SavvyPlayer (774432) | more than 6 years ago | (#22162402)

If an OSS developer releases a GPL v2 project that links to several libraries that use incompatible licenses, and possibly a proprietary one, does that affect in any way the developer's rights? Could the developer be held liable to correct every violation before being allowed to sue a 3rd party for infringement of his own terms? What if one of the holders of the copyrights of the linked libraries were to ignore the infringement of the developer in question and ignore the suit and any legal correspondence -- does that library developer relinquish their copyright to the public domain?

If I wrote an algorithm one year, Linus were to include it in his kernel 6 months later without attribution or paying me the 1 Spanish doubloon I required in my license as it were, and I were to not sue him after some period of time, does Linus automatically get a license to use my algorithm? What about Linus's fellow Linux developers (thousands exist)? Can Linus transfer his immunity to my copyright to another entity? Do I no longer own this copyright at all -- has the license simply expired due to my lack of vigilance?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?