From c46260d52a1f99627f93e65cc4559c08c7d28443 Mon Sep 17 00:00:00 2001 From: Xingyu Wang Date: Mon, 26 Jun 2023 18:25:47 +0800 Subject: [PATCH] ATRP @wxy https://linux.cn/article-15944-1.html --- ...revent Open Source Licensing Violations.md | 52 +++++++++++++++++++ ...revent Open Source Licensing Violations.md | 46 ---------------- 2 files changed, 52 insertions(+), 46 deletions(-) create mode 100644 published/20220819 5 Ways To Prevent Open Source Licensing Violations.md delete mode 100644 sources/tech/20220819 5 Ways To Prevent Open Source Licensing Violations.md diff --git a/published/20220819 5 Ways To Prevent Open Source Licensing Violations.md b/published/20220819 5 Ways To Prevent Open Source Licensing Violations.md new file mode 100644 index 0000000000..3fc41b523d --- /dev/null +++ b/published/20220819 5 Ways To Prevent Open Source Licensing Violations.md @@ -0,0 +1,52 @@ +[#]: subject: "5 Ways To Prevent Open Source Licensing Violations" +[#]: via: "https://www.opensourceforu.com/2022/08/5-ways-to-prevent-open-source-licensing-violations/" +[#]: author: "Laveesh Kocher https://www.opensourceforu.com/author/laveesh-kocher/" +[#]: collector: "lkxed" +[#]: translator: "ChatGPT" +[#]: reviewer: "wxy" +[#]: publisher: "wxy" +[#]: url: "https://linux.cn/article-15944-1.html" + +5 种预防开源许可违规的方法 +====== + +![][0] + +开发人员可以通过将开源软件集成到其代码库中,节省时间并避免重复发明轮子。然而,这也带来了严重的许可侵权风险。你必须遵守适用于重新使用的开源代码的众多开源许可证之一。如果你不这样做,你(或你所在公司)有可能因违反开源许可证条款而被起诉。即使这种诉讼并不普遍发生,它们确实存在。实际上,考虑到现在许多开源项目由希望保护其在开源社区中的投资的企业运营,这种情况在未来可能更加频繁发生。 + +### 1、熟悉开源许可证 + +了解开源许可证是防止开源许可侵权问题中最重要的一步。很容易认为所有开源许可证都施加相同的条件,或者它们都基本要求源代码的持续可用性。实际上,有数十种不同的开源许可证,它们都有着非常不同的条款。简单地认为只要你从一个开源项目获取代码,你可以随意使用它并保持源代码可访问,这是一个严重的错误。几个开源许可证的一个典型但经常被忽视的条件可能是需要向原始作者提供致谢。 + +### 2、记录你使用的开源内容 + +建立一个标准化的方法来记录你使用开源代码的情况是一个优秀的做法。导入模块或从 GitHub 粘贴代码并不难。但如果你不追踪代码来自何处以及使用了何种许可证,你可能会忘记在代码库中如何以及在哪里集成开源内容。此外,如果你在借用代码时无法证明自己遵守了有效的许可条件,那么在开源许可证发生变化时可能会产生问题。考虑在文档维基(如果有的话)中添加一个页面,列出你使用的开源代码,以避免出现这个问题。每当你包含开源组件或依赖时,至少在你自己的源代码中添加注释。 + +### 3、避免使用未经授权的开源组件 + +有时,你可能会偶然发现一个隐藏的 GitHub 存储库或其他源代码托管位置,其中包含你希望使用的代码,但没有提到任何许可指南。你可能会认为代码的创建者希望让其成为开源代码,并且你可以根据自己的意愿使用它。但这是一个危险的假设。开发人员可能会后续对代码设置特定的许可条件,并要求你遵守这些条件,这可能导致未来产生许可侵权的指控。除非你有非常充分的理由,否则避免使用缺乏明确许可限制的模糊代码。 + +### 4、创建自己的开源代码 + +将你自己的软件完全开源是减少与开源许可相关风险的一种方法。这意味着你将自动遵守任何要求保留派生源代码的开源许可条件。然而,请记住,仅仅开放你自己的代码并不能确保完全遵守许可证。你仍然需要努力确保你遵守每个许可证的规定,因为适用于你借用的代码的许可证可能与你选择的开源许可证不同。然而,你无需担心与源代码共享相关的任何条款。 + +### 5、自动检测开源组件 + +虽然在代码库内手动跟踪你如何使用开源是很好的做法,但通过使用能够自动识别开源组件和依赖项的软件,你可以降低出错的可能性。在这里,我们应该考虑两种不同类型的工具。一种是源代码组成分析(SCA)软件,它会自动扫描源代码并识别从值得信任的外部来源获取的元素。另一种是软件供应链管理解决方案,除其他功能外,还支持查找和监控应用程序堆栈中的任何开源依赖项。 + +*(题图:MJ/2168d466-cfc3-47de-a8a5-fc7ebaaa445f)* + +-------------------------------------------------------------------------------- + +via: https://www.opensourceforu.com/2022/08/5-ways-to-prevent-open-source-licensing-violations/ + +作者:[Laveesh Kocher][a] +选题:[lkxed][b] +译者:ChatGPT +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.opensourceforu.com/author/laveesh-kocher/ +[b]: https://github.com/lkxed +[0]: https://img.linux.net.cn/data/attachment/album/202306/26/182415zqdgqmmwlt2qn7zu.jpg \ No newline at end of file diff --git a/sources/tech/20220819 5 Ways To Prevent Open Source Licensing Violations.md b/sources/tech/20220819 5 Ways To Prevent Open Source Licensing Violations.md deleted file mode 100644 index fccc502b7a..0000000000 --- a/sources/tech/20220819 5 Ways To Prevent Open Source Licensing Violations.md +++ /dev/null @@ -1,46 +0,0 @@ -[#]: subject: "5 Ways To Prevent Open Source Licensing Violations" -[#]: via: "https://www.opensourceforu.com/2022/08/5-ways-to-prevent-open-source-licensing-violations/" -[#]: author: "Laveesh Kocher https://www.opensourceforu.com/author/laveesh-kocher/" -[#]: collector: "lkxed" -[#]: translator: " " -[#]: reviewer: " " -[#]: publisher: " " -[#]: url: " " - -5 Ways To Prevent Open Source Licensing Violations -====== -Developers can save time and avoid having to reinvent the wheel by integrating open source software into their codebases. However, it also carries a significant danger of infringement on licences. You must adhere to whatever of the many open source licences that apply to reused open source code. If you don’t, you (or the company you work for) run the danger of being sued for breaking the terms of the open source licences. Even if these lawsuits are not widespread, they