[HN Gopher] Investigating whether and how devs understand open-s... ___________________________________________________________________ Investigating whether and how devs understand open-source software licensing Author : luu Score : 13 points Date : 2020-04-26 10:35 UTC (12 hours ago) (HTM) web link (link.springer.com) (TXT) w3m dump (link.springer.com) | belorn wrote: | > The interviews with software developers also may not represent | all themes that arise in license incompatibility scenarios... | They came from organizations that had between 51 and 1000 | employees. Licensing incompatibility issues might be more or less | frequent in organizations of different sizes and the themes that | emerged could be different given a different population. | | I wonder how representative this study is for the debian | community and all the packages listed in the repository. | | Looking at the quotes, it seems the typical developer in the | study is one delivering products to customer, which I guess, the | customer either own the copyright to in the end or want to | integrate into proprietary systems. | wrs wrote: | Aside from understanding the license, you have to remember to | _look_ for the license. | | For example, Stack Overflow content is very nonintuitively | licensed CC-BY-SA, so if you copy and paste code from Stack | Overflow (who doesn't?) it's essentially the same as including | GPL code. Apparently there was a movement to MIT-license the code | (as opposed to the textual content) that failed for some reason, | so this is now a ticking time bomb. (And if you try to sell your | company, the acquirer _will_ find that code in diligence.) | | Even worse, ruby-forum.com is CC-BY-NC-SA, so you can't use code | from there for commercial purposes in the first place, never mind | the copyleft aspect. | cycloptic wrote: | With the amount of copy-pasting going on it should be required | by any company developers at this point to attach SPDX | copyright and licensing statements [0] to everything that | passes through their text editor. I recently watched a talk at | FOSDEM about a neat tool called REUSE [1] that will audit your | project for these statements and spit out a bill of materials. | | [0]: https://spdx.org/using-spdx-license-identifier | | [1]: https://reuse.software/tutorial/ | saagarjha wrote: | > their text editor | | Good luck getting this to work with every text editor your | engineers will use, and not having them revolt because it | messes with their workflow... | cycloptic wrote: | It really doesn't mess with any workflow. It's asking them | to write the copyright information at the top of the file | when they copy something from Github or whatever. The tool | can do it in an automated fashion and ensure you do it | right before check-in. It's good practice to do this when | contributing something upstream too. You'll usually want | the engineer to add your company's name and copyright info | if they do it on company time. | | I would actually raise an eyebrow if your engineers were | resistant to keeping a written log of copyright information | based on workflow grounds. That could indicate that there | is a lot more copy-pasting going on that they don't want | you to know about -- when the code is 100% written by the | same team without copy-pasting then there is a lot less | question on who owns what. And I don't mean that to | discourage teams from reusing open source components, but | rather to help them understand that there are associated | bookkeeping costs that can potentially be reduced with the | right workflow. | Rochus wrote: | Interesting paper. Actually it's not only the developers who are | challenged. Even lawyers often have trouble understanding these | licenses, because often formulations are used that are not | written by lawyers and are not common. Moreover, final clarity on | the exact interpretation and effect of these licences will only | be achieved once there are judgments from the highest courts. And | since every country has its own legal system and there are many | different aspects to clarify, many such judgments are needed. So | the matter is not so simple. Whether the developers understand | the licenses or not is just one of many problems. ___________________________________________________________________ (page generated 2020-04-26 23:00 UTC)