WO2018008810A1 - Procédé d'inspection de conflit entre des licences de code source libre sur la base d'un point caractéristique - Google Patents

Procédé d'inspection de conflit entre des licences de code source libre sur la base d'un point caractéristique Download PDF

Info

Publication number
WO2018008810A1
WO2018008810A1 PCT/KR2016/012980 KR2016012980W WO2018008810A1 WO 2018008810 A1 WO2018008810 A1 WO 2018008810A1 KR 2016012980 W KR2016012980 W KR 2016012980W WO 2018008810 A1 WO2018008810 A1 WO 2018008810A1
Authority
WO
WIPO (PCT)
Prior art keywords
license
feature point
conflict
profile set
collision
Prior art date
Application number
PCT/KR2016/012980
Other languages
English (en)
Korean (ko)
Inventor
김민수
조용준
신동명
연지영
Original Assignee
엘에스웨어(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 엘에스웨어(주) filed Critical 엘에스웨어(주)
Priority to JP2019520340A priority Critical patent/JP6681519B2/ja
Publication of WO2018008810A1 publication Critical patent/WO2018008810A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating

Definitions

  • the present invention relates to a method for detecting a conflict between open source licenses, and more particularly, to a method for detecting a conflict between open source licenses based on feature points.
  • Open-source embedded software is used in the development of set-top boxes and security devices, but often lacks a clear understanding of open-source licenses, which often leads to legal proceedings.
  • Open source licenses vary widely, and there are currently 78 officially certified licenses from the Open Source Initiative (OSI) and more than 120 licenses used by the Software Package Data Exchange (SPDX) group.
  • OSI Open Source Initiative
  • SPDX Software Package Data Exchange
  • An object of the present invention is to provide a method for automating conflict checking between open source licenses.
  • an open source license collision checking method includes (a) receiving an expression value for each feature point for a given first license, and expressing each feature point for a given second license. Receiving a value; And (b) determining whether there is a conflict between the first license and the second license using an expression value for each feature point of the first license and an expression value for each feature point of the second license. It features.
  • Step (b) may include: (b1) defining a profile set, which is a set of feature point profiles defined by feature points and expression values, for the second license; (b2) a collision profile set indicating which feature point of any license has a corresponding feature point of the first license based on the expression value of each feature point of the first license, and which feature value has any representation value for each feature point; and Defining a list of conflict profile sets; And (b3) comparing each conflict profile set included in the conflict profile set list with a profile set of the second license to determine whether there is a conflict between the first license and the second license.
  • step (b3) when a conflict profile set included in the conflict profile set list belongs to the profile set of the second license, it may be determined that the first license and the second license collide with each other.
  • step (b) when it is determined in step (b) that the first license and the second license collide with each other, there is a feature point included only in the first license and not included in the second license. If a second license has an optional clause and all of the feature points included only in the first license are included in the optional clause of the second license, the feature is included only in the first license in the second license instead of the second license.
  • the method may further include performing steps (a) and (b) for the license to which the corresponding selection clause is added.
  • the method may further include performing steps (a) and (b) for the other license instead of the first license.
  • a computer-readable recording medium having recorded thereon a program for executing a method for checking a conflict between open source licenses according to the present invention.
  • collision checking between open source licenses can be automated.
  • 1 is a flowchart of a method for checking a collision between licenses according to an embodiment of the present invention.
  • FIGS. 2 and 3 illustrate a flowchart of a method for checking a collision between licenses according to another embodiment of the present invention.
  • FIG. 4 shows a license compatibility matrix of a result of performing a collision check according to an embodiment of the present invention.
  • a license is a contract that specifies what the user of the work to which it applies must abide.
  • Distributor Distributor of the original work.
  • Use License A license applied by a Distributor to a work you receive.
  • Redistribution is the distribution of a work (derived work, derivative works) used by a user of a work as 1) as it is, 2) modified work, or 3) as part of a work. Redistributions are referred to as redistributions.
  • Distribution License The license you apply to a Redistribution when you distribute it.
  • Relicense The application of a new (fixed) license instead of any license applied.
  • a method for checking a conflict between two licenses when a user of any work to which an open source license is applied intends to redistribute to a license different from the license applied to the original work. That is, for convenience of description, a method of checking a conflict between a use license and a distribution license will be described as an example. However, the embodiment of the present invention may be applied to a method for checking a conflict between any two licenses, in which case the 'use license' may be generalized to 'first license' and the distribution license may be generalized to 'second license'.
  • a work is distributed under any use license
  • the user of the original work must comply with the terms of that use license.
  • the user of the redistributed work must follow the distribution license you applied instead of the use license of the original work.
  • the work that is distributed in particular the licenses that apply to the FOSS software, generally sets forth the rights to grant the use of the work, the prohibitions, and the matters to be observed at the time of redistribution.
  • any use license imposes any restrictions on redistribution, you must select a distribution license under that restriction.
  • This restriction refers to any restriction that is directly or indirectly related to redistribution.
  • the license compatibility problem may be defined as follows.
  • the feature points refer to respective provisions or provisions indicating a connection relationship, distribution obligations, modifications, rights to patents, private use, license maintenance, trademark use rights, and the like, in any license.
  • Each license l i is the representation of all feature points FP. Can be defined by assigning from the contents of the license.
  • the expression values for the feature points can be defined by analyzing the contents of the license manually or automatically.
  • the feature point profile fpp x can be defined as follows.
  • license l i for each feature point feature points of the profile of the set of profiles set of feature point profile for a license l i can be defined as In particular, redistribution issues between licenses consist of a use license l o (original license) and a distribution license l t (target license) ( ⁇ l o , l t ⁇ ⁇ L).
  • Non-billable charges for distribution of source code usually the minimum charges for distribution, so if a claim is not possible, show the clause in the matrix
  • Patent implementation permission To explicitly provide permission to use patent rights for source code, etc.
  • Patent retaliation clause expressly stipulates permission to use patent rights for source code, etc.
  • Prohibition of discriminatory license Prohibition of discrimination in granting patent license (Granting patent license to A, X to B)
  • Can be used in conjunction with a 'specific license' (e.g. GPL 3.0 and AGPL 3.0)
  • a 'specific license' e.g. GPL 3.0 and AGPL 3.0