do occur. In fact, given that many open source projects are now run by businesses keen to protect their investment in open source communities, they may occur more frequently in the future. - -1. Become familiar with open source licencing - -Understanding open source licences is the single most crucial step in preventing concerns with open source licencing infringement. It’s simple to think that all open source licences impose the same conditions or that they all essentially call for the continued availability of the source code. In fact, there are dozens upon dozens of different open source licences, and they all have quite different terms. It’s a grave error to believe that simply because you get code from an open source project, you can use it whatever you like as long as you maintain the source code accessible. One typical — yet frequently missed — condition of several open source licences can be the necessity to provide credit to the original authors. - -1. Record Your Use of Open Source - -Creating a standardised method for documenting when you use open source code is a second excellent practise. Importing a module or pasting code from GitHub is simple enough. But if you don’t keep track of where that code comes from or under what licence, you can forget how and where you’re integrating open source into your codebase. Additionally, it becomes more difficult to demonstrate that you complied with the licencing conditions in effect when you borrowed the code, which could be problematic if the open source licence in force changes. Consider adding a page to your documentation wiki (if you have one) that lists the open source code you used to avoid this problem. Whenever you include open source components or dependencies, you should at the very least add comments inside your own source code. - -1. Steer clear of unauthorised open source components - -There are occasions when you may stumble across a hidden GitHub repository or other source code hosting location that has code you wish to use but doesn’t mention any licence guidelines. You could be tempted to believe that the creators of the code want it to be open source and that you can use it whatever you like. But that’s a perilous supposition. It’s possible that the developers will subsequently set specific licence conditions on the code and require you to abide by them, which could result in claims of licencing infringement in the future. Avoid using obscure code that lacks clear licencing restrictions unless you have a very solid reason to do so. - -1. Create Open Source Code of Your Own - -Making your own software totally open source is one method to reduce some of the risks associated with open source licencing. This implies that you’ll automatically adhere to any open source licencing conditions that call for the preservation of derivative source code. However, keep in mind that merely opening up your own code doesn’t ensure complete licencing compliance. You’ll still need to put in some effort to make sure you abide by the rules of each licence because the licences that apply to the code you borrowed may not be the same as the open source licence you select. However, you won’t have to worry about any clauses pertaining to source code sharing. - -1. Detect Open Source Components Automatically - -Although it’s great practise to manually track where and how you utilise open source inside your codebase, you can lower the likelihood of mistakes by employing software that identifies open source components and dependencies automatically. Here, we should think about two different kinds of tools. One of these is Source Composition Analysis, or SCA, software that automatically scans source code and identifies elements that were taken from trusted outside sources. The other is software supply chain management solutions, which support finding and monitoring any open source dependencies present in your application stack in addition to other things. - --------------------------------------------------------------------------------- - -via: https://www.opensourceforu.com/2022/08/5-ways-to-prevent-open-source-licensing-violations/ - -作者:[Laveesh Kocher][a] -选题:[lkxed][b] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: https://www.opensourceforu.com/author/laveesh-kocher/ -[b]: https://github.com/lkxed