Until now, the software industry has been treating compliance with open source licenses as something to worry about when a product is ready to ship, and relying on more and more sophisticated tooling and heuristics to guess what the license is. Code sharing between projects (with different licenses!) has become common and enables much innovation, but causes the license detection problem to only get worse. More resources (tooling, people, time) are needed to figure out the licensing to comply with the terms of open source licenses.
In this session, we’ll look at the the Linux kernel which while it has a LICENSE file indicating it is GPL-2.0-only, actually has over 80 licenses, expressed over 1000+ ways. We’ll go through a simple solution that is being applied at the source code level in the Linux kernel to remove the guesswork from the tooling, and to simplify the analysis. This technique can be applied to any open source project. This will take us significantly closer to the goal that for every build, you know the licenses that apply (via a simple ‘grep” if you prefer) and can easily and automatically generate the artifacts to comply with those licenses.
Senior Director of Strategic Programs, Linux Foundation
Kate Stewart is a Senior Director of Strategic Programs, responsible for Embedded and Open Compliance programs. Since joining The Linux Foundation, she has launched Real-Time Linux, Zephyr Project, CHAOSS, and ELISA.