hngopher.com

       [HN Gopher] Investigating whether and how devs understand open-s...
       ___________________________________________________________________
        
       Investigating whether and how devs understand open-source software
       licensing
        
       Author : luu
       Score  : 13 points
       Date   : 2020-04-26 10:35 UTC (12 hours ago)
        
 (HTM) web link (link.springer.com)
 (TXT) w3m dump (link.springer.com)
        
       | belorn wrote:
       | > The interviews with software developers also may not represent
       | all themes that arise in license incompatibility scenarios...
       | They came from organizations that had between 51 and 1000
       | employees. Licensing incompatibility issues might be more or less
       | frequent in organizations of different sizes and the themes that
       | emerged could be different given a different population.
       | 
       | I wonder how representative this study is for the debian
       | community and all the packages listed in the repository.
       | 
       | Looking at the quotes, it seems the typical developer in the
       | study is one delivering products to customer, which I guess, the
       | customer either own the copyright to in the end or want to
       | integrate into proprietary systems.
        
       | wrs wrote:
       | Aside from understanding the license, you have to remember to
       | _look_ for the license.
       | 
       | For example, Stack Overflow content is very nonintuitively
       | licensed CC-BY-SA, so if you copy and paste code from Stack
       | Overflow (who doesn't?) it's essentially the same as including
       | GPL code. Apparently there was a movement to MIT-license the code
       | (as opposed to the textual content) that failed for some reason,
       | so this is now a ticking time bomb. (And if you try to sell your
       | company, the acquirer _will_ find that code in diligence.)
       | 
       | Even worse, ruby-forum.com is CC-BY-NC-SA, so you can't use code
       | from there for commercial purposes in the first place, never mind
       | the copyleft aspect.
        
         | cycloptic wrote:
         | With the amount of copy-pasting going on it should be required
         | by any company developers at this point to attach SPDX
         | copyright and licensing statements [0] to everything that
         | passes through their text editor. I recently watched a talk at
         | FOSDEM about a neat tool called REUSE [1] that will audit your
         | project for these statements and spit out a bill of materials.
         | 
         | [0]: https://spdx.org/using-spdx-license-identifier
         | 
         | [1]: https://reuse.software/tutorial/
        
           | saagarjha wrote:
           | > their text editor
           | 
           | Good luck getting this to work with every text editor your
           | engineers will use, and not having them revolt because it
           | messes with their workflow...
        
             | cycloptic wrote:
             | It really doesn't mess with any workflow. It's asking them
             | to write the copyright information at the top of the file
             | when they copy something from Github or whatever. The tool
             | can do it in an automated fashion and ensure you do it
             | right before check-in. It's good practice to do this when
             | contributing something upstream too. You'll usually want
             | the engineer to add your company's name and copyright info
             | if they do it on company time.
             | 
             | I would actually raise an eyebrow if your engineers were
             | resistant to keeping a written log of copyright information
             | based on workflow grounds. That could indicate that there
             | is a lot more copy-pasting going on that they don't want
             | you to know about -- when the code is 100% written by the
             | same team without copy-pasting then there is a lot less
             | question on who owns what. And I don't mean that to
             | discourage teams from reusing open source components, but
             | rather to help them understand that there are associated
             | bookkeeping costs that can potentially be reduced with the
             | right workflow.
        
       | Rochus wrote:
       | Interesting paper. Actually it's not only the developers who are
       | challenged. Even lawyers often have trouble understanding these
       | licenses, because often formulations are used that are not
       | written by lawyers and are not common. Moreover, final clarity on
       | the exact interpretation and effect of these licences will only
       | be achieved once there are judgments from the highest courts. And
       | since every country has its own legal system and there are many
       | different aspects to clarify, many such judgments are needed. So
       | the matter is not so simple. Whether the developers understand
       | the licenses or not is just one of many problems.
        
       ___________________________________________________________________
       (page generated 2020-04-26 23:00 UTC)