  • 1 is a flowchart of a method for checking a collision between licenses according to an embodiment of the present invention.
  • step 110 an expression value for each feature point is input for a given use license l o , and an expression value for each feature point is input for a given distribution license l t .
  • step 120 for the distribution license l t , a profile set that is a set of feature point profiles defined by feature points and expression values Define.
  • the use license l o each based on the expression values of the feature point, a random distribution which feature point is set conflicts profile indicating conflicts with the feature point in the use license if it has any expression value (conflict of licenses for each feature point of the profile set) Defines the list of ps i and the collision profile set cpsl (l o , fp x ). The list of conflict profile sets is determined by what representation the license has for each feature.
  • the collision profile set for the i th feature point may include only the feature profile for the i th feature point (if there is only one element of the collision profile set), or the other j th feature point with the feature profile for the i th feature point. It may also include a feature point profile for the case (if more than one element of the collision profile set).
  • step 140 it is determined whether the use license and the distribution license collide by comparing each conflict profile set ps i included in the list of conflict profile sets cpsl (l o , fp x ) with the profile set ps (l t ) of the distribution license. do.
  • a conflicting profile set ps i ⁇ cpsl (l o , fp x ) is ps i ⁇ ps (l t )
  • a conflicting profile set ps i belongs to the distribution license's profile set ps (l t )
  • Use licenses and distribution licenses can be considered conflicting.
  • a judgment set profile and a judgment profile indicating whether to reserve a judgment on whether or not to collide with a set of profiles for judgment reservations, i.
  • FIG. 2 and 3 illustrate a flowchart of a method for checking a collision between licenses according to another embodiment of the present invention.
  • This embodiment is a recursive collision checking method considering the license selection clause and the conversion clause, and is composed of Routine 1 (FIG. 2) and Routine 2 (FIG. 3).
  • the optional provisions are invalid in the default state of the license, but are restrictions and permissions that may be valid at the discretion of the distributor. Even if the restrictions in the use license are not included in the distribution license by default, the use license and the distribution license can be compatible by deploying the user with the corresponding selection in the distribution license.
  • a use license contains a translation clause, that is, a provision for redistribution of a work distributed under a use license to another license specified by the conversion clause
  • the use license and distribution license are indirectly provided that the specified license and distribution license are compatible. It is compatible.
  • step 100 a collision checking method between the use license and the distribution license is checked through the collision checking method described above with reference to FIG. 1.
  • step 210 if it is determined to be compatible, the process proceeds to step 250 to determine compatibility.
  • step 210 if it is determined that there is a conflict, the process proceeds to step 220, in which it is determined whether the distribution license has a selection clause or the use license has a conversion clause, that is, whether to allow conversion to another license.
  • step 220 If the distribution license does not have an optional clause in step 220 and the use license does not have a conversion clause, the process proceeds to step 260 to determine a conflict (incompatibility).
  • step 220 If the distribution license has an optional clause at step 220 or the use license has a conversion clause, the process proceeds to step 230 and the license is checked again according to the flowchart shown in FIG. 3 (call Routine 2).
  • step 240 If it is determined in step 240 that the retest according to Routine 2 is compatible, the process proceeds to step 250 to determine compatibility.
  • step 240 if it is determined that the collision results from the retest according to Routine 2, the process proceeds to step 260 to determine a collision (incompatibility).
  • step 310 it is determined whether a feature point that is not included in the distribution license but included only in the use license exists.
  • These feature points correspond to feature points whose expression value is 'NoMention' in the case of a distribution license and 'Positive' or 'Negative' in the case of a use license.
  • step 350 If there are no feature points included in the use license and not included in the distribution license, the process proceeds to step 350 and, if present, the process proceeds to step 320.
  • step 320 it is determined whether all of the feature points included in the use license are included in the selection clause of the distribution license. If the feature points included only in the use license are not included in the selection clause of the distribution license, the process proceeds to step 350, and if all are included, the process proceeds to step 330.
  • step 330 instead of the distribution license, the license in which the selection clause is added to the distribution license is checked according to the flowchart of FIG. 2 (call Routine 1).
  • step 340 if it is determined that the result of the routine 1 is compatible, the process proceeds to step 370 to determine compatibility.
  • step 340 if it is determined that the collision results from the execution of Routine 1, the flow proceeds to step 350.
  • step 350 instead of the use license, the license is checked for a license conflict according to the flowchart of FIG. 2 with respect to another license to which the use license allows conversion (call Routine 1).
  • step 360 if it is determined that any of the other licenses for which the use license is allowed to be converted is compatible with the distribution license, the process proceeds to step 370 to determine compatibility.
  • step 360 If it is determined in step 360 that all of the other licenses for which the use license permits conversion conflict with the distribution license, the process proceeds to step 380 to determine a conflict (incompatibility).
  • GPL 2.0 is not compatible with GPL 3.0 on its own but is compatible with GPL 3.0 through another license that allows conversion.
  • CeCILL 2.1 is not compatible with GPL 2.0 or GPL 3.0 on its own, but is compatible with GPL 2.0 and GPL 3.0 through another license that allows conversion.
  • the above-described embodiments of the present invention can be written as a program that can be executed in a computer, and can be implemented in a general-purpose digital computer that operates the program using a computer-readable recording medium.
  • the computer-readable recording medium may include a storage medium such as a magnetic storage medium (eg, a ROM, a floppy disk, a hard disk, etc.) and an optical reading medium (eg, a CD-ROM, a DVD, etc.).
  • the present invention can be used in the field of software development for license checking of open source software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé d'inspection d'un conflit entre des licences de code source libre, comprenant les étapes suivantes : (a) réception d'une valeur d'expression pour chaque point caractéristique par rapport à une première licence donnée et réception d'une valeur d'expression pour chaque point caractéristique par rapport à une deuxième licence donnée ; et (b) détermination du fait que la première licence et la deuxième licence sont ou non en conflit l'une avec l'autre en utilisant la valeur d'expression pour chaque point caractéristique de la première licence et la valeur d'expression pour chaque point caractéristique de la deuxième licence.
PCT/KR2016/012980 2016-07-05 2016-11-11 Procédé d'inspection de conflit entre des licences de code source libre sur la base d'un point caractéristique WO2018008810A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2019520340A JP6681519B2 (ja) 2016-07-05 2016-11-11 特徴点基盤のオープンソースライセンス間の衝突検査方法

