On Mon, 26 Mar 2012 12:01:27 +0100, Sander Mak <[email protected]> wrote:
Right, but that does not necessarily solve the distribution/verification problem. Another company I've run in to that can help curating OSS is BlackDuck (http://www.blackducksoftware.com/management-of-open-source), however I've yet to see it in practice anywhere.
BlackDuck product suite goes beyond mere verification of integrity, but also takes care of issues such as IP management. For instance, you might be sure that you're only using code which is released through the Apache License and not the GPL because you want to avoid virality, as you've manually or automatically checked all the licenses of all the used artifacts. But this doesn't exclude that some lines of code of a certain artifact licensed through ASF have been indeed copied from a GPL project (let's see the Oracle vs Google example for an extreme case). BlackDuck offers a service based on sophisticated code chunk analysis in order to find out problems such as the one I've described.
-- Fabrizio Giudici - Java Architect, Project Manager Tidalwave s.a.s. - "We make Java work. Everywhere." [email protected] http://tidalwave.it - http://fabriziogiudici.it -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
