Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
HP Software IT

HP Launches FOSSology Open Source Tracking Tool 62

cpudney writes "An article in Computerworld UK reports on a new open source analysis initiative launched by Hewlett-Packard. The FOSSology Project's mission is to 'build a community to facilitate the study of Free and Open Source Software by providing free data analysis tools.' The first such tool reports how an open source project is licensed. Rather than simply collecting a project's advertised license, the tool analyzes all of the source code for a given project and reports all of the licenses being used, based on the license declarations and tell-tale phrases that identify software licensing. A video demonstrating the tool applied to abiword is available. The FOSSology source code is licensed under GPLv2."
This discussion has been archived. No new comments can be posted.

HP Launches FOSSology Open Source Tracking Tool

Comments Filter:
  • by benad ( 308052 ) * on Tuesday January 22, 2008 @11:30PM (#22148846) Homepage Journal
    For those that don't want to load the video, there is two files in Abiword (hash.cpp and tword.cpp) that use the original BSD license (with the "obnoxious" advertising clause) and are incompatible with the project's GPLv2 license. Oops.
  • by mgkimsal2 ( 200677 ) on Tuesday January 22, 2008 @11:38PM (#22148926) Homepage
    While it doesn't seem fossology is addressing exactly the same problem space, I can see a project like this taking some marketshare away from commercial products like BlackDuck's protexIP and Palamida ipAmplifier. I work in a field where this would be a very useful tool, and have been wanting to build something like this ourselves and release as an open source project. The issue has always been determining a cost-effective way of keeping the indexes up to date. But rather than scanning code and looking for direct violations, this approach turns that on its head a bit and scans for licenses. This is more a forensic tool than something which can detect all types of violations - if I just took part of a GPL file and placed it in a BSD project (or my own project, for example), it doesn't seem fossology would be able to make that determination. At least, I didn't see that from the video I watched. In any event though, this is a welcome tool for people looking to quickly get a handle on what's in their code. Glad to see it out there.
    • I agree that this is a welcome tool. As companies continue to use increasing amounts of open source in their software, they need better ways of tracking it, to make sure that they comply with the licenses. This is particularly true for software companies, whether they are commercial or open source. I'm not sure that Fossology will take market share away from Black Duck or Palamida, however, since the functionality seems to be more limited. I'd be interested in hearing a review from someone who used the
      • I'm planning on trying it out in the next week. Visit [] to read a review if/when I get to it.

        Also, I agree, it may not take market share away, at least for now, but if the underpinning is good, it may be a good base to build similar BD/P functionality on top of.
    • by tlhIngan ( 30335 )

      While it doesn't seem fossology is addressing exactly the same problem space, I can see a project like this taking some marketshare away from commercial products like BlackDuck's protexIP and Palamida ipAmplifier.

      I remember a customer doing something with our code (commercial) - they scanned our submitted code against open-source code to check for violations (making sure we weren't checking in open-source code as proprietary).

      We didn't, but the output it got back was pretty enlightening. We still had to def

  • by LS ( 57954 ) on Tuesday January 22, 2008 @11:42PM (#22148966) Homepage
    A friend of mine in SF started a company a few years back called Palamida [] that provides a very similar service. I don't think their code is GPLed though.

  • by sootman ( 158191 ) on Tuesday January 22, 2008 @11:55PM (#22149086) Homepage Journal
    So, it's an open-source tool that evaluates how open-source open-source software is? Wow. If ever there was an app that demanded a recursive acronym, this is it. Any suggestions?
    • Re: (Score:3, Funny)

      by dozer ( 30790 )
    • Re: (Score:2, Funny)

      by Anonymous Coward
      If they had just called it "FOSS" (which is taken, I know. Bear with me...) then it could be "FOSS is an Open Source Scanner"

      • There are still plenty of alternatives....the first letter could be anything:

        LOSS causes profit loss
        Toss that TOSS
        Doss with DOSS
        • by LarsG ( 31008 )
          .  <- the concept of recursive acronyms

          O  <- you

          • Well, those sentences I listed weren't the actual acronyms, if that's what you're thinking...I was just giving examples of what you could say if you used them. The actual acronym would be (L/T/D)OSS is an Open Source Scanner. I shoulda been more clear on that.
    • In light of the BSD tidbit above, it could be renamed: OhNO! ... ONO's Not militantly Open enough! (where the "militantly" and "enough" are silent.)
    • Re: (Score:3, Funny)

      by jd ( 1658 )
      • TOSTOSTOS: The Open Sourceness Testing Open Source Tool for Openable Source Tarballs
      • ROSCROSC: ROSCROSC Open Source Checker Recursively Open Source Checks
      • YIARAFARACOSL: YIARAFARACOSL Is A Recursive Acronym For A Recursive Application Checking Open Source Licenses

      P.S. SCO changed their copy. If the filename starts with linux-2.6, it prints "Owned By SCO" 250 times. I hear they plan to use their version when they appeal.

    • OSSOSS
      Open Source Software Openness Scanning Software
  • Will this help reduce it? 13K sized programs with 50K licenses. Hey, a new game. Stenoproject. Find the hidden program inside the license. Kinda like Where's Waldo.
  • Off topic, but this is a pet hate of mine -- why bother sticking the logos of web standards on your page when it fails so [] thoroughly [] to comply to said standards?
  • by WallyDrinkBeer ( 1136165 ) on Wednesday January 23, 2008 @12:15AM (#22149208)
    This could be a disaster.

    SCO will run Linux through this tool and find out all the stuff in their that has /* Copyright 1982 SCO */ in the headers.

  • by Anonymous Coward
    I like seeing the move to Open Source in quite a few projects, mostly Linux/HP-UX based []. But if the internal company reorganization doesn't actually fix some problems, HP as a company is going under. (yes this is still fallout from the whole "who's leaking info to the press let's get their calling records" scandal) The only thing that is saving it from the ineptitude of the management is the talent of the onshore techs, otherwise it'd be dead already. The offshore "towers" are for the most part steaming tow
    • I tend to agree with your perspective, which is why I'm leery of HP/Compaq doing anything in the open source world.

      After watching the destruction of DEC, I know they must still have a mass of those people who can take a good thing and destroy it.
  • If we need any sort of standard, it should be the simplest of all--public domain. Maybe an XML attribute or watermark. Certain dated materials can be automatically assigned as well.
  • GPLv2? (Score:2, Funny)

    by dacut ( 243842 )

    The FOSSology source code is licensed under GPLv2
    Does it just say GPLv2 in their license file, or did they properly analyze the source to determine it was GPLv2?
  • Doesn't it seem like a bad idea for HP to be using a name that sounds like "fossile".
  • by Ptur ( 866963 )
    Isn't this what [] does (and much more)?
  • If an OSS developer releases a GPL v2 project that links to several libraries that use incompatible licenses, and possibly a proprietary one, does that affect in any way the developer's rights? Could the developer be held liable to correct every violation before being allowed to sue a 3rd party for infringement of his own terms? What if one of the holders of the copyrights of the linked libraries were to ignore the infringement of the developer in question and ignore the suit and any legal correspondence --

"my terminal is a lethal teaspoon." -- Patricia O Tuama