Open Source License Inconsistencies on GitHub

Almost all software, open or closed, builds on open source software and therefore needs to comply with the license obligations of the open source code. Not knowing which licenses to comply with poses a legal danger to anyone using open source software. This article investigates the extent of inconsi...

Full description

Saved in:
Bibliographic Details
Published in:ACM transactions on software engineering and methodology 2023-07, Vol.32 (5), p.1-23, Article 110
Main Authors: Wolter, Thomas, Barcomb, Ann, Riehle, Dirk, Harutyunyan, Nikolay
Format: Article
Language:English
Subjects:
Licensing
Open source model
Risk management
Social and professional topics
Software and its engineering
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Almost all software, open or closed, builds on open source software and therefore needs to comply with the license obligations of the open source code. Not knowing which licenses to comply with poses a legal danger to anyone using open source software. This article investigates the extent of inconsistencies between licenses declared by an open source project at the top level of the repository and the licenses found in the code. We analyzed a sample of 1,000 open source GitHub repositories. We find that about half of the repositories did not fully declare all licenses found in the code. Of these, approximately 10% represented a permissive vs. copyleft license mismatch. Furthermore, existing tools cannot fully identify licences. We conclude that users of open source code should not just look at the declared licenses of the open source code they intend to use, but rather examine the software to understand its actual licenses.
ISSN:1049-331X
1557-7392
DOI:10.1145/3571852