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2016-0084786 2016-07-05
KR1020160084786A KR101766859B1 (ko) 2016-07-05 2016-07-05 특징점 기반의 오픈소스 라이선스 간 충돌 검사 방법

Publications (1)

Publication Number Publication Date
WO2018008810A1 true WO2018008810A1 (fr) 2018-01-11

Family

ID=59925089

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2016/012980 WO2018008810A1 (fr) 2016-07-05 2016-11-11 Procédé d'inspection de conflit entre des licences de code source libre sur la base d'un point caractéristique

Country Status (3)

Country Link
JP (1) JP6681519B2 (fr)
KR (1) KR101766859B1 (fr)
WO (1) WO2018008810A1 (fr)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005099963A (ja) * 2003-09-22 2005-04-14 Konica Minolta Photo Imaging Inc ライセンス管理システム及びライセンス管理方法並びにライセンス管理用記録媒体
KR20130142692A (ko) * 2012-06-20 2013-12-30 삼성전자주식회사 라이선스 검증 방법, 그 장치 및 이를 실행하기 위한 프로그램이 기록된 컴퓨터로 읽을 수 있는 기록 매체
KR20140050323A (ko) * 2012-10-19 2014-04-29 삼성전자주식회사 라이선스 검증 방법 및 그 장치
KR20160056341A (ko) * 2014-11-10 2016-05-20 엘에스웨어(주) 호환 오픈소스 소프트웨어 추천 시스템 및 방법

