License integration patterns: Addressing license mismatches in component-based development

In this paper we address the problem of combining software components with different and possibly incompatible legal licenses to create a software application that does not violate any of these licenses while potentially having its own. We call this problem the license mismatch problem. The rapid growth and availability of Open Source Software (OSS) components with varying licenses, and the existence of more than 70 OSS licenses increases the complexity of this problem. Based on a study of 124 OSS software packages, we developed a model which describes the interconnection of components in these packages from a legal point of view. We used our model to document integration patterns that are commonly used to solve the license mismatch problem in practice when creating both proprietary and OSS applications. Software engineers with little legal expertise could use these documented patterns to understand and address the legal issues involved in reusing components with different and possibly conflicting licenses.

[1]  Jesús M. González-Barahona,et al.  Mining large software compilations over time: another perspective of software evolution , 2006, MSR '06.

[2]  Modhura Roy Substantial Similarity in Copyright Law , 2010 .

[3]  Nancy J. Mertzel Copying 0.03 percent of software code base not ‘de minimis’ , 2008 .

[4]  Daniel M. Germán,et al.  A Model to Understand the Building and Running Inter-Dependencies of Software , 2007, 14th Working Conference on Reverse Engineering (WCRE 2007).

[5]  T. R. Madanmohan Open Source Reuse in Commercial Firms Using Open Source Components Raises Many Issues, from Requirements Negotiation to Product Selection and Integration. a Recent Study of Projects Using Open Source Revealed Component Selection Criteria, Best Practices, and Other Related Issues , 2022 .

[6]  Sorin Lerner,et al.  OPIUM: Optimal Package Install/Uninstall Manager , 2007, 29th International Conference on Software Engineering (ICSE'07).

[7]  David Garlan,et al.  Architectural Mismatch or Why it's hard to build systems out of existing parts , 1995, 1995 17th International Conference on Software Engineering.

[8]  Rahul De',et al.  Notice of Violation of IEEE Publication PrinciplesOpen source reuse in commercial firms , 2004, IEEE Software.

[9]  Christof Ebert,et al.  Using open source software in product development: a primer , 2004, IEEE Software.

[10]  Brian Fitzgerald,et al.  Legal Aspects of Free and Open Source Software , 2007 .

[11]  Dragan Gasevic,et al.  Open Source Software: All You Do Is Put It Together , 2007, IEEE Software.

[12]  Peyman Oreizy,et al.  Reuse of off-the-shelf components in C2-style architectures , 1997, ICSE '97.

[13]  Melville B. Nimmer,et al.  Nimmer on Copyright , 1963 .

[14]  Andrew M. St. Laurent Understanding Open Source and Free Software Licensing , 2004 .

[15]  Lawrence Rosen,et al.  Open Source Licensing: Software Freedom and Intellectual Property Law , 2004 .

[16]  Mitch Bayersdorfer Managing a project with open source components , 2007, INTR.

[17]  Lin Luo,et al.  A code provenance management tool for ip-aware software development , 2008, ICSE Companion '08.

[18]  Stanley Lai The copyright protection of computer software in the United Kingdom , 2000 .

[19]  Paul Goldstein,et al.  International Copyright: Principles, Law, and Practice , 2001 .

[20]  Robert Gobeille,et al.  The FOSSology project , 2008, MSR '08.

[21]  Barry W. Boehm,et al.  A Framework for the Assessment and Selection of Software Components and Connectors in COTS-Based Architectures , 2007, 2007 Working IEEE/IFIP Conference on Software Architecture (WICSA'07).

[22]  J. Davenport Editor , 1960 .

[23]  Andrew Beckerman-Rodau Protecting Computer Software: After Apple Computer, Inc. V. Franklin Computer Corp., 714 F.2d 1240 (3d Cir. 1983), Does Copyright Provide the Best Protection? , 1984 .