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005099963A (ja) * 2003-09-22 2005-04-14 Konica Minolta Photo Imaging Inc ライセンス管理システム及びライセンス管理方法並びにライセンス管理用記録媒体
KR20130142692A (ko) * 2012-06-20 2013-12-30 삼성전자주식회사 라이선스 검증 방법, 그 장치 및 이를 실행하기 위한 프로그램이 기록된 컴퓨터로 읽을 수 있는 기록 매체
KR20140050323A (ko) * 2012-10-19 2014-04-29 삼성전자주식회사 라이선스 검증 방법 및 그 장치
KR20160056341A (ko) * 2014-11-10 2016-05-20 엘에스웨어(주) 호환 오픈소스 소프트웨어 추천 시스템 및 방법

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PARK, JUN-SEOK: "(A) Study on the Open Source Software Management Framework Development and its Applying Strategies for Structural Resolution of License Conflicts", GRADUATE SCHOOL OF SANG MYUNG UNIVERSITY DOCTORAL THESIS, February 2015 (2015-02-01), pages 1 - 113 *

Also Published As

Publication number Publication date
JP2019520665A (ja) 2019-07-18
JP6681519B2 (ja) 2020-04-15
KR101766859B1 (ko) 2017-09-06

Similar Documents

Publication Publication Date Title
WO2018056601A1 (fr) Dispositif et procédé de blocage de rançongiciel à l'aide d'une commande d'accès à un fichier de contenu
WO2015034175A1 (fr) Procédé, système, et appareil d'amélioration de sécurité d'informations internes d'entreprise
WO2010087678A2 (fr) Système et procédé de sécurité de presse-papier
WO2014119936A1 (fr) Procédé et appareil de traitement de logiciel à l'aide d'une fonction de hachage pour sécuriser le logiciel, et support lisible par ordinateur stockant des instructions exécutables pour mettre en œuvre le procédé
WO2011031093A2 (fr) Dispositif et procédé de gestion des droits numériques à l'aide d'une technique de virtualisation
WO2017213473A1 (fr) Procédé de gestion de fichiers et appareil l'utilisant
WO2020224249A1 (fr) Procédé, dispositif et appareil de traitement de transaction basé sur chaîne de blocs, et support de stockage associé
WO2022260254A1 (fr) Procédé de détection de code android malveillant sur dispositif basé sur un modèle adaptatif par apprentissage par transfert et support d'enregistrement et appareil pour sa mise en œuvre
CN103065072B (zh) 提高Java软件破解难度的方法及装置、版权验证方法
WO2015160118A1 (fr) Procédé et appareil de contrôle d'accès de programme d'application pour zone de mémoire sécurisée
WO2022019500A1 (fr) Procédé pour fournir un entraînement pratique compensé pour des participants à un entraînement pratique pour un projet basé sur une externalisation ouverte pour générer des données d'apprentissage d'intelligence artificielle, dispositif associé et programme informatique pour celui-ci
WO2021040265A1 (fr) Procédé et dispositif de mesure de compétence de travailleur à l'aide d'un taux de retour moyen
WO2016111525A1 (fr) Procédé de commande de transfert de code source, programme informatique et support d'enregistrement associés
WO2014088262A1 (fr) Dispositif et procédé de détection d'applications frauduleuses/modifiées
WO2021085718A1 (fr) Dispositif de prévention et de blocage de publication de contenu nuisible
WO2018016671A2 (fr) Système de détection de code dangereux conçu pour vérifier une vulnérabilité de sécurité et procédé associé
WO2023153558A1 (fr) Procédé de gestion de l'autorité sur des ressources incluses dans un document structuré, et appareil l'utilisant
WO2022124720A1 (fr) Procédé de détection d'erreur de la mémoire de noyau du système d'exploitation en temps réel
WO2018008810A1 (fr) Procédé d'inspection de conflit entre des licences de code source libre sur la base d'un point caractéristique
WO2020153580A1 (fr) Procédé de traitement de transaction faisant intervenir un nœud externe sur une chaîne de blocs et appareil permettant de mettre en œuvre le procédé
WO2023282442A1 (fr) Procédé de conception pour partager un profil dans un environnement de récipient, et support d'enregistrement et appareil de mise en œuvre associé
WO2011065768A2 (fr) Procédé de protection d'application et procédé d'exécution de l'application utilisant ledit procédé
WO2018151384A1 (fr) Procédé de modélisation de données de communication
WO2023113081A1 (fr) Procédé, appareil et support d'enregistrement lisible par ordinateur servant à commander l'exécution d'une charge de travail de conteneur dans un schéma de diffusion en continu d'événements dans un environnement infonuagique
WO2023200059A1 (fr) Procédé de fourniture d'une recommandation de conception et d'une proposition finale pour un produit à commercialiser et appareil associé

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16908252

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2019520340

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16908252

Country of ref document: EP

Kind code of ref document